Valmis: An Open-Source AI Agent Framework with Security-First Proxy Architecture

Valmis: An Open-Source AI Agent Framework with Security-First Proxy Architecture

Valmis is an open-source cloud-based application designed to deploy AI agents for production workflows. It distinguishes itself from other personal assistant tools by implementing a security-first architecture that prevents AI agents from accessing raw API credentials or host files, making it suitable for enterprise and professional environments.

Secure Proxy Architecture for Credential Isolation

Valmis solves the security risks associated with AI agents storing plain-text credentials in memory or sending them to LLM providers by using a proxy system.

In this architecture, the dockerized agent runtime is completely isolated from the host machine. When an agent needs to perform an action, it does not use a credential; instead, it requests the host machine to make an API request by providing a specific credential ID. The host machine executes the actual request and returns only the JSON data to the agent. This design allows administrators to disable internet access for the agent container entirely while maintaining the agent's ability to function through the host proxy.

Key security specifications include:

  • Encryption: Credentials are encrypted using AES-256-GCM and stored in the database.
  • Isolation: Each agent possesses its own file system, isolated from other agents and the host machine.
  • Strict Boundaries: Access to specific credentials is controlled at the code level, ensuring agents only access authorized tools.

Multi-Agent Orchestration and Automated Workflows

Valmis supports the creation of a fleet of independent or collaborative agents, each with unique configurations:

  • Customizable Agents: Each agent can be assigned different LLM providers (supporting nearly 200 models from 20 providers including OpenAI, Anthropic, and Google), specific skills, and dedicated knowledge bases.
  • Hierarchical Management: Agents can be configured as "team leads" with the authority to manage the workflows of other agents, creating a decision tree overseen by a human user.
  • Workflow Automation: A visual workflow builder canvas allows users to create multi-step processes triggered by cron jobs, webhooks, or app events (e.g., new emails or form submissions). These workflows support loops and both "smart" conditions (AI-determined) and "strict" conditions (programming logic).

Cognitive Memory and Knowledge Integration

Valmis implements a memory system inspired by cognitive research, dividing agent memory into four distinct categories to ensure persistence across sessions:

  1. Episodic: Records of what happened.
  2. Semantic: Durable facts.
  3. Procedural: Rules and constraints.
  4. Working: Short-lived context.

Agents automatically distill learned information at the end of a session to improve future interactions. This system utilizes pgvector for semantic search and text embedding to fetch relevant memories.

Tooling and Integration Capabilities

Valmis provides extensive connectivity to business and productivity tools:

  • App Integrations: The platform supports over 100 integrations, including Google Workspace, Slack, Notion, HubSpot, Salesforce, and Figma. Each integration is defined via a YAML file, making the catalog easily extensible.
  • Browser Automation: Agents can operate a headless browser to navigate pages, fill forms, and take screenshots. Like API calls, browser sessions are managed by the host machine via proxy.
  • Knowledge Base: Enterprise data can be integrated via Google Drive, Dropbox, and Notion, or through direct file uploads.
  • Human-in-the-Loop: The system includes a mechanism where agents pause and request human input before making critical decisions.
  • Specialized Tooling: The platform includes a chess-engine tool, allowing agents to play legitimate chess moves by relying on a calculated engine rather than text-based LLM generation, which is prone to hallucination.

Deployment and Licensing

Valmis is released under the Apache License 2.0. It can be deployed using Docker Compose, which orchestrates the frontend, backend, a pgvector-enabled PostgreSQL database, and a Docker socket proxy for the agent runtime.

Sources