local_fire_departmentHoneystax
search⌘K
loginLog Inperson_addSign Up
layers
HONEYSTAX TERMINAL v1.0
HomeNewsSavedSubmit
Back to the live board
M

moltis

Agent

A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memor...

Copy the install, test the workflow, then decide if it earns a permanent slot.

2,622
Why nowMoving now

Fresh repo activity plus visible builder pull. This is the kind of tool people test before it turns obvious.

DecisionHigh-conviction move

Copy the install, test the workflow, then decide if it earns a permanent slot.

Trial costDeep lift

This wants more setup and more teardown. Run it only if the upside is clear.

Risk32/100

GitHub health 62/100. no security policy. Fresh enough repo health and manageable issue load keep the risk controlled.

What You Are Adopting

AI Agent

OpenClaw

Model

Multiple

Build Time

Minutes

Test This In Your Stack

One command inClean rollbackLow commitment
shieldSandboxedInstalls to ~/.claude — isolated from your projects. One command to remove.

Fastest way to find out if moltis belongs in your setup.

Copy the install command, run a real test, and back it out cleanly if it slows you down.

Try now
git clone https://github.com/moltis-org/moltis ~/.claude/agents/moltis

Run this first. You will know quickly if the workflow earns a permanent slot.

Back out
rm -rf ~/.claude/agents/moltis

No messy cleanup loop. If it misses, remove it and keep moving.

Install Location

~/  └─ .claude/      ├─ commands/      ├─ agents/      │   └─ moltis/ ← installs here      └─ settings.json

About

A secure persistent personal agent server in Rust. One binary, sandboxed execution, multi-provider LLMs, voice, memory, Telegram, WhatsApp, Discord, Teams, and MCP tools. Secure by design, runs on your hardware.

README

Moltis

Moltis — A Rust-native claw you can trust

One binary — sandboxed, secure, yours.

CI codecov CodSpeed License: MIT Rust Discord

Installation • Comparison • Architecture • Security • Features • How It Works • Contributing

Moltis recently hit the front page of Hacker News. Please open an issue for any friction at all. I'm focused on making Moltis excellent.

Secure by design — Your keys never leave your machine. Every command runs in a sandboxed container, never on your host.

Your hardware — Runs on a Mac Mini, a Raspberry Pi, or any server you own. One Rust binary, no Node.js, no npm, no runtime.

Full-featured — Voice, memory, scheduling, Telegram, Discord, browser automation, MCP servers — all built-in. No plugin marketplace to get supply-chain attacked through.

Auditable — The agent loop + provider model fits in ~5K lines. The core (excluding the optional web UI) is ~196K lines across 46 modular crates you can audit independently, with 3,100+ tests and zero unsafe code*.

Installation

# One-liner install script (macOS / Linux)
curl -fsSL https://www.moltis.org/install.sh | sh

# macOS / Linux via Homebrew
brew install moltis-org/tap/moltis

# Docker (multi-arch: amd64/arm64)
docker pull ghcr.io/moltis-org/moltis:latest

# Or build from source
cargo install moltis --git https://github.com/moltis-org/moltis

Comparison

OpenClaw PicoClaw NanoClaw ZeroClaw Moltis
Language TypeScript Go TypeScript Rust Rust
Agent loop ~430K LoC Small ~500 LoC ~3.4K LoC ~5K LoC (runner.rs + model.rs)
Full codebase — — — 1,000+ tests ~124K LoC (2,300+ tests)
Runtime Node.js + npm Single binary Node.js Single binary (3.4 MB) Single binary (44 MB)
Sandbox App-level — Docker Docker Docker + Apple Container
Memory safety GC GC GC Ownership Ownership, zero unsafe*
Auth Basic API keys None Token + OAuth Password + Passkey + API keys + Vault
Voice I/O Plugin — — — Built-in (15+ providers)
MCP Yes — — — Yes (stdio + HTTP/SSE)
Hooks Yes (limited) — — — 15 event types
Skills Yes (store) Yes Yes Yes Yes (+ OpenClaw Store)
Memory/RAG Plugin — Per-group SQLite + FTS SQLite + FTS + vector

* unsafe is denied workspace-wide. The only exceptions are opt-in FFI wrappers behind the local-embeddings feature flag, not part of the core.

Full comparison with benchmarks →

Architecture — Crate Map

Core (always compiled):

Crate LoC Role
moltis (cli) 4.0K Entry point, CLI commands
moltis-agents 9.6K Agent loop, streaming, prompt assembly
moltis-providers 17.6K LLM provider implementations
moltis-gateway 36.1K HTTP/WS server, RPC, auth
moltis-chat 11.5K Chat engine, agent orchestration
moltis-tools 21.9K Tool execution, sandbox
moltis-config 7.0K Configuration, validation
moltis-sessions 3.8K Session persistence
moltis-plugins 1.9K Hook dispatch, plugin formats
moltis-service-traits 1.3K Shared service interfaces
moltis-common 1.1K Shared utilities
moltis-protocol 0.8K Wire protocol types

Optional (feature-gated or additive):

Category Crates Combined LoC
Web UI moltis-web 4.5K
GraphQL moltis-graphql 4.8K
Voice moltis-voice 6.0K
Memory moltis-memory, moltis-qmd 5.9K
Channels moltis-telegram, moltis-whatsapp, moltis-discord, moltis-msteams, moltis-channels 14.9K
Browser moltis-browser 5.1K
Scheduling moltis-cron, moltis-caldav 5.2K
Extensibility moltis-mcp, moltis-skills, moltis-wasm-tools 9.1K
Auth & Security moltis-auth, moltis-oauth, moltis-onboarding, moltis-vault 6.6K
Networking moltis-network-filter, moltis-tls, moltis-tailscale 3.5K
Provider setup moltis-provider-setup 4.3K
Import moltis-openclaw-import 7.6K
Apple native moltis-swift-bridge 2.1K
Metrics moltis-metrics 1.7K
Other moltis-projects, moltis-media, moltis-routing, moltis-canvas, moltis-auto-reply, moltis-schema-export, moltis-benchmarks 2.5K

Use --no-default-features --features lightweight for constrained devices (Raspberry Pi, etc.).

