{"id":44494279,"url":"https://github.com/nearai/ironclaw","last_synced_at":"2026-04-21T08:07:16.014Z","repository":{"id":336921468,"uuid":"1148615527","full_name":"nearai/ironclaw","owner":"nearai","description":"IronClaw is OpenClaw inspired implementation in Rust focused on privacy and security","archived":false,"fork":false,"pushed_at":"2026-02-17T08:37:08.000Z","size":3495,"stargazers_count":2045,"open_issues_count":57,"forks_count":172,"subscribers_count":22,"default_branch":"main","last_synced_at":"2026-02-17T11:34:46.350Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nearai.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-03T06:57:10.000Z","updated_at":"2026-02-17T11:32:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nearai/ironclaw","commit_stats":null,"previous_names":["nearai/ironclaw"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/nearai/ironclaw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nearai%2Fironclaw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nearai%2Fironclaw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nearai%2Fironclaw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nearai%2Fironclaw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nearai","download_url":"https://codeload.github.com/nearai/ironclaw/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nearai%2Fironclaw/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29667119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T19:49:36.704Z","status":"ssl_error","status_checked_at":"2026-02-20T19:44:05.372Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-13T05:00:20.134Z","updated_at":"2026-03-06T21:13:20.603Z","avatar_url":"https://github.com/nearai.png","language":"Rust","funding_links":[],"categories":["Rust","Personal Assistants","rust","Applications","框架与衍生项目","Main Projects","Alternatives \u0026 Competitors","Security-Focused","Experimental Hardware Projects","🗂️ Projects","Security","A01_文本生成_文本对话","By Category","Catalog","Alternative Architekturen","Uncategorized","\u003ca name=\"Rust\"\u003e\u003c/a\u003eRust","Security, Sandbox \u0026 Permissions","Terminal-native coding agents","Sandboxing \u0026 Isolation","🛡️ Security \u0026 Safety"],"sub_categories":["Agents, Assistants, and RAG","Memory for Local Models","📋 Project Overview","Security-Enhanced Variants","大语言对话模型及数据","Rust Native","OpenClaw Forks","Uncategorized","Adjacent Collections","OpenClaw ecosystem","Reference Harness Implementations"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"ironclaw.png?v=2\" alt=\"IronClaw\" width=\"200\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eIronClaw\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eYour secure personal AI assistant, always on your side\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#license\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT%20OR%20Apache%202.0-blue.svg\" alt=\"License: MIT OR Apache-2.0\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://t.me/ironclawAI\"\u003e\u003cimg src=\"https://img.shields.io/badge/Telegram-%40ironclawAI-26A5E4?style=flat\u0026logo=telegram\u0026logoColor=white\" alt=\"Telegram: @ironclawAI\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.reddit.com/r/ironclawAI/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Reddit-r%2FironclawAI-FF4500?style=flat\u0026logo=reddit\u0026logoColor=white\" alt=\"Reddit: r/ironclawAI\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#philosophy\"\u003ePhilosophy\u003c/a\u003e •\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#configuration\"\u003eConfiguration\u003c/a\u003e •\n  \u003ca href=\"#security\"\u003eSecurity\u003c/a\u003e •\n  \u003ca href=\"#architecture\"\u003eArchitecture\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## Philosophy\n\nIronClaw is built on a simple principle: **your AI assistant should work for you, not against you**.\n\nIn a world where AI systems are increasingly opaque about data handling and aligned with corporate interests, IronClaw takes a different approach:\n\n- **Your data stays yours** - All information is stored locally, encrypted, and never leaves your control\n- **Transparency by design** - Open source, auditable, no hidden telemetry or data harvesting\n- **Self-expanding capabilities** - Build new tools on the fly without waiting for vendor updates\n- **Defense in depth** - Multiple security layers protect against prompt injection and data exfiltration\n\nIronClaw is the AI assistant you can actually trust with your personal and professional life.