# openclaw-rs

> A Rust implementation of OpenClaw — the open-source AI agent framework — by
> Neul Labs. Event-sourced agent runtime with platform-specific sandboxing
> (bubblewrap, sandbox-exec, Job Objects), a JSON-RPC 2.0 gateway on axum
> (HTTP + WebSocket in one binary), AES-256-GCM credential storage, and full
> compatibility with the TypeScript OpenClaw plugin and skill formats via an
> nng IPC bridge.

openclaw-rs is an open-source (MIT) Rust workspace by Neul Labs. It is a
production-focused agent runtime — not a toolkit — built around an
append-only `sled`-backed event store, last-write-wins CRDT projections, and
defence-in-depth security (input validation at every boundary, secret
redaction, fail-secure error handling, capability-based sandboxing).

- Repository: https://github.com/neul-labs/openclaw-rs
- crates.io: https://crates.io/crates/openclaw-cli
- npm (Node bindings): https://www.npmjs.com/package/openclaw-node
- Marketing site: https://openclaw-rs.neullabs.com
- Documentation: https://docs.neullabs.com/openclaw-rs/
- License: MIT
- Platforms: Linux, macOS, Windows
- Rust: 1.85+ (2024 edition)

## Why it exists

The original TypeScript OpenClaw is excellent, but a Node.js runtime is a
heavy thing to ship in production agent infrastructure: hundreds of MB of
deps, GC pauses, soft type guarantees, complex single-binary stories.
openclaw-rs is a memory-safe, statically-linked, single-binary alternative
that keeps the same config (`~/.openclaw/openclaw.json` JSON5), the same
Markdown skill format, and the same TypeScript plugin contract — but ships
a Rust core with sub-millisecond message routing and a < 15 MB binary
target.

## Core primitives

- **Event sourcing** — sessions stored as append-only `SessionEvent` logs in
  `sled`. Eight event kinds: `SessionStarted`, `MessageReceived`,
  `MessageSent`, `ToolCalled`, `ToolResult`, `AgentResponse`,
  `SessionEnded`, `StateChanged`. Replayable, auditable, time-travel-capable.
- **CRDT projections** — derived state via last-write-wins merge so
  multi-instance coordination is safe by construction.
- **Sandboxed tools** — three platform backends: `bubblewrap` (Linux),
  `sandbox-exec` (macOS), Job Objects (Windows). Three levels: `None`,
  `Relaxed`, `Strict`.
- **JSON-RPC 2.0 gateway** — `axum` HTTP server + WebSocket handler in a
  single binary. Methods: `session.create`, `session.message`,
  `session.history`, `session.end`, `agent.list`, `agent.status`,
  `tools.list`, `tools.execute`. Per-client rate limiting, auth middleware,
  CORS.
- **Provider matrix** — `openclaw-providers` ships Anthropic (Claude 3.5
  Sonnet/Haiku/Opus) and OpenAI (GPT-4o, GPT-4, GPT-3.5) clients with SSE
  streaming, function calling, and custom-base-URL support. Google Gemini
  and Ollama planned.
- **Channels** — `Channel` / `ChannelInbound` / `ChannelOutbound` traits +
  allowlist-based access control + rule-based routing. Telegram Bot API
  adapter ships today; Discord, Slack, Signal, Matrix, WhatsApp planned.
- **TypeScript plugin bridge** — `openclaw-plugins` exposes 8 lifecycle
  hooks (`BeforeMessage`, `AfterMessage`, `BeforeToolCall`, `AfterToolCall`,
  `SessionStart`, `SessionEnd`, `AgentResponse`, `Error`) over `nng` IPC so
  existing TypeScript OpenClaw plugins keep working unchanged.
- **napi-rs Node bindings** — `openclaw-node` exposes the Rust providers,
  credential store, event store, validation, config, and tool registry to
  Node.js with pre-built binaries for Linux x64/arm64, macOS x64/arm64, and
  Windows x64.
- **Encrypted credential store** — AES-256-GCM with Argon2id key derivation,
  file permissions 0600, automatic redaction in logs (`ApiKey` prints
  `[REDACTED]`).
- **Embedded Vue 3 dashboard** — `openclaw-ui` is a Vue 3 + Vite app that
  the gateway serves at `/`. No external admin server to deploy.

