Kelex

Computer-use agents with persistent memory.
Bring your own AI. We provide the platform.
Self-hostable. Multi-tenant from day one. Built defensively because OpenClaw scared us. Bring your own keys for Claude, GPT, Kimi, DeepSeek — or use the included local brain.
Safer than OpenClaw — here's why ↓
Request access → CLI: coming soon
A real conversation with Lara — happening right now
play.brownforces.io · chat with Lara

What it does

An agent platform — meaning the runtime your agents live in. Persistent memory, parallel workers, native tools, scheduling. Bring your own LLM brain or use ours.

1

She actually remembers you — across every conversation, forever.

ChatGPT forgets you between sessions unless you fight with its custom instructions. Lara remembers what you told her two months ago, the names of your team, your projects, what you tried that failed, what you decided. Every chat builds on the last.

"Lara, what did we decide about the helpdesk feature back in March?" — and she tells you, because she was there.
2

She can do five things at once.

Most AI assistants think one thought at a time. When you ask Lara to research a market, review a contract, or brainstorm a launch, she can send out five copies of herself to work on it in parallel — then read all their answers and give you the summary. What takes a single chatbot 10 minutes takes Lara 30 seconds.

"Spawn 5 helpers to find the top objections this product faces in our space." → 30 seconds later, you have one synthesized answer with all the contradictions noted.
3

She wakes herself up to work for you.

Tell Lara once: "every weekday at 7am, scan my inbox and tell me what's actually important." She'll do it. Forever. You don't have to remember to ask. You walk in, your coffee's brewing, your morning brief is waiting. Most assistants only work when you open a tab.

"Every Monday at 9am, summarize last week's customer feedback and ping me only if something's on fire." — set once, runs forever.
4

She can hear, see, and create — not just type.

Drag in a voice memo, she'll transcribe it. Drop in a screenshot, she'll read it. Ask for a 30-second background music loop, she'll make one. Have her clone your voice from a 10-second clip and read your script back. Most chatbots talk. Lara does.

"Listen to this voicemail and tell me if I need to call back." — she transcribes, summarizes, and gives you a one-line "yes, call them, here's why."
5

She's yours. Your data stays yours.

Lara runs on infrastructure you control. Your conversations don't get scraped to train someone else's next model. If you ever want to leave, you take your data with you — every memory, every conversation, every schedule, exportable. Most subscriptions own you. You own this one.

No "your conversations may be used to improve our models" small print. There is none.
6

One subscription. Use her all you want.

$29/month for the Pro plan. Up to 25,000 messages a month — that's ~833 a day, more than anyone uses. No per-token charges, no surprise bills, no "you've hit the cap, that'll be another $40." Just a number you know going in.

Currently paying ChatGPT Plus + Claude Pro = $40/month. Lara replaces both, plus does things neither can.

Use her anywhere

Same Lara, three ways in. She remembers you across all of them — chat in a browser, switch to your terminal, build her into your own app. One persona, one memory.

Easiest · zero install

In your browser

Open a tab. Sign in. Start talking. The web playground at play.brownforces.io is the simplest way to use Lara — chat with her, see her memories, set her schedules, manage upgrades. Currently invite-only — request access via email.

# open in any browser
play.brownforces.io
Request access to the playground →
For developers · live where you code

In your terminal

Coming soon — install once, run kelex in any project directory — chat, edit code, spawn parallel reviewers, attach files with @filename. She remembers each project separately.

$ pip install kelex-cli
installed
$ kelex login
$ cd my-project && kelex
what does @auth.py actually do?
Join the CLI early access list →
For builders · wire her into anything

From your code

HTTP API. Standard auth (tenant ID + bearer token). Streaming responses. Use Lara as the brain behind your own app, automation, or SaaS.

// from anywhere
POST kelex.brownforces.io
  /agents/lara/messages
// returns Lara's reply
// + her tool calls + memory
Read API docs →

Install the CLI

macOS, Linux, Windows (WSL). Requires Python 3.10+. CLI in development — not yet on PyPI. Email to join early access →

# 1. Install
pip install kelex-cli

# 2. Log in (you'll be asked for tenant_id + api_token from your signup email)
kelex login

# 3. Run it in any project directory
cd ~/code/your-project
kelex
 hello, lara

# Useful commands inside the REPL:
 /quota                    # show your tier + usage
 /memory project decisions  # search what she remembers
 spawn 5 helpers to review @src/auth.py
 remind me every monday 9am to triage issues

CLI is open source. Self-host customers point it at their own server with kelex login --base https://your-domain.


How you'd use her

A few ways real people are using Lara today.

The solo founder

building a product alone

Uses Lara as a CTO-in-her-pocket. Drafts product specs, reviews emails, brainstorms pricing, summarizes investor calls. Lara remembers every customer interview transcript, so when she's deciding what to build next, she can ask "what did Sarah say about onboarding back in February?"

The small-team operator

running a 5-person company

Each team member has their own Lara, and Lara helps run the routines. Daily standups summarized from Slack. Vendor invoices flagged. Customer issues triaged. The "every Monday morning" routines that nobody has time to do, but suddenly do themselves.

