095d476acc
- Add personality engine with learning from conversations - Tracks user preferences, interests, and communication style - Persists to Redis (cache) + PostgreSQL (durable) - Generates personalized system prompts per user - Add Piston API fallback for sandbox execution - Auto-detects backend: Docker → Piston API → none - Supports 15+ languages via free cloud execution - Works on Railway and other managed platforms - Add storage layer with layered persistence - PostgreSQL for tasks, user profiles, personality traits - Redis for conversation cache and fast profile access - Graceful fallback to in-memory when not configured - Update scheduler with task persistence - Loads tasks from PostgreSQL on startup - Saves task status after execution - Add document analysis (PDF, text files) - Add railway-template.json for one-click deployment - Enable sandbox by default (Piston fallback) - Add OpenRouter support (100+ models) https://claude.ai/code/session_015VqJ7gN4vaxtYfYc92UjLs |
||
|---|---|---|
| .. | ||
| agent.ts | ||
| audit.ts | ||
| config.ts | ||
| Dockerfile | ||
| documents.ts | ||
| index.ts | ||
| package.json | ||
| pdf-parse.d.ts | ||
| personality.ts | ||
| railway.json | ||
| README.md | ||
| sandbox.ts | ||
| scheduler.ts | ||
| storage.ts | ||
| telegram.ts | ||
| tsconfig.json | ||
| webhooks.ts | ||
AssureBot
Lean, secure, self-hosted AI assistant for Railway.
Your AI agent that runs on your infrastructure, answers only to you, and you can actually audit.
Why AssureBot?
| Full Moltbot | AssureBot |
|---|---|
| 12+ channels | Telegram only |
| File-based config | Env vars only |
| Plugins/extensions | None (locked down) |
| Desktop/mobile apps | Headless server |
| Complex setup | One-click deploy |
Trade-off: Less features, more trust.
Features
┌─────────────────────────────────────────────────────┐
│ TELEGRAM (your secure UI) │
│ ├── Chat with AI (text, voice, images) │
│ ├── Forward anything → get analysis │
│ └── /commands for actions │
├─────────────────────────────────────────────────────┤
│ WEBHOOKS IN (authenticated) │
│ ├── GitHub → "PR merged, here's the summary" │
│ ├── Uptime → "Site down, checking why..." │
│ └── Anything → AI-summarized to Telegram │
├─────────────────────────────────────────────────────┤
│ SCHEDULED TASKS (cron) │
│ ├── Morning briefing │
│ ├── Monitor RSS/sites │
│ └── Recurring research │
├─────────────────────────────────────────────────────┤
│ SANDBOX (isolated execution) │
│ ├── Docker container │
│ ├── No network by default │
│ └── Resource limits │
└─────────────────────────────────────────────────────┘
Deploy to Railway
One-Click
Manual
- Fork this repo
- Create Railway project from GitHub
- Set environment variables (see below)
- Add volume at
/data - Deploy
Configuration
All config via environment variables. No files.
Required
TELEGRAM_BOT_TOKEN=123456:ABC-DEF... # From @BotFather
ALLOWED_USERS=123456789,987654321 # Telegram user IDs
ANTHROPIC_API_KEY=sk-ant-... # Or OPENAI_API_KEY
Optional
# Webhooks
WEBHOOK_SECRET=random-32-chars # Auto-generated if missing
WEBHOOK_BASE_PATH=/hooks # Default: /hooks
# Sandbox
SANDBOX_ENABLED=true # Default: true
SANDBOX_NETWORK=none # none | bridge
SANDBOX_MEMORY=512m
SANDBOX_CPUS=1
SANDBOX_TIMEOUT_MS=60000
# Scheduler
SCHEDULER_ENABLED=true # Default: true
# Audit
AUDIT_ENABLED=true # Default: true
AUDIT_LOG_PATH=/data/audit.jsonl
# Server
PORT=8080 # Railway sets this
HOST=0.0.0.0
Security Model
What's Enforced
| Control | Implementation |
|---|---|
| Access | Telegram user ID allowlist |
| Auth | Timing-safe token comparison |
| Sandbox | Docker: no network, read-only root, caps dropped |
| Secrets | Env-only, auto-redacted in logs |
| Audit | Every interaction logged |
What's NOT Included
Intentionally removed:
- Web UI / setup wizard
- Plugin system
- WhatsApp/Signal/Discord/Slack
- File-based configuration
- Multi-account support
- Desktop/mobile apps
Run Locally
cd secure
pnpm install
# Dev mode
TELEGRAM_BOT_TOKEN=xxx \
ANTHROPIC_API_KEY=xxx \
ALLOWED_USERS=123456789 \
pnpm dev
# Production
pnpm build
pnpm start
Endpoints
| Path | Description |
|---|---|
/health |
Health check (JSON) |
/ready |
Readiness probe |
/hooks/* |
Webhook receiver (POST, auth required) |
Webhook Usage
# Send a webhook
curl -X POST https://your-app.up.railway.app/hooks/github \
-H "Authorization: Bearer YOUR_WEBHOOK_SECRET" \
-H "Content-Type: application/json" \
-d '{"action": "opened", "pull_request": {"title": "Fix bug"}}'
All webhooks are:
- Authenticated (token required)
- Summarized by AI
- Forwarded to all allowed Telegram users
Audit Log Format
{"ts":"2024-01-15T10:30:00Z","type":"message","userId":123,"text":"Hello","response":"Hi!"}
{"ts":"2024-01-15T10:30:05Z","type":"webhook","path":"/hooks/github","status":200}
{"ts":"2024-01-15T10:30:10Z","type":"sandbox","command":"python -c 'print(1)'","exitCode":0}
Architecture
┌────────────────────┐ ┌────────────────────┐
│ moltbot-secure │────▶│ sandbox │
│ (main container) │ │ (Docker sidecar) │
│ │ │ │
│ • Telegram bot │ │ • Isolated exec │
│ • Webhook recv │ │ • No network │
│ • Scheduler │ │ • Resource limits │
│ • Allowlist auth │ │ • Ephemeral │
└────────────────────┘ └────────────────────┘
│
▼
[Anthropic/OpenAI]
(Direct API calls)
License
MIT - Same as Moltbot.
Full Moltbot: github.com/moltbot/moltbot