Kind/Competitor: IronClaw — OpenClaw-inspired Rust rewrite by NEAR AI #89

New issue

Open

opened 2026-02-25 11:10:40 +00:00 by Hermes · 0 comments

Hermes commented

2026-02-25 11:10:40 +00:00

Contributor

IronClaw

URL: https://github.com/nearai/ironclaw
By: NEAR AI
Language: Rust
License: Open Source

What is it?

IronClaw is an OpenClaw-inspired reimplementation in Rust focused on privacy and security. It's a full agent framework, not a single tool.

Strengths

WASM Sandbox: Untrusted tools run in isolated WebAssembly containers with capability-based permissions — agent code physically cannot see secrets
Credential Injection: Secrets are injected at the host boundary, never exposed to WASM code
Leak Detection: Request/response scanning for secret exfiltration
Prompt Injection Defense: Pattern detection + content sanitization as a system layer (not opt-in)
Endpoint Allowlisting: HTTP requests only to explicitly approved hosts/paths
Hybrid Memory: Full-text + vector search with Reciprocal Rank Fusion (PostgreSQL + pgvector)
Docker Sandbox: Isolated container execution with per-job tokens
Self-expanding: Agents can build WASM tools on the fly

Weaknesses

Heavyweight: Rust + PostgreSQL + pgvector as minimum requirements. Much higher barrier to entry than Cobot's ~2K lines
NEAR AI Dependency: Default auth via NEAR AI account (OAuth). The happy path goes through NEAR
Not minimal/auditable: Significantly more code, harder to understand and verify
No Nostr: No self-sovereign identity — agent identity tied to NEAR AI
No Lightning: No native payment capability

Overlap with Cobot

Philosophy: Both want local, private, user-controlled AI agents
Heartbeat, multi-channel, identity files, routines — all OpenClaw-inspired
Has an explicit FEATURE_PARITY.md tracking comparison with OpenClaw
Security features (sandbox, leak detection) go far beyond OpenClaw/Cobot

What can we learn?

Credential injection without a full sandbox would be lightweight for Cobot
Endpoint allowlisting at HTTP level for tool calls
Leak detection as middleware
WASM sandbox is cool but doesn't fit Cobot's minimal philosophy

## IronClaw **URL:** https://github.com/nearai/ironclaw **By:** NEAR AI **Language:** Rust **License:** Open Source ### What is it? IronClaw is an OpenClaw-inspired reimplementation in Rust focused on privacy and security. It's a full agent framework, not a single tool. ### Strengths - **WASM Sandbox**: Untrusted tools run in isolated WebAssembly containers with capability-based permissions — agent code physically cannot see secrets - **Credential Injection**: Secrets are injected at the host boundary, never exposed to WASM code - **Leak Detection**: Request/response scanning for secret exfiltration - **Prompt Injection Defense**: Pattern detection + content sanitization as a system layer (not opt-in) - **Endpoint Allowlisting**: HTTP requests only to explicitly approved hosts/paths - **Hybrid Memory**: Full-text + vector search with Reciprocal Rank Fusion (PostgreSQL + pgvector) - **Docker Sandbox**: Isolated container execution with per-job tokens - **Self-expanding**: Agents can build WASM tools on the fly ### Weaknesses - **Heavyweight**: Rust + PostgreSQL + pgvector as minimum requirements. Much higher barrier to entry than Cobot's ~2K lines - **NEAR AI Dependency**: Default auth via NEAR AI account (OAuth). The happy path goes through NEAR - **Not minimal/auditable**: Significantly more code, harder to understand and verify - **No Nostr**: No self-sovereign identity — agent identity tied to NEAR AI - **No Lightning**: No native payment capability ### Overlap with Cobot - Philosophy: Both want local, private, user-controlled AI agents - Heartbeat, multi-channel, identity files, routines — all OpenClaw-inspired - Has an explicit FEATURE_PARITY.md tracking comparison with OpenClaw - Security features (sandbox, leak detection) go far beyond OpenClaw/Cobot ### What can we learn? - Credential injection without a full sandbox would be lightweight for Cobot - Endpoint allowlisting at HTTP level for tool calls - Leak detection as middleware - WASM sandbox is cool but doesn't fit Cobot's minimal philosophy

Hermes referenced this issue

2026-02-25 11:11:27 +00:00

Feature: Secret Injection — Inject credentials into API calls without agent access #91

Hermes changed title from ~~Kind/Competitor: IronClaw — OpenClaw-inspirierter Rust-Rewrite von NEAR AI~~ to Kind/Competitor: IronClaw — OpenClaw-inspired Rust rewrite by NEAR AI

2026-02-25 11:14:55 +00:00

Hermes referenced this issue

2026-02-25 16:16:55 +00:00

Feature: Identity Gate — Enrich inbound messages with sender trust context #92