Zero overhead. Zero compromise. 100% Rust. 100% Agnostic.
⚡️ Runs on $10 hardware with <5MB RAM: That's 99% less memory than OpenClaw and 98% cheaper than a Mac mini!

Fast, small, and fully autonomous AI assistant infrastructure — deploy anywhere, swap anything.

~3.4MB binary · <10ms startup · 1,017 tests · 22+ providers · 8 traits · Pluggable everything

• 🏎️ Ultra-Lightweight: <5MB Memory footprint — 99% smaller than OpenClaw core.
• 💰 Minimal Cost: Efficient enough to run on $10 Hardware — 98% cheaper than a Mac mini.
• ⚡ Lightning Fast: 400X Faster startup time, boot in <10ms (under 1s even on 0.6GHz cores).
• 🌍 True Portability: Single self-contained binary across ARM, x86, and RISC-V.

• Lean by default: small Rust binary, fast startup, low memory footprint.
• Secure by design: pairing, strict sandboxing, explicit allowlists, workspace scoping.
• Fully swappable: core systems are traits (providers, channels, tools, memory, tunnels).
• No lock-in: OpenAI-compatible provider support + pluggable custom endpoints.

Local machine quick benchmark (macOS arm64, Feb 2026) normalized for 0.8GHz edge hardware.

Notes: ZeroClaw results measured with /usr/bin/time -l on release builds. OpenClaw requires Node.js runtime (~390MB overhead). PicoClaw and ZeroClaw are static binaries.

Reproduce ZeroClaw numbers locally:

cargo build --release
ls -lh target/release/zeroclaw

/usr/bin/time -l target/release/zeroclaw --help
/usr/bin/time -l target/release/zeroclaw status

git clone https://github.com/zeroclaw-labs/zeroclaw.git
cd zeroclaw
cargo build --release --locked
cargo install --path . --force --locked

# Quick setup (no prompts)
zeroclaw onboard --api-key sk-... --provider openrouter

# Or interactive wizard
zeroclaw onboard --interactive

# Or quickly repair channels/allowlists only
zeroclaw onboard --channels-only

# Chat
zeroclaw agent -m "Hello, ZeroClaw!"

# Interactive mode
zeroclaw agent

# Start the gateway (webhook server)
zeroclaw gateway                # default: 127.0.0.1:8080
zeroclaw gateway --port 0       # random port (security hardened)

# Start full autonomous runtime
zeroclaw daemon

# Check status
zeroclaw status

# Run system diagnostics
zeroclaw doctor

# Check channel health
zeroclaw channel doctor

# Get integration setup details
zeroclaw integrations info Telegram

# Manage background service
zeroclaw service install
zeroclaw service status

# Migrate memory from OpenClaw (safe preview first)
zeroclaw migrate openclaw --dry-run
zeroclaw migrate openclaw

Dev fallback (no global install): prefix commands with cargo run --release -- (example: cargo run --release -- status). Low-memory boards (e.g., Raspberry Pi 3, 1GB RAM): run CARGO_BUILD_JOBS=1 cargo build --release if the kernel kills rustc during compilation.

Every subsystem is a trait — swap implementations with a config change, zero code changes.

• ✅ Supported today: runtime.kind = "native" or runtime.kind = "docker"
• 🚧 Planned, not implemented yet: WASM / edge runtimes

When an unsupported runtime.kind is configured, ZeroClaw now exits with a clear error instead of silently falling back to native.

All custom, zero external dependencies — no Pinecone, no Elasticsearch, no LangChain:

The agent automatically recalls, saves, and manages memory via tools.

[memory]
backend = "sqlite"          # "sqlite", "lucid", "markdown", "none"
auto_save = true
embedding_provider = "openai"
vector_weight = 0.7
keyword_weight = 0.3

# backend = "none" uses an explicit no-op memory backend (no persistence)

# Optional for backend = "lucid"
# ZEROCLAW_LUCID_CMD=/usr/local/bin/lucid   # default: lucid
# ZEROCLAW_LUCID_BUDGET=200                 # default: 200
# ZEROCLAW_LUCID_LOCAL_HIT_THRESHOLD=3      # local hit count to skip external recall
# ZEROCLAW_LUCID_RECALL_TIMEOUT_MS=120      # low-latency budget for lucid context recall
# ZEROCLAW_LUCID_STORE_TIMEOUT_MS=800        # async sync timeout for lucid store
# ZEROCLAW_LUCID_FAILURE_COOLDOWN_MS=15000   # cooldown after lucid failure to avoid repeated slow attempts

ZeroClaw enforces security at every layer — not just the sandbox. It passes all items from the community security checklist.

