opencrust

╭─── OpenCrust Chat v0.2.9 ──────────────────────╮
│                                                │
│         _~^~^~_                                │
│     \) /  o o  \ (/                            │
│       '_   -   _'                              │
│       / '-----' \                              │
│                                                │
│   Gateway  http://127.0.0.1:3888               │
│   Agent    default                             │
│                                                │
│   Type /help for commands                      │
│                                                │
╰────────────────────────────────────────────────╯

you › what's the difference between Go channels and Rust async?
bot › Go channels are built into the language — goroutines communicate
      by passing values through typed channels (make(chan int, 5)).
      Rust async uses Future + tokio::sync::mpsc for similar patterns,
      but ownership is enforced at compile time, so data races are
      impossible without unsafe.

you › /agent coder
Switched to agent: coder.

you › show me a rust mpsc example
bot › use tokio::sync::mpsc;

      #[tokio::main]
      async fn main() {
          let (tx, mut rx) = mpsc::channel(8);
          tokio::spawn(async move { tx.send(42).await.unwrap(); });
          println!("{}", rx.recv().await.unwrap()); // 42
      }

you › /exit
Goodbye!

Chat commands: /help · /new (fresh session) · /agent <id> · /clear · /exit

Pre-compiled binaries for Linux (x86_64, aarch64), macOS (Intel, Apple Silicon), and Windows (x86_64) are available on GitHub Releases.

Why OpenCrust?

vs OpenClaw, ZeroClaw, and other AI agent frameworks

| | OpenCrust | OpenClaw (Node.js) | ZeroClaw (Rust) | |---|---|---|---| | Binary size | 16 MB | ~1.2 GB (with node_modules) | ~25 MB | | Memory at idle | 13 MB | ~388 MB | ~20 MB | | Cold start | 3 ms | 13.9 s | ~50 ms | | Credential storage | AES-256-GCM encrypted vault | Plaintext config file | Plaintext config file | | Auth default | Enabled (WebSocket pairing) | Disabled by default | Disabled by default | | Scheduling | Cron, interval, one-shot | Yes | No | | Multi-agent routing | Yes (named agents) | Yes (agentId) | No | | Session orchestration | Yes | Yes | No | | MCP support | Stdio + HTTP | Stdio + HTTP | Stdio | | Channels | 9 | 6+ | 4 | | LLM providers | 15 | 10+ | 22+ | | Pre-compiled binaries | Yes | N/A (Node.js) | Build from source | | Config hot-reload | Yes | No | No | | WASM plugin system | Optional (sandboxed) | No | No | | Self-update | Yes (opencrust update) | npm | Build from source |

Benchmarks measured on a 1 vCPU, 1 GB RAM DigitalOcean droplet.

Security

OpenCrust is built for the security requirements of always-on AI agents that access private data and communicate externally.

• Encrypted credential vault - API keys and tokens stored with AES-256-GCM encryption at ~/.opencrust/credentials/vault.json. Never plaintext on disk.
• Authentication by default - WebSocket gateway requires pairing codes. No unauthenticated access out of the box.
• Per-channel authorization policies - DM policies (open, pairing, allowlist) and group policies (open, mention-only, disabled) per channel. Unauthorized messages are silently dropped.
• Prompt injection detection - input validation and sanitization before content reaches the LLM.
• Rate limiting - per-user sliding-window rate limits with configurable cooldown to prevent abuse.
• Token budgets - per-session, daily, and monthly token caps to control LLM cost per user.
• Tool allowlists - restrict which tools an agent may call per session, with a per-session call budget cap.
• Log secret redaction - API keys and tokens automatically redacted from log output.
• WASM sandboxing - optional plugin sandbox via WebAssembly runtime with controlled host access (compile with --features plugins).
• Localhost-only binding - gateway binds to 127.0.0.1 by default, not 0.0.0.0.

Features

LLM Providers

Native providers:

• Anthropic Claude - streaming (SSE), tool use
• OpenAI - GPT-4o, Azure, any OpenAI-compatible endpoint via base_url
• Ollama - local models with streaming

OpenAI-compatible providers:

• Sansa - regional LLM via sansaml.com
• DeepSeek - DeepSeek Chat
• Mistral - Mistral Large
• Gemini - Google Gemini via OpenAI-compatible API
• Falcon - TII Falcon 180B (AI71)
• Jais - Core42 Jais 70B
• Qwen - Alibaba Qwen Plus
• Yi - 01.AI Yi Large
• Cohere - Command R Plus
• MiniMax - MiniMax Text 01
• Moonshot - Kimi K2
• vLLM - self-hosted models via vLLM's OpenAI-compatible server

Voice I/O

• TTS (Text-to-Speech) — Kokoro (self-hosted via kokoro-fastapi), OpenAI TTS (tts-1, tts-1-hd), any OpenAI-compatible endpoint
• STT (Speech-to-Text) — local Whisper (faster-whisper-server), OpenAI Whisper API
• auto_reply_voice: true synthesizes every text response as audio automatically
• tts_max_chars limits synthesis length; long responses are truncated with a warning
• Per-channel delivery: Discord (file attachment), WeChat (Customer Service voice API), Telegram/LINE (native audio), Slack (text fallback)

Channels

• Telegram - streaming responses, MarkdownV2, bot commands, typing indicators, user allowlist with pairing codes, photo/vision support, voice messages (Whisper STT), TTS auto-reply, document/file handling
• Discord - slash commands, event-driven message handling, session management, voice responses (TTS file attachment)
• Slack - Socket Mode, streaming responses, allowlist/pairing
• WhatsApp - Meta Cloud API webhooks, allowlist/pairing
• WhatsApp Web - QR code pairing via Baileys Node.js sidecar, no Meta Business account required, auth state persistence
• iMessage - macOS native via chat.db polling, group chats, AppleScript sending (setup guide)
• LINE - Messaging API webhooks, reply/push fallback, group/room support, allowlist/pairing, voice respon