The developer

shipping code daily

Installs pip install kelex-cli, runs kelex in each project. Lara reads the codebase via @filename, suggests edits as diffs the CLI applies on confirm, runs 5 parallel code reviewers on PRs, and remembers every architectural decision the team has made. Claude Code / Cursor, but with memory that doesn't reset and parallel reasoning built in.

The advisor / consultant

juggling multiple clients

One Lara per client — each remembers that client's context, history, decisions, contracts, players. Switching clients = switching personas. No more "wait, who said that?" Confidential by design (each client's Lara can't see the others).


Vs. Letta and OpenClaw

The actual competitive set. Letta is a toolkit for developers building agents. OpenClaw is a self-hosted agent that's racked up 138 CVEs. Kelex is the agent platform that's already built, multi-tenant, and designed defensively.

Letta OpenClaw Kelex
Ready-to-use product or build-your-own? Toolkit — write code, define memory blocks, register tools Self-host install, configure yourself Already built. Sign up, get tenant, agents work today.
Multi-tenant from day one Cloud version only Single-user installs — each one is its own attack surface Tenant-keyed schema, FK cascade isolation
Native parallel workers (swarm) Build it yourself No delegate(N) primitive, up to 16 workers + synthesizer
Self-scheduling agents (cron) No No schedule.create, server-side cron
Multi-brain routing (BYOK) Per-agent provider config One brain at a time brain.ask(provider) — Claude, GPT, Kimi, DeepSeek, local — per persona or per call
Multi-modal tools (voice / vision / music / video) Text only Text only 8 tools built in
Security posture Open source, reasonable defaults 138 CVEs · ClawBleed RCE · banned by China Hashed tokens · behind tunnel · quotas · no shell access · ~3K LOC auditable
Includes a terminal CLI Letta Code (separate product) No pip install kelex-cli (coming soon)

Why OpenClaw isn't worth the risk

OpenClaw is the most-starred AI agent on GitHub — and a security disaster. The reason we built Lara is simple: we wanted what OpenClaw promised, without the part where running it on real data gets you breached.

138
CVEs in 6 months
7
rated critical
~135K
exposed installs
~50K
actively exploitable today

What's actually wrong with it

In plain terms: if you put OpenClaw on a server with real customer data or production secrets, you're actively betting your business on a piece of software that has a 138-CVE rap sheet, an unpatched RCE actively exploited in the wild, and a government ban for data leaks. That's not a calculated risk. That's a bad idea.

How Lara is structurally different

Same self-hosted agent vision. Different design choices, made with security as a constraint not a retrofit.

Risk OpenClaw Lara on Kelex
Server exposed to public internet Default Docker opens ports. ~135K instances scanable. Behind Cloudflare Tunnel — origins aren't publicly addressable. Zero open ports needed.
Auth token theft (the ClawBleed bug) Tokens stealable in plaintext via API exploit. Active in the wild. Tokens stored as sha256 hashes only. We literally cannot leak plaintexts because we don't have them.
One bug = many tenants breached Each single-user install is its own attack surface. Multi-tenant from day one. tenant_id on every row with cascading FKs. Cross-tenant requires breaking auth middleware.
Runaway loops burning compute / money "Excessive energy use" cited in the China ban. Tier-aware quotas enforced server-side. Hits 25K msg/mo? Hard 429. No runaway bills.
Tools with shell / file access Open by design — agents can run arbitrary code. Tools are HTTP calls to constrained endpoints with JSON schemas. No shell. No file write unless you wire it.
Webhook spoofing Custom signing, often missing. HMAC signature verification + idempotency log. Replay attacks impossible.
Service running as root Default Docker setups commonly run as root. Runs as a regular user. No privilege escalation if compromised.
Attack surface size Sprawling. 138 CVEs implies many vulnerable code paths. Single FastAPI app + Postgres. ~3,000 lines. Auditable in an afternoon.

If you tried OpenClaw and the CVE count gave you pause — good instinct.
That's exactly why we built Lara.


Pricing

Infrastructure pricing — we provide the agent runtime, you bring the brain (or use ours). No per-message billing on local. External brain calls go directly to your provider account.

Free
$0 / mo
  • 1 persona
  • 500 messages / month (local brain)
  • BYOK for Claude / GPT / Kimi
  • Basic tools, no swarm, no scheduling
Get started
Max
$99 / mo
  • 50 personas
  • 500,000 messages / month (local brain)
  • Custom tools (BYO endpoints)
  • Priority support
  • Everything in Pro
Get Max
Enterprise
Custom
  • Unlimited everything
  • Self-hosted on your servers
  • SSO / audit logs
  • Dedicated support
Contact

Common questions

If you're not sure whether this is for you.

