Valmis
A security-focused, self-hostable AI agent platform for production work — agents run in isolated containers that access credentials only through a host-side proxy, so the AI itself never sees API keys or plaintext credentials.
Valmis positions itself explicitly as “the OpenClaw alternative designed for work, with security in mind,” targeting a specific gap: personal-assistant-style agent tools like OpenClaw often store credentials in agent memory as plaintext and sometimes send those credentials directly to LLM providers, which is an unacceptable risk for business use. Valmis instead runs each agent in a dockerized, isolated container that has no direct access to credentials at all.
Instead, agents request the host machine to make an API call on their behalf using a credential ID, and the host performs the actual request and returns the result — even LLM API calls themselves go through this proxy. Because agents never handle raw credentials, a Valmis deployment can run agent containers with internet access disabled entirely while agents still function, since all outbound requests are proxied through the host.
Apache-2.0 licensed, Valmis is a cloud-based application for building fleets of agents connected to 100+ business and productivity integrations, triggered by chat, cron schedules, webhooks, or app events like new emails or form submissions, with each agent isolated in its own file system separate from the host and other agents.
What You Get
- A proxy-based architecture where agents never directly access API credentials or send them to LLM providers
- Dockerized, isolated agent containers, each with its own file system separate from the host and other agents
- Connections to 100+ business and productivity integrations for building agent workflows
- Multiple trigger mechanisms: chat interface, cron schedules, webhooks, or app events like new emails or form submissions
Common Use Cases
- Automating business workflows with AI agents without exposing API credentials to the agent’s own memory or the LLM provider
- Running agent containers with internet access disabled entirely, since all external requests go through the host proxy
- Building a fleet of agents each handling a different automated workflow, isolated from each other and the host
- Triggering agent-driven automation from cron schedules, webhooks, or business events instead of manual chat prompts only
Under The Hood
Architecture Valmis’s defining architectural choice is the credential proxy: agent containers can request the host to make an API call by referencing a credential ID, but never receive the actual credential value themselves, and the host performs the real request and returns only the resulting data. This extends even to LLM API calls, meaning the agent runtime process itself never holds an API key in memory — a structurally different security model than agents that store credentials directly and risk leaking them to the LLM provider through the prompt or tool-call context.
Tech Stack TypeScript, Docker for per-agent container isolation with separate file systems, and a proxy layer mediating all external HTTP requests (including to LLM providers) between agent containers and the host. Triggers integrate cron, webhooks, and app events alongside a chat interface.
Code Quality Very active, consistently maintained commit history reflects ongoing investment despite being a young project with a small community footprint; the explicit security-first design rationale documented in the README suggests deliberate architectural planning rather than security as an afterthought.
What Makes It Unique Most personal AI agent tools optimize for capability and convenience, accepting credentials living in agent memory as a necessary trade-off; Valmis specifically inverts that by making credential-blindness structural — even disabling agent container internet access entirely is possible without breaking functionality, since the host proxy handles every external call.
Self-Hosting
Licensing Model Apache-2.0 licensed — fully open source with no license key.
Self-Hosting Restrictions None found; the platform is designed to be self-hosted with the host machine acting as the credential proxy.
License Key Required No.
Related Apps
claw-code
AI Agents · AI Code Assistants
A Rust-built CLI agent harness for Claude AI with persistent sessions, MCP tool integration, plugin hooks, and multi-provider support — designed to run autonomous coding workflows without human babysitting.
claw-code
MITLangflow
AI Agents · AI Development
Build, test, and deploy AI agents and RAG workflows visually with native API and MCP server export.
Langflow
MITOpen WebUI
AI Assistants · AI Agents
The extensible, privacy-first AI platform that runs Ollama, OpenAI, and any LLM backend behind a polished, feature-packed web interface.