[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74664":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":39,"readmeContent":40,"aiSummary":41,"trendingCount":16,"starSnapshotCount":16,"syncStatus":42,"lastSyncTime":43,"discoverSource":44},74664,"moltis","moltis-org\u002Fmoltis","moltis-org","A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memory, Telegram, WhatsApp, Discord, Teams, and MCP tools. Secure by design, runs on your hardware.","https:\u002F\u002Fmoltis.org",null,"Rust",2735,321,22,59,0,12,21,63,36,29.52,"MIT License",false,"main",true,[27,28,29,30,31,32,33,34,35,36,37,38],"ai-agent","ai-assistant","clawdbot","llm","mcp","openclaw","rust","sandbox","self-hosted","single-binary","telegram-bot","voice-assistant","2026-06-12 02:03:26","\u003Cdiv align=\"center\">\n\n\u003Ca href=\"https:\u002F\u002Fmoltis.org\">\u003Cimg src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fmoltis-org\u002Fmoltis\u002Fmain\u002Fwebsite\u002Ffavicon.svg\" alt=\"Moltis\" width=\"64\">\u003C\u002Fa>\n\n# Moltis — A secure persistent personal agent server in Rust\n\nOne binary — sandboxed, secure, yours.\n\n[![CI](https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\u002Factions\u002Fworkflows\u002Fci.yml)\n[![codecov](https:\u002F\u002Fcodecov.io\u002Fgh\u002Fmoltis-org\u002Fmoltis\u002Fgraph\u002Fbadge.svg)](https:\u002F\u002Fcodecov.io\u002Fgh\u002Fmoltis-org\u002Fmoltis)\n[![CodSpeed](https:\u002F\u002Fimg.shields.io\u002Fendpoint?url=https:\u002F\u002Fcodspeed.io\u002Fbadge.json&style=flat&label=CodSpeed)](https:\u002F\u002Fcodspeed.io\u002Fmoltis-org\u002Fmoltis)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-blue.svg)](LICENSE)\n[![Rust](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FRust-1.91%2B-orange.svg)](https:\u002F\u002Fwww.rust-lang.org)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F1469505370169933837?color=5865F2&label=Discord&logo=discord&logoColor=white)](https:\u002F\u002Fdiscord.gg\u002FXnmrepsXp5)\n\n[Installation](#installation) • [Comparison](#comparison) • [Architecture](#architecture--crate-map) • [Security](#security) • [Features](#features) • [How It Works](#how-it-works) • [Contributing](CONTRIBUTING.md)\n\n\u003C\u002Fdiv>\n\n---\n\nMoltis recently hit [the front page of Hacker News](https:\u002F\u002Fnews.ycombinator.com\u002Fitem?id=46993587). Please [open an issue](https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\u002Fissues) for any friction at all. I'm focused on making Moltis excellent.\n\n**Secure by design** — Your keys never leave your machine. Every command runs in a sandboxed container, never on your host.\n\n**Your hardware** — Runs on a Mac Mini, a Raspberry Pi, or any server you own. One Rust binary, no Node.js, no npm, no runtime.\n\n**Full-featured** — Voice, memory, cross-session recall, automatic edit checkpoints, scheduling, Telegram, Signal, Discord, browser automation, MCP servers, SSH or node-backed remote exec, managed deploy keys with host pinning in the web UI, a live Settings → Tools inventory, Cursor-compatible project context, and context-file threat scanning — all built-in. No plugin marketplace to get supply-chain attacked through.\n\n**Auditable** — The agent runner and model interface fit in ~7.5K lines, with providers in ~19K more. The Rust workspace is ~270K lines across 59 modular crates you can audit independently, with 470+ Rust files containing tests. Unsafe code is isolated to FFI and precompiled runtime boundaries, not the core agent loop.