The current gold rush in AI automation has left many developers in a precarious position. Every week, a new framework promises to turn a Large Language Model into an autonomous employee capable of managing calendars, updating CRMs, and writing code. Yet, as teams move these agents from experimental notebooks to production environments, a terrifying realization sets in: to make an agent useful, you have to give it the keys to your kingdom. Most current implementations require passing sensitive API keys directly into the agent's memory or environment variables, effectively trusting a probabilistic model and a potentially vulnerable container with the master passwords to a company's entire software stack.
The Architecture of an Autonomous Fleet
Valmis enters this landscape not just as another wrapper, but as a production-ready, cloud-based application designed to handle the scale of enterprise workflows. The framework is built for immediate deployment, offering native integration with over 100 business and productivity tools. This includes deep hooks into Google Workspace, Slack, Notion, Hubspot, Salesforce, and Figma. Rather than treating an AI agent as a single, monolithic entity, Valmis introduces the concept of a fleet. In this model, operators can deploy a swarm of specialized agents, each equipped with its own unique set of credentials, specialized skills, and dedicated knowledge bases.
This modularity allows for significant cost optimization. Because operators can assign different LLM providers to different agents based on the complexity of the task, a simple data-entry agent might run on a lightweight, cheap model, while a strategic analyst agent utilizes a high-reasoning frontier model. To manage this complexity, Valmis implements a hierarchical decision tree. Certain agents are designated as team leaders, acting as orchestrators that manage the workflows of subordinate agents, ensuring that tasks are routed to the most efficient resource without human intervention.
To move beyond simple chat interfaces, Valmis employs a sophisticated trigger system. Automation is driven by cron schedules for time-based tasks, webhooks for external service events, and specific app-driven triggers. These are managed through a visual workflow builder or via natural language descriptions, allowing users to construct multi-step processes. The logic engine supports both smart conditionals and strict conditionals, alongside loop functions for repetitive tasks. To maintain strict governance, the system allows operators to limit the specific credentials and tools available at each individual step of a workflow, preventing an agent from escalating its own privileges during execution.
Context retention is handled through a four-tier memory system designed to mimic human cognitive layers. Episodic memory records specific events as they happen, while semantic memory stores persistent facts. Procedural memory manages the rules and constraints of the system, and working memory maintains the immediate short-term context of a session. This entire memory stack is powered by `pgvector`, a PostgreSQL-based vector database. By utilizing text embedding-based semantic search, agents can retrieve relevant historical data and past experiences to inform current decisions, solving the common problem of context window exhaustion in long-running autonomous tasks.
The Proxy Shift and the End of Plain-Text Leaks
While the functional breadth of Valmis is impressive, its true value proposition lies in its departure from standard security practices. To understand the shift, one only needs to look at tools like OpenClaw. In many personal assistant frameworks, credentials are stored in plain text within the memory or transmitted directly to the LLM provider. This creates a massive attack surface; if the agent's memory is dumped or the provider's logs are compromised, the API keys are exposed. Valmis treats this approach as a fundamental failure of architecture.
Valmis solves this by implementing a strictly isolated security architecture centered around AES-256-GCM encryption and a dedicated proxy system. The core innovation is the complete decoupling of the agent's runtime from the actual API credentials. In a Valmis deployment, the agent operates within a dockerized runtime—an isolated container environment. Crucially, this container is blocked from accessing API credentials directly. It has no knowledge of the actual secret keys.
Instead of holding a key, the agent holds a credential ID. When the agent needs to perform an action, such as updating a Salesforce record, it sends a request to the host machine using that ID, essentially asking the host to act as its proxy. The host machine, which resides outside the isolated container, validates the request, retrieves the encrypted key, executes the API call, and returns only the resulting JSON data to the agent. This design creates a physical and logical barrier between the intelligence (the LLM) and the authority (the API key).
This architecture enables a security posture that was previously impossible for autonomous agents: the agent container can have its external internet access completely disabled, yet it can still perform API functions perfectly because all communication is routed through the secure host proxy. By transforming the credential system from a direct-access model to an ID-based delegation model, Valmis eliminates the possibility of an agent accidentally leaking a key in a chat response or a malicious actor extracting a key from a compromised container.
For any organization deploying AI agents into a corporate environment, the location of credential storage is no longer a minor implementation detail—it is the primary security boundary. The transition from internal runtime storage to external proxy isolation represents the necessary evolution for AI agents to move from novelty tools to trusted enterprise infrastructure.




