moltis: a secure persistent personal agent server with sandboxed execution and multi-channel access

moltis: a secure persistent personal agent server with sandboxed execution and multi-channel access

What it solves

Moltis is a secure, persistent personal agent server designed to give users full control over their AI agents and data. It eliminates the need for cloud relays by providing a local-first architecture where keys and data remain on the user's own hardware (such as a Mac Mini or Raspberry Pi), while still allowing access across multiple communication channels.

How it works

It operates as a single Rust binary that acts as a gateway between the user and various LLM providers. The system uses a modular architecture consisting of 59 crates to handle chat orchestration, session persistence, and memory. To ensure security, every command is executed within a sandboxed container (Docker, Podman, Apple Container, or WASM), and sensitive data is stored in an encryption-at-rest vault.

Who it’s for

It is built for users who want a private, self-hosted AI agent server with professional-grade security, auditability, and the ability to interact with their agent via Web UI, Telegram, Signal, Discord, and other messaging apps.

Highlights

  • Secure Execution: All tool calls run in sandboxed containers to prevent host system compromise.
  • Multi-Channel Access: Built-in integrations for Telegram, Signal, Discord, Microsoft Teams, and more.
  • Hybrid Memory: Combines SQLite full-text search with vector memory for long-term recall and cross-session context.
  • Extensibility: Supports Model Context Protocol (MCP) servers via stdio and HTTP/SSE, and includes a custom skill system.
  • Voice Integration: Integrated speech-to-text (STT) and text-to-speech (TTS) providers.
  • Auditability: Written in Rust with a small unsafe surface, making the core agent loop easy to audit.

Sources