BBQ
68745133b7
* feat(access): add guest chat ACL and simplify bot access Unify bot chat permissions around owner and guest ACL so public access, whitelist, and blacklist share a single model. Remove unused sharing paths, add searchable platform identity controls, and normalize Feishu identities to stable open_id records. * fix(web): format access control panel Include the post-commit formatting changes applied to the access control UI so the branch stays clean and the PR reflects the final rendered layout. * fix(migrations): drop legacy bot tables before bots Ensure the init down migration removes bot_members and bot_preauth_keys before dropping bots so full rollback succeeds after the ACL refactor. * feat(acl): add source-aware chat trigger rules Support channel-, conversation-, and thread-scoped ACL rules while keeping allow_guest, whitelist, and blacklist compatible. Also expose observed conversation candidates and normalize channel identity rules to their own platform. * fix(lint): resolve golangci-lint errors after rebase - Remove unused receivers and parameters in fakeRows/Service methods - Delete unused makeNoRow helper and toParticipantFields function - Fix gci/gofumpt formatting * fix(lint): fix gci import formatting in acl types and handler * fix(acl): tighten observed group and thread selection (#245) Use inbox plus persisted messages to discover observed group and thread routes, and lock scope fields after selecting a concrete observed target. This keeps Telegram group candidates visible and prevents contradictory private/group scope edits. * chore: regenerate sqlc swagger and sdk after rebase onto main * fix(inbound): use bot owner token for agent gateway callbacks The inbound channel processor issued a JWT for the chatting user's identity. When the agent called back into container/MCP endpoints (e.g. /bots/{id}/tools, /bots/{id}/mcp-stdio), AuthorizeBotAccess rejected non-owner users with HTTP 403 "bot access denied". Resolve the bot owner via PolicyService and issue the downstream token under the owner's identity, consistent with schedule, heartbeat, and email gateways. The chatting user's identity is still tracked via SourceChannelIdentityID and identity headers.
Memoh
Multi-Member, Structured Long-Memory, Containerized AI Agent System.
📌 Introduction to Memoh - The Case for an Always-On, Containerized Home Agent
Memoh is an always-on, containerized AI agent system. Create multiple AI bots, each running in its own isolated container with persistent memory, and interact with them across Telegram, Discord, Lark (Feishu), Email, or the built-in Web/CLI. Bots can execute commands, edit files, browse the web, call external tools via MCP, and remember everything — like giving each bot its own computer and brain.
Quick Start
One-click install (requires Docker):
curl -fsSL https://memoh.sh | sudo sh
Silent install with all defaults: curl -fsSL ... | sudo sh -s -- -y
Or manually:
git clone --depth 1 https://github.com/memohai/Memoh.git
cd Memoh
cp conf/app.docker.toml config.toml
# Edit config.toml
sudo docker compose up -d
Install a specific version:
curl -fsSL https://memoh.sh | sudo MEMOH_VERSION=v1.0.0 shUse CN mirror for slow image pulls:
curl -fsSL https://memoh.sh | sudo USE_CN_MIRROR=true shOn macOS or if your user is in the
dockergroup,sudois not required.
Visit http://localhost:8082 after startup. Default login: admin / admin123
See DEPLOYMENT.md for custom configuration and production setup.
Why Memoh?
OpenClaw is impressive, but it has notable drawbacks: stability issues, security concerns, cumbersome configuration, and high token costs. If you're looking for a stable, secure solution, consider Memoh.
Memoh is a multi-bot agent service built with Golang. It offers full graphical configuration for bots, Channels, MCP, and Skills. We use Containerd to provide container-level isolation for each bot and draw heavily from OpenClaw's Agent design.
Memoh Bot can distinguish and remember requests from multiple humans and bots, working seamlessly in any group chat. You can use Memoh to build bot teams, or set up accounts for family members to manage daily household tasks with bots.
Features
- 🤖 Multi-Bot Management: Create multiple bots; humans and bots, or bots with each other, can chat privately, in groups, or collaborate. Supports role-based access control (owner / admin / member) with ownership transfer.
- 👥 Multi-User & Identity Recognition: Bots can distinguish individual users in group chats, remember each person's context separately, and send direct messages to specific users. Cross-platform identity binding unifies the same person across Telegram, Discord, Lark, and Web.
- 📦 Containerized: Each bot runs in its own isolated containerd container. Bots can freely execute commands, edit files, and access the network within their containers — like having their own computer. Supports container snapshots for save/restore.
- 🧠 Memory Engineering: Multi-provider memory architecture — Built-in (off / sparse / dense modes), Mem0, and OpenViking. LLM-driven fact extraction, hybrid retrieval (dense semantic search + BM25 keyword + neural sparse vectors), 24-hour context loading, memory compaction & rebuild, and multi-language auto-detection.
- 💬 Multi-Platform: Supports Telegram, Discord, Lark (Feishu), Email, and built-in Web/CLI. Unified message format with rich text, media attachments, reactions, and streaming across all platforms. Cross-platform identity binding.
- 📧 Email: Multi-adapter email service (Mailgun, generic SMTP) with per-bot binding and outbound audit log. Bots can send and receive emails as a channel.