## Quickstart

```bash
cargo install openclaw-cli
openclaw onboard
openclaw gateway run
```

```rust
use openclaw_providers::{AnthropicProvider, Provider};
use openclaw_core::secrets::ApiKey;

let provider = AnthropicProvider::new(ApiKey::new("sk-ant-...".into()));
let response = provider.complete(request).await?;
```

```javascript
import { AnthropicProvider } from "openclaw-node";

const provider = new AnthropicProvider(process.env.ANTHROPIC_API_KEY);
const response = await provider.complete({
  model: "claude-3-5-sonnet-20241022",
  messages: [{ role: "user", content: "Hello!" }],
  maxTokens: 1024,
});
```

## The crates

| Crate                  | Status   | What it does                                                             |
|------------------------|----------|--------------------------------------------------------------------------|
| `openclaw-core`        | stable   | Types, config, events, secrets, auth, validation                         |
| `openclaw-ipc`         | stable   | nng transport + JSON-RPC message types for the TS plugin bridge          |
| `openclaw-providers`   | stable   | Anthropic + OpenAI clients with SSE streaming                            |
| `openclaw-agents`      | stable   | Agent runtime, sandboxing, workflow engine, tool registry                |
| `openclaw-gateway`     | stable   | axum HTTP/WS server, JSON-RPC dispatch, embedded UI                      |
| `openclaw-cli`         | stable   | `onboard`, `gateway`, `doctor`, `status`, `config`, `daemon` commands    |
| `openclaw-node`        | stable   | napi-rs bindings for Node.js                                             |
| `openclaw-ui`          | stable   | Vue 3 dashboard embedded into the gateway                                |
| `openclaw-channels`    | partial  | Channel traits + Telegram adapter (Discord/Slack/Signal/Matrix planned)  |
| `openclaw-plugins`     | partial  | TS bridge complete; WASM runtime (wasmtime vs wasmer) under evaluation   |

## Differentiation vs other projects

- **vs. TypeScript OpenClaw** — same config + skills + plugin contract,
  sub-ms routing, single static binary, no Node runtime.
- **vs. LangChain / Mastra** — purpose-built runtime, not a toolkit;
  defence-in-depth security; opinionated about event sourcing and sandboxing.
- **vs. other Rust agent libraries (rig, etc.)** — full runtime (gateway,
  channels, plugins, CLI, dashboard) rather than a single SDK crate.

## Key pages

- `/` — landing page with the full pitch.
- `/why-rust` — why a Rust rewrite, what it gets you.
- `/architecture` — crate graph, message flow, thread model.
- `/crates` — every crate with status, deps, links to docs.rs.
- `/security` — threat model, sandboxing, encryption, validation.
- `/providers` — Anthropic + OpenAI today, Google + Ollama planned.
- `/channels` — Telegram today, Discord/Slack/Signal/Matrix/WhatsApp roadmap.
- `/install` — `cargo install`, `openclaw onboard`, first run.
- `/compare` — side-by-side with TS OpenClaw, LangChain, Mastra, Rig.
- `/blog` — articles on event sourcing, sandboxing, the TS→Rust migration.
- `/faq` — questions developers ask before adopting.

## License + brand

openclaw-rs is open source under the MIT license. © Neul Labs.
Contact: openclaw@neullabs.com.

This is an independent implementation by Neul Labs. "OpenClaw" refers to the
original open-source project at github.com/openclaw/openclaw. "Claude" and
"Anthropic" are trademarks of Anthropic, PBC. "GPT" and "OpenAI" are
trademarks of OpenAI, Inc. All trademarks belong to their respective owners.
Provider integrations use official public APIs.