Open-source. MIT-licensed. Rust-grade primitives — event-sourced sessions, platform sandboxing, JSON-RPC 2.0 gateway, AES-256-GCM secrets, embedded Vue dashboard. Compatible with TypeScript OpenClaw plugins via an nng IPC bridge.
Node.js is fine for a lot of things and unfortunate for agent runtimes: 100 MB+ deployments, GC pauses under sustained load, soft type guarantees that turn into runtime crashes on hostile input. openclaw-rs is the same architecture, same plugin contract, same config format — but rebuilt in Rust so the runtime itself stops being a liability.
cargo install openclaw-cli → one executable: gateway, runtime, sandbox, dashboard, CLI. No Node, no node_modules.
Ownership model, #![forbid(unsafe_code)], no null pointer exceptions, no data races, no GC pause tails.
Existing TypeScript plugins run unchanged via an nng IPC bridge. Same 8 lifecycle hooks, same payloads.
Input validation at every boundary, platform sandbox per OS, AES-256-GCM credentials, fail-secure errors, audit log.
Every one is real, documented, tested. Click any to read the deep dive.
EventStore Append-only sled-backed log of every session event.
Eight event kinds (SessionStarted, MessageReceived, ToolCalled…). Replayable, auditable, time-travel-capable by construction.
SessionProjection Conflict-free derived state via last-write-wins CRDT merge.
Project the event log into whatever read model you need — chat view, agent memory, audit trail — without write-write contention.
Sandbox Platform-native tool isolation on Linux, macOS, and Windows.
bubblewrap, sandbox-exec, and Job Objects behind one Rust API. Three levels — None, Relaxed, Strict — per agent or per tool call.
Gateway axum HTTP + WebSocket + JSON-RPC 2.0 in one binary.
session.create / message / history / end · agent.list / status · tools.list / execute — over HTTP and WS with rate limiting and auth.
ProviderMatrix Anthropic + OpenAI clients with SSE streaming and tool use.
Same Provider trait for both; custom base URLs for Azure or proxies; per-agent provider routing. Google Gemini and Ollama on the way.
Channels Telegram Bot API today; trait-based, allowlist-gated.
Channel / ChannelInbound / ChannelOutbound traits make Discord, Slack, Signal, Matrix, and WhatsApp single-PR additions.
PluginBridge TypeScript plugins keep working via nng IPC.
Eight lifecycle hooks (Before/After Message + ToolCall, Session Start/End, AgentResponse, Error) over JSON-RPC. Drop-in for TS OpenClaw users.
NodeBindings napi-rs bindings expose the Rust core to Node.js.
AnthropicProvider, OpenAIProvider, CredentialStore, NodeEventStore, ToolRegistry — pre-built binaries for Linux x64/arm64, macOS x64/arm64, Windows x64.
Clients hit the gateway over JSON-RPC. The gateway composes agents, channels, providers, and plugins on top of a shared core. Everything is in one process unless you choose otherwise.
Sessions are append-only logs of SessionEvent values in
sled. Replayable. Auditable. Time-travel-capable. The
rendered conversation is just a projection.
We project with CRDT semantics — last-write-wins on every state key, versioned by the event's monotonic sequence. Future multi-instance coordination is safe by construction.
Read the deep dive →
One cargo install. One interactive wizard. One gateway.
The dashboard is at http://localhost:18789.
$ cargo install openclaw-cli
$ openclaw onboard
$ openclaw gateway runSame Provider trait for both. SSE streaming, tool use, custom base URLs. Google Gemini and Ollama on the roadmap.
AnthropicProvider Anthropic Messages API Claude 3.5 Sonnet · Haiku · Opus
Full async client. SSE streaming, tool use, content blocks, custom base URLs.
OpenAIProvider OpenAI Chat Completions GPT-4o · GPT-4 · GPT-3.5
Azure-compatible base URLs, org-id headers, function calling, SSE streaming.
GoogleProvider Gemini API Gemini 2.5 Pro · Flash
Roadmap item — see docs/ROADMAP.md. Will reuse the existing Provider trait.
OllamaProvider localhost:11434 Any Ollama-served model
Local-only deployments. Shares the streaming abstraction.
The Channel trait is stable. Telegram is the reference implementation. Adding Discord, Slack, Signal, Matrix, or WhatsApp is a single-PR add.
Telegram shipped Full Bot API adapter with attachments, allowlist-based access control, and rule-based agent routing.
Discord planned Slash commands, threaded conversations, attachments.
Slack planned App Mention, DM, slash commands, threaded replies.
Signal planned Privacy-first channel via signal-cli or signald.
Matrix planned Federated open-protocol adapter.
WhatsApp planned WhatsApp Business API, with template-message support.
Eight stable today. Two partial — the channel adapter set and the WASM plugin runtime.
