{"slug": "show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory", "title": "Show HN: Open-source back end for multi-user AI agents with shared memory", "summary": "Lobu, an open-source multi-tenant gateway for the OpenClaw agent runtime, launches to enable shared memory and isolated filesystems per user across multiple chat platforms. The project rewrites OpenClaw's single-tenant gateway layer to support concurrent users without Docker, tested at 300 instances on a single machine. It provides REST API and integrations with Slack, Telegram, WhatsApp, Discord, Teams, and Google Chat for embedding AI agents into products.", "body_md": "**Lobu** is an open-source multi-tenant gateway for [OpenClaw](https://github.com/openclaw/openclaw). One sandbox and filesystem per user/channel. Shared memory across contexts. Agents never see secrets.\n\nOpenClaw is a full agent runtime (~800k LOC) but it's [single-tenant by design](https://x.com/steipete/status/2026092642623201379) — every user shares the same filesystem and bash session. Lobu rewrites only the gateway layer (~40k LOC) to be multi-tenant and keeps OpenClaw's Pi harness untouched inside each worker.\n\n**Embedded mode** uses [just-bash](https://www.npmjs.com/package/just-bash) + Nix for reproducible packages. Each user gets an isolated virtual filesystem and bash session at ~50MB per instance — tested at 300 concurrent instances on a single machine, no Docker needed.\n\nEmbed OpenClaw-powered agents into your product, or give your team agents without managing a separate instance per person.\n\n## demo-readme.mp4\n\n**REST API**— programmatic agent creation, control, and state.** Slack**— multi-channel/DM agents with rich interactivity.** Telegram**— webhook or polling bot with interactive workflows.** WhatsApp**— WhatsApp Business Cloud API.** Discord**— channel + DM bot support.** Teams**— Microsoft Teams bot.** Google Chat**— Cards v2, Workspace spaces.\n\nScaffold and run via the CLI. Lobu boots as a single Node process with a zero-config embedded Postgres by default (or bring your own — pgvector required — via `DATABASE_URL`\n\n).\n\n```\nnpx @lobu/cli@latest init my-bot\ncd my-bot\nnpx @lobu/cli@latest run                      # boots the stack and applies your agent\nnpx @lobu/cli@latest chat -c local \"hello\"    # talk to it\n```\n\n`lobu run`\n\n(embedded) auto-applies your `lobu.config.ts`\n\n, so the scaffolded agent is usable immediately. To use an external Postgres, set `DATABASE_URL`\n\nin `.env`\n\n; to push later config changes, run `lobu apply`\n\n.\n\nRuntime configuration is managed through the web app or the same org-scoped REST API used by the CLI:\n\n```\nnpx @lobu/cli@latest login\nnpx @lobu/cli@latest org set my-org\nnpx @lobu/cli@latest agent list\n```\n\nLocal `lobu.config.ts`\n\nprojects are still useful for `lobu validate`\n\nand `lobu apply`\n\nworkflows.\n\nSingle-process Node remains the simplest deployment: run it with `node`\n\n, `pm2`\n\n, `systemd`\n\n, or another process supervisor. The app needs `DATABASE_URL`\n\n(Postgres + pgvector) reachable from its environment.\n\n**Local dev**(contributing to Lobu itself): clone,`make setup`\n\n,`make dev`\n\n(boots embedded gateway + workers + Vite HMR on`:8787`\n\n).**Production (VM/bare metal)**:`bun run --cwd packages/server build:server`\n\n, then`node packages/server/dist/server.bundle.mjs`\n\nunder your process supervisor of choice.**Production (Kubernetes)**: use the public Helm chart in`charts/lobu`\n\n:See\n\n```\nhelm install lobu oci://ghcr.io/lobu-ai/charts/lobu \\\n  --namespace lobu --create-namespace \\\n  -f your-values.yaml\n```\n\n`charts/lobu/values.yaml`\n\nfor the full set of tunables. At minimum supply an ingress host, a`secretName`\n\nSecret containing`DATABASE_URL`\n\n+`ENCRYPTION_KEY`\n\n+`BETTER_AUTH_SECRET`\n\n+ provider API keys, and a`database.existingSecret`\n\n.\n\n``` php\nflowchart LR\n  Slack[Slack] <--> GW[Gateway]\n  Telegram[Telegram] <--> GW\n  WhatsApp[WhatsApp] <--> GW\n  Discord[Discord] <--> GW\n  API[REST API] <--> GW\n\n  GW <--> PG[(Postgres)]\n  GW -->|spawn| W[Worker]\n\n  subgraph Sandbox\n    W\n  end\n\n  W -.->|HTTP proxy| GW\n  W -.