Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nearai/ironclaw/llms.txt

Use this file to discover all available pages before exploring further.

IronClaw

Your AI Assistant, Always On Your Side

IronClaw is built on a simple principle: your AI assistant should work for you, not against you. In a world where AI systems are increasingly opaque about data handling and aligned with corporate interests, IronClaw takes a different approach — open source, locally-controlled, and security-first.

Privacy First

All data stored locally, encrypted, and never leaves your control. No telemetry, no tracking, no data harvesting.

Transparent & Auditable

Open source from day one. Audit every line of code. No hidden telemetry or black boxes.

Self-Expanding

Build new tools on the fly without waiting for vendor updates. Dynamic WASM plugins and MCP integration.

Defense in Depth

Multiple security layers protect against prompt injection and data exfiltration.

Key Features

Security First

All untrusted tools run in isolated WebAssembly containers with capability-based permissions. Explicit opt-in for HTTP, secrets, and tool invocation. Secrets are injected at the host boundary and never exposed to WASM code.
WASM ──► Allowlist ──► Leak Scan ──► Credential ──► Execute ──► Leak Scan ──► WASM
         Validator     (request)     Injector       Request     (response)
  • Secrets encrypted with AES-256-GCM
  • Stored in OS keychain (macOS/Linux) or environment variables
  • Never exposed to tools or LLM context
  • Automatic leak detection in HTTP requests and responses
External content passes through multiple security layers:
  • Pattern-based detection of injection attempts
  • Content sanitization and escaping
  • Policy rules with severity levels (Block/Warn/Review/Sanitize)
  • Tool output wrapping for safe LLM context injection
HTTP requests only allowed to explicitly approved hosts and paths. Tools declare their required endpoints upfront in capability manifests.

Always Available

IronClaw runs continuously in the background, accessible through multiple channels:
  • REPL — Interactive terminal interface for direct conversation
  • HTTP Webhooks — Trigger tasks via REST API
  • WASM Channels — Telegram, Slack, Discord, WhatsApp (isolated plugin architecture)
  • Web Gateway — Browser UI with real-time SSE/WebSocket streaming
  • Routines — Cron schedules, event triggers, webhook handlers for background automation
  • Heartbeat System — Proactive background execution for monitoring and maintenance
All channels support parallel job execution with isolated contexts. No request blocks another.

Self-Expanding Capabilities

Dynamic Tool Building

Describe what you need, and IronClaw builds it as a WASM tool. No restart required.

MCP Protocol

Connect to Model Context Protocol servers for additional capabilities like file access, web browsing, and more.

Plugin Architecture

Drop in new WASM tools and channels without restarting the agent. Hot-reload everything.

Docker Sandbox

Isolated container execution with per-job tokens and orchestrator/worker pattern for heavy workloads.

Persistent Memory

IronClaw remembers your conversations, preferences, and context:
  • Hybrid Search — Full-text + vector search using Reciprocal Rank Fusion
  • Workspace Filesystem — Flexible path-based storage for notes, logs, and context
  • Identity Files — Maintain consistent personality and preferences across sessions (IDENTITY.md, SOUL.md)
  • PostgreSQL or libSQL — Production-ready persistence with pgvector for semantic search
Your workspace is stored in a local database. Enable embeddings during setup for semantic search across all your notes and conversations.

Architecture at a Glance

┌────────────────────────────────────────────────────────────────┐
│                          Channels                              │
│  ┌──────┐  ┌──────┐   ┌─────────────┐  ┌─────────────┐         │
│  │ REPL │  │ HTTP │   │WASM Channels│  │ Web Gateway │         │
│  └──┬───┘  └──┬───┘   └──────┬──────┘  │ (SSE + WS)  │         │
│     │         │              │         └──────┬──────┘         │
│     └─────────┴──────────────┴────────────────┘                │
│                              │                                 │
│                    ┌─────────▼─────────┐                       │
│                    │    Agent Loop     │  Intent routing       │
│                    └────┬──────────┬───┘                       │
│                         │          │                           │
│              ┌──────────▼────┐  ┌──▼───────────────┐           │
│              │  Scheduler    │  │ Routines Engine  │           │
│              │(parallel jobs)│  │(cron, event, wh) │           │
│              └──────┬────────┘  └────────┬─────────┘           │
│                     │                    │                     │
│       ┌─────────────┼────────────────────┘                     │
│       │             │                                          │
│   ┌───▼─────┐  ┌────▼────────────────┐                         │
│   │ Local   │  │    Orchestrator     │                         │
│   │Workers  │  │  ┌───────────────┐  │                         │
│   │(in-proc)│  │  │ Docker Sandbox│  │                         │
│   └───┬─────┘  │  │   Containers  │  │                         │
│       │        │  │ ┌───────────┐ │  │                         │
│       │        │  │ │Worker / CC│ │  │                         │
│       │        │  │ └───────────┘ │  │                         │
│       │        │  └───────────────┘  │                         │
│       │        └─────────┬───────────┘                         │
│       └──────────────────┤                                     │
│                          │                                     │
│              ┌───────────▼──────────┐                          │
│              │    Tool Registry     │                          │
│              │  Built-in, MCP, WASM │                          │
│              └──────────────────────┘                          │
└────────────────────────────────────────────────────────────────┘
ComponentPurpose
Agent LoopMain message handling and job coordination
RouterClassifies user intent (command, query, task)
SchedulerManages parallel job execution with priorities
WorkerExecutes jobs with LLM reasoning and tool calls
OrchestratorContainer lifecycle, LLM proxying, per-job auth
Web GatewayBrowser UI with chat, memory, jobs, logs, extensions, routines
Routines EngineScheduled (cron) and reactive (event, webhook) background tasks
WorkspacePersistent memory with hybrid search
Safety LayerPrompt injection defense and content sanitization

Why IronClaw?

IronClaw is a Rust reimplementation inspired by OpenClaw, bringing native performance, memory safety, and enhanced security.
Key differences from OpenClaw:
  • Rust vs TypeScript — Native performance, memory safety, single binary
  • WASM sandbox vs Docker — Lightweight, capability-based security for tools
  • PostgreSQL vs SQLite — Production-ready persistence with vector search
  • Security-first design — Multiple defense layers, credential protection, prompt injection defense

Next Steps

Installation

Install IronClaw on your system

Quick Start

Get up and running in 5 minutes

Configuration

Configure LLM providers, channels, and more

CLI Reference

Explore all available commands

Build docs developers (and LLMs) love

Get started for freeTalk to us