\n\n## Features\n\n### Security First\n\n- **WASM Sandbox** - Untrusted tools run in isolated WebAssembly containers with capability-based permissions\n- **Credential Protection** - Secrets are never exposed to tools; injected at the host boundary with leak detection\n- **Prompt Injection Defense** - Pattern detection, content sanitization, and policy enforcement\n- **Endpoint Allowlisting** - HTTP requests only to explicitly approved hosts and paths\n\n### Always Available\n\n- **Multi-channel** - REPL, HTTP webhooks, WASM channels (Telegram, Slack), and web gateway\n- **Docker Sandbox** - Isolated container execution with per-job tokens and orchestrator/worker pattern\n- **Web Gateway** - Browser UI with real-time SSE/WebSocket streaming\n- **Routines** - Cron schedules, event triggers, webhook handlers for background automation\n- **Heartbeat System** - Proactive background execution for monitoring and maintenance tasks\n- **Parallel Jobs** - Handle multiple requests concurrently with isolated contexts\n- **Self-repair** - Automatic detection and recovery of stuck operations\n\n### Self-Expanding\n\n- **Dynamic Tool Building** - Describe what you need, and IronClaw builds it as a WASM tool\n- **MCP Protocol** - Connect to Model Context Protocol servers for additional capabilities\n- **Plugin Architecture** - Drop in new WASM tools and channels without restarting\n\n### Persistent Memory\n\n- **Hybrid Search** - Full-text + vector search using Reciprocal Rank Fusion\n- **Workspace Filesystem** - Flexible path-based storage for notes, logs, and context\n- **Identity Files** - Maintain consistent personality and preferences across sessions\n\n## Installation\n\n### Prerequisites\n\n- Rust 1.85+\n- PostgreSQL 15+ with [pgvector](https://github.com/pgvector/pgvector) extension\n- NEAR AI account (authentication handled via setup wizard)\n\n## Download or Build\n\nVisit [Releases page](https://github.com/nearai/ironclaw/releases/) to see the latest updates.\n\n\u003cdetails\u003e\n  \u003csummary\u003eInstall via Windows Installer (Windows)\u003c/summary\u003e\n\nDownload the [Windows Installer](https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-x86_64-pc-windows-msvc.msi) and run it.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eInstall via powershell script (Windows)\u003c/summary\u003e\n\n```sh\nirm https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-installer.ps1 | iex\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eInstall via shell script (macOS, Linux, Windows/WSL)\u003c/summary\u003e\n\n```sh\ncurl --proto '=https' --tlsv1.2 -LsSf https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-installer.sh | sh\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eInstall via Homebrew (macOS/Linux)\u003c/summary\u003e\n\n```sh\nbrew install ironclaw\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eCompile the source code (Cargo on Windows, Linux, macOS)\u003c/summary\u003e\n\nInstall it with `cargo`, just make sure you have [Rust](https://rustup.rs) installed on your computer.\n\n```bash\n# Clone the repository\ngit clone https://github.com/nearai/ironclaw.git\ncd ironclaw\n\n# Build\ncargo build --release\n\n# Run tests\ncargo test\n```\n\nFor **full release** (after modifying channel sources), run `./scripts/build-all.sh` to rebuild channels first.\n\n\u003c/details\u003e\n\n### Database Setup\n\n```bash\n# Create database\ncreatedb ironclaw\n\n# Enable pgvector\npsql ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\"\n```\n\n## Configuration\n\nRun the setup wizard to configure IronClaw:\n\n```bash\nironclaw onboard\n```\n\nThe wizard handles database connection, NEAR AI authentication (via browser OAuth),\nand secrets encryption (using your system keychain). Settings are persisted in the\nconnected database; bootstrap variables (e.g. `DATABASE_URL`, `LLM_BACKEND`) are\nwritten to `~/.ironclaw/.env` so they are available before the database connects.\n\n### Alternative LLM Providers\n\nIronClaw defaults to NEAR AI but works with any OpenAI-compatible endpoint.\nPopular options include **OpenRouter** (300+ models), **Together AI**, **Fireworks AI**,\n**Ollama** (local), and self-hosted servers like **vLLM** or **LiteLLM**.\n\nSelect *\"OpenAI-compatible\"* in the wizard, or set environment variables directly:\n\n```env\nLLM_BACKEND=openai_compatible\nLLM_BASE_URL=https://openrouter.ai/api/v1\nLLM_API_KEY=sk-or-...\nLLM_MODEL=anthropic/claude-sonnet-4\n```\n\nSee [docs/LLM_PROVIDERS.md](docs/LLM_PROVIDERS.md) for a full provider guide.\n\n## Security\n\nIronClaw implements defense in depth to protect your data and prevent misuse.\n\n### WASM Sandbox\n\nAll untrusted tools run in isolated WebAssembly containers:\n\n- **Capability-based permissions** - Explicit opt-in for HTTP, secrets, tool invocation\n- **Endpoint allowlisting** - HTTP requests only to approved hosts/paths\n- **Credential injection** - Secrets injected at host boundary, never exposed to WASM code\n- **Leak detection** - Scans requests and responses for secret exfiltration attempts\n- **Rate limiting** - Per-tool request limits to prevent abuse\n- **Resource limits** - Memory, CPU, and execution time constraints\n\n```\nWASM ──► Allowlist ──► Leak Scan ──► Credential ──► Execute ──► Leak Scan ──► WASM\n         Validator     (request)     Injector       Request     (response)\n```\n\n### Prompt Injection Defense\n\nExternal content passes through multiple security layers:\n\n- Pattern-based detection of injection attempts\n- Content sanitization and escaping\n- Policy