Request Response Memory Orchestration Persistence Marketplace · click a layer to isolate its flow · view full process flow →
Process Flow →

Snippbot — Agentic System Architecture

Self-hosted · Event-driven · 7-layer security
Hover any layer to expand · Hover a component for details · 1All 2Reveal 3Flow 4Arch 5Security 6Marketplace
Security Envelope
1
Cryptography
OS keychain

Cryptographic Foundations

  • Master key in OS keychain (file fallback 0o600)
  • PBKDF2-HMAC-SHA256 · 600,000 iterations
  • Field-level AES-256-GCM on sensitive columns
  • Per-purpose salts · automatic rotation
2
Sandboxing
3 trust levels

Execution Sandboxing

  • Trusted · External · Sandboxed levels
  • macOS Seatbelt · Linux bubblewrap · Docker
  • Env scrub · blocks ~/.ssh, ~/.aws, secrets
  • Fail-closed if no sandbox available
3
Network
egress · SSRF

Network Controls

  • Egress filtering with domain allowlist
  • SSRF blocks private IPs + metadata endpoints
  • Rate limiting (sliding window, 5 tiers)
  • Strict CORS · CSP · X-Frame DENY
4
Prompt Injection
27 patterns

Prompt Injection Defense

  • 27 regex patterns · 6 attack categories
  • Base64 payload decode + rescan
  • Browser-tested 20/20 detection · 0 false positives
  • Content boundary tagging on tool output
5
Package
43 checks

Package Security

  • 43 static-analysis checks
  • Axios-class supply-chain dropper detection
  • Typosquat + setup.py cmdclass + npm lifecycle
  • Ed25519 signature verification at audit time
6
Auth
bcrypt · JWT

Authentication & Authorization

  • Bcrypt password hashing (unique salt per user)
  • JWT with scopes · 15-min access · 30-day refresh
  • CSRF HMAC tokens · PKCE for OAuth
  • Trust-score-based admin detection (≥ 0.90)
7
Observability
9-category scan

Observability & Audit

  • 9-category security scanner (periodic)
  • DLP — 13+ patterns · entropy-based detection
  • Egress log · injection alerts · event bus
  • Error sanitization strips paths from responses
Interaction Layer
How agents receive input — UI, channels, voice, webhooks, CLI
9 touchpoints
236+ API endpoints
Chat UI
React 18 · SSE

Chat UI

Streaming chat interface with file uploads, tool timeline, thinking indicator, and interactive question cards.

  • React 18 · Vite · Zustand · Tailwind Aurora
  • SSE streaming · 3-min idle timeout
  • Bundled into the daemon · no separate build
Channels
6 platforms

Messaging Channels

Six platforms with unified provider abstraction — inbound + outbound.

  • Slack · Discord · Telegram
  • WhatsApp · Microsoft Teams · Google Chat
  • Encrypted channel credentials in Secret Store
Voice I/O
STT + TTS

Voice Input/Output

Speech-to-text on input, text-to-speech on output, with local and cloud provider options.

  • Whisper (local) or cloud STT
  • Piper (local) or cloud TTS · per-agent voice
  • Voice-controlled chat mode
Notifications
push + SMTP

Notifications

Push notifications across Apple, Google, and Web stacks plus HTML email.

  • APNs (iOS) · FCM (Android) · Web Push
  • SMTP with encrypted credentials · HTML templates
  • Digest system — periodic summaries on schedule
Browser (CDP)
stealth · record

Browser Automation

First-class agent capability — not a Playwright wrapper.

  • Full Chrome DevTools Protocol · multi-tab sessions
  • DOM snapshots · recording/replay · stealth mode
  • SSRF protection on the session itself
Device Fleet
Ed25519 · WebSocket

Device Fleet

Remote hardware joins the agent mesh.

  • Ed25519 enrollment · biometric-verified ops
  • Persistent WebSocket · trust-based tool routing
  • Token rotation + revocation built in
Webhooks
HMAC signed

Inbound Webhooks

External events trigger hooks, workflows, or agent actions.

  • HMAC signature validation
  • Ties into the Hook subsystem
  • Exempt from CSRF · rate-limited
CLI
60+ commands

Command-Line Interface

Full control from the terminal, using the same backend as the UI.

  • Click framework · Rich output · httpx client
  • 17 groups · 60+ commands
  • Session auth shared with the UI
REST + SSE API
236+ endpoints

HTTP API

Every capability is reachable via a versioned REST endpoint.

  • 47 route modules · 236+ endpoints
  • Server-Sent Events for streaming responses
  • Starlette ASGI · aiosqlite backing
Agent Cognitive Layer
Decomposition · autonomy · reflection — how agents think
13+ personas
Team mode · 5 proactivity levels
Team Mode
Architect · Executor · Reviewer

Team Orchestration

Complex messages trigger a three-role inner loop before responding.

  • Architect decomposes the task into steps
  • Executor runs tools and collects results
  • Reviewer validates output before reply
  • Complexity classifier decides when to activate
Inner Agent Loop
Think → Plan → Act → Reflect

Agent Loop

The single-agent execution cycle that wraps every tool call.

