Project Roadmap
ZeroClaw’s development focuses on performance, security, and extensibility. This roadmap outlines our priorities and planned improvements.Current Status
ZeroClaw v0.1.0 established a strong foundation:Performance
- 3.1MB binary size
- <5MB RAM usage
- <10ms startup time
Security
- Command allowlisting
- Path traversal protection
- Workspace sandboxing
- Rate limiting
Architecture
- Trait-based design
- Pluggable providers
- Swappable channels
- Custom tools
Testing
- 159 inline tests
- Edge case coverage
- Security validation
Security Hardening Roadmap
ZeroClaw already has excellent application-layer security. The roadmap focuses on OS-level containment for production deployments.
Phase 1: Quick Wins (1-2 weeks)
Goal: Address critical gaps with minimal complexityLandlock Filesystem Sandbox
Landlock Filesystem Sandbox
File:
Effort: 2 days
Impact: HighRestrict filesystem access to workspace using Linux Landlock LSM.
src/security/landlock.rsEffort: 2 days
Impact: HighRestrict filesystem access to workspace using Linux Landlock LSM.
Memory Monitoring + OOM Kill
Memory Monitoring + OOM Kill
File:
Effort: 1 day
Impact: HighMonitor memory usage and kill runaway processes before system instability.
src/resources/memory.rsEffort: 1 day
Impact: HighMonitor memory usage and kill runaway processes before system instability.
CPU Timeout per Command
CPU Timeout per Command
File:
Effort: 1 day
Impact: HighEnforce per-command CPU time limits to prevent infinite loops.
src/tools/shell.rsEffort: 1 day
Impact: HighEnforce per-command CPU time limits to prevent infinite loops.
Basic Audit Logging
Basic Audit Logging
File:
Effort: 2 days
Impact: MediumTamper-evident logging of all agent actions with HMAC signatures.
src/security/audit.rsEffort: 2 days
Impact: MediumTamper-evident logging of all agent actions with HMAC signatures.
- Linux: Filesystem access restricted to workspace
- All platforms: Memory/CPU guards against runaway commands
- All platforms: Tamper-evident audit trail
Phase 2: Platform Integration (2-3 weeks)
Goal: Deep OS integration for production-grade isolationFirejail Auto-Detection
Firejail Auto-Detection
Effort: 3 days
Impact: Very HighDetect and wrap agent execution in Firejail for container-like isolation on Linux.
Impact: Very HighDetect and wrap agent execution in Firejail for container-like isolation on Linux.
Bubblewrap Wrapper
Bubblewrap Wrapper
Effort: 4 days
Impact: Very HighFilesystem isolation for macOS and other *nix systems using Bubblewrap.
Impact: Very HighFilesystem isolation for macOS and other *nix systems using Bubblewrap.
cgroups v2 Integration
cgroups v2 Integration
Effort: 3 days
Impact: HighEnforce resource limits using systemd cgroups v2 on Linux.
Impact: HighEnforce resource limits using systemd cgroups v2 on Linux.
seccomp Syscall Filtering
seccomp Syscall Filtering
Effort: 5 days
Impact: HighAllowlist permitted syscalls to reduce attack surface.
Impact: HighAllowlist permitted syscalls to reduce attack surface.
Audit Log Query CLI
Audit Log Query CLI
Effort: 2 days
Impact: MediumCommand-line tools for querying and analyzing audit logs.
Impact: MediumCommand-line tools for querying and analyzing audit logs.
- Linux: Full container-like isolation via Firejail
- macOS: Bubblewrap filesystem isolation
- Linux: cgroups resource enforcement
- Linux: Syscall allowlisting
Phase 3: Production Hardening (1-2 weeks)
Goal: Enterprise security featuresDocker Sandbox Mode
Docker Sandbox Mode
Effort: 3 days
Impact: HighOptional Docker-based execution isolation for maximum security.
Impact: HighOptional Docker-based execution isolation for maximum security.
Certificate Pinning
Certificate Pinning
Effort: 2 days
Impact: MediumHTTPS certificate pinning for channel webhooks to prevent MITM attacks.
