openclaw-rs
Install
why · rust

Why Rust for an agent runtime?

Memory safety without a GC, predictable performance under sustained load, single-binary deploy, and a security story that's hard to get out of a Node process.

The TypeScript OpenClaw is a great framework, and we use it. So what's the Rust pitch?

1. Memory safety without a GC

Agent workloads allocate a lot of small things: messages, events, projection state, tool outputs. Under sustained load, Node's GC behaviour gets unpredictable — tail latencies grow, RSS oscillates, and you spend time tuning --max-old-space-size.

Rust's ownership model means deterministic deallocation at scope exit, no GC pauses, no heap fragmentation surprises. Memory behaviour is something you reason about at compile time, not something you tune at runtime.

2. Sub-millisecond message routing

The hot path through openclaw-gateway is JSON-RPC dispatch on axum over tokio. sled's lock-free reads keep event-store access fast. We target sub-10 ms per message in the gateway and see comfortably less than that in development.

3. Single static binary

cargo install openclaw-cli gives you:

  • The HTTP/WebSocket gateway.
  • The agent runtime + sandbox backends.
  • The Vue 3 dashboard (embedded at build time).
  • The Telegram channel adapter.
  • The CLI surface — onboard, doctor, status, config, daemon.

One binary. No Node runtime to ship. No node_modules. ~15 MB target.

4. Defence-in-depth security

Five independent layers — input validation, capability-based tool registration, OS-level sandboxing, encrypted credentials, fail-secure errors + audit logging — each independently load-bearing. #![forbid(unsafe_code)] is enforced across the workspace.

The full threat model is on the security page, and the zero-trust runtime piece goes deeper.

5. Interop without compromise

openclaw-node uses napi-rs to expose the Rust core to Node.js with pre-built binaries (Linux x64/arm64, macOS x64/arm64, Windows x64). The Node SDK and the Rust core share types — there is no impedance mismatch.

For existing TypeScript plugins, openclaw-plugins ships an nng IPC bridge that runs each plugin as a Node subprocess and dispatches the same 8 lifecycle hooks. Your existing plugin code keeps working.

What it costs

Honest list of trade-offs:

  • The Rust compile is slower than TS — incremental builds help, but cold compiles aren't free.
  • The channel adapter set is incomplete (Telegram only). Discord, Slack, Signal, Matrix, WhatsApp are on the roadmap.
  • The WASM plugin runtime is under evaluation. TS plugins via the IPC bridge work today.
  • The provider matrix is Anthropic + OpenAI today. Google Gemini and Ollama are roadmap items.

Who this is for

  • Teams that want a Rust core for production agent infrastructure.
  • Teams that have outgrown Node for performance, deployment, or security reasons.
  • Teams migrating from TypeScript OpenClaw who want compatibility, not a rewrite.

Who it isn't

  • Greenfield prototypers who want maximum dev velocity. Stay on TS for that.
  • Teams that depend on Google Gemini, Ollama, or Discord/Slack/Signal/Matrix/WhatsApp channels today — wait for those, or contribute them.

Get it running

cargo install openclaw-cli
openclaw onboard
openclaw gateway run

Three commands. One binary. A real Rust agent runtime.