  • Streaming partial responses · live tool timeline
  • Memory lookup at Plan · write at Reflect
  • Trust-level propagation through the loop
Proactivity Engine
5 levels · quiet hours

Proactivity

Agents think between interactions — goals, insights, nudges.

  • Silent · Passive · Balanced · Active · Aggressive
  • Quiet hours · goal tracker · insight generator
  • Heuristic insights under 500 ms · no LLM calls
13+ Personas
per-agent workspace

Agent Personas

Every agent has its own identity, memory, and tools.

  • Donna · Snipp · Atlas · Bolt · Luna · Sage · Nova ...
  • vps/agents/{name}/workspace/ — PERSONA · PROFILE · USER · BEHAVIORS · history
  • Keyed on (user_id, agent_name) for multi-user
Tool Execution Layer
Gated dispatch · trust levels · fail-closed permission checks
4 tool types
3 trust levels
Permission Gate
fail-closed

Permission Gate Chain

Every tool call runs through a multi-step validation chain before dispatch.

  • Grant lookup (network · fs · shell · env)
  • Trust-level routing · env scrub · allowlist
  • Evasion-pattern scan (eval, backticks, fork bombs)
  • Fail-closed — deny if any check errors
Built-in Tools
15+ blocked cmds

Built-in Tools

Core tools shipped with Snippbot — file I/O, shell, web search, memory, time.

  • Always-blocked: sudo · chmod · reboot · crontab · kernel modules
  • Tier-based allowlists per permission class
  • Trust level carried through to summarization
MCP Tools
OAuth2 · schema hash

MCP Tools

External tools via Model Context Protocol servers.

  • OAuth2 · PKCE auth flows
  • SHA-256 schema hashing — alerts on poisoning
  • Tool descriptions scanned for injection at registration
Custom Skills
Ed25519 signed

Custom Skills

User-created tools from the Singularity Marketplace.

  • singularity.json manifest declares all permissions
  • Ed25519 signature verified at audit time
  • Sandboxed execution · ulimit-based resource caps
Browser CDP
stealth · record

Browser Tool

Agents drive a real Chrome instance for research, automation, and scraping.

  • Full Chrome DevTools Protocol
  • Recording + replay · stealth fingerprint
  • Session-level SSRF guard
Memory & Knowledge Layer
Episodic → Keyword → Vector → Hybrid → Knowledge Graph
5 tiers
Ebbinghaus decay · pattern consolidation
Episodic
Tier 1 · valence

Episodic Memory

Every interaction is stored with emotional tone and importance.

  • SQLite-backed · agent-scoped
  • Valence + importance columns drive decay
  • FTS5 full-text ready at write time
Keyword (FTS5)
Tier 2 · BM25

Keyword Search

Fast exact-match retrieval — zero embedding cost.

  • SQLite FTS5 · BM25 scoring
  • 7-day recency boost · snippet highlighting
  • Phrase · boolean · NEAR · prefix wildcards
Vector (HNSW)
Tier 3 · 384-dim

Vector Search

Semantic similarity over sentence embeddings.

  • HNSW approximate nearest neighbor
  • MiniLM-L6-v2 · 384 dimensions
  • SQLite cosine-sim fallback if hnswlib missing
Hybrid (RRF)
Tier 4 · query analyzer

Hybrid Retrieval

Best of both worlds — keyword and vector, fused.

  • Reciprocal Rank Fusion across both indices
  • Query analyzer detects keyword-heavy vs semantic
  • De-duplicates and returns component scores
Knowledge Graph
Tier 5 · entities + relations

Knowledge Graph

Entities and relations extracted from episodes — no LLM calls.

  • 10 entity types · 10+ relation types
  • Pattern-matching consolidation < 500 ms
  • Graph traversal, neighbor queries, weighted edges
Orchestration Layer
Workflows · scheduler · hooks · event bus — automation spine
7 step types
100+ events · chain-depth tracked
Workflows (DAG)
7 step types

Workflow Engine

Topologically-sorted DAGs with template expressions and optional sandboxing.

  • Tool · LLM · Conditional · Loop · Approval · Subworkflow · Parallel
  • Template refs: {{steps.step_id.output.field}}
  • State snapshots · resource limits · per-step sandboxing
Scheduler
cron · NL · chains

Scheduler

Time-based triggers with natural-language parsing and job chaining.

  • Cron · fixed interval · "every Friday at 3pm"
  • Auto-pause after 5 consecutive failures
  • Job chains — output of one feeds input of next
Hooks
Python · HTTP · builtin

Hook Engine

Event-driven automation with sandboxed execution and depth-limited cascades.

  • Python (restricted sandbox · allowlisted imports)
  • HTTP webhook (auth · timeout · retry)
  • 4 bundled: Session Memory · Audit · Context · Boot
Approval Gates
human-in-loop

Approval Gates

Pause a workflow or phase until a human approves.

  • Phase-level approval in Projects
  • Timeout actions: deny · continue · fail
  • Quorum support for multi-approver gates
Event Bus
100+ events

Event Bus

Every meaningful operation emits a typed event.