\n\n## Installation\n\n```bash\n# One-liner install script (macOS \u002F Linux)\ncurl -fsSL https:\u002F\u002Fwww.moltis.org\u002Finstall.sh | sh\n\n# macOS \u002F Linux via Homebrew\nbrew install moltis-org\u002Ftap\u002Fmoltis\n\n# Docker (multi-arch: amd64\u002Farm64)\ndocker pull ghcr.io\u002Fmoltis-org\u002Fmoltis:latest\n\n# Or build from source\ncargo install moltis --git https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\n```\n\n## Comparison\n\n| | OpenClaw | Hermes Agent | **Moltis** |\n|---|---|---|---|\n| Primary stack | TypeScript + Swift\u002FKotlin companion apps | Python + TypeScript TUI\u002Fweb surfaces | **Rust** |\n| Runtime | Node.js + npm\u002Fpnpm\u002Fbun | Python + uv\u002Fpip, optional Node UI pieces | **Single Rust binary** |\n| Local checkout size\\* | ~1.1M app LoC | ~152K app LoC | **~270K Rust LoC** |\n| Architecture | Broad gateway, channel, node, and app ecosystem | CLI\u002Fgateway agent with learning loop and research tooling | **Persistent personal agent server with modular crates** |\n| Crates\u002Fmodules | npm packages, extensions, apps | Python packages, plugins, tools, TUI | **59 Rust workspace crates** |\n| Sandbox\u002Fbackends | App-level permissions, browser\u002Fnode tools | Local, Docker, SSH, Daytona, Singularity, Modal | **Docker\u002FPodman + Apple Container + WASM** |\n| Auth\u002Faccess | Pairing and local gateway controls | CLI and messaging gateway setup | **Password + Passkey + API keys + Vault** |\n| Voice I\u002FO | Voice wake and talk modes | Voice memo transcription | **Built-in STT + TTS providers** |\n| MCP | Plugin\u002Fintegration support | MCP integration | **stdio + HTTP\u002FSSE** |\n| Skills | Bundled, managed, and workspace skills | Self-improving skills and Skills Hub support | **Bundled\u002Fworkspace skills + autonomous improvement + OpenClaw import** |\n| Memory\u002FRAG | Plugin-backed memory and context engine | Agent-curated memory, session search, user modeling | **SQLite + FTS + vector memory** |\n\n\\* LoC measured with `tokei`, excluding `node_modules`, generated build output, `dist`, and `target`.\n\n> [Full comparison in the docs →](https:\u002F\u002Fdocs.moltis.org\u002Fcomparison.html)\n\n## Architecture — Crate Map\n\nCurrent Rust workspace: ~270K LoC across 59 crates. The table below groups the main crates by role so the architecture stays scannable.\n\n**Core runtime**:\n\n| Crate | LoC | Role |\n|-------|-----|------|\n| `moltis-gateway` | 37.4K | HTTP\u002FWS server, RPC, auth, startup wiring |\n| `moltis-tools` | 37.0K | Tool execution, sandboxing, WASM tools |\n| `moltis-providers` | 18.9K | LLM provider implementations |\n| `moltis-agents` | 14.5K | Agent loop, streaming, prompt assembly |\n| `moltis-chat` | 14.2K | Chat engine, agent orchestration |\n| `moltis-config` | 10.3K | Configuration, validation |\n| `moltis-httpd` | 9.9K | HTTP server primitives and middleware |\n| `moltis` (CLI) | 4.7K | Entry point, CLI commands |\n| `moltis-sessions` | 3.5K | Session persistence |\n| `moltis-common` | 1.5K | Shared utilities |\n| `moltis-service-traits` | 1.2K | Shared service interfaces |\n| `moltis-protocol` | 0.7K | Wire protocol types |\n\n**Feature and integration crates**:\n\n| Category | Crates | Combined LoC |\n|----------|--------|-------------|\n| Channels | `moltis-telegram`, `moltis-whatsapp`, `moltis-signal`, `moltis-discord`, `moltis-msteams`, `moltis-matrix`, `moltis-slack`, `moltis-nostr`, `moltis-channels` | 34.0K |\n| Web and APIs | `moltis-web`, `moltis-graphql`, `moltis-webhooks` | 10.8K |\n| Extensibility | `moltis-mcp`, `moltis-mcp-agent-bridge`, `moltis-skills`, `moltis-plugins` | 11.5K |\n| Memory and context | `moltis-memory`, `moltis-qmd`, `moltis-code-index`, `moltis-projects` | 11.7K |\n| Voice and browser | `moltis-voice`, `moltis-browser` | 9.2K |\n| Auth