The AI Agent You
Can Actually Trust
Local model auto-detection · BYOK cloud fallback · Hard spend ceiling
Ollama local mode · Hybrid routing · Tamper-evident audit
Local-first + BYOK — use no key, or bring your own.
Why XR wins
Built for trust. Features the competition doesn't even attempt.
| Feature | XR | Claude Code | OpenClaw | Hermes |
|---|---|---|---|---|
| One-command install | ||||
| Full TUI (slash commands, history) | partial | |||
| JARVIS computer control (screenshots) | ||||
| System control (volume, clipboard, apps) | partial | partial | ||
| Hard spend ceiling (code-enforced) | ||||
| Tamper-evident audit log (SHA-256 chain) | ||||
| Injection benchmark (runnable block-rate) | ||||
| Egress allow-list (anti-exfil) | partial | |||
| Non-regressive skills (auto-rollback) | ||||
| Self-improving (learns from experience) | ||||
| Docker sandbox for shell commands | partial | |||
| Voice control (wake word → STT → TTS) | ||||
| Research mode (source-first, citation-aware) | partial | |||
| BYOK + $0 to run | partial | |||
| Cross-platform (Win/Mac/Linux/Termux) |
What makes XR different
Local-first + BYOK
No key required for local mode.
XR runs on your local Ollama model or your provider API key. v0.5 detects RAM/VRAM/CPU/disk, recommends a model, downloads it with approval, and keeps cloud fallback deterministic.
$0 to trustJARVIS-Level Control
It sees your screen.
XR takes screenshots, reasons about what's on screen, and takes actions — click, type, scroll, open apps — just like you would. The difference between asking and showing.
Computer vision + actionCost Governor
Enforced in code.
The agent literally cannot exceed your budget. checkBeforeStep() runs before every model call and blocks if the next step would breach the ceiling. Not a suggestion.
Code-enforced ceilingTamper-Evident Audit
SHA-256 hash chain.
Every action logged with SHA-256 hash chain. Verify integrity with xr verify-log. Any tampering is detected and reported. Redacts API keys before storage.
Git's trick, $0, offlineEverything you need.
Nothing you don't.
Built for developers and power users who want real control over their AI agent.
Shell & Docker Sandbox
Every shell command runs in isolated Docker containers. Zero risk of accidental system damage.
Persistent Memory
Layered memory across sessions — user profiles, agent context, and skill files all stored locally.
Voice Control
Wake word → speech-to-text → model → text-to-speech. Works on macOS (say command) and Windows (SAPI).
Research Mode (v0.7)
Source-first, citation-aware research. XR plans, searches, ranks sources by trust, fetches pages, extracts cited evidence, flags contradictions, and exports a signed report. Never fakes a source or fakes certainty.
Multi-Provider Support
Ollama, Claude, GPT, Gemini, Mistral, DeepSeek, Cerebras, OpenRouter, Groq, Together, Cohere, and Bedrock — swap anytime.
Computer Vision
Screenshots + vision-capable models = XR sees what's on your screen and acts accordingly.
Self-Improving Skills
Successful tasks are frozen as immutable skill baselines. Auto-rollback if a skill regresses.
Injection Defense
10-attack corpus benchmark. SHA-256 signed block-rate report. Real numbers, not marketing.
Egress Allow-List
Anti-exfiltration controls. Only configured domains can receive data from XR.
Cross-Platform
Linux, macOS, Windows, Android (Termux). One install script. Works everywhere.
Interactive TUI
Full terminal UI with slash commands, history, and context. Claude Code-style experience.
Telegram Bot
Control XR from your phone via Telegram. Same agent, same memory, any device.
Auto-Rollback
Skills that break are automatically rolled back to the last known good version.
Use any model
Ollama local models plus supported BYOK cloud providers. Swap anytime with one command.
Plus: provider base URL overrides for OpenAI-compatible services and any valid Ollama model ID.
Install in 30 seconds
One command. Any OS. No credit card. No vendor lock-in.
Works on Ubuntu, Debian, Fedora, Arch, and more.
Trust is built in
Not bolted on. Every security feature is code-enforced, not suggested.
Tamper-Evident Audit Log
SHA-256 hash chain
Every action XR takes is logged with a SHA-256 hash chain. Verify integrity with a single command. Any tampering is detected instantly.
xr verify-log → "✓ Audit chain intact (N entries)"Cost Governor
Hard ceiling
Code-enforced spend limits. The agent literally cannot make a call that exceeds your budget.
xr --budget 0.25 "task"Injection Defense
10-attack benchmark with SHA-256 signed block-rate reports.
Egress Allow-List
Only configured domains can receive data from XR.
Local-First Data
All data stored locally. Nothing leaves your infrastructure.
API Key Redaction
Keys are redacted before storage in the audit log.
Finally an agent that actually respects your budget. The cost governor alone is worth switching.
The JARVIS computer control changed everything. It actually sees what I see and acts on it.
Tamper-evident audit log is the feature that sold me. I can verify every action XR took.
Frequently asked questions
BYOK stands for 'Bring Your Own Key.' XR runs on your API key from any supported provider (Anthropic, OpenAI, Google, etc.) or your own local model via Ollama. We don't have access to your key or your data. It costs us $0 to maintain and you $0 to trust.