How is this different from ChatGPT?
ChatGPT is a brilliant amnesiac. Every conversation starts from scratch unless you re-paste context. Lara remembers everything you've told her, can do many things in parallel, can wake herself up on a schedule, and uses tools (voice, vision, etc.) to actually do things. ChatGPT chats. Lara works.
I'm not technical. Can I still use this?
Yes. Email us, we set up your tenant, you log into play.brownforces.io, and start chatting. No installation required. The technical features (self-hosting, API, command-line tools) are there if you ever want them, but you don't have to.
I tried OpenClaw. How is Lara different / safer?
OpenClaw is genuinely unsafe to run on real data right now. 138 CVEs in 6 months, ClawBleed actively exploited (one-click RCE), ~50K instances exploitable today, and China banned it from state agencies and banks for data leaks. Lara is built differently: tokens stored as sha256 hashes only, behind a Cloudflare Tunnel (no exposed ports), multi-tenant from day one with cascading FKs, hard server-side quotas, no shell access in tools, HMAC-signed webhooks, single FastAPI app under 3K lines you can audit in an afternoon. See the section above for the full breakdown.
What about Letta? I've heard of them.
Different category. Letta is a toolkit for developers building their own agents from scratch — you write code, define memory blocks, register tools. Kelex is an agent that's already built. If you want to design agents, use Letta. If you want to use one, use Lara. Apples and ovens.
Is Lara just another "agent harness"?
She's a harness PLUS a product on top. A "harness" is the orchestration loop around an LLM — tool calling, memory, multi-step reasoning. Lara has all that. But she's also a persona (identity, voice, system prompt), a multi-tenant platform (Kelex with billing under it), and three delivery surfaces (browser, terminal, API) that all share the same memory. A harness is an engine. Lara is the whole car, with insurance.
How is this different from coding agents like Aider, Cline, or OpenHands?
Different jobs. Those are excellent free tools for one specific task: writing and editing code in your repo. Lara does that too via kelex-cli, but she's also your assistant for ops, customer research, scheduling, multi-modal work (voice/vision/music/video). She remembers across every conversation. She wakes herself up. And the same Lara runs on the web, in the terminal, and via API — all sharing one memory. Aider/Cline are wrenches. Lara is a personal employee.
Why should I trust BFTS over OpenClaw's massive community?
Honest answer: you shouldn't trust us blindly. We have a smaller attack surface (~3,000 lines vs. tens of thousands), structural defenses built in from day one (multi-tenant, hashed tokens, tier quotas, behind a tunnel), and a deliberate scope. We're a two-person team building something we use every day. If you ever stop trusting us, your data exports cleanly and you can self-host on Pro+. Nobody locks you in.
What about my privacy?
Your conversations live in your tenant. They're not used to train any model. If you ever leave, your data leaves with you — every memory, every conversation, fully exportable. Pro tier and above can also self-host on their own server (we help set it up).
What's "Brown Forces Technology Studio"?
A small studio that builds AI products we wished existed. We use Lara every day to run our own work. Kelex is the platform that powers her — and now anyone can have one.
What does "self-hostable" mean and why should I care?
It means Lara doesn't have to live on our servers — Pro+ customers can run her on their own machine or cloud. Why care? Two reasons. (1) Your data never leaves your infrastructure. (2) If we ever go out of business, you keep working. You're not locked in.
Can I have more than one Lara?
Yes — Pro lets you create up to 5 personas, Team up to 50. People typically create one per project or one per client. Each has its own memory, its own schedule, its own personality. They don't share information unless you tell them to.
Why is it called Lara? And Kelex?
Lara is the name of the persona — she's the assistant you talk to. Kelex is the platform she runs on (think: Lara is the person, Kelex is her house). When you sign up, you can keep the name "Lara" or rename your persona to whatever you want.
Is there a desktop app or CLI?
The CLI is in development and not yet on PyPI. Email to join early access. When shipped, pip install kelex-cli will get you the kelex command — a chat REPL in your terminal that remembers each project separately, can read your files (@filename), spawn parallel helpers, and apply code edits. Same Lara, same memory as the web — she remembers you across both surfaces. Mac, Linux, Windows (WSL). See the install section above.
How do I actually try this?
Email [email protected] with the tier you want. We'll set up your tenant and send you credentials within a day. You can be chatting with Lara by tomorrow morning — in the browser, in your terminal, or both. No commitment — cancel anytime.

From the founder

I almost installed OpenClaw. The CVE count talked me out of it.

I'm Salvador, the founder of Brown Forces Technology Studio. I'd been paying for ChatGPT Plus and Claude Pro and hitting the same walls — they don't remember me, can't run errands while I sleep, can't fan out work in parallel.

OpenClaw promised exactly what I wanted: a self-hosted agent with memory that worked. So I went to install it. Then I read the security write-ups. 138 CVEs in 6 months. ClawBleed actively exploited in the wild. China banned it from state agencies for data leaks. I wasn't going to put that on my server next to real customer data. The risk wasn't worth it.

So I built what I actually wanted — same vision, defensive design from day one. Multi-tenant, hashed tokens, hard quotas, no shell access, behind a tunnel. I use Lara every day. Now anyone can.

Salvador Alvarez, founder, Brown Forces Technology Studio · [email protected]

Want one?

Email [email protected] with the tier you want. You'll have a Lara of your own within a day.

Request access → Email Salvador