Skip to main content

Why I Built Beige

Existing solutions like OpenClaw are powerful but come with significant trade-offs. Here is what I don’t like and what I wanted to fix:
  1. Tool calling is limited: Openclaw is like any other agent system - it still relies on the LLM calling many tools (or even MCP). Lobster was an approach at creating typed workflows for tools, but it’s missing real coding capabilities. An agent should be able to call tools safely in a code-environment.
  2. So much clutter: Openclaw comes with so many things built-in. Many channels, tools and other stuff that I don’t want to run by default. I want my gateway to be clean and extensible.
  3. Limited sandboxing: Openclaw supports sandboxing, but it seemed like it could escape the sandbox ever-so often (/elevated mode). Sometimes you are hit with: I need the agent to run CLI tools. But if I “elevate” it, then it could read all my environment variables and secrets.

Inspiration

Beige builds on ideas from two key blog posts:

“What if you don’t need MCP?”

Mario Zechner’s blog post argues that MCP servers often add unnecessary complexity:
  • Tool bloat: Popular MCP servers expose 20–30 tools, consuming thousands of tokens
  • Not composable: Results must go through the agent’s context
  • Hard to extend: Modifying an MCP server requires understanding its codebase
The alternative: Simple CLI tools with READMEs. The agent reads the README, then uses exec to invoke the tools. This is more token-efficient, more composable, and easier to customize. So -> What if tools are simple executables like CLI, but routed through a gateway? With documentation mounted read-only into the sandbox for dynamic exploration?

”Code Mode: the better way to use MCP”

Cloudflare’s blog post shows that LLMs are better at writing code to call tools than calling tools directly:
LLMs have seen a lot of code. They have not seen a lot of “tool calls”.
When an LLM writes code to orchestrate tool calls:
  • Multiple calls happen in one execution, not round-tripped through context
  • Complex logic (loops, conditionals, error handling) is natural in code
  • Results are combined and filtered before reaching the LLM
So -> What if we give agents a full TypeScript/Deno runtime in the sandbox, enabling this code-first approach by default. But also for TOOL CALLING?

What makes Beige Different

Here’s how Beige addresses the three issues described above and creates a unique tool approach:

⚡ True Autonomy

The Problem: Traditional tool-calling requires the LLM to invoke tools one at a time. Each result goes back through the model, wasting tokens and time. Complex workflows require hundreds of individual tool calls. Our Solution: Beige agents can write and run code. Instead of calling a tool 50 times, the agent writes a script that does it in a loop. The LLM only sees the final result.
The agent issues one exec call with an inline script. Fifty database lookups happen inside the sandbox, and only the final aggregated result returns to the LLM.
Result returned to LLM: one JSON array — done.
Every tool call in Beige — including the ones called by a script — is routed through the gateway before it reaches the sandbox. The gateway checks permissions against your policy config, decides how to execute the call, and strips any host environment variables that the agent should not see. Your secrets stay on the host; the sandbox only receives what you explicitly allow.

🧹 Minimal, Not Cluttered

The Problem: Many agent systems expose dozens or hundreds of tools directly to the LLM. This bloats the context window, confuses the model, and makes the system harder to understand. Our Solution: Beige has exactly 4 core capabilities: read, write, patch, exec. Everything else composes through exec. You can add additional tools that are then mounted as executables in the sandbox. The agent can write scripts that chain tools together — keeping the interface simple while remaining powerful.

🛡️ Sandboxed by Default

The Problem: Many agent systems run directly on your machine. The agent has full access to your filesystem, environment variables, and can execute any command. A rogue or confused agent could delete files, expose API keys, or worse. Our Solution: Every Beige agent runs in its own Docker container. The agent can only access what you explicitly allow. No host environment variables, no direct filesystem access, no escape hatch.
The agent runs inside a Docker container. All tool calls pass through the gateway, which enforces permissions and strips secrets before anything reaches the sandbox.

Use Cases

Beige is designed for scenarios where you need an AI agent that can actually do things, safely:

Travel Assistant

An agent that researches and plans trips:
  • Browses websites (browser automation with residential IP)
  • Takes screenshots of booking pages
  • Writes .md files with itineraries to a shared folder (Google Drive → Obsidian)
  • Sandboxed: Can’t access your browser credentials or personal files
Browser automation is not included by default. Install it via tool extensibility.

Browser Automation

An agent that automates web tasks:
  • Logs in manually once (agent inherits your logged-in session)
  • Navigates, scrapes, fills forms
  • Sandboxed: Never sees your passwords or session cookies
Browser automation is not included by default. Install it via tool extensibility.

CLI Tool Orchestration

An agent that uses command-line tools:
  • Drafts messages via slack-cli
  • Manages GitHub repos via gh
  • Sandboxed: Cannot access CLI config files with API keys
CLI tools like slack-cli and gh are not included by default. Install them via tool extensibility.

Development Environment

An agent that writes and runs code:
  • Full TypeScript/Node.js/Deno environment
  • Runs tests, starts dev servers, makes git commits
  • Sandboxed: Can’t push to protected branches, can’t access host SSH keys

Multi-Agent Collaboration

An agent that spawns and coordinates sub-agents:
  • Distributes tasks, aggregates results
  • Governed: Gateway enforces concurrency limits and policies
Multi-agent orchestration requires a coordination tool. Install it via tool extensibility.

Self-Improvement & Experimentation

An agent that iterates on itself:
  • Installs packages, tries new tools, modifies local configs within its workspace
  • Sandboxed: Can’t break your actual machine