OxideClaw - A steampunk mechanical crab forged in iron and rust

OxideClaw

Rust-native AI agent framework. Enterprise security. Multi-agent orchestration. Deploy anywhere.

Get Started Coming Soon View on GitHub Coming Soon

Forged Capabilities

Production-grade from day one. Every component built with Rust's guarantees — the security, auditability, and resilience your enterprise demands.

Enterprise-Grade Security

Hierarchical capability tree with deny-by-default permissions. Layered isolation — built-in tools run in-process, plugins in WASM sandboxes, shell execution in native or Docker sandboxes with host fallback. Allowlisted shell execution eliminates injection surfaces. Live grant and revoke on running sessions without restart.

Multi-Agent Orchestration

Spawn, message, and coordinate teams of agents with first-class IPC. Director agents manage sub-agent lifecycles while peer groups enable broadcast collaboration. The Web UI follows the full orchestration tree in real time.

Intelligent Memory

Agents that actually learn. Knowledge nodes capture facts with confidence scoring while Wisdom nodes surface emerging patterns with dynamic weighting. Hybrid vector + BM25 search delivers precise recall across conversations with sensitivity-aware access controls.

Full-Spectrum Auditability

Five audit levels from minimal to paranoid — every tool call, capability check, consent decision, and LLM interaction logged in a tamper-evident trail. OpenTelemetry traces and Prometheus metrics give you the observability your compliance team demands.

Multi-Provider LLM

Anthropic, OpenAI, Gemini, Ollama, OpenRouter, and any OpenAI-compatible endpoint. Weighted model selection, cost tracking, token accounting, and automatic provider fallback — swap models without changing agent code.

Multi-Sandbox Isolation

Match isolation to risk. Trusted built-in tools run in-process with zero overhead. WASM plugins execute in capability-gated sandboxes with fuel metering. Native sandbox provides OS-level isolation without Docker. Full container isolation when you need it. Host fallback ensures agents run anywhere.

Skills & Casts

Define agent behaviors with Markdown skills — lifecycle hooks, persistent state, signal routing, and slash commands. Cast blueprints compose entire teams with provider preferences, peer groups, and greeting personas.

Session Resilience

Suspend and resume sessions with full agent tree snapshots — no context loss. Archive completed work, pick up where you left off across restarts and power failures. Automatic context compaction keeps long-running sessions sharp.

Deploy Anywhere

Pure Rust. No OpenSSL. Single binary ships Web UI, TUI, and CLI. Runs natively on Linux, macOS, Windows, Raspberry Pi, and FreeBSD — same behavior everywhere, from edge devices to enterprise servers.

Under the Hood

28 focused crates across three layers. Every boundary is a trait — extend at any depth, from swapping a storage backend to shipping a WASM plugin.

Plugins
Subsystems ProvidersStorageSecuritySandboxToolsMemorySkillsIPCPipelineMCPSchedulerTelemetryAuditCredentialsEventsTransport
Core Traits + Runtime
Your Plugin.wasm.wasmYour Plugin

Core

The Foundation

Agent runtime, trait definitions, session management, event system, and the unified message bus. Every subsystem depends on Core — it defines the contracts everything else implements.

  • Trait-driven contracts
  • Session lifecycle (suspend/resume/archive)
  • System + session message bus
  • Cast & skill definitions

Subsystems

Swappable by Design

Each subsystem implements Core traits and can be replaced independently. Swap your LLM provider, storage backend, or transport layer without touching the rest of the system.

  • Security — Capability tree with live grant/revoke, shell allowlisting
  • Sandbox — Three modes (native, Docker, host) plus in-process and WASM isolation
  • Memory — Knowledge & wisdom nodes with hybrid search
  • IPC — Multi-agent orchestration with peer groups
  • Skills — Behavioral injection with persistent state
  • Audit — Tamper-evident trail (off → minimal → standard → verbose → paranoid)

Plugins

Extend Without Compiling

WASM-based plugin system using the WebAssembly Component Model. Write plugins in any language that compiles to WASM — no Rust toolchain required. Each plugin runs in an isolated sandbox with capability-gated access to the host.

  • Any language that targets WASM
  • Deny-by-default capabilities
  • Isolated KV storage per plugin
  • Fuel metering + timeout enforcement
  • Lifecycle hooks for session events