OxideClaw - A steampunk mechanical crab forged in iron and rust

OxideClaw

Rust-native AI agent framework. Forged for performance, hardened for security.

Get Started View on GitHub

Forged Capabilities

Every component built with Rust's guarantees — performance, safety, and fearless concurrency.

Security by Default

Hierarchical capability tree with deny-by-default. Allowlisted shell execution — no unrestricted sh -c. Live grant and revoke permissions on running sessions. Three isolation tiers: in-process, WASM sandbox, and Docker containers.

Multi-Provider LLM

Anthropic, OpenAI, Gemini, Ollama, OpenRouter, and any OpenAI-compatible endpoint. Weighted model selection, cost tracking, token accounting, and provider fallback — swap without changing agent code.

WASM Plugin System

Extend with plugins written in any language that compiles to WASM. Capability-gated sandbox with isolated KV storage, fuel metering, and timeout enforcement. Lifecycle hooks for session and compaction events.

Cross-Platform

Pure Rust with no OpenSSL dependency. Runs natively on Linux, macOS, Windows, Raspberry Pi, and FreeBSD — single binary, same behavior everywhere.

Observability

Five-level tamper-evident audit trail. OpenTelemetry traces via OTLP, Prometheus metrics. Token redaction and sensitive path protection. Full visibility from tool calls to capability checks.

Cast System

Define agent personalities and behaviors in Markdown with YAML frontmatter. Weighted provider selection, per-cast Docker exec overrides, peer group templates, and slash command discovery.

Under the Hood

17 focused crates across three layers. Every boundary is a trait — extend at any depth, from swapping a storage backend to shipping a WASM plugin.

Plugins
Subsystems ProvidersStorageSecurityToolsMemoryCredentialsTelemetryAuditProtocolIPCTransport
Core Traits + Runtime
Your Plugin.wasm.wasmYour Plugin

Core

The Foundation

Agent runtime, trait definitions, session management, and the event system. Every subsystem depends on Core — it defines the contracts everything else implements.

  • Trait-driven contracts
  • Session persistence
  • Event bus
  • Cast definitions

Subsystems

Swappable by Design

Each subsystem implements Core traits and can be replaced independently. Swap your LLM provider, storage backend, or transport layer without touching the rest of the system.

  • Providers — Anthropic, OpenAI, Gemini, Ollama, OpenRouter
  • Storage — Embedded SurrealDB with session persistence
  • Security — Hierarchical capability tree, shell allowlisting
  • Tools — Docker-sandboxed exec with lazy containers
  • Memory — Hybrid semantic + keyword search
  • Credentials — OS keyring with encrypted file fallback
  • Telemetry — OpenTelemetry traces, Prometheus metrics
  • Audit — Five-level tamper-evident JSONL trail
  • Protocol — Typed wire protocol with TS codegen
  • IPC — Agent-to-agent communication
  • Transport — Channel and WebSocket

Plugins

Extend Without Compiling

WASM-based plugin system using the WebAssembly Component Model. Write plugins in any language that compiles to WASM — no Rust toolchain required. Each plugin runs in an isolated sandbox with capability-gated access to the host.

  • Any language that targets WASM
  • Deny-by-default capabilities
  • Isolated KV storage per plugin
  • Fuel metering + timeout enforcement
  • Lifecycle hooks for session events

Get Started

Three steps from zero to running agent.

$cargo install oxideclaw
01

Install

Install the OxideClaw CLI from crates.io

02

Initialize

Run oxideclaw init — the interactive wizard configures directories, providers, and credentials

03

Run

Launch with oxideclaw run and start building

Star on GitHub Read the Docs