{"id":48799128,"url":"https://github.com/donbader/anyclaw","last_synced_at":"2026-05-17T01:03:07.786Z","repository":{"id":350607923,"uuid":"1207533439","full_name":"donbader/anyclaw","owner":"donbader","description":"Infrastructure sidecar connecting AI agents to channels and tools","archived":false,"fork":false,"pushed_at":"2026-05-08T09:36:33.000Z","size":5593,"stargazers_count":3,"open_issues_count":17,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-08T09:41:23.341Z","etag":null,"topics":["ai-agents","infrastructure","mcp","rust","sidecar"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/donbader.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-11T03:58:59.000Z","updated_at":"2026-05-08T09:20:43.000Z","dependencies_parsed_at":"2026-04-19T10:02:19.889Z","dependency_job_id":null,"html_url":"https://github.com/donbader/anyclaw","commit_stats":null,"previous_names":["donbader/protoclaw","donbader/anyclaw"],"tags_count":301,"template":false,"template_full_name":null,"purl":"pkg:github/donbader/anyclaw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donbader%2Fanyclaw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donbader%2Fanyclaw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donbader%2Fanyclaw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donbader%2Fanyclaw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/donbader","download_url":"https://codeload.github.com/donbader/anyclaw/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donbader%2Fanyclaw/sbom","scorecard":{"id":1247124,"data":{"date":"2026-05-08T09:20:55Z","repo":{"name":"github.com/donbader/anyclaw","commit":"35cd0ad862686f267ddccb04f392ec99a648e924"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":5.4,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-dev.yml:23","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/ghcr-cleanup.yml:15","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-prepare.yml:19","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-publish.yml:28","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-publish.yml:74","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-publish.yml:137","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-publish.yml:205","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-publish.yml:293","Info: found token with 'none' permissions: .github/workflows/build-dev.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage.yml:18","Info: found token with 'none' permissions: .github/workflows/ghcr-cleanup.yml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-title.yml:8","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-ext.yml:12","Info: found token with 'none' permissions: .github/workflows/release-prepare.yml:1","Info: found token with 'none' permissions: .github/workflows/release-publish.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-sdk.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:11"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-dev.yml:19"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2023-0071","Warn: Project is vulnerable to: RUSTSEC-2025-0134"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: containerImage not pinned by hash: Dockerfile:17: pin your Docker image by updating lukemathwalker/cargo-chef:latest-rust-1.94-alpine to lukemathwalker/cargo-chef:latest-rust-1.94-alpine@sha256:5b2b5c6585c537a2795a477e93ebba85b4a2887e11ee9bddd34ad607e53ccec0","Warn: containerImage not pinned by hash: Dockerfile:36","Warn: containerImage not pinned by hash: Dockerfile:42","Warn: containerImage not pinned by hash: Dockerfile:123: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1","Warn: containerImage not pinned by hash: Dockerfile:129: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1","Warn: containerImage not pinned by hash: dev/Dockerfile:8: pin your Docker image by updating lukemathwalker/cargo-chef:latest-rust-1.94-alpine to lukemathwalker/cargo-chef:latest-rust-1.94-alpine@sha256:5b2b5c6585c537a2795a477e93ebba85b4a2887e11ee9bddd34ad607e53ccec0","Warn: containerImage not pinned by hash: examples/01-fake-agent-telegram-bot/Dockerfile.agent-mock:1: pin your Docker image by updating ghcr.io/donbader/anyclaw-builder:latest to