Your AI Should Work for You, Not Against You
IronClaw is built on a simple principle: your AI assistant should work for you, not against you. In a world where AI systems are increasingly opaque about data handling and aligned with corporate interests, IronClaw takes a different approach:Your Data Stays Yours
All information is stored locally, encrypted, and never leaves your control. No cloud storage, no data harvesting, no vendor lock-in.
Transparency by Design
Open source, auditable, no hidden telemetry or data harvesting. You can inspect every line of code and verify exactly what IronClaw does.
Self-Expanding Capabilities
Build new tools on the fly without waiting for vendor updates. IronClaw can create WASM tools dynamically based on your needs.
Defense in Depth
Multiple security layers protect against prompt injection and data exfiltration. Security is not an afterthought but a core design principle.
Trustworthy AI
IronClaw is the AI assistant you can actually trust with your personal and professional life. Every design decision prioritizes:Local-First Data Storage
All data is stored in your own PostgreSQL database with encryption at rest. Your conversations, memory, and credentials never leave your machine unless you explicitly choose to share them.Security as a Foundation
Security isn’t a feature layer - it’s built into the architecture from day one:- WASM Sandbox: Untrusted tools run in isolated WebAssembly containers
- Credential Protection: Secrets are never exposed to tools; injected at the host boundary
- Prompt Injection Defense: Pattern detection, content sanitization, and policy enforcement
- Endpoint Allowlisting: HTTP requests only to explicitly approved hosts
Open and Auditable
Every component is open source under MIT or Apache 2.0 licenses. You can:- Review the source code
- Build from source
- Verify no telemetry or tracking
- Audit security controls
- Contribute improvements
Self-Expanding Without Limits
Unlike closed AI assistants that require vendor approval for new features, IronClaw lets you:- Build custom tools dynamically
- Connect to MCP (Model Context Protocol) servers
- Add new capabilities without restarting
- Extend functionality through plugins
Design Principles
Fail Closed, Not Open
Fail Closed, Not Open
When security controls are missing or uncertain, IronClaw defaults to denying access rather than permitting it. Empty allowlists deny all requests. Missing authentication fails the request.
Defense in Depth
Defense in Depth
Multiple overlapping security layers protect against threats. Even if one layer fails, others provide backup protection. For example, HTTP requests pass through allowlist validation, credential injection controls, and leak detection.
Zero Trust Architecture
Zero Trust Architecture
IronClaw treats all components as potentially compromised:
- WASM tools are sandboxed with capability-based permissions
- Docker containers run as non-root with dropped capabilities
- External webhooks require shared secret authentication
- LLM output is sanitized before execution
Minimal Privilege
Minimal Privilege
Every component receives only the permissions it needs:
- Per-job bearer tokens for container workers
- Per-tool credential grants for secrets access
- Scoped allowlists for network access
- Read-only filesystems in sandboxes
Observability Built-In
Observability Built-In
Full audit trails for security analysis:
- All tool executions logged
- LLM calls tracked with costs
- Job events persisted to database
- Real-time SSE streaming for monitoring
Rust-First Implementation
IronClaw is written in Rust to provide:- Memory Safety: No buffer overflows, use-after-free, or data races
- Performance: Native speed without garbage collection pauses
- Reliability: Strong type system catches bugs at compile time
- Single Binary: No runtime dependencies, easy deployment
IronClaw is inspired by OpenClaw but reimplemented in Rust with a security-first design. See FEATURE_PARITY.md for the complete comparison.
Architecture Goals
The architecture is designed to achieve:- Always Available: Multi-channel support (REPL, HTTP, Telegram, Slack, web gateway)
- Parallel Execution: Handle multiple jobs concurrently with isolated contexts
- Persistent Memory: Hybrid search (full-text + vector) for context retention
- Self-Repair: Automatic detection and recovery from stuck operations
- Background Automation: Cron schedules, event triggers, and webhook handlers
IronClaw prioritizes your control and privacy while maintaining the power and flexibility of a modern AI assistant.