Run your own nmap: nmap -p 1-65535 <your-host> — ZeroClaw binds to localhost only, so nothing is exposed unless you explicitly configure a tunnel.

Inbound sender policy is now consistent:

• Empty allowlist = deny all inbound messages
• "*" = allow all (explicit opt-in)
• Otherwise = exact-match allowlist

This keeps accidental exposure low by default.

Recommended low-friction setup (secure + fast):

• Telegram: allowlist your own @username (without @) and/or your numeric Telegram user ID.
• Discord: allowlist your own Discord user ID.
• Slack: allowlist your own Slack member ID (usually starts with U).
• Use "*" only for temporary open testing.

If you're not sure which identity to use:

1. Start channels and send one message to your bot.
2. Read the warning log to see the exact sender identity.
3. Add that value to the allowlist and rerun channels-only setup.

If you hit authorization warnings in logs (for example: ignoring message from unauthorized user), rerun channel setup only:

zeroclaw onboard --channels-only

WhatsApp uses Meta's Cloud API with webhooks (push-based, not polling):

1. Create a Meta Business App:

   • Go to developers.facebook.com
   • Create a new app → Select "Business" type
   • Add the "WhatsApp" product

2. Get your credentials:

   • Access Token: From WhatsApp → API Setup → Generate token (or create a System User for permanent tokens)
   • Phone Number ID: From WhatsApp → API Setup → Phone number ID
   • Verify Token: You define this (any random string) — Meta will send it back during webhook verification

3. Configure ZeroClaw:

   [channels_config.whatsapp]
   access_token = "EAABx..."
   phone_number_id = "123456789012345"
   verify_token = "my-secret-verify-token"
   allowed_numbers = ["+1234567890"]  # E.164 format, or ["*"] for all

4. Start the gateway with a tunnel:

   zeroclaw gateway --port 8080

   WhatsApp requires HTTPS, so use a tunnel (ngrok, Cloudflare, Tailscale Funnel).

5. Configure Meta webhook:

   • In Meta Developer Console → WhatsApp → Configuration → Webhook
   • Callback URL: https://your-tunnel-url/whatsapp
   • Verify Token: Same as your verify_token in config
   • Subscribe to messages field

6. Test: Send a message to your WhatsApp Business number — ZeroClaw will respond via the LLM.

Config: ~/.zeroclaw/config.toml (created by onboard)

api_key = "sk-..."
default_provider = "openrouter"
default_model = "anthropic/claude-sonnet-4-20250514"
default_temperature = 0.7

[memory]
backend = "sqlite"              # "sqlite", "lucid", "markdown", "none"
auto_save = true
embedding_provider = "openai"   # "openai", "noop"
vector_weight = 0.7
keyword_weight = 0.3

# backend = "none" disables persistent memory via no-op backend

[gateway]
require_pairing = true          # require pairing code on first connect
allow_public_bind = false       # refuse 0.0.0.0 without tunnel

[autonomy]
level = "supervised"            # "readonly", "supervised", "full" (default: supervised)
workspace_only = true           # default: true — scoped to workspace
allowed_commands = ["git", "npm", "cargo", "ls", "cat", "grep"]
forbidden_paths = ["/etc", "/root", "/proc", "/sys", "~/.ssh", "~/.gnupg", "~/.aws"]

[runtime]
kind = "native"                # "native" or "docker"

[runtime.docker]
image = "alpine:3.20"          # container image for shell execution
network = "none"               # docker network mode ("none", "bridge", etc.)
memory_limit_mb = 512          # optional memory limit in MB
cpu_limit = 1.0                # optional CPU limit
read_only_rootfs = true        # mount root filesystem as read-only
mount_workspace = true         # mount workspace into /workspace
allowed_workspace_roots = []   # optional allowlist for workspace mount validation

[heartbeat]
enabled = false
interval_minutes = 30

[tunnel]
provider = "none"               # "none", "cloudflare", "tailscale", "ngrok", "custom"

[secrets]
encrypt = true                  # API keys encrypted with local key file

