freshcrate
Home > MCP Servers > moltis

moltis

A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memory, Telegram, WhatsApp, Discord, Teams, and MCP tools. Secure by design, runs on you

Description

A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memory, Telegram, WhatsApp, Discord, Teams, and MCP tools. Secure by design, runs on your hardware.

README

Moltis

Moltis โ€” A secure persistent personal agent server in Rust

One binary โ€” sandboxed, secure, yours.

CI codecov CodSpeedLicense: MIT Rust Discord

Installation โ€ข Comparison โ€ข Architecture โ€ข Security โ€ข Features โ€ข How It Works โ€ข Contributing


Moltis recently hit the front page of Hacker News. Please open an issue for any friction at all. I'm focused on making Moltis excellent.

Secure by design โ€” Your keys never leave your machine. Every command runs in a sandboxed container, never on your host.

Your hardware โ€” Runs on a Mac Mini, a Raspberry Pi, or any server you own. One Rust binary, no Node.js, no npm, no runtime.

Full-featured โ€” Voice, memory, cross-session recall, automatic edit checkpoints, scheduling, Telegram, Discord, browser automation, MCP servers, SSH or node-backed remote exec, managed deploy keys with host pinning in the web UI, a live Settings โ†’ Tools inventory, Cursor-compatible project context, and context-file threat scanning โ€” all built-in. No plugin marketplace to get supply-chain attacked through.

Auditable โ€” The agent loop + provider model fits in ~5K lines. The core (excluding the optional web UI) is ~196K lines across 46 modular crates you can audit independently, with 3,100+ tests and zero unsafe code*.

Installation

# One-liner install script (macOS / Linux)
curl -fsSL https://www.moltis.org/install.sh | sh

# macOS / Linux via Homebrew
brew install moltis-org/tap/moltis

# Docker (multi-arch: amd64/arm64)
docker pull ghcr.io/moltis-org/moltis:latest

# Or build from source
cargo install moltis --git https://github.com/moltis-org/moltis

Comparison

OpenClaw PicoClaw NanoClaw ZeroClaw Moltis
Language TypeScript Go TypeScript Rust Rust
Agent loop ~430K LoC Small ~500 LoC ~3.4K LoC ~5K LoC (runner.rs + model.rs)
Full codebase โ€” โ€” โ€” 1,000+ tests ~124K LoC (2,300+ tests)
Runtime Node.js + npm Single binary Node.js Single binary (3.4 MB) Single binary (44 MB)
Sandbox App-level โ€” Docker Docker Docker + Apple Container
Memory safety GC GC GC Ownership Ownership, zero unsafe*
Auth Basic API keys None Token + OAuth Password + Passkey + API keys + Vault
Voice I/O Plugin โ€” โ€” โ€” Built-in (15+ providers)
MCP Yes โ€” โ€” โ€” Yes (stdio + HTTP/SSE)
Hooks Yes (limited) โ€” โ€” โ€” 15 event types
Skills Yes (store) Yes Yes Yes Yes (+ OpenClaw Store)
Memory/RAG Plugin โ€” Per-group SQLite + FTS SQLite + FTS + vector

* unsafe is denied workspace-wide. The only exceptions are opt-in FFI wrappers behind the local-embeddings feature flag, not part of the core.

Full comparison with benchmarks โ†’

Architecture โ€” Crate Map

Core (always compiled):

Crate LoC Role
moltis (cli) 4.0K Entry point, CLI commands
moltis-agents 9.6K Agent loop, streaming, prompt assembly
moltis-providers 17.6K LLM provider implementations
moltis-gateway 36.1K HTTP/WS server, RPC, auth
moltis-chat 11.5K Chat engine, agent orchestration
moltis-tools 21.9K Tool execution, sandbox
moltis-config 7.0K Configuration, validation
moltis-sessions 3.8K Session persistence
moltis-plugins 1.9K Hook dispatch, plugin formats
moltis-service-traits 1.3K Shared service interfaces
moltis-common 1.1K Shared utilities
moltis-protocol 0.8K Wire protocol types

Optional (feature-gated or additive):