ghcr.io/donbader/anyclaw-builder:latest@sha256:1026665308f44fef846859aa113a688d150fe3324844bb372416fa382e197ccc","Warn: containerImage not pinned by hash: examples/01-fake-agent-telegram-bot/Dockerfile.agent-mock:2: pin your Docker image by updating busybox:musl to busybox:musl@sha256:19b646668802469d968a05342a601e78da4322a414a7c09b1c9ee25165042138","Warn: containerImage not pinned by hash: examples/01-fake-agent-telegram-bot/Dockerfile.agent-mock:4: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/claude-code/Dockerfile:3: pin your Docker image by updating ghcr.io/donbader/anyclaw:latest to ghcr.io/donbader/anyclaw:latest@sha256:51d9a16b0442a382d05841226b61f2f50546f4b2676554b2773aa50dc8646ce1","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/claude-code/Dockerfile:4: pin your Docker image by updating ghcr.io/donbader/anyclaw-ext:latest to ghcr.io/donbader/anyclaw-ext:latest@sha256:f2736dbe56697ecc4457b53b850158f317827d088eb4c6a12168bf85d1ee1b86","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/kiro/Dockerfile:3: pin your Docker image by updating ghcr.io/donbader/anyclaw:latest to ghcr.io/donbader/anyclaw:latest@sha256:51d9a16b0442a382d05841226b61f2f50546f4b2676554b2773aa50dc8646ce1","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/kiro/Dockerfile:4: pin your Docker image by updating ghcr.io/donbader/anyclaw-ext:latest to ghcr.io/donbader/anyclaw-ext:latest@sha256:f2736dbe56697ecc4457b53b850158f317827d088eb4c6a12168bf85d1ee1b86","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/opencode/Dockerfile:3: pin your Docker image by updating ghcr.io/donbader/anyclaw:latest to ghcr.io/donbader/anyclaw:latest@sha256:51d9a16b0442a382d05841226b61f2f50546f4b2676554b2773aa50dc8646ce1","Warn: containerImage not pinned by hash: examples/02-real-agent-telegram/opencode/Dockerfile:4: pin your Docker image by updating ghcr.io/donbader/anyclaw-ext:latest to ghcr.io/donbader/anyclaw-ext:latest@sha256:f2736dbe56697ecc4457b53b850158f317827d088eb4c6a12168bf85d1ee1b86","Warn: containerImage not pinned by hash: examples/03-proxy-sandbox/Dockerfile.agent-mock:2: pin your Docker image by updating ghcr.io/donbader/anyclaw-ext:latest to ghcr.io/donbader/anyclaw-ext:latest@sha256:f2736dbe56697ecc4457b53b850158f317827d088eb4c6a12168bf85d1ee1b86","Warn: containerImage not pinned by hash: examples/03-proxy-sandbox/Dockerfile.agent-mock:4: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1","Warn: containerImage not pinned by hash: ext/Dockerfile:9: pin your Docker image by updating lukemathwalker/cargo-chef:latest-rust-1.94-alpine to lukemathwalker/cargo-chef:latest-rust-1.94-alpine@sha256:5b2b5c6585c537a2795a477e93ebba85b4a2887e11ee9bddd34ad607e53ccec0","Warn: containerImage not pinned by hash: ext/Dockerfile:25","Warn: containerImage not pinned by hash: ext/Dockerfile:29","Warn: containerImage not pinned by hash: ext/Dockerfile:73: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1","Warn: containerImage not pinned by hash: tests/integration/Dockerfile.agent-mock:2: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:c4a8d5503dfb2a3eb8ab5f807da5bc69a85730fb49b5cfca2330194ebcc41c7b","Warn: npmCommand not pinned by hash: examples/02-real-agent-telegram/claude-code/Dockerfile:11-18","Warn: npmCommand not pinned by hash: examples/02-real-agent-telegram/opencode/Dockerfile:11-18","Warn: downloadThenRun not pinned by hash: .github/workflows/release-prepare.yml:115","Info:  37 out of  37 GitHub-owned GitHubAction dependencies pinned","Info:  54 out of  54 third-party GitHubAction dependencies pinned","Info:   9 out of  31 containerImage dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CI-Tests","score":8,"reason":"25 out of 28 merged PRs checked by a CI test -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-05-08T09:41:39.309Z","repository_id":350607923,"created_at":"2026-05-08T09:41:39.324Z","updated_at":"2026-05-08T09:41:39.324Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33046893,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","infrastructure","mcp","rust","sidecar"],"created_at":"2026-04-14T01:03:49.483Z","updated_at":"2026-05-14T23:12:41.295Z","avatar_url":"https://github.com/donbader.