https://github.com/opsyhq/claw
Your agent's claw on every machine ๐ฆ
https://github.com/opsyhq/claw
ai-agent claude-code cursor devops infrastructure mcp remote ssh
Last synced: 23 days ago
JSON representation
Your agent's claw on every machine ๐ฆ
- Host: GitHub
- URL: https://github.com/opsyhq/claw
- Owner: opsyhq
- License: mit
- Created: 2026-03-01T10:22:23.000Z (29 days ago)
- Default Branch: main
- Last Pushed: 2026-03-01T13:54:02.000Z (29 days ago)
- Last Synced: 2026-03-03T20:13:34.186Z (27 days ago)
- Topics: ai-agent, claude-code, cursor, devops, infrastructure, mcp, remote, ssh
- Language: TypeScript
- Homepage: https://www.npmjs.com/package/@opsyhq/claw
- Size: 1.13 MB
- Stars: 12
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
๐ฆ Claw
Your agent's claw on every machine.
Give any AI agent bash, read, write, edit, grep, and glob
on any machine you can SSH into.
Quickstart ยท
How it works ยท
Tools ยท
Configuration ยท
CLI
---
AI agents can write code, but they're stuck on one machine. They can't check logs on prod, grep for errors across services, or edit a config on staging.
**Claw is an [MCP server](https://modelcontextprotocol.io) that extends your agent's tools to any remote machine.** 8 tools. Any host you can SSH into. Zero config on the remote.
```
You: "Check why the API is returning 500s on prod, look at the logs, and fix the nginx config"
Agent: connects to prod-api via SSH
greps /var/log/nginx/error.log for errors
reads the nginx config
edits the misconfigured upstream block
runs nginx -t && systemctl reload nginx
Done. Across machines. Autonomously.
```
> **No ports to open. No daemons. No root required.**
> Claw uses your SSH keys, deploys a tiny binary on first connect, and cleans up after itself.
## Quickstart
### 1. Install
```bash
npx -y @opsyhq/claw serve
# or install globally
npm install -g @opsyhq/claw
```
### 2. Connect to your agent
Claude Code
```bash
claude mcp add claw -- npx -y @opsyhq/claw serve
```
Or run the installer:
```bash
npx -y @opsyhq/claw install claude-code
```
Cursor
Add to `.cursor/mcp.json`:
```json
{
"mcpServers": {
"claw": {
"command": "npx",
"args": ["-y", "@opsyhq/claw", "serve"]
}
}
}
```
Claude Desktop
Add to `claude_desktop_config.json`:
```json
{
"mcpServers": {
"claw": {
"command": "npx",
"args": ["-y", "@opsyhq/claw", "serve"]
}
}
}
```
Any MCP client
```bash
npx -y @opsyhq/claw serve
# Speaks MCP over stdio
```
### 3. Add your machines
The agent can add machines itself via the `claw_machines` tool, or you can set them up ahead of time:
```bash
# Import from your SSH config
claw init --from-ssh
# Or add manually
claw add prod-api --ssh deploy@prod-api.example.com
claw add staging --ssh deploy@staging.example.com
```
### 4. Go
Talk to your agent. It now has claws on every machine you configured.
```
"Show me running containers on prod-api"
"Grep for 'connection refused' in the logs on staging"
"Find all .env files across prod-api and staging"
"Edit the upstream block in nginx.conf on prod-api"
```
## How it works
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AI Agent (Claude, Cursor, etc.) โ
โ โ MCP tool calls โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Claw (runs locally) โ
โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โ Tool Router โ โ Conn Pool โ โ
โ โโโโโโโโฌโโโโโโโ โโโโโโโโฌโโโโโโโโโ โ
โ โโโโโโโโโฌโโโโโโโโ โ
โ โโโโโโโโดโโโโโโโโ โ
โ โ SSH โ Local โ โ
โ โโโโฌโโโโโโโโฌโโโโ โ
โโโโโโโโโโโโโโโผโโโโโโโโผโโโโโโโโโโโโโโโ
โผ โผ
โโโโโโโโ โโโโโโโโ
โ prod โ โ your โ
โ api โ โ mac โ
โโโโโโโโ โโโโโโโโ
```
On first connect, Claw auto-deploys a small static binary ([pincer](pincer/)) to `~/.claw/pincer` on the remote host. Pincer speaks JSON-RPC over stdin/stdout and handles all tool execution โ structured file editing, safe command handling, grep with regex support.