- 🔧 MCP (Model Context Protocol): Full MCP support (HTTP / SSE / Stdio). Built-in tools for container operations, memory search, web search, scheduling, messaging, and more. Connect external MCP servers for extensibility.
- 🧩 Subagents: Create specialized sub-agents per bot with independent context and skills, enabling multi-agent collaboration.
- 🎭 Skills & Identity: Define bot personality via IDENTITY.md, SOUL.md, and modular skill files that bots can enable/disable at runtime.
- 🌐 Browser: Each bot can have its own headless Chromium browser (via Playwright). Navigate pages, click elements, fill forms, take screenshots (with annotated element labels), read accessibility trees, manage tabs, and more — enabling real web automation and AI-driven browsing.
- 🔍 Web Search: 12 built-in search providers — Brave, Bing, Google, Tavily, DuckDuckGo, SearXNG, Serper, Sogou, Jina, Exa, Bocha, and Yandex — for web search and URL content fetching.
- ⏰ Scheduled Tasks: Cron-based scheduling with max-call limits. Bots can autonomously run commands or tools at specified intervals.
- 💓 Heartbeat: Periodic autonomous tasks — bots can perform routine operations (e.g., check-ins, summaries, monitoring) at configurable intervals with execution logging.
- 📥 Inbox: Cross-channel inbox — messages from other channels are queued and surfaced in the system prompt so the bot never misses context.
- 📊 Token Usage Tracking: Monitor token consumption per bot with usage statistics and visualization.
- 🧪 Multi-Model: Works with any OpenAI-compatible, Anthropic, or Google Generative AI provider. Per-bot model assignment for chat, memory, and embedding.
- 🖥️ Web UI: Modern dashboard (Vue 3 + Tailwind CSS) with real-time streaming chat, tool call visualization, in-chat file manager, container filesystem browser, and visual configuration for all settings. Dark/light theme, i18n.
- 🚀 One-Click Deploy: Docker Compose with automatic migration, containerd setup, and CNI networking. Interactive install script included.
Memory System
Memoh's memory system is built around Memory Providers — pluggable backends that control how a bot stores, retrieves, and manages long-term memory.
| Provider | Description |
|---|---|
| Built-in | Self-hosted, ships with Memoh. Three modes: Off (file-based, no vector search), Sparse (neural sparse vectors via local model, no API cost), Dense (embedding-based semantic search via Qdrant). |
| Mem0 | SaaS memory via the Mem0 API. |
| OpenViking | Self-hosted or SaaS memory with its own API. |
Each bot binds one provider. During chat, the bot automatically extracts key facts from every conversation turn and stores them as structured memories. On each new message, the most relevant memories are retrieved via hybrid search and injected into the bot's context — giving it personalized, long-term recall across conversations.
Additional capabilities include memory compaction (merge redundant entries), rebuild, manual creation/editing, and vector manifold visualization (Top-K distribution & CDF curves). See the documentation for setup details.
Gallery
 |
 |
 |
| Chat with Bots | Container & Bot Management | Provider & Model Configuration |
 |
 |
 |
| Container File Manager | Scheduled Tasks | Token Usage Tracking |
Tech Stack
| Layer | Stack |
|---|---|
| Backend | Go, Echo, sqlc, Uber FX, pgx/v5, containerd v2 |
| Agent Gateway | Bun, Elysia |
| Browser Gateway | Bun, Elysia, Playwright (Chromium) |
| Frontend | Vue 3, Vite, Pinia, Tailwind CSS, Reka UI |
| Storage | PostgreSQL, Qdrant |
| Infra | Docker, containerd, CNI |
| Tooling | mise, pnpm, swaggo, sqlc |
Architecture
┌──────────────────┐ ┌─────────────────┐ ┌──────────────┐
│ Channels │ │ Web UI │ │ CLI │
│ (TG/DC/FS/Email) │ │ (Vue 3 :8082) │ │ │
└────────┬─────────┘ └────────┬────────┘ └──────┬───────┘
│ │ │
▼ ▼ ▼
┌──────────────────────────────────────────────────────────┐
│ Server (Go :8080) │
│ Auth · Bots · Channels · Memory · Containers · MCP │
└──────────────────────┬───────────────────────────────────┘
│
┌───────────┼───────────┬───────────┐
▼ ▼ ▼ ▼
┌──────────┐ ┌─────────┐ ┌──────────────────┐ ┌───────────────────┐
│ PostgreSQL│ │ Qdrant │ │ Agent Gateway │ │ Browser Gateway │
│ │ │ (Vector)│ │ (Bun/Elysia :8081)│ │ (Playwright :8083) │
└──────────┘ └─────────┘ └────────┬──────────┘ └───────────────────┘
│
┌───────┼───────┐
▼ ▼ ▼
┌─────┐ ┌─────┐ ┌─────┐
│Bot A│ │Bot B│ │Bot C│ ← containerd
└─────┘ └─────┘ └─────┘
Roadmap
Please refer to the Roadmap for more details.
Development
Refer to CONTRIBUTING.md for development setup.
Star History
Contributors
LICENSE: AGPLv3
Copyright (C) 2026 Memoh. All rights reserved.