Skip to content

moltis-org/moltis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,748 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Moltis

Moltis — A secure persistent personal agent server in Rust

One binary — sandboxed, secure, yours.

CI codecov CodSpeed License: MIT Rust Discord

InstallationComparisonArchitectureSecurityFeaturesHow It WorksContributing


Moltis recently hit the front page of Hacker News. Please open an issue for any friction at all. I'm focused on making Moltis excellent.

Secure by design — Your keys never leave your machine. Every command runs in a sandboxed container, never on your host.

Your hardware — Runs on a Mac Mini, a Raspberry Pi, or any server you own. One Rust binary, no Node.js, no npm, no runtime.

Full-featured — Voice, memory, cross-session recall, automatic edit checkpoints, scheduling, Telegram, Signal, Discord, browser automation, MCP servers, SSH or node-backed remote exec, managed deploy keys with host pinning in the web UI, a live Settings → Tools inventory, Cursor-compatible project context, and context-file threat scanning — all built-in. No plugin marketplace to get supply-chain attacked through.

Auditable — The agent runner and model interface fit in ~7.5K lines, with providers in ~19K more. The Rust workspace is ~270K lines across 59 modular crates you can audit independently, with 470+ Rust files containing tests. Unsafe code is isolated to FFI and precompiled runtime boundaries, not the core agent loop.

Installation

# One-liner install script (macOS / Linux)
curl -fsSL https://www.moltis.org/install.sh | sh

# macOS / Linux via Homebrew
brew install moltis-org/tap/moltis

# Docker (multi-arch: amd64/arm64)
docker pull ghcr.io/moltis-org/moltis:latest

# Or build from source
cargo install moltis --git https://github.com/moltis-org/moltis

Comparison

OpenClaw Hermes Agent Moltis
Primary stack TypeScript + Swift/Kotlin companion apps Python + TypeScript TUI/web surfaces Rust
Runtime Node.js + npm/pnpm/bun Python + uv/pip, optional Node UI pieces Single Rust binary
Local checkout size* ~1.1M app LoC ~152K app LoC ~270K Rust LoC
Architecture Broad gateway, channel, node, and app ecosystem CLI/gateway agent with learning loop and research tooling Persistent personal agent server with modular crates
Crates/modules npm packages, extensions, apps Python packages, plugins, tools, TUI 59 Rust workspace crates
Sandbox/backends App-level permissions, browser/node tools Local, Docker, SSH, Daytona, Singularity, Modal Docker/Podman + Apple Container + WASM
Auth/access Pairing and local gateway controls CLI and messaging gateway setup Password + Passkey + API keys + Vault
Voice I/O Voice wake and talk modes Voice memo transcription Built-in STT + TTS providers
MCP Plugin/integration support MCP integration stdio + HTTP/SSE
Skills Bundled, managed, and workspace skills Self-improving skills and Skills Hub support Bundled/workspace skills + autonomous improvement + OpenClaw import
Memory/RAG Plugin-backed memory and context engine Agent-curated memory, session search, user modeling SQLite + FTS + vector memory

* LoC measured with tokei, excluding node_modules, generated build output, dist, and target.

Full comparison in the docs →

Architecture — Crate Map

Current Rust workspace: ~270K LoC across 59 crates. The table below groups the main crates by role so the architecture stays scannable.

Core runtime:

Crate LoC Role
moltis-gateway 37.4K HTTP/WS server, RPC, auth, startup wiring
moltis-tools 37.0K Tool execution, sandboxing, WASM tools
moltis-providers 18.9K LLM provider implementations
moltis-agents 14.5K Agent loop, streaming, prompt assembly
moltis-chat 14.2K Chat engine, agent orchestration
moltis-config 10.3K Configuration, validation
moltis-httpd 9.9K HTTP server primitives and middleware
moltis (CLI) 4.7K Entry point, CLI commands
moltis-sessions 3.5K Session persistence
moltis-common 1.5K Shared utilities
moltis-service-traits 1.2K Shared service interfaces
moltis-protocol 0.7K Wire protocol types

Feature and integration crates:

Category Crates Combined LoC
Channels moltis-telegram, moltis-whatsapp, moltis-signal, moltis-discord, moltis-msteams, moltis-matrix, moltis-slack, moltis-nostr, moltis-channels 34.0K
Web and APIs moltis-web, moltis-graphql, moltis-webhooks 10.8K
Extensibility moltis-mcp, moltis-mcp-agent-bridge, moltis-skills, moltis-plugins 11.5K
Memory and context moltis-memory, moltis-qmd, moltis-code-index, moltis-projects 11.7K
Voice and browser moltis-voice, moltis-browser 9.2K
Auth and security moltis-auth, moltis-oauth, moltis-vault, moltis-secret-store, moltis-network-filter, moltis-tls 8.5K
Scheduling and automation moltis-cron, moltis-caldav, moltis-auto-reply 4.7K
Setup and import moltis-provider-setup, moltis-openclaw-import, moltis-onboarding 11.7K
Native and node hosts moltis-swift-bridge, moltis-node-host, moltis-courier 5.7K
WASM tools moltis-wasm-precompile, moltis-wasm-calc, moltis-wasm-web-fetch, moltis-wasm-web-search 1.4K
Supporting crates moltis-media, moltis-metrics, moltis-tailscale, moltis-routing, moltis-canvas, moltis-schema-export, benchmarks 2.1K

Use --no-default-features --features lightweight for constrained devices (Raspberry Pi, etc.).