Connections are persistent and pooled. No reconnecting per command.
## Tools
Claw exposes 8 MCP tools. These match the tools agents already know from local development (Claude Code's Read/Write/Edit/Bash/Grep/Glob/LS) โ just extended to remote machines.
| Tool | Description |
|------|-------------|
| **claw_machines** | List, add, remove, and update machines |
| **claw_bash** | Run a shell command |
| **claw_read** | Read a file with optional line range |
| **claw_write** | Create or overwrite a file |
| **claw_edit** | Find-and-replace in a file |
| **claw_grep** | Search file contents with regex |
| **claw_glob** | Find files by pattern |
| **claw_ls** | List directory contents |
Every tool takes a `host` parameter โ the machine name to target.
```
claw_bash(host: "prod-api", command: "docker ps")
claw_grep(host: "prod-api", pattern: "error|timeout", path: "/var/log", include: "*.log")
claw_edit(host: "staging", path: "/app/config.yaml", old_string: "port: 80", new_string: "port: 8080")
```
## Configuration
### Global config โ `~/.config/claw/machines.yaml`
```yaml
machines:
prod-api:
transport: ssh
host: prod-api.example.com
user: deploy
staging:
transport: ssh
host: staging.example.com
user: deploy
local:
transport: local
```
SSH transport uses your existing `~/.ssh/config` automatically โ keys, ports, jump hosts all just work.
### Project config โ `claw.yaml`
Drop a `claw.yaml` in your project root:
```yaml
machines:
dev:
transport: local
staging:
transport: ssh
host: staging.myapp.com
user: deploy
```
Commit this to your repo. Your whole team gets the same machine setup, each using their own SSH keys.
## Security
- **Your existing access** โ Claw uses your SSH keys. It can only reach what you already can.
- **No open ports** โ All connections are outbound SSH from your machine.
- **No persistence** โ The remote binary only runs during your session.
- **Audit log** โ Every tool call is logged to `~/.config/claw/logs/`.
- **Want guardrails?** โ For approval workflows and policy enforcement on remote operations, check out [Opsy](https://opsy.sh).
## CLI Reference
```bash
claw serve # Start MCP server (stdio)
claw init --from-ssh # Import machines from ~/.ssh/config
claw add --ssh user@host # Add a remote machine
claw add --local # Add local machine
claw install claude-code # Write MCP config for Claude Code
claw install cursor # Write MCP config for Cursor
```
## Roadmap
- [x] SSH transport
- [x] Local transport
- [x] Runtime binary download from GitHub Releases
- [x] npm trusted publishing (OIDC)
- [ ] Docker transport
- [ ] Kubernetes transport
- [ ] AWS SSM transport
## Contributing
PRs welcome. See the [development guide](#development) to get started.
Development
```bash
npm install # Install dependencies
npm run build # Build TypeScript
npm run typecheck # Type-check without emitting
npm run build-pincer # Cross-compile pincer (requires Go)
npm run dev # Watch mode
```
**Project structure:**
```
claw/
โโโ bin/claw.ts # CLI entrypoint
โโโ src/
โ โโโ cli/ # CLI commands (serve, init, add, install)
โ โโโ config/ # YAML config loading + SSH config parser
โ โโโ server/ # MCP server, tool schemas, router
โ โโโ tools/ # Local tool implementations
โ โโโ transports/ # Transport layer (local, SSH, pool, deployer)
โ โโโ logging/ # Audit log
โโโ pincer/ # Go binary deployed to remote hosts
โ โโโ main.go # JSON-RPC stdin/stdout server
โ โโโ rpc/ # Request dispatcher
โ โโโ tools/ # Tool implementations in Go
โโโ scripts/build-pincer.sh # Cross-compile for linux/amd64+arm64
```
---
Built by OpsyHQ ยท MIT License
Claw icon by Lorc / Game Icons (CC BY 3.0)