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# anyclaw\n\n[![CI](https://github.com/donbader/anyclaw/actions/workflows/ci.yml/badge.svg)](https://github.com/donbader/anyclaw/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/donbader/anyclaw/graph/badge.svg)](https://codecov.io/gh/donbader/anyclaw)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/donbader/anyclaw/badge)](https://scorecard.dev/viewer/?uri=github.com/donbader/anyclaw)\n[![crates.io](https://img.shields.io/crates/v/anyclaw-sdk-types.svg)](https://crates.io/crates/anyclaw-sdk-types)\n[![docs.rs](https://img.shields.io/docsrs/anyclaw-sdk-types)](https://docs.rs/anyclaw-sdk-types)\n[![MSRV](https://img.shields.io/badge/MSRV-1.94-blue)](https://github.com/donbader/anyclaw/blob/main/Cargo.toml)\n[![License: MIT OR Apache-2.0](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue)](LICENSE-MIT)\n\nBuild any bot you want. Connect any AI agent — Claude, GPT, a custom LLM, anything — to Telegram, Slack, HTTP, and more. You write the AI logic in any language; anyclaw handles message routing, crash recovery, tool access, and subprocess supervision.\n\n\u003e ⚠️ **Unstable** — anyclaw is under active development. APIs, config format, and protocol details may change between releases.\n\n## What is anyclaw?\n\nAnyclaw is infrastructure, not an AI framework. It's a sidecar process that sits between your agent and the outside world:\n\n- **Channels** deliver messages to and from users (Telegram, HTTP, and more coming)\n- **Agents** are your AI backends — any binary that speaks [ACP](ext/agents/AGENTS.md) (JSON-RPC 2.0 over stdio)\n- **Tools** give agents capabilities via [MCP](https://modelcontextprotocol.io/) servers managed by anyclaw\n- **Services** provide infrastructure (credential-injecting proxy, media store)\n\nAll are standalone binaries spawned as child processes. Write them in Rust, Python, Go, TypeScript — whatever you prefer. Anyclaw manages their lifecycle, restarts them on crash, and routes messages between them.\n\n## What anyclaw is NOT\n\nAnyclaw does not:\n\n- **Run your agent logic** — Your agent is a separate binary. Anyclaw spawns it and talks to it over stdio.\n- **Manage memory or context** — Context windows, RAG, vector stores — that's your agent's job.\n- **Track costs or budgets** — Token counting belongs in the agent, not infrastructure.\n- **Orchestrate multi-agent workflows** — No built-in task routing or delegation.\n- **Choose which LLM to call** — Anyclaw doesn't know or care what model your agent uses.\n\nThis boundary is intentional. See [Introduction](docs/introduction.md) for the full design philosophy and [ADR-001](docs/decisions/001-sidecar-not-platform.md) for why.\n\n## Quickstart\n\nSee anyclaw running in under a minute — no API keys needed:\n\n```bash\ngit clone https://github.com/donbader/anyclaw.git\ncd anyclaw/examples/01-fake-agent-telegram-bot\ncp .env.example .env\ndocker compose up\n```\n\nIn another terminal, send a message:\n\n```bash\ncurl -X POST http://localhost:8080/message \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"message\": \"hello\"}'\n```\n\nYou'll see the mock agent \"think\" and respond with `Echo: hello`. That's the full pipeline — channel receives message, routes to agent, agent streams response back.\n\nWant to connect Telegram? Add your bot token to `.env` and set `TELEGRAM_ENABLED=true`. See the [Getting Started guide](docs/guides/getting-started.md) for deploying with a real agent.\n\n## Built-in Extensions\n\nAnyclaw ships with these extensions in [`ext/`](ext/), ready to use:\n\n| Type | Name | Description |\n|------|------|-------------|\n| Agent | [agent-mock](ext/agents/mock/) | Echo agent with simulated thinking (for testing) |\n| Channel | [channel-telegram](ext/channels/telegram/) | Telegram bot integration |\n| Channel | [channel-debug-http](ext/channels/debug-http/) | HTTP + SSE endpoint for development and testing |\n| Tool | [tool-system-info](ext/tools/system-info/) | Demo MCP tool returning system information |\n| Tool | [tool-send-file](ext/tools/send-file/) | Deliver files from agent to channel users |\n| Service | [service-proxy](ext/services/proxy/) | Credential-injecting outbound proxy (L4/L7 MITM) |\n| Service | [service-media](ext/services/media/) | Media store for cross-boundary file transfer with auto image compression |\n\nWe're actively growing this collection. If you build a channel, tool, or agent adapter that others would find useful, consider [contributing it](CONTRIBUTING.md).