Category Crates Combined LoC
Web UI moltis-web 4.5K
GraphQL moltis-graphql 4.8K
Voice moltis-voice 6.0K
Memory moltis-memory, moltis-qmd 5.9K
Channels moltis-telegram, moltis-whatsapp, moltis-discord, moltis-msteams, moltis-channels 14.9K
Browser moltis-browser 5.1K
Scheduling moltis-cron, moltis-caldav 5.2K
Extensibility moltis-mcp, moltis-skills, moltis-wasm-tools 9.1K
Auth & Security moltis-auth, moltis-oauth, moltis-onboarding, moltis-vault 6.6K
Networking moltis-network-filter, moltis-tls, moltis-tailscale 3.5K
Provider setup moltis-provider-setup 4.3K
Import moltis-openclaw-import 7.6K
Apple native moltis-swift-bridge 2.1K
Metrics moltis-metrics 1.7K
Other moltis-projects, moltis-media, moltis-routing, moltis-canvas, moltis-auto-reply, moltis-schema-export, moltis-benchmarks 2.5K

Use --no-default-features --features lightweight for constrained devices (Raspberry Pi, etc.).

Security

  • Zero unsafe code* โ€” denied workspace-wide; only opt-in FFI behind local-embeddings flag
  • Sandboxed execution โ€” Docker + Apple Container, per-session isolation
  • Secret handling โ€” secrecy::Secret, zeroed on drop, redacted from tool output
  • Authentication โ€” password + passkey (WebAuthn), rate-limited, per-IP throttle
  • SSRF protection โ€” DNS-resolved, blocks loopback/private/link-local
  • Origin validation โ€” rejects cross-origin WebSocket upgrades
  • Hook gating โ€” BeforeToolCall hooks can inspect/block any tool invocation
  • Supply chain integrity โ€” artifact attestations, Sigstore keyless signing, GPG signing (YubiKey), SHA-256/SHA-512 checksums

See Security Architecture for details. Verify releases with gh attestation verify <artifact> -R moltis-org/moltis or see Release Verification.

Features

  • AI Gateway โ€” Multi-provider LLM support (OpenAI Codex, GitHub Copilot, Local), streaming responses, agent loop with sub-agent delegation, parallel tool execution
  • Communication โ€” Web UI, Telegram, Microsoft Teams, Discord, API access, voice I/O (8 TTS + 7 STT providers), mobile PWA with push notifications
  • Memory & Recall โ€” Per-agent memory workspaces, embeddings-powered long-term memory, hybrid vector + full-text search, session persistence with auto-compaction, cross-session recall, Cursor-compatible project context, context-file safety scanning
  • Safer Agent Editing โ€” Automatic checkpoints before built-in skill and memory mutations, restore tooling, session branching
  • Extensibility โ€” MCP servers (stdio + HTTP/SSE), skill system, 15 lifecycle hook events with circuit breaker, destructive command guard
  • Security โ€” Encryption-at-rest vault (XChaCha20-Poly1305 + Argon2id), password + passkey + API key auth, sandbox isolation, SSRF/CSWSH protection
  • Operations โ€” Cron scheduling, OpenTelemetry tracing, Prometheus metrics, cloud deploy (Fly.io, DigitalOcean), Tailscale integration, managed SSH deploy keys, host-pinned remote targets, live tool inventory in Settings, and CLI/web remote-exec doctor flows

How It Works

Moltis is a local-first persistent agent server โ€” a single Rust binary that sits between you and multiple LLM providers, keeps durable session state, and can meet you across channels without handing your data to a cloud relay.

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚   Web UI    โ”‚  โ”‚  Telegram   โ”‚  โ”‚  Discord    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”˜
       โ”‚                โ”‚                โ”‚
       โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                โ”‚   WebSocket    โ”‚
                โ–ผ                โ–ผ
        โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
        โ”‚          Gateway Server         โ”‚
        โ”‚   (Axum ยท HTTP ยท WS ยท Auth)     โ”‚
        โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
        โ”‚        Chat Service             โ”‚
        โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”‚
        โ”‚  โ”‚   Agent   โ”‚ โ”‚    Tool     โ”‚  โ”‚
        โ”‚  โ”‚   Runner  โ”‚โ—„โ”ค   Registry  โ”‚  โ”‚
        โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ”‚
        โ”‚        โ”‚                        โ”‚
        โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”‚
        โ”‚  โ”‚    Provider Registry      โ”‚  โ”‚
        โ”‚  โ”‚  Multiple providers       โ”‚  โ”‚
        โ”‚  โ”‚  (Codex ยท Copilot ยท Local)โ”‚  โ”‚
        โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ”‚
        โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
        โ”‚  Sessions  โ”‚ Memory  โ”‚  Hooks   โ”‚
        โ”‚  (JSONL)   โ”‚ (SQLite)โ”‚ (events) โ”‚
        โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚
               โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
               โ”‚    Sandbox    โ”‚
               โ”‚ Docker/Apple  โ”‚
               โ”‚  Container    โ”‚
               โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