Security

  • Zero unsafe code* — denied workspace-wide; only opt-in FFI behind local-embeddings flag
  • Sandboxed execution — Docker + Apple Container, per-session isolation
  • Secret handling — secrecy::Secret, zeroed on drop, redacted from tool output
  • Authentication — password + passkey (WebAuthn), rate-limited, per-IP throttle
  • SSRF protection — DNS-resolved, blocks loopback/private/link-local
  • Origin validation — rejects cross-origin WebSocket upgrades
  • Hook gating — BeforeToolCall hooks can inspect/block any tool invocation

See Security Architecture for details.

Features

  • AI Gateway — Multi-provider LLM support (OpenAI Codex, GitHub Copilot, Local), streaming responses, agent loop with sub-agent delegation, parallel tool execution
  • Communication — Web UI, Telegram, Microsoft Teams, Discord, API access, voice I/O (8 TTS + 7 STT providers), mobile PWA with push notifications
  • Memory & Context — Per-agent memory workspaces, embeddings-powered long-term memory, hybrid vector + full-text search, session persistence with auto-compaction, project context
  • Extensibility — MCP servers (stdio + HTTP/SSE), skill system, 15 lifecycle hook events with circuit breaker, destructive command guard
  • Security — Encryption-at-rest vault (XChaCha20-Poly1305 + Argon2id), password + passkey + API key auth, sandbox isolation, SSRF/CSWSH protection
  • Operations — Cron scheduling, OpenTelemetry tracing, Prometheus metrics, cloud deploy (Fly.io, DigitalOcean), Tailscale integration

How It Works

Moltis is a local-first AI gateway — a single Rust binary that sits between you and multiple LLM providers. Everything runs on your machine; no cloud relay required.

┌─────────────┐  ┌─────────────┐  ┌─────────────┐
│   Web UI    │  │  Telegram   │  │  Discord    │
└──────┬──────┘  └──────┬──────┘  └──────┬──────┘
       │                │                │
       └────────┬───────┴────────┬───────┘
                │   WebSocket    │
                ▼                ▼
        ┌─────────────────────────────────┐
        │          Gateway Server         │
        │   (Axum · HTTP · WS · Auth)     │
        ├─────────────────────────────────┤
        │        Chat Service             │
        │  ┌───────────┐ ┌─────────────┐  │
        │  │   Agent   │ │    Tool     │  │
        │  │   Runner  │◄┤   Registry  │  │
        │  └─────┬─────┘ └─────────────┘  │
        │        │                        │
        │  ┌─────▼─────────────────────┐  │
        │  │    Provider Registry      │  │
        │  │  Multiple providers       │  │
        │  │  (Codex · Copilot · Local)│  │
        │  └───────────────────────────┘  │
        ├─────────────────────────────────┤
        │  Sessions  │ Memory  │  Hooks   │
        │  (JSONL)   │ (SQLite)│ (events) │
        └─────────────────────────────────┘
                       │
               ┌───────▼───────┐
               │    Sandbox    │
               │ Docker/Apple  │
               │  Container    │
               └───────────────┘

See Quickstart for gateway startup, message flow, sessions, and memory details.

Getting Started

Build & Run

git clone https://github.com/moltis-org/moltis.git
cd moltis
cargo build --release
cargo run --release

Open https://moltis.localhost:3000. On first run, a setup code is printed to the terminal — enter it in the web UI to set your password or register a passkey.

Optional flags: --config-dir /path/to/config --data-dir /path/to/data

Docker

# Docker / OrbStack
docker run -d \
  --name moltis \
  -p 13131:13131 \
  -p 13132:13132 \
  -p 1455:1455 \
  -v moltis-config:/home/moltis/.config/moltis \
  -v moltis-data:/home/moltis/.moltis \
  -v /var/run/docker.sock:/var/run/docker.sock \
  ghcr.io/moltis-org/moltis:latest

Open https://localhost:13131 and complete the setup. See Docker docs for Podman, OrbStack, TLS trust, and persistence details.

Cloud Deployment

Provider Deploy
DigitalOcean Deploy to DO

Fly.io (CLI):

fly launch --image ghcr.io/moltis-org/moltis:latest
fly secrets set MOLTIS_PASSWORD="your-password"

All cloud configs use --no-tls because the provider handles TLS termination. See Cloud Deploy docs for details.

Star History

Star History Chart

License

MIT

Tech Stack

RustGoTypeScriptSwiftAxumSQLiteOpenAILLMDocker
Open Live ProjectAudit Repo

Reviews0

Log in to write a review.

ActiveLast commit today
bug_report75open issues
Submitted April 29, 2026

auto_awesomeYour strongest next moves after moltis