\n\n## Build Your Own\n\nExtensions are standalone binaries communicating over stdio — no SDK dependency required. The Rust SDK crates handle protocol framing for you, but you can also speak the wire protocol directly from any language.\n\n| Crate | What it does | docs.rs |\n|-------|-------------|---------|\n| `anyclaw-sdk-channel` | Build channel integrations (Telegram, Slack, etc.) | [docs](https://docs.rs/anyclaw-sdk-channel) |\n| `anyclaw-sdk-tool` | Build MCP-compatible tool servers | [docs](https://docs.rs/anyclaw-sdk-tool) |\n| `anyclaw-sdk-service` | Build infrastructure services (proxy, media store, etc.) | [docs](https://docs.rs/anyclaw-sdk-service) |\n| `anyclaw-sdk-types` | Shared wire types used across all SDK crates | [docs](https://docs.rs/anyclaw-sdk-types) |\n| `anyclaw-sdk-agent` | Supervisor-side hooks for intercepting agent messages | [docs](https://docs.rs/anyclaw-sdk-agent) |\n\nFor channels and tools, implement a trait and hand it to the SDK harness — it handles all JSON-RPC/MCP framing. Agents speak the [ACP wire protocol](ext/agents/AGENTS.md) directly and don't need an SDK crate.\n\nSee [Building Extensions](docs/concepts/extensions.md) for the full guide, including how to build extensions in non-Rust languages.\n\n## Roadmap\n\nWe're working toward a stable v1.0. Here's where things stand:\n\n### Core\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| Five-component supervisor (services → orchestrator → tools+channels → agents) | ✅ | |\n| Per-subprocess crash recovery with exponential backoff | ✅ | |\n| Crash loop detection and escalation | ✅ | |\n| Graceful shutdown with per-service timeouts | ✅ | |\n| Health check loop + admin HTTP server | ✅ | Includes Prometheus `/metrics` endpoint |\n| YAML config with `!env` tag resolution and validation | ✅ | |\n| JSON Schema for `anyclaw.yaml` (IDE autocomplete) | ✅ | `anyclaw schema` CLI command |\n| Config validation CLI (`anyclaw validate`) | ✅ | Offline schema + semantic validation with `--strict` mode |\n| Structured JSON logging | ✅ | `log_format: json` for production log aggregators |\n| Extension defaults via initialize handshake | ✅ | |\n| Agent-initiated messages | ✅ | Via standard `session/update` notifications (agents self-prompt internally) |\n| Rich media delivery | ✅ | Images, files, audio between agents and channels (both directions) |\n| Reply/thread context | ✅ | Agent knows which message the user is replying to |\n| Credential-injecting outbound proxy | ✅ experimental | L7 MITM with per-host rules; merged CA bundle covers ~99% of HTTP libraries. See [proxy limitations](#proxy-ca-trust) |\n| Custom auth providers | ✅ | External binaries for short-lived tokens (GitHub App, OAuth2); cached with TTL + stampede protection |\n| Credential leak detection | ✅ | Blocks outbound requests containing known secrets (echo detection + pattern matching) |\n| Extensible services layer (ServicesManager) | ✅ | Installation protocol, health-based restart with backoff, crash-loop detection |\n| Transparent proxy via iptables DNAT | ✅ | Deny-by-default networking for Docker agents; no client-side proxy config needed |\n| Path-based filtering in proxy rules | ✅ | Fine-grained allow/deny per URL path, not just per host |\n| Per-deployment namespace (Docker resource scoping) | ✅ | Isolates containers/networks per deployment to avoid collisions |\n| Parallel manager initialization | ✅ | Tools+Channels boot concurrently for faster startup |\n| Media store service (claim-check file transfer) | ✅ | Eliminates base64 overhead; auto-compresses images on upload |\n| Host-side credential injection (MCP tool) | planned | Agent calls `http_request` tool instead of making direct HTTPS calls — 100% library coverage, no CA trust needed |\n| Rate limiting | planned | Per-session and per-channel depth caps with backpressure |\n| Supervisor management API | planned | Authenticated HTTP API for session introspection, agent control, and runtime status |\n| `anyclaw doctor` | planned | Config validation, binary