moltis: a secure persistent personal agent server with sandboxed execution and multi-channel access
moltis: a secure persistent personal agent server with sandboxed execution and multi-channel access
What it solves
Moltis is a secure, persistent personal agent server designed to give users full control over their AI agents and data. It eliminates the need for cloud relays by providing a local-first architecture where keys and data remain on the user's own hardware (such as a Mac Mini or Raspberry Pi), while still allowing access across multiple communication channels.
How it works
It operates as a single Rust binary that acts as a gateway between the user and various LLM providers. The system uses a modular architecture consisting of 59 crates to handle chat orchestration, session persistence, and memory. To ensure security, every command is executed within a sandboxed container (Docker, Podman, Apple Container, or WASM), and sensitive data is stored in an encryption-at-rest vault.
Who it’s for
It is built for users who want a private, self-hosted AI agent server with professional-grade security, auditability, and the ability to interact with their agent via Web UI, Telegram, Signal, Discord, and other messaging apps.
Highlights
- Secure Execution: All tool calls run in sandboxed containers to prevent host system compromise.
- Multi-Channel Access: Built-in integrations for Telegram, Signal, Discord, Microsoft Teams, and more.
- Hybrid Memory: Combines SQLite full-text search with vector memory for long-term recall and cross-session context.
- Extensibility: Supports Model Context Protocol (MCP) servers via stdio and HTTP/SSE, and includes a custom skill system.
- Voice Integration: Integrated speech-to-text (STT) and text-to-speech (TTS) providers.
- Auditability: Written in Rust with a small unsafe surface, making the core agent loop easy to audit.
Sources
- undefinedmoltis-org/moltis