| Crate | Status | Role | Links |
|---|---|---|---|
openclaw-core | stable | Foundation: types, JSON5 config loader, sled-backed event store, AES-256-GCM credential store, OAuth token management, input validation. | crates.io ↗ docs.rs ↗ |
openclaw-ipc | stable | IPC message types and nng transport — the wire format for the TypeScript plugin bridge. | crates.io ↗ docs.rs ↗ |
openclaw-providers | stable | Anthropic + OpenAI clients with SSE streaming, tool use, and configurable base URLs. | crates.io ↗ docs.rs ↗ |
openclaw-agents | stable | Agent runtime, platform-specific sandbox (bwrap / sandbox-exec / Job Objects), tool registry, node-based workflow engine. | crates.io ↗ docs.rs ↗ |
openclaw-channels | partial | Channel traits + allowlist + routing. Telegram adapter complete; Discord, Slack, Signal, Matrix, WhatsApp planned. | |
openclaw-gateway | stable | axum HTTP/WebSocket server with JSON-RPC 2.0 dispatch, rate-limit and auth middleware, embedded Vue 3 dashboard. | crates.io ↗ docs.rs ↗ |
openclaw-plugins | partial | Plugin API + nng-based TypeScript bridge. WASM runtime (wasmtime vs wasmer) under evaluation. | |
openclaw-cli | stable | Top-level CLI: onboard, gateway, doctor, status, config, sessions, channels, daemon, completion. | crates.io ↗ |
openclaw-node | stable | napi-rs bindings: AnthropicProvider, OpenAIProvider, NodeEventStore, CredentialStore, ToolRegistry. Pre-built binaries on npm. | npm ↗ |
openclaw-ui | stable | Vue 3 + Vite dashboard. Served by openclaw-gateway at /. No external admin to deploy. |
Input validation at every boundary. Platform sandbox per OS. AES-256-GCM credentials. Fail-secure errors. Audit log throughout.
100 KB max message, 50 MB max attachment, 10-attachment cap, JSON depth 32.
bubblewrap (Linux), sandbox-exec (macOS), Job Objects (Windows). Three levels: None / Relaxed / Strict.
ApiKey wraps SecretBox<str>; Debug/Display always print [REDACTED]. Scrubbed in tracing spans.
Encrypted credential store with 0600 file permissions; nonce per record.
validate_path() rejects `..` segments, null bytes, and paths outside the workspace mount.
Default 60 requests/min per client and 30 messages/min per session via tower middleware.
TypeScript plugins run in their own process; communicate over nng with bounded JSON-RPC messages.
#![forbid(unsafe_code)] across every workspace crate.
The Rust crates expose the runtime directly. openclaw-node wraps them with napi-rs and ships pre-built binaries on npm.
use openclaw_providers::{AnthropicProvider, Provider};
use openclaw_core::secrets::ApiKey;
let provider = AnthropicProvider::new(ApiKey::new("sk-ant-...".into()));
let response = provider.complete(request).await?;import { AnthropicProvider } from "openclaw-node";
const provider = new AnthropicProvider(process.env.ANTHROPIC_API_KEY);
const res = await provider.complete({
model: "claude-3-5-sonnet-20241022",
messages: [{ role: "user", content: "Hello!" }],
maxTokens: 1024,
});Honest side-by-side reads. Pick by shape, not by feature checklist.
| Capability | openclaw-rs | TS OpenClaw | LangChain | Mastra | Rig |
|---|---|---|---|---|---|
| Single static binary | ● cargo install, no runtime | ○ needs Node.js | ○ needs Python or Node | ○ Node.js backend | ● Rust library, embed it |
| Event sourcing core | ● sled append-only log | ◐ via storage abstractions | ○ ad-hoc / not core | ◐ via memory adapters | ○ library-level only |
| Platform sandbox for tools | ● bwrap / sandbox-exec / Job Objects | ○ process-level only | ○ out of scope | ○ out of scope | ○ library-level only |
| JSON-RPC HTTP + WS gateway | ● axum, in-binary | ◐ via plugins | ○ bring-your-own server | ◐ Next.js / Hono | ○ bring-your-own server |
| Encrypted credential store | ● AES-256-GCM + Argon2id | ◐ env-var / OS keyring | ○ user responsibility | ◐ env-var | ○ user responsibility |
| Input validation at boundary | ● size + depth + char limits | ◐ ad-hoc | ○ user responsibility | ◐ schema validation | ○ user responsibility |
| TypeScript plugin compat | ● nng IPC bridge | ● native TS | ○ no such concept | ○ no such concept | ○ no such concept |
| Node.js SDK from same core | ● napi-rs, prebuilt binaries | ● is the Node SDK | ● is JS-native | ● is JS-native | ◐ FFI wrappers possible |
| Embedded dashboard UI | ● Vue 3, served by gateway | ◐ separate web app | ○ user responsibility | ◐ playground UI | ○ user responsibility |
| License | ● MIT | ● MIT | ● MIT | ◐ Elastic / mixed | ● MIT |
Why we rewrote OpenClaw in Rust, how event sourcing fits agents, what sandboxing actually means cross-platform, and the migration story.
openclaw-ui is a Vue 3 + Vite dashboard that's compiled into the openclaw-gateway binary via rust-embed. Here's why we ship UI inside the runtime and how the embed pipeline works.
openclaw-channels ships a complete Telegram Bot API adapter — attachments, allowlisting, rule-based routing. Here's how the channel-adapter shape works in Rust.
The first public release of openclaw-rs — a Rust agent runtime compatible with TypeScript OpenClaw. Here's what shipped, what's partial, and what's coming next.
Encrypted credential storage in Rust: AEAD with AES-256-GCM, Argon2id for key derivation, per-record nonces, 0600 file permissions, and ApiKey wrappers that redact themselves.
The full set lives on the FAQ page; here are the six that come up before adoption.
openclaw-rs is a Rust implementation of OpenClaw, an open-source AI agent framework. It is event-sourced, sandboxed, and single-binary. The same workspace ships a JSON-RPC 2.0 gateway (axum, HTTP + WebSocket), an agent runtime with platform-specific sandboxes, Anthropic + OpenAI provider clients, a Telegram channel adapter, an AES-256-GCM credential store, a Vue 3 dashboard, and napi-rs bindings for Node.js.
openclaw-rs is MIT, on crates.io, and one cargo install away.