probes, channel connectivity checks |\n\n### Agents\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| ACP protocol (JSON-RPC 2.0 over stdio) | ✅ | Uses official `agent-client-protocol` SDK for typed dispatch and wire types |\n| ACP↔HTTP bridge (connect any REST/SSE agent) | ✅ | |\n| Docker workspace (run agents in containers) | ✅ | |\n| Docker container hardening | ✅ | `cap_drop: ALL`, read-only rootfs, tmpfs — applied to all Docker agents |\n| Network isolation via outbound proxy | ✅ experimental | Deny-by-default; only configured hosts reachable from agent containers |\n| Session persistence (SQLite-backed) | ✅ | |\n| Session recovery after crash | ✅ | Resume preferred; falls back to history replay |\n| Session fork and list | ✅ | `session/fork` and `session/list` ACP methods (capability-gated) |\n| Filesystem sandboxing | ✅ | |\n| Permission system (agent → user approval flow) | ✅ | |\n| Platform commands (`/new`, `/cancel`) | ✅ | Built-in slash commands intercepted by the sidecar |\n| Dynamic command menus | ✅ | Agents push `available_commands_update` to channels at runtime |\n| Agent worker pool (concurrent sessions) | ✅ | Per-agent pool with sticky session affinity; scales between `min_workers` and `max_workers` |\n| Full ACP spec compliance | in progress | SDK foundation added; wiring typed dispatch into manager is next |\n| Agent-to-agent communication | planned | Handoff, delegation, or direct IPC between agents |\n\n### Channels\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| Telegram | ✅ | |\n| Debug HTTP (development + testing) | ✅ | |\n| Telegram: reply/thread context | ✅ | Sender attribution, partial quotes, media placeholders, openclaw-compatible format |\n| Telegram: external/cross-chat reply context | planned | Handle `external_reply` for replies to messages from other chats |\n| Telegram: reply media download | ✅ | Photos from replies downloaded; other media types show placeholder |\n| Telegram: reply context access control | ✅ | Suppress reply context in groups when original sender is not in allowlist |\n| Telegram: group/user allowlists | ✅ | Control who can interact with the agent via `access_control` options |\n| Telegram: hierarchical work message | ✅ | Pinned header with flat tool display and per-tool emoji |\n| Telegram: configurable rate limits | ✅ | Per-channel rate limit tuning via `options` |\n\n### Tools\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| MCP server hosting (external tool binaries) | ✅ | |\n| Send-file tool (agent → user file delivery) | ✅ | Path-based; works across Docker boundaries via media store |\n| Cross-boundary file sharing (agent ↔ tool) | ✅ | Media store with claim-check architecture; auto image compression |\n\n### SDK\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| Channel, Tool, Types, Agent, Service SDK crates on crates.io | ✅ | |\n| Automated releases via release-plz | ✅ | |\n| Stable API with semver guarantees | planned | |\n\n### CI/CD \u0026 Release\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| Multi-arch Docker images (amd64 + arm64) | ✅ | |\n| PR-only workflow with conventional commit enforcement | ✅ | |\n| Security audit + Trivy scanning | ✅ | |\n| Separate ext/ image (`ghcr.io/donbader/anyclaw-ext`) | ✅ | Extensions built independently from core |\n| Independent extension versioning | planned | Per-extension semver after SDK types reach 1.0 |\n\n### Extension Ideas\n\nAnyclaw is infrastructure — many features are best built as extensions rather than core. Here's what we'd love to see contributed:\n\n| Extension | Type | Status | Notes |\n|-----------|------|--------|-------|\n| Slack | channel | planned | Same pattern as Telegram — use the [Channel SDK](https://docs.rs/anyclaw-sdk-channel) |\n| Discord | channel | planned | |\n| Task scheduler | tool | planned | Cron/interval/one-shot task CRUD via MCP (execution trigger depends on agent-initiated messages) |\n\nSome features live entirely in the agent, not in anyclaw — skills, prompt extensions, vector memory, and knowledge graphs are configured in your agent (e.g., `CLAUDE.md`, `AGENTS.md`, MCP servers). Anyclaw doesn't need to know about them.\n\nHave an idea? [Open a feature request](https://github.com/donbader/anyclaw/issues/new?template=feature_request.yml).