->|MCP proxy| GW\n  GW -->|domain filter| Internet((Internet))\n  GW -->|scoped tokens| MCP[MCP Servers]\n```\n\nEvery Lobu agent ships with tools for autonomous execution and persistence:\n\n| Feature | Built-in Tools |\n|---|---|\nAutonomous scheduling — one-time or cron |\n`manage_schedules` |\nHuman-in-the-loop — pause on button input, resume on answer |\n`ask_user` |\nFull Linux toolbox — sandboxed shell, file edit, search |\n`bash` , `read` , `write` , `edit` , `grep` , `find` , `ls` |\nConversation context — pull earlier thread messages |\n`get_channel_history` |\nFile & media delivery — share reports, charts, audio |\n`upload_file` , `generate_audio` , `generate_image` |\nSkills — extend via `lobu.config.ts` or admin settings |\n`lobu.config.ts` , Settings UI |\nConnected APIs — GitHub, Google, etc. with Lobu-managed OAuth |\nMCP tools via Lobu |\nManaged MCP proxy — any MCP server with secret injection |\n|\n\n**Nix + external MCP**— browsing, headless UI, custom tools`bash`\n\n(Nix), MCP servers**Productivity:** Google Calendar, Slack, Jira, Notion**Development:** GitHub, GitLab, Postgres, Docker**Knowledge:** Wikipedia, Brave Search, YouTube, PDF Search\n\n**Gateway as single egress.** All worker traffic — internet and MCP — routes through the gateway. Workers have no direct network access; domain filtering controls which services they reach.**MCP proxy.** Gateway resolves`${env:VAR}`\n\nsecrets and routes to upstream MCP servers. OAuth for third-party APIs stays in Lobu — workers never see tokens.**Multi-platform, multi-tenant.** One instance serves Slack, Telegram, WhatsApp, Discord, Teams, and the REST API. Each channel/DM gets its own runtime, model, tools, credentials, and Nix packages.**OpenClaw runtime.** Workers run[OpenClaw Pi Agent](https://openclaw.ai/)with per-agent model selection. Supports OpenClaw skills and`IDENTITY.md`\n\n/`SOUL.md`\n\n/`USER.md`\n\nworkspace files.**Multi-provider auth.** 16 LLM providers (OpenAI, Gemini, Groq, DeepSeek, Mistral, …) via a config-driven registry. API keys stay on the gateway.\n\nLobu is the **infrastructure layer** for autonomous agents. Frameworks like LangChain or CrewAI help you *write* agent logic; Lobu is the delivery layer that runs those agents at scale — sandboxing, persistence, and messaging connectivity.\n\n| Lobu | OpenClaw | |\n|---|---|---|\n| Scale to zero | Workers scale down when idle | Requires always-on machine |\n| Multi-tenant | Single bot, per-channel/DM isolation | One instance per setup |\n| Multi-platform | Slack, Telegram, WhatsApp, Discord, Teams, Google Chat, REST API |\n|\n\n—**Worker egress through the gateway proxy**`HTTP_PROXY=http://localhost:8118`\n\nwith allowlist/blocklist + LLM egress judge. On Linux production hosts the worker spawn uses`systemd-run --user --scope`\n\nwith`IPAddressDeny=any`\n\nto enforce egress at the kernel level; in dev (macOS) the proxy is best-effort.— provider credentials and**Secrets stay in gateway**`${env:}`\n\nsubstitution; OAuth lives in Lobu. Workers never see real keys.—**Threat model: single-tenant local isolation**`just-bash`\n\nand`isolated-vm`\n\nare policy + best-effort sandboxes, not security boundaries for hostile code. See`docs/SECURITY.md`\n\nbefore exposing Lobu to untrusted users.— per-agent reproducible tooling and skill policy.**Nix system packages**\n\nLobu is open source, but deploying production-grade agents usually means tuning soul, identity, and integrations. I offer hands-on implementation for:\n\n**Employee AI assistants**— persistent sandboxed agents on Slack wired into internal tools and docs.** Automated customer support**— multi-step ticket handling with human-in-the-loop.** Autonomous workflows**— long-running, scheduled background jobs with persistent state.** Managed infrastructure**— private Lobu deployments with updates and scaling.** Custom tooling & skills**— bespoke MCP servers, Nix runtimes, and OpenClaw skills.\n\nI'm a second-time technical founder. Previously founded [rakam.io](https://rakam.io) (enterprise analytics PaaS), acquired by [LiveRamp](https://liveramp.com) (NYSE: RAMP).\n\nTip\n\nWant persistent agents for your team or customers? [Talk to Founder](https://calendar.app.google/LwAk3ecptkJQaYr87) or reach out on [X/Twitter](https://x.com/bu7emba).", "url": "https://wpnews.pro/news/show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory", "canonical_source": "https://github.com/lobu-ai/lobu", "published_at": "2026-06-18 20:21:02+00:00", "updated_at": "2026-06-18 20:30:49.013906+00:00", "lang": "en", "topics": ["ai-agents", "ai-infrastructure"], "entities": ["Lobu", "OpenClaw", "Slack", "Telegram", "WhatsApp", "Discord", "Microsoft Teams", "Google Chat"], "alternates": {"html": "https://wpnews.pro/news/show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory", "markdown": "https://wpnews.pro/news/show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory.md", "text": "https://wpnews.pro/news/show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory.txt", "jsonld": "https://wpnews.pro/news/show-hn-open-source-back-end-for-multi-user-ai-agents-with-shared-memory.jsonld"}}