See Quickstart for gateway startup, message flow, sessions, and memory details.

Getting Started

Build & Run

Requires just (command runner) and Node.js (for Tailwind CSS).

git clone https://github.com/moltis-org/moltis.git
cd moltis
just build-css                  # Build Tailwind CSS for the web UI
just build-release              # Build in release mode
cargo run --release --bin moltis

For a full release build including WASM sandbox tools:

just build-release-with-wasm    # Builds WASM artifacts + release binary
cargo run --release --bin moltis

Open https://moltis.localhost:3000. On first run, a setup code is printed to the terminal โ€” enter it in the web UI to set your password or register a passkey.

Optional flags: --config-dir /path/to/config --data-dir /path/to/data

Docker

# Docker / OrbStack
docker run -d \
  --name moltis \
  -p 13131:13131 \
  -p 13132:13132 \
  -p 1455:1455 \
  -v moltis-config:/home/moltis/.config/moltis \
  -v moltis-data:/home/moltis/.moltis \
  -v /var/run/docker.sock:/var/run/docker.sock \
  ghcr.io/moltis-org/moltis:latest

Open https://localhost:13131 and complete the setup. For unattended Docker deployments, set MOLTIS_PASSWORD, MOLTIS_PROVIDER, and MOLTIS_API_KEY before first boot to skip the setup wizard. See Docker docs for Podman, OrbStack, TLS trust, and persistence details.

Cloud Deployment

Provider Deploy
DigitalOcean Deploy to DO

Fly.io (CLI):

fly launch --image ghcr.io/moltis-org/moltis:latest
fly secrets set MOLTIS_PASSWORD="your-password"

All cloud configs use --no-tls because the provider handles TLS termination. See Cloud Deploy docs for details.

Star History

Star History Chart

License

MIT

Release History

VersionChangesUrgencyDate
20260420.02Latest release: 20260420.02High4/20/2026
20260417.02Latest release: 20260417.02High4/17/2026
20260414.02Latest release: 20260414.02High4/14/2026
20260413.06Latest release: 20260413.06High4/14/2026
20260410.01Latest release: 20260410.01High4/10/2026
20260408.01Latest release: 20260408.01High4/8/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

edgecrabEdgeCrab ๐Ÿฆ€ A Super Powerful Personal Assistant inspired by NousHermes and OpenClaw โ€” Rust-native, blazing-fast terminal UI, ReAct tool loop, multi-provider LLM support, ACP protocol, gateway adaptersv0.7.0
hrafnLightweight, modular AI agent runtime โ€” thinks (Hrafn) and remembers (MuninnDB) ๐Ÿฆโ€โฌ›master@2026-04-18
TomoriBotA highly customizable personal AI assistant for Discord featuring smart agentic AI features such as memory, personas, tool usage, and more! ๏ฝœ ้•ทๆœŸ่จ˜ๆ†ถใ‚„ใƒšใƒซใ‚ฝใƒŠใ€ใƒ„ใƒผใƒซ้€ฃๆบใ‚’ๅฎŒๅ‚™ใ€‚ ๆฌกไธ–ไปฃใฎใ€Œ่‡ชๅพ‹ๅž‹AIใ‚จใƒผใ‚ธใ‚งใƒณใƒˆใ€Discordใƒœใƒƒใƒˆ๏ผv0.7.904
tekmetric-mcp๐Ÿ” Ask questions about your shop data in natural language and get instant answers about appointments, customers, and repair orders with Tekmetric MCP.main@2026-04-21
mcp-yandex-trackerManage and automate tasks in Yandex Tracker using a robust MCP integration for efficient issue tracking and project control.main@2026-04-21