\n\n## Building from Source\n\n```bash\ncargo build                                                              # Build core workspace\ncargo build --workspace --manifest-path ext/Cargo.toml                   # Build extension binaries\ncargo test                                                               # Unit tests (core)\ncargo test --workspace --manifest-path ext/Cargo.toml                    # Unit tests (extensions)\ncargo clippy --workspace                                                 # Lint core\ncargo clippy --workspace --manifest-path ext/Cargo.toml                  # Lint extensions\n\n# Integration tests require ext/ binaries built first:\ncargo build --workspace --manifest-path ext/Cargo.toml\ncargo test -p anyclaw-integration-tests\n```\n\nRust stable toolchain required. Check `rust-toolchain.toml` for the pinned version.\n\n## Documentation\n\n### Understanding anyclaw\n\n- [Introduction](docs/introduction.md) — what anyclaw is, what it's not, design philosophy\n- [Architecture](docs/concepts/architecture.md) — five-manager system, boot order, protocols\n- [Security model](docs/concepts/security-model.md) — trust zones, container hardening, credential flow\n- [Installations](docs/concepts/installations.md) — how services bind to agents, credential isolation\n- [Tool layers](docs/concepts/tool-layers.md) — when to put tools in the agent vs anyclaw layer\n\n### Design decisions\n\n- [ADR-001: Sidecar, not platform](docs/decisions/001-sidecar-not-platform.md)\n- [ADR-002: Subprocess, not library](docs/decisions/002-subprocess-not-library.md)\n- [ADR-003: Multi-proxy credential isolation](docs/decisions/003-multi-proxy-credential-isolation.md)\n- [ADR-004: ACP over stdio](docs/decisions/004-acp-over-stdio.md)\n- [ADR-005: No built-in budget tracking](docs/decisions/005-no-builtin-budget-tracking.md)\n\n### For Users\n\n- [Getting started](docs/guides/getting-started.md) — copy an example, customize, deploy\n- [Proxy \u0026 credential security](docs/reference/proxy-security.md) — outbound proxy, credential injection, leak detection\n- [Configuration reference](docs/reference/configuration.md) — full `anyclaw.yaml` schema\n- [Deployment \u0026 container images](docs/guides/deployment.md) — Docker image tags, platforms, usage\n- [Examples](examples/) — ready-to-run setups (fake agent, OpenCode, Kiro, Claude Code, proxy sandbox)\n- [Changelog](CHANGELOG.md) — release history\n\n### For Extension Builders\n\n- [Building extensions](docs/concepts/extensions.md) — start here: pattern overview, SDK vs wire protocol, testing\n- [ext/agents/AGENTS.md](ext/agents/AGENTS.md) — ACP wire format (for building agent binaries in any language)\n- [ext/channels/AGENTS.md](ext/channels/AGENTS.md) — Channel trait, harness, testing utilities\n- [ext/tools/AGENTS.md](ext/tools/AGENTS.md) — Tool trait, MCP server\n- [Architecture overview](docs/concepts/architecture.md) — system design, protocol details\n\n### For Contributors\n\n- [Contributing guide](CONTRIBUTING.md) — workflow, tests, PR process\n- [Project structure](docs/contributing/project-structure.md) — workspace layout, where to find things\n- [Design principles](docs/contributing/design-principles.md) — core invariants, anti-patterns\n- [Releasing](docs/contributing/releasing.md) — how releases work\n- [Support](SUPPORT.md) — how to get help\n\n## Contributing\n\nWe welcome contributions — especially new channel integrations, tools, and agent variants. See [CONTRIBUTING.md](CONTRIBUTING.md) for the workflow, and check [`E-help-wanted`](https://github.com/donbader/anyclaw/labels/E-help-wanted) issues for a starting point.