Why I Built Beige
Existing solutions like OpenClaw are powerful but come with significant trade-offs. Here is what I don’t like and what I wanted to fix:- Tool calling is limited: Openclaw is like any other agent system - it still relies on the LLM calling many tools (or even MCP). Lobster was an approach at creating typed workflows for tools, but it’s missing real coding capabilities. An agent should be able to call tools safely in a code-environment.
- So much clutter: Openclaw comes with so many things built-in. Many channels, tools and other stuff that I don’t want to run by default. I want my gateway to be clean and extensible.
- Limited sandboxing: Openclaw supports sandboxing, but it seemed like it could escape the sandbox ever-so often (/elevated mode). Sometimes you are hit with: I need the agent to run CLI tools. But if I “elevate” it, then it could read all my environment variables and secrets.
Inspiration
Beige builds on ideas from two key blog posts:“What if you don’t need MCP?”
Mario Zechner’s blog post argues that MCP servers often add unnecessary complexity:- Tool bloat: Popular MCP servers expose 20–30 tools, consuming thousands of tokens
- Not composable: Results must go through the agent’s context
- Hard to extend: Modifying an MCP server requires understanding its codebase
exec to invoke the tools. This is more token-efficient, more composable, and easier to customize.
So -> What if tools are simple executables like CLI, but routed through a gateway? With documentation mounted read-only into the sandbox for dynamic exploration?
”Code Mode: the better way to use MCP”
Cloudflare’s blog post shows that LLMs are better at writing code to call tools than calling tools directly:LLMs have seen a lot of code. They have not seen a lot of “tool calls”.When an LLM writes code to orchestrate tool calls:
- Multiple calls happen in one execution, not round-tripped through context
- Complex logic (loops, conditionals, error handling) is natural in code
- Results are combined and filtered before reaching the LLM
What makes Beige Different
Here’s how Beige addresses the three issues described above and creates a unique tool approach:⚡ True Autonomy
The Problem: Traditional tool-calling requires the LLM to invoke tools one at a time. Each result goes back through the model, wasting tokens and time. Complex workflows require hundreds of individual tool calls. Our Solution: Beige agents can write and run code. Instead of calling a tool 50 times, the agent writes a script that does it in a loop. The LLM only sees the final result.- Beige — single exec
- Beige — write then exec
- Traditional LLM
The agent issues one Result returned to LLM: one JSON array — done.
exec call with an inline script. Fifty database lookups happen inside the sandbox, and only the final aggregated result returns to the LLM.🧹 Minimal, Not Cluttered
The Problem: Many agent systems expose dozens or hundreds of tools directly to the LLM. This bloats the context window, confuses the model, and makes the system harder to understand. Our Solution: Beige has exactly 4 core capabilities:read, write, patch, exec. Everything else composes through exec. You can add additional tools that are then mounted as executables in the sandbox. The agent can write scripts that chain tools together — keeping the interface simple while remaining powerful.
🛡️ Sandboxed by Default
The Problem: Many agent systems run directly on your machine. The agent has full access to your filesystem, environment variables, and can execute any command. A rogue or confused agent could delete files, expose API keys, or worse. Our Solution: Every Beige agent runs in its own Docker container. The agent can only access what you explicitly allow. No host environment variables, no direct filesystem access, no escape hatch.- Beige
- Traditional LLM
The agent runs inside a Docker container. All tool calls pass through the gateway, which enforces permissions and strips secrets before anything reaches the sandbox.
Use Cases
Beige is designed for scenarios where you need an AI agent that can actually do things, safely:Travel Assistant
An agent that researches and plans trips:- Browses websites (browser automation with residential IP)
- Takes screenshots of booking pages
- Writes
.mdfiles with itineraries to a shared folder (Google Drive → Obsidian) - Sandboxed: Can’t access your browser credentials or personal files
Browser automation is not included by default. Install it via tool extensibility.
Browser Automation
An agent that automates web tasks:- Logs in manually once (agent inherits your logged-in session)
- Navigates, scrapes, fills forms
- Sandboxed: Never sees your passwords or session cookies
Browser automation is not included by default. Install it via tool extensibility.
CLI Tool Orchestration
An agent that uses command-line tools:- Drafts messages via
slack-cli - Manages GitHub repos via
gh - Sandboxed: Cannot access CLI config files with API keys
CLI tools like
slack-cli and gh are not included by default. Install them via tool extensibility.Development Environment
An agent that writes and runs code:- Full TypeScript/Node.js/Deno environment
- Runs tests, starts dev servers, makes git commits
- Sandboxed: Can’t push to protected branches, can’t access host SSH keys
Multi-Agent Collaboration
An agent that spawns and coordinates sub-agents:- Distributes tasks, aggregates results
- Governed: Gateway enforces concurrency limits and policies
Multi-agent orchestration requires a coordination tool. Install it via tool extensibility.
Self-Improvement & Experimentation
An agent that iterates on itself:- Installs packages, tries new tools, modifies local configs within its workspace
- Sandboxed: Can’t break your actual machine