Security

  • Small unsafe surface — core agent/gateway code stays safe Rust; unsafe is isolated to Swift FFI, local model wrappers, and precompiled WASM boundaries
  • Sandboxed execution — Docker + Apple Container, per-session isolation
  • Secret handlingsecrecy::Secret, zeroed on drop, redacted from tool output
  • Authentication — password + passkey (WebAuthn), rate-limited, per-IP throttle
  • SSRF protection — DNS-resolved, blocks loopback/private/link-local
  • Origin validation — rejects cross-origin WebSocket upgrades
  • Hook gatingBeforeToolCall hooks can inspect/block any tool invocation
  • Supply chain integrityartifact attestations, Sigstore keyless signing, GPG signing (YubiKey), SHA-256/SHA-512 checksums

See Security Architecture for details. Verify releases with gh attestation verify <artifact> -R moltis-org/moltis or see Release Verification.

Features

  • AI Gateway — Multi-provider LLM support (OpenAI Codex, GitHub Copilot, Local), streaming responses, agent loop with sub-agent delegation, session modes, parallel tool execution
  • Communication — Web UI, Telegram, Signal, Microsoft Teams, Discord, API access, voice I/O (8 TTS + 7 STT providers), mobile PWA with push notifications
  • Memory & Recall — Per-agent memory workspaces, embeddings-powered long-term memory, hybrid vector + full-text search, session persistence with auto-compaction, cross-session recall, Cursor-compatible project context, context-file safety scanning
  • Safer Agent Editing — Automatic checkpoints before built-in skill and memory mutations, restore tooling, session branching
  • Extensibility — MCP servers (stdio + HTTP/SSE), skill system, 15 lifecycle hook events with circuit breaker, destructive command guard
  • Security — Encryption-at-rest vault (XChaCha20-Poly1305 + Argon2id), password + passkey + API key auth, sandbox isolation, SSRF/CSWSH protection
  • Operations — Cron scheduling, OpenTelemetry tracing, Prometheus metrics, cloud deploy (Fly.io, DigitalOcean), Tailscale integration, managed SSH deploy keys, host-pinned remote targets, live tool inventory in Settings, and CLI/web remote-exec doctor flows

How It Works

Moltis is a local-first persistent agent server — a single Rust binary that sits between you and multiple LLM providers, keeps durable session state, and can meet you across channels without handing your data to a cloud relay.

┌─────────────┐  ┌─────────────┐  ┌─────────────┐
│   Web UI    │  │  Telegram   │  │  Discord    │
└──────┬──────┘  └──────┬──────┘  └──────┬──────┘
       │                │                │
       └────────┬───────┴────────┬───────┘
                │   WebSocket    │
                ▼                ▼
        ┌─────────────────────────────────┐
        │          Gateway Server         │
        │   (Axum · HTTP · WS · Auth)     │
        ├─────────────────────────────────┤
        │        Chat Service             │
        │  ┌───────────┐ ┌─────────────┐  │
        │  │   Agent   │ │    Tool     │  │
        │  │   Runner  │◄┤   Registry  │  │
        │  └─────┬─────┘ └─────────────┘  │
        │        │                        │
        │  ┌─────▼─────────────────────┐  │
        │  │    Provider Registry      │  │
        │  │  Multiple providers       │  │
        │  │  (Codex · Copilot · Local)│  │
        │  └───────────────────────────┘  │
        ├─────────────────────────────────┤
        │  Sessions  │ Memory  │  Hooks   │
        │  (JSONL)   │ (SQLite)│ (events) │
        └─────────────────────────────────┘
                       │
               ┌───────▼───────┐
               │    Sandbox    │
               │ Docker/Apple  │
               │  Container    │
               └───────────────┘

See Quickstart for gateway startup, message flow, sessions, and memory details.

Getting Started

Build & Run

Requires just (command runner) and Node.js (for Tailwind CSS).

git clone https://github.com/moltis-org/moltis.git
cd moltis
just build-css                  # Build Tailwind CSS for the web UI
just build-release              # Build in release mode
cargo run --release --bin moltis

For a full release build including WASM sandbox tools:

just build-release-with-wasm    # Builds WASM artifacts + release binary
cargo run --release --bin moltis

Open https://moltis.localhost:3000. On first run, a setup code is printed to the terminal — enter it in the web UI to set your password or register a passkey.

Optional flags: --config-dir /path/to/config --data-dir /path/to/data

Docker

# Docker / OrbStack
docker run -d \
  --name moltis \
  -p 13131:13131 \
  -p 13132:13132 \
  -p 1455:1455 \
  -v moltis-config:/home/moltis/.config/moltis \
  -v moltis-data:/home/moltis/.moltis \
  -v /var/run/docker.sock:/var/run/docker.sock \
  ghcr.io/moltis-org/moltis:latest

Open https://localhost:13131 and complete the setup. For unattended Docker deployments, set MOLTIS_PASSWORD, MOLTIS_PROVIDER, and MOLTIS_API_KEY before first boot to skip the setup wizard. See Docker docs for Podman, OrbStack, TLS trust, and persistence details.

Cloud Deployment

Provider Deploy
DigitalOcean Deploy to DO

Fly.io (CLI):

fly launch --image ghcr.io/moltis-org/moltis:latest
fly secrets set MOLTIS_PASSWORD="your-password"

All cloud configs use --no-tls because the provider handles TLS termination. See Cloud Deploy docs for details.

Star History

Star History Chart

License

MIT

About

A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memory, Telegram, WhatsApp, Discord, Teams, and MCP tools. Secure by design, runs on your hardware.

Topics

Resources

License

Contributing

Security policy

Stars

2.8k stars

Watchers

22 watching

Forks

Packages

 
 
 

Contributors