\n\n\u003cdetails\u003e\n\u003csummary\u003eArchitecture overview\u003c/summary\u003e\n\n```\n                        ┌─────────────────────────────────────┐\n                        │             Supervisor              │\n                        │  (boot: services→orch→tools+chans→agents) │\n                        └──────────────────┬──────────────────┘\n                                           │\n      ┌────────────────────────────────────┼────────────────────────────────────┐\n      │                │                   │                                    │\n ┌────▼─────┐  ┌──────▼────────┐  ┌───────▼──────────┐  ┌─────────▼──────────┐\n │ Services │  │ ToolsManager  │  │  AgentsManager   │  │  ChannelsManager   │\n │ Manager  │  │               │  │                  │  │                    │\n │  proxy   │  │  MCP servers  │  │  ACP subprocess  │  │  Telegram          │\n │  media   │  │               │  │  (JSON-RPC/stdio)│  │  debug-http        │\n └────┬─────┘  └──────┬────────┘  └───────┬──────────┘  └─────────┬──────────┘\n      │                │                   │                        │\n      └────────┐       └───────┐   ┌──────┘   ┌────────────────────┘\n               ▼               ▼   ▼          ▼\n                    ┌──────────────────────────────┐\n                    │         Orchestrator         │\n                    │  routing · access · tools    │\n                    └──────────────────────────────┘\n```\n\nAll cross-service communication goes through the Orchestrator via `OrchestratorSender`. No shared mutable state crosses service boundaries. The Orchestrator owns session routing, access control, and tool permission enforcement. Each subprocess has its own crash recovery loop with exponential backoff.\n\nBoot order is `services → orchestrator → tools+channels (parallel) → agents`. Services boot first (proxy must be ready before agents make network calls). Orchestrator boots next so managers can send messages during initialization. Tools and channels boot in parallel. Agents boot last because they need tool URLs and channels ready. Shutdown is reverse: channels → agents → tools → orchestrator → services.\n\n\u003c/details\u003e\n\n## Inspiration\n\n### Proxy CA Trust\n\nThe outbound proxy uses TLS MITM to inject credentials into HTTPS requests. For this to work, the agent's HTTP client must trust the proxy's ephemeral CA certificate. Anyclaw handles this automatically by:\n\n1. Building a merged CA bundle (system root certs + proxy CA) at startup\n2. Writing it to the `anyclaw-shared` volume at `/anyclaw-shared/certs/ca-certificates.crt`\n3. Setting `SSL_CERT_FILE`, `REQUESTS_CA_BUNDLE`, `CURL_CA_BUNDLE`, `GIT_SSL_CAINFO` to the merged bundle\n4. Setting `NODE_EXTRA_CA_CERTS` to the proxy CA cert alone (Node.js appends to system roots)\n\nThis covers ~99% of HTTP libraries (OpenSSL, curl, Python requests, Go net/http, rustls with native-roots, Node.js). The remaining ~1% are libraries that bundle their own root certs and ignore all env vars (e.g., `reqwest` with `rustls-tls` + `webpki-roots`).\n\nFor 100% coverage regardless of tech stack, we plan to add a host-side `http_request` MCP tool (similar to [IronClaw's approach](https://github.com/nearai/ironclaw)) where the agent calls a tool instead of making direct HTTPS calls. The supervisor makes the real request, injects credentials, and returns the response — no proxy, no CA trust, no TLS compatibility concerns.\n\n## Inspiration\n\nAnyclaw draws inspiration from these projects:\n\n- [nanoclaw](https://github.com/qwibitai/nanoclaw) — lightweight TypeScript personal AI assistant bridging messaging channels to Claude agents in isolated containers\n- [openclaw](https://github.com/openclaw/openclaw) — feature-rich TypeScript AI assistant gateway with 20+ channel integrations and an ACP bridge. Anyclaw's Orchestrator component (centralized message routing, access control, tool permissions) is directly inspired by openclaw's [gateway architecture](https://docs.openclaw.ai/concepts/architecture).\n- [ironclaw](https://github.com/nearai/ironclaw) — Rust personal AI assistant with WASM-sandboxed tools, MCP support, and PostgreSQL-backed memory\n\nWhere these projects are complete AI assistants, anyclaw takes their architectural ideas — channel abstraction, tool sandboxing, protocol-driven communication — and applies them as a standalone infrastructure layer that any agent can plug into.\n\n## License\n\nLicensed under either of:\n\n- [MIT License](LICENSE-MIT)\n- [Apache License, Version 2.0](LICENSE-APACHE)\n\nat your option.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdonbader%2Fanyclaw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdonbader%2Fanyclaw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdonbader%2Fanyclaw/lists"}