Bash LLM assistant agent inspired by NVIDIA's "Bash computer-use agent" concept — but with a twist: this implementation runs fully locally through Ollama, with no cloud APIs involved.
This project is inspired by NVIDIA’s demonstration of a Bash agent capable of executing shell commands through natural language. However, unlike the original NVIDIA version — which uses NVIDIA’s Nemotron models — this implementation is built around locally hosted LLMs served by Ollama. The goal is to replicate the same concept without requiring cloud connectivity or NVIDIA hardware acceleration.
Because Ollama uses OpenAI-compatible endpoints but not the same model architecture or tokenizer design as NVIDIA’s NeMo/Nemotron stack, the NVIDIA model cannot run under Ollama. Nemotron models rely on specific transformer layouts and inference backends that differ from Ollama’s supported model formats (typically gguf or ggml quantized weights for CPU/GPU inference). In short — different runtime, different tensor layout.
Only the following models have been shown to work with this implementation (tested locally via Ollama):
| Model | Status | Notes |
|---|---|---|
gpt-oss:20b |
Most advanced; refuses to execute anything due to baked-in OpenAI safety constraints. | |
devstral:latest |
✅ Works partially | Can use tools, but asks too many clarifying questions; context handling between turns is poor. |
qwen3-coder:30b |
⚙️ Best so far | Performs best overall; fast and responsive on capable GPUs like RTX 4090, though still not ideal for daily repetitive use. |
qwen3:4b-instruct |
Behaves similarly to qwen3-coder:30b, functional but effectively unusable for practical workflows. |
This project creates a LangGraph ReAct agent using langchain-openai and a custom safe Bash tool. It connects directly to your Ollama server using its /v1 API endpoint (OpenAI-compatible). The agent prompts you to select a local model at startup, then runs interactively with confirmation before executing any shell command.
curl -fsSL https://ollama.com/install.sh | shVerify the installation:
ollama --versionStart the Ollama service (if not running):
ollama serveThis starts the Ollama backend at http://127.0.0.1:11434 by default.
You can pull any supported model via:
ollama pull <model_name>For example:
ollama pull gpt-oss:20b
ollama pull devstral:latest
ollama pull qwen3-coder:30b
ollama pull qwen3:4b-instructConfirm that they are available:
ollama listCreate and activate a Python virtual environment (Python 3.11+ recommended):
python3 -m venv .venv
source .venv/bin/activateFrom within the project directory:
pip install -r requirements.txtThis installs:
openai==2.6.0(Ollama-compatible OpenAI SDK)langgraph==1.0.1langchain-openai==1.0.1
python3 agent_langgraph.pyOn startup, you’ll see something like:
[config] base_url=http://127.0.0.1:11434/v1
Available local Ollama models:
1. devstral:latest
2. gpt-oss:20b
3. qwen3-coder:30b
4. qwen3:4b-instruct
Choose a model by number, or 'c' to cancel.
Select your desired model, and the Bash agent will start. Example:
[cwd: /home/user] Bash computer-use agent (LangGraph). Ctrl+C to exit.
[🙂] list files in current directory
▶️ Execute 'ls'? [y/N]: y
[🤖] README.md bash_tool.py agent_langgraph.py requirements.txt
Unlike many static LLM setups, this script forces a model selection before startup — there is no hardcoded default. When launched, it queries Ollama’s local /api/tags endpoint to retrieve all available models and displays them in a numbered list. The chosen model is passed into langchain_openai.ChatOpenAI via the base_url and model arguments.
To switch models, simply exit (Ctrl+C) and rerun the script — you’ll be prompted again to select a model.
You can customize the behavior using the following variables:
| Variable | Description | Default |
|---|---|---|
OLLAMA_BASE_URL |
Base URL of the Ollama API (must include /v1) |
http://127.0.0.1:11434/v1 |
OPENAI_BASE_URL |
Alternative variable name (if used elsewhere) | none |
BASH_START_DIR |
Starting directory for the Bash tool | current working directory |
BASH_TOOL_EXCLUDE |
Comma-separated list of commands to exclude from the allowlist | (empty) |
The bash_tool.py module restricts command execution via a whitelist (allowlist) of safe commands. Each proposed command is analyzed, and the base command must be in the allowed set. Additionally, every command requires manual confirmation before execution.
This ensures the model cannot execute dangerous or destructive actions unless explicitly approved.
- Model performance depends on local hardware and Ollama model quantization.
- Context tracking across multiple commands is inconsistent.
- The
rmandrmdircommands are currently allowed; consider excluding them withBASH_TOOL_EXCLUDEfor additional safety.
The project structure:
├── agent_langgraph.py # Main LangGraph + LangChain Bash agent
├── bash_tool.py # Restricted Bash execution layer
├── requirements.txt # Dependencies
└── README.md # This file
MIT License — feel free to modify and extend. Contributions and improvements welcome.
Meh..