and security | `moltis-auth`, `moltis-oauth`, `moltis-vault`, `moltis-secret-store`, `moltis-network-filter`, `moltis-tls` | 8.5K |\n| Scheduling and automation | `moltis-cron`, `moltis-caldav`, `moltis-auto-reply` | 4.7K |\n| Setup and import | `moltis-provider-setup`, `moltis-openclaw-import`, `moltis-onboarding` | 11.7K |\n| Native and node hosts | `moltis-swift-bridge`, `moltis-node-host`, `moltis-courier` | 5.7K |\n| WASM tools | `moltis-wasm-precompile`, `moltis-wasm-calc`, `moltis-wasm-web-fetch`, `moltis-wasm-web-search` | 1.4K |\n| Supporting crates | `moltis-media`, `moltis-metrics`, `moltis-tailscale`, `moltis-routing`, `moltis-canvas`, `moltis-schema-export`, `benchmarks` | 2.1K |\n\nUse `--no-default-features --features lightweight` for constrained devices (Raspberry Pi, etc.).\n\n## Security\n\n- **Small unsafe surface** — core agent\u002Fgateway code stays safe Rust; unsafe is isolated to Swift FFI, local model wrappers, and precompiled WASM boundaries\n- **Sandboxed execution** — Docker + Apple Container, per-session isolation\n- **Secret handling** — `secrecy::Secret`, zeroed on drop, redacted from tool output\n- **Authentication** — password + passkey (WebAuthn), rate-limited, per-IP throttle\n- **SSRF protection** — DNS-resolved, blocks loopback\u002Fprivate\u002Flink-local\n- **Origin validation** — rejects cross-origin WebSocket upgrades\n- **Hook gating** — `BeforeToolCall` hooks can inspect\u002Fblock any tool invocation\n- **Supply chain integrity** — [artifact attestations](https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\u002Fattestations), Sigstore keyless signing, GPG signing (YubiKey), SHA-256\u002FSHA-512 checksums\n\nSee [Security Architecture](https:\u002F\u002Fdocs.moltis.org\u002Fsecurity.html) for details.\nVerify releases with `gh attestation verify \u003Cartifact> -R moltis-org\u002Fmoltis` or see [Release Verification](https:\u002F\u002Fdocs.moltis.org\u002Frelease-verification.html).\n\n## Features\n\n- **AI Gateway** — Multi-provider LLM support (OpenAI Codex, GitHub Copilot, Local), streaming responses, agent loop with sub-agent delegation, session modes, parallel tool execution\n- **Communication** — Web UI, Telegram, Signal, Microsoft Teams, Discord, API access, voice I\u002FO (8 TTS + 7 STT providers), mobile PWA with push notifications\n- **Memory & Recall** — Per-agent memory workspaces, embeddings-powered long-term memory, hybrid vector + full-text search, session persistence with auto-compaction, cross-session recall, Cursor-compatible project context, context-file safety scanning\n- **Safer Agent Editing** — Automatic checkpoints before built-in skill and memory mutations, restore tooling, session branching\n- **Extensibility** — MCP servers (stdio + HTTP\u002FSSE), skill system, 15 lifecycle hook events with circuit breaker, destructive command guard\n- **Security** — Encryption-at-rest vault (XChaCha20-Poly1305 + Argon2id), password + passkey + API key auth, sandbox isolation, SSRF\u002FCSWSH protection\n- **Operations** — Cron scheduling, OpenTelemetry tracing, Prometheus metrics, cloud deploy (Fly.io, DigitalOcean), Tailscale integration, managed SSH deploy keys, host-pinned remote targets, live tool inventory in Settings, and CLI\u002Fweb remote-exec doctor flows\n\n## How It Works\n\nMoltis is a **local-first persistent agent server** — a single Rust binary that\nsits between you and multiple LLM providers, keeps durable session state, and\ncan meet you across channels without handing your data to a cloud relay.