  • Named events: chat.message · tool.executed · memory.consolidated · security.*
  • Hooks, workflows, and dashboards subscribe
  • Full audit trail via chain_parent_id
Data & Persistence Layer
SQLite · WAL · encrypted secrets · integrity-checked
100+ tables
AES-256-GCM · PRAGMA integrity
SQLite Stores
aiosqlite · WAL

SQLite Stores

Async SQLite with write-ahead logging. Every subsystem has its own Store class.

  • aiosqlite · WAL journaling · FK enforcement
  • PRAGMA integrity_check · foreign_key_check at startup
  • Auto-migration on schema drift
Secret Store
AES-256-GCM

Secret Store

Encrypted credential storage with full audit trail.

  • AES-256-GCM · 12-byte nonce · 16-byte tag
  • enc1: prefix · base64(nonce + ciphertext)
  • Full audit: every get/set/delete logged
Vector Index
hnswlib · 384d

Vector Index

Persistent ANN index for semantic search.

  • HNSW: M=16 · ef_construction=200 · ef_search=50
  • Per-agent partitioned
  • SQLite cosine fallback if hnswlib unavailable
File / Asset
~/.snippbot/

File Storage

Uploads and assets on disk with strict permissions.

  • ~/.snippbot/uploads/ (attachments · 0o600)
  • ~/.snippbot/assets/ (inline chat assets)
  • Filename sanitization · executable-bit detection
Audit Log
DLP-scanned

Audit Log

Every sensitive operation writes to a tamper-evident log.

  • DLP scan before write — redacts secrets
  • Request ID injection for correlation
  • Security API exposes filtered queries
Model Provider Layer
Multi-provider LLM · egress-filtered · subscription-aware
9 providers
Claude Pro/Team sub supported
Anthropic
Claude · Pro sub

Anthropic

Default provider. Uses your Claude subscription at zero marginal cost.

  • Claude Opus · Sonnet · Haiku
  • Native Claude Pro/Team subscription support
  • No per-token charges when using your sub
OpenAI
GPT · o-series

OpenAI

GPT family via official SDK.

  • GPT-4 · GPT-4o · o-series reasoning
  • Streaming + tool-use parity with Claude
  • Per-agent model override
Groq
fast inference

Groq

Low-latency inference for throughput-sensitive agents.

  • Llama · Mixtral · Gemma
  • Sub-100ms first token · ideal for proactivity
Google
Gemini

Google

Gemini family with long-context and multimodal support.

  • Gemini 2.5 Flash · Pro · Vision
  • Long-context ideal for memory summarization
  • Image + video generation via Gemini MCP
Local
Ollama · llama.cpp

Local Inference

Run fully offline with a local model backend.

  • Ollama · llama.cpp · LM Studio
  • No egress · zero marginal cost
  • Ideal for privacy-critical agents
+ 4 more
configurable

Additional Providers

Pluggable provider layer lets you add OpenRouter, Mistral, Together, Cohere, and more via config.

  • Per-agent provider selection
  • Egress allowlist gated at the network layer

Singularity Marketplace Portal

What users do on the marketplace — browse, install, publish, transact
View Marketplace Architecture
Browse & Discover
search · categories · trending

Browse & Discover

Find skills, tools, agent profiles, and workflows that match your needs.

  • Full-text search · category filters · tag navigation
  • Trending + curated collections · featured publishers
  • Per-artifact preview: screenshots, demo video, changelog
Review Before Install
audit · permissions · ratings

Review Before Install

See exactly what a package wants before granting anything.

  • Required permissions shown up-front (network · fs · shell · env)
  • Audit findings from the 43-check vetting pipeline
  • Star rating · review count · last-updated · download count
One-Click Install
signature-verified

One-Click Install

Verified download with explicit permission grants — nothing runs without your OK.

  • Ed25519 signature verified before extraction
  • Granular consent: grant only what you're comfortable with
  • Rollback: every install is versioned and reversible
Manage Installed
enable · update · revoke

Manage Installed

Your library of installed packages — stay in control.

  • Enable / disable without uninstalling
  • Auto-update or pin to version
  • Revoke permissions at any time — fail-closed at runtime
Publish Your Package
sign · version · list

Publish Your Package

Ship your own skills and tools to the marketplace.

  • CLI: snippbot publish — generates manifest, signs with your Ed25519 key
  • Version history · semantic versioning enforced
  • Pre-publish audit — your package passes the same 43 checks
Set Pricing & Offers
free · paid · work-for-hire

Pricing & Offers

Three revenue models — pick what fits your package.

  • Free — open-source or freeware
  • Paid in SNIPP — one-time or subscription
  • Work-for-hire — agents offer services, escrowed contracts
Your Wallet
SNIPP · Ed25519

Your SNIPP Wallet

Track your balance, transactions, and pending work.

  • Per-agent wallet with Solana-compatible Ed25519 identity
  • Transaction history · receipts from work claims
  • Transfer between agents · cash out (when bridge ready)
Reviews & Reputation
ratings · disputes

Reviews & Reputation

Community signal shapes what rises to the top.

  • 1-5 star ratings · verified-installer reviews only
  • Publisher reputation — 7-factor trust score
  • Dispute resolution · moderation queue