Impact: MediumHTTPS certificate pinning for channel webhooks to prevent MITM attacks.
Signed Config Verification
Signed Config Verification
Effort: 2 days
Impact: MediumVerify config file signatures to detect tampering.
Impact: MediumVerify config file signatures to detect tampering.
SIEM-Compatible Audit Export
SIEM-Compatible Audit Export
Effort: 2 days
Impact: MediumJSON/CSV audit export for integration with external SIEM systems.
Impact: MediumJSON/CSV audit export for integration with external SIEM systems.
Security Self-Test
Security Self-Test
Effort: 1 day
Impact: Low
Impact: Low
zeroclaw audit --check command to validate security configuration.- Optional Docker-based execution isolation
- HTTPS certificate pinning for webhooks
- Config file signature verification
- JSON/CSV audit export
Planned Config Schema
Proposed configuration for security features:Feature Roadmap
Agent Capabilities
Multi-Agent Coordination
Multi-Agent Coordination
Status: Research phaseEnable multiple agents to collaborate on complex tasks with shared context and work distribution.
Streaming Responses
Streaming Responses
Status: PlannedReal-time streaming of LLM responses for better UX in interactive channels.
Tool Composition
Tool Composition
Status: ExplorationAllow tools to call other tools to build complex workflows.
Memory Embeddings
Memory Embeddings
Status: In progressVector embeddings for semantic memory search beyond keyword matching.
Platform Support
Windows Native Support
Windows Native Support
Status: PlannedFirst-class Windows support with native security primitives.
WebAssembly Runtime
WebAssembly Runtime
Status: ExperimentalRun ZeroClaw in browser environments with WASM compilation.
ESP32 / Edge Devices
ESP32 / Edge Devices
Status: ResearchUltra-minimal runtime for WiFi-enabled edge devices.
Developer Experience
Plugin SDK
Plugin SDK
Status: In progressComprehensive SDK for building and testing plugins locally.
Hot Reloading
Hot Reloading
Status: PlannedReload plugins and configuration without restarting the agent.
Debug Mode
Debug Mode
Status: PlannedEnhanced debugging tools with step-through execution and state inspection.
Comparison: ZeroClaw vs Alternatives
How security roadmap implementation positions ZeroClaw:| Feature | PicoClaw | ZeroClaw Now | ZeroClaw + Roadmap | Production Target |
|---|---|---|---|---|
| Binary Size | ~8MB | 3.4MB ✅ | 3.5-4MB | < 5MB |
| RAM Usage | < 10MB | < 5MB ✅ | < 10MB | < 20MB |
| Startup Time | < 1s | < 10ms ✅ | < 50ms | < 100ms |
| Command Allowlist | Unknown | ✅ Yes | ✅ Yes | ✅ Yes |
| Path Blocking | Unknown | ✅ Yes | ✅ Yes | ✅ Yes |
| Injection Protection | Unknown | ✅ Yes | ✅ Yes | ✅ Yes |
| OS Sandbox | No | ❌ No | ✅ Firejail/Landlock | ✅ Container/namespaces |
| Resource Limits | No | ❌ No | ✅ cgroups/Monitor | ✅ Full cgroups |
| Audit Logging | No | ❌ No | ✅ HMAC-signed | ✅ SIEM integration |
| Security Score | C | B+ | A- | A+ |
Community Priorities
We’re listening to the community. Vote on features and share feedback:Feature Requests
Propose and vote on new features
Roadmap Discussions
Discuss priorities and timelines
Security RFCs
Review security proposals
GitHub Issues
Track specific work items
Estimated Timeline
How to Contribute
Want to help shape the roadmap?Implementation
Contribute code for roadmap items
Testing
Test experimental features
Documentation
Document new capabilities
Feedback
Share use cases and priorities
Additional Resources
Security Roadmap (Full)
Detailed security improvement plan
Architecture Docs
System design and patterns
Changelog
Recent changes and releases
Contributing Guide
How to get involved