rules with severity levels (Block/Warn/Review/Sanitize)\n- Tool output wrapping for safe LLM context injection\n\n### Data Protection\n\n- All data stored locally in your PostgreSQL database\n- Secrets encrypted with AES-256-GCM\n- No telemetry, analytics, or data sharing\n- Full audit log of all tool executions\n\n## Architecture\n\n```\n┌────────────────────────────────────────────────────────────────┐\n│                          Channels                              │\n│  ┌──────┐  ┌──────┐   ┌─────────────┐  ┌─────────────┐         │\n│  │ REPL │  │ HTTP │   │WASM Channels│  │ Web Gateway │         │\n│  └──┬───┘  └──┬───┘   └──────┬──────┘  │ (SSE + WS)  │         │\n│     │         │              │         └──────┬──────┘         │\n│     └─────────┴──────────────┴────────────────┘                │\n│                              │                                 │\n│                    ┌─────────▼─────────┐                       │\n│                    │    Agent Loop     │  Intent routing       │\n│                    └────┬──────────┬───┘                       │\n│                         │          │                           │\n│              ┌──────────▼────┐  ┌──▼───────────────┐           │\n│              │  Scheduler    │  │ Routines Engine  │           │\n│              │(parallel jobs)│  │(cron, event, wh) │           │\n│              └──────┬────────┘  └────────┬─────────┘           │\n│                     │                    │                     │\n│       ┌─────────────┼────────────────────┘                     │\n│       │             │                                          │\n│   ┌───▼─────┐  ┌────▼────────────────┐                         │\n│   │ Local   │  │    Orchestrator     │                         │\n│   │Workers  │  │  ┌───────────────┐  │                         │\n│   │(in-proc)│  │  │ Docker Sandbox│  │                         │\n│   └───┬─────┘  │  │   Containers  │  │                         │\n│       │        │  │ ┌───────────┐ │  │                         │\n│       │        │  │ │Worker / CC│ │  │                         │\n│       │        │  │ └───────────┘ │  │                         │\n│       │        │  └───────────────┘  │                         │\n│       │        └─────────┬───────────┘                         │\n│       └──────────────────┤                                     │\n│                          │                                     │\n│              ┌───────────▼──────────┐                          │\n│              │    Tool Registry     │                          │\n│              │  Built-in, MCP, WASM │                          │\n│              └──────────────────────┘                          │\n└────────────────────────────────────────────────────────────────┘\n```\n\n### Core Components\n\n| Component | Purpose |\n|-----------|---------|\n| **Agent Loop** | Main message handling and job coordination |\n| **Router** | Classifies user intent (command, query, task) |\n| **Scheduler** | Manages parallel job execution with priorities |\n| **Worker** | Executes jobs with LLM reasoning and tool calls |\n| **Orchestrator** | Container lifecycle, LLM proxying, per-job auth |\n| **Web Gateway** | Browser UI with chat, memory, jobs, logs, extensions, routines |\n| **Routines Engine** | Scheduled (cron) and reactive (event, webhook) background tasks |\n| **Workspace** | Persistent memory with hybrid search |\n| **Safety Layer** | Prompt injection defense and content sanitization |\n\n## Usage\n\n```bash\n# First-time setup (configures database, auth, etc.)\nironclaw onboard\n\n# Start interactive REPL\ncargo run\n\n# With debug logging\nRUST_LOG=ironclaw=debug cargo run\n```\n\n## Development\n\n```bash\n# Format code\ncargo fmt\n\n# Lint\ncargo clippy --all --benches --tests --examples --all-features\n\n# Run tests\ncreatedb ironclaw_test\ncargo test\n\n# Run specific test\ncargo test test_name\n```\n\n- **Telegram channel**: See [docs/TELEGRAM_SETUP.md](docs/TELEGRAM_SETUP.md) for setup and DM pairing.\n- **Changing channel sources**: Run `./channels-src/telegram/build.sh` before `cargo build` so the updated WASM is bundled.\n\n## OpenClaw Heritage\n\nIronClaw is a Rust reimplementation inspired by [OpenClaw](https://github.com/openclaw/openclaw). See [FEATURE_PARITY.md](FEATURE_PARITY.md) for the complete tracking matrix.\n\nKey differences:\n\n- **Rust vs TypeScript** - Native performance, memory safety, single binary\n- **WASM sandbox vs Docker** - Lightweight, capability-based security\n- **PostgreSQL vs SQLite** - Production-ready persistence\n- **Security-first design** - Multiple defense layers, credential protection\n\n## License\n\nLicensed under either of:\n\n- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE))\n- MIT License ([LICENSE-MIT](LICENSE-MIT))\n\nat your option.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnearai%2Fironclaw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnearai%2Fironclaw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnearai%2Fironclaw/lists"}