\n\n```\n┌─────────────┐ ┌─────────────┐ ┌─────────────┐\n│ Web UI │ │ Telegram │ │ Discord │\n└──────┬──────┘ └──────┬──────┘ └──────┬──────┘\n │ │ │\n └────────┬───────┴────────┬───────┘\n │ WebSocket │\n ▼ ▼\n ┌─────────────────────────────────┐\n │ Gateway Server │\n │ (Axum · HTTP · WS · Auth) │\n ├─────────────────────────────────┤\n │ Chat Service │\n │ ┌───────────┐ ┌─────────────┐ │\n │ │ Agent │ │ Tool │ │\n │ │ Runner │◄┤ Registry │ │\n │ └─────┬─────┘ └─────────────┘ │\n │ │ │\n │ ┌─────▼─────────────────────┐ │\n │ │ Provider Registry │ │\n │ │ Multiple providers │ │\n │ │ (Codex · Copilot · Local)│ │\n │ └───────────────────────────┘ │\n ├─────────────────────────────────┤\n │ Sessions │ Memory │ Hooks │\n │ (JSONL) │ (SQLite)│ (events) │\n └─────────────────────────────────┘\n │\n ┌───────▼───────┐\n │ Sandbox │\n │ Docker\u002FApple │\n │ Container │\n └───────────────┘\n```\n\nSee [Quickstart](https:\u002F\u002Fdocs.moltis.org\u002Fquickstart.html) for gateway startup, message flow, sessions, and memory details.\n\n## Getting Started\n\n### Build & Run\n\nRequires [just](https:\u002F\u002Fgithub.com\u002Fcasey\u002Fjust) (command runner) and Node.js (for Tailwind CSS).\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis.git\ncd moltis\njust build-css # Build Tailwind CSS for the web UI\njust build-release # Build in release mode\ncargo run --release --bin moltis\n```\n\nFor a full release build including WASM sandbox tools:\n\n```bash\njust build-release-with-wasm # Builds WASM artifacts + release binary\ncargo run --release --bin moltis\n```\n\nOpen `https:\u002F\u002Fmoltis.localhost:3000`. On first run, a setup code is printed to\nthe terminal — enter it in the web UI to set your password or register a passkey.\n\nOptional flags: `--config-dir \u002Fpath\u002Fto\u002Fconfig --data-dir \u002Fpath\u002Fto\u002Fdata`\n\n### Docker\n\n```bash\n# Docker \u002F OrbStack\ndocker run -d \\\n --name moltis \\\n -p 13131:13131 \\\n -p 13132:13132 \\\n -p 1455:1455 \\\n -v moltis-config:\u002Fhome\u002Fmoltis\u002F.config\u002Fmoltis \\\n -v moltis-data:\u002Fhome\u002Fmoltis\u002F.moltis \\\n -v \u002Fvar\u002Frun\u002Fdocker.sock:\u002Fvar\u002Frun\u002Fdocker.sock \\\n ghcr.io\u002Fmoltis-org\u002Fmoltis:latest\n```\n\nOpen `https:\u002F\u002Flocalhost:13131` and complete the setup. For unattended Docker\ndeployments, set `MOLTIS_PASSWORD`, `MOLTIS_PROVIDER`, and `MOLTIS_API_KEY`\nbefore first boot to skip the setup wizard. See [Docker docs](https:\u002F\u002Fdocs.moltis.org\u002Fdocker.html)\nfor Podman, OrbStack, TLS trust, and persistence details.\n\n### Cloud Deployment\n\n| Provider | Deploy |\n|----------|--------|\n| DigitalOcean | [![Deploy to DO](https:\u002F\u002Fwww.deploytodo.com\u002Fdo-btn-blue.svg)](https:\u002F\u002Fcloud.digitalocean.com\u002Fapps\u002Fnew?repo=https:\u002F\u002Fgithub.com\u002Fmoltis-org\u002Fmoltis\u002Ftree\u002Fmain) |\n\n**Fly.io** (CLI):\n\n```bash\nfly launch --image ghcr.io\u002Fmoltis-org\u002Fmoltis:latest\nfly secrets set MOLTIS_PASSWORD=\"your-password\"\n```\n\nAll cloud configs use `--no-tls` because the provider handles TLS termination.\nSee [Cloud Deploy docs](https:\u002F\u002Fdocs.moltis.org\u002Fcloud-deploy.html) for details.\n\n## Star History\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=moltis-org\u002Fmoltis&type=date&legend=top-left)](https:\u002F\u002Fwww.star-history.com\u002F#moltis-org\u002Fmoltis&type=date&legend=top-left)\n\n## License\n\nMIT\n","Moltis 是一个用 Rust 编写的个人代理服务器,旨在提供安全且持久的服务。其核心功能包括沙箱执行环境、多提供商的大语言模型支持、语音交互以及与 Telegram、WhatsApp、Discord 和 Teams 等多种通信平台的集成。设计上强调安全性,确保用户的密钥不会离开本地设备,并且所有命令都在隔离环境中运行。此外,Moltis 作为单一可执行文件,无需额外依赖即可在用户自有的硬件(如 Mac Mini 或 Raspberry Pi)上轻松部署。它适用于需要高安全性和隐私保护的个人或小型团队场景,特别是在追求数据主权和避免云服务依赖的情况下。",2,"2026-06-11 03:50:20","high_star"]