opencrust

A single 16 MB binary that runs your AI agents across Telegram, Discord, Slack, WhatsApp, WhatsApp Web, LINE, WeChat, iMessage and MQTT - with encrypted credential storage, config hot-reload, and 13 MB of RAM at idle. Built in Rust for the security and reliability that AI agents demand.

Quick Start

# Install (Linux, macOS)
curl -fsSL https://raw.githubusercontent.com/opencrust-org/opencrust/main/install.sh | sh

# Interactive setup - pick your LLM provider and channels
opencrust init

# Start - on first message, the agent will introduce itself and learn your preferences
opencrust start

# Diagnose configuration, connectivity, and database health
opencrust doctor

# Requires Rust 1.85+
cargo build --release
./target/release/opencrust init
./target/release/opencrust start

# Optional: include WASM plugin support
cargo build --release --features plugins

Web Chat

Once the gateway is running, open your browser at:

http://127.0.0.1:3888

The built-in web UI lets you chat with your agent, switch LLM providers on the fly, manage MCP servers, and monitor connected channels — all without restarting.

Authentication — if api_key is set in config.yml, the UI will prompt for the gateway key before connecting.

Terminal Chat

Chat with your agent directly from the terminal — no browser needed.

Requires a running gateway. Run opencrust init (first time only) then opencrust start before using opencrust chat.

# First-time setup
opencrust init
opencrust start           # or: opencrust start -d  (daemon mode)

# Open terminal chat
opencrust chat
opencrust chat --agent coder           # start with a named agent
opencrust chat --url http://host:3888  # connect to a remote gateway

Chat commands: /help · /new (fresh session) · /agent <id> · /clear · /exit

Pre-compiled binaries for Linux (x86_64, aarch64), macOS (Intel, Apple Silicon), and Windows (x86_64) are available on GitHub Releases.

Why OpenCrust?

| | | |---|---| | Binary size | 16 MB single binary | | Memory at idle | 13 MB | | Cold start | 3 ms | | Credential storage | AES-256-GCM encrypted vault | | Auth default | Enabled (WebSocket pairing) | | Scheduling | Cron, interval, one-shot | | Multi-agent routing | Yes (named agents) | | Session orchestration | Yes | | MCP support | Stdio + HTTP | | Channels | 9 | | LLM providers | 15 | | Pre-compiled binaries | Yes | | Config hot-reload | Yes | | Plugin system | WASM (sandboxed) | | Self-update | Yes (opencrust update) | | Security scan | ✅ skills prompt-injection scan before install | | Self-improvement | ✅ cross-session patterns, skill lifecycle, confidence gate |

Benchmarks measured on a 1 vCPU, 1 GB RAM DigitalOcean droplet.

Security

OpenCrust is built for the security requirements of always-on AI agents that access private data and communicate externally.

• Encrypted credential vault - API keys and tokens stored with AES-256-GCM encryption at ~/.opencrust/credentials/vault.json. Never plaintext on disk.
• Authentication by default - WebSocket gateway requires pairing codes. No unauthenticated access out of the box.
• Per-channel authorization policies - DM policies (open, pairing, allowlist) and group policies (open, mention-only, disabled) per channel. Unauthorized messages are silently dropped.
• Prompt injection detection - input validation and sanitization before content reaches the LLM.
• Rate limiting - per-user sliding-window rate limits with configurable cooldown to prevent abuse.
• Token budgets - per-session, daily, and monthly token caps to control LLM cost per user.
• Tool allowlists - restrict which tools an agent may call per session, with a per-session call budget cap.
• Log secret redaction - API keys and tokens automatically redacted from log output.
• WASM sandboxing - optional plugin sandbox via WebAssembly runtime with controlled host access (compile with --features plugins).
• Localhost-only binding - gateway binds to 127.0.0.1 by default, not 0.0.0.0.

Features

LLM Providers

Native providers:

• Anthropic Claude - streaming (SSE), tool use
• OpenAI - GPT-4o, Azure, any OpenAI-compatible endpoint via base_url
• Ollama - local models with streaming

OpenAI-compatible providers:

• Sansa - regional LLM via sansaml.com
• DeepSeek - DeepSeek Chat
• Mistral - Mistral Large
• Gemini - Google Gemini via OpenAI-compatible API
• Falcon - TII Falcon 180B (AI71)
• Jais - Core42 Jais 70B
• Qwen - Alibaba Qwen Plus
• Yi - 01.AI Yi Large
• Cohere - Command R Plus
• MiniMax - MiniMax Text 01
• Moonshot - Kimi K2
• vLLM - self-hosted models via vLLM's OpenAI-compatible server

Voice I/O

• TTS (Text-to-Speech) — Kokoro (self-hosted via kokoro-fastapi), OpenAI TTS (tts-1, tts-1-hd), any OpenAI-compatible endpoint
• STT (Speech-to-Text) — local Whisper (faster-whisper-server), OpenAI Whisper API
• auto_reply_voice: true synthesizes every text response as audio automatically
• tts_max_chars limits synthesis length; long responses are truncated with a warning
• Per-channel delivery: Discord (file attachment), WeChat (Customer Service voice API), Telegram/LINE (native audio), Slack (text fallback)

Channels

• Telegram - streaming responses, MarkdownV2, bot commands, typing indicators, user allowlist with pairing codes, photo/vision support, voice messages (Whisper STT), TTS auto-reply, document/file handling
• Discord - slash commands, event-driven message handling, session management, voice responses (TTS file attachment)
• Slack - Socket Mode, streaming responses, allowlist/pairing
• WhatsApp - Meta Cloud API webhooks, allowlist/pairing
• WhatsApp Web - QR code pairing via Baileys Node.js sidecar, no Meta Business account required, auth state persistence
• iMessage - macOS native via chat.db polling, group chats, AppleScript sending (setup guide)
• LINE - Messaging API webhooks, reply/push fallback, group/room support, allowlist/pairing, voice responses (TTS, falls back to text)
• WeChat - Official Account Platform webhooks, SHA-1 signature verification, synchronous XML reply, image/voice/video/location dispatch, Customer Service API push, voice responses (TTS), allowlist/pairing
• MQTT - native broker client (Mosquitto, EMQX, HiveMQ), Mode A (plain text, one session per channel) and Mode B (JSON {"user_id","text"}, one session per device), auto-detection, exponential backoff reconnect, QoS 0/1/2, optional TLS (mqtts://)

MCP (Model Context Protocol)

• Connect any MCP-compatible server (filesystem, GitHub, databases, web search)
• Stdio and HTTP (Streamable HTTP) transport
• Tools appear as native agent tools with namespaced names (server_tool)
• Resource tool - LLM can list and read MCP server resources on demand
• Server instructions captured from handshake and appended to system prompt
• Health monitor with 30s ping and auto-reconnect
• Configure in config.yml or ~/.opencrust/mcp.json (Claude Desktop compatible)
• CLI: opencrust mcp list, opencrust mcp inspect <name>, opencrust mcp resources <name>, opencrust mcp prompts <name>

Personality (DNA)

• On first message, the agent introduces itself and asks a few questions to learn your preferences
• Writes ~/.opencrust/dna.md with your name, communication style, guidelines, and the bot's own identity
• No config files to edit, no wizard sections to fill out - just a conversation
• Hot-reloads on edit - change dna.md and the agent adapts immediately
• Migrating from OpenClaw? opencrust migrate openclaw imports your existing SOUL.md

Agent Runtime

• Tool exec