[browser]
enabled = false                        # opt-in browser_open + browser tools
allowed_domains = ["docs.rs"]         # required when browser is enabled
backend = "agent_browser"             # "agent_browser" (default), "rust_native", "computer_use", "auto"
native_headless = true                 # applies when backend uses rust-native
native_webdriver_url = "http://127.0.0.1:9515" # WebDriver endpoint (chromedriver/selenium)
# native_chrome_path = "/usr/bin/chromium"  # optional explicit browser binary for driver

[browser.computer_use]
endpoint = "http://127.0.0.1:8787/v1/actions" # computer-use sidecar HTTP endpoint
timeout_ms = 15000                    # per-action timeout
allow_remote_endpoint = false         # secure default: only private/localhost endpoint
window_allowlist = []                 # optional window title/process allowlist hints
# api_key = "..."                    # optional bearer token for sidecar
# max_coordinate_x = 3840             # optional coordinate guardrail
# max_coordinate_y = 2160             # optional coordinate guardrail

# Rust-native backend build flag:
# cargo build --release --features browser-native
# Ensure a WebDriver server is running, e.g. chromedriver --port=9515

# Computer-use sidecar contract (MVP)
# POST browser.computer_use.endpoint
# Request: {
#   "action": "mouse_click",
#   "params": {"x": 640, "y": 360, "button": "left"},
#   "policy": {"allowed_domains": [...], "window_allowlist": [...], "max_coordinate_x": 3840, "max_coordinate_y": 2160},
#   "metadata": {"session_name": "...", "source": "zeroclaw.browser", "version": "..."}
# }
# Response: {"success": true, "data": {...}} or {"success": false, "error": "..."}

[composio]
enabled = false                 # opt-in: 1000+ OAuth apps via composio.dev
# api_key = "cmp_..."          # optional: stored encrypted when [secrets].encrypt = true
entity_id = "default"         # default user_id for Composio tool calls

[identity]
format = "openclaw"             # "openclaw" (default, markdown files) or "aieos" (JSON)
# aieos_path = "identity.json"  # path to AIEOS JSON file (relative to workspace or absolute)
# aieos_inline = '{"identity":{"names":{"first":"Nova"}}}'  # inline AIEOS JSON

ZeroClaw supports identity-agnostic AI personas through two formats:

Traditional markdown files in your workspace:

• IDENTITY.md — Who the agent is
• SOUL.md — Core personality and values
• USER.md — Who the agent is helping
• AGENTS.md — Behavior guidelines

AIEOS is a standardization framework for portable AI identity. ZeroClaw supports AIEOS v1.1 JSON payloads, allowing you to:

• Import identities from the AIEOS ecosystem
• Export identities to other AIEOS-compatible systems
• Maintain behavioral integrity across different AI models

[identity]
format = "aieos"
aieos_path = "identity.json"  # relative to workspace or absolute path

Or inline JSON:

[identity]
format = "aieos"
aieos_inline = '''
{
  "identity": {
    "names": { "first": "Nova", "nickname": "N" }
  },
  "psychology": {
    "neural_matrix": { "creativity": 0.9, "logic": 0.8 },
    "traits": { "mbti": "ENTP" },
    "moral_compass": { "alignment": "Chaotic Good" }
  },
  "linguistics": {
    "text_style": { "formality_level": 0.2, "slang_usage": true }
  },
  "motivations": {
    "core_drive": "Push boundaries and explore possibilities"
  }
}
'''

See aieos.org for the full schema and live examples.

cargo build              # Dev build
cargo build --release    # Release build (~3.4MB)
CARGO_BUILD_JOBS=1 cargo build --release    # Low-memory fallback (Raspberry Pi 3, 1GB RAM)
cargo test               # 1,017 tests
cargo clippy             # Lint (0 warnings)
cargo fmt                # Format

# Run the SQLite vs Markdown benchmark
cargo test --test memory_comparison -- --nocapture

A git hook runs cargo fmt --check, cargo clippy -- -D warnings, and cargo test before every push. Enable it once:

git config core.hooksPath .githooks

If you see an openssl-sys build error, sync dependencies and rebuild with the repository lockfile:

git pull
cargo build --release --locked
cargo install --path . --force --locked

ZeroClaw is configured to use rustls for HTTP/TLS dependencies; --locked keeps the transitive graph deterministic on fresh environments.

To skip the hook when you need a quick push during development:

git push --no-verify

For high-throughput collaboration and consistent reviews:

• Contribution guide: CONTRIBUTING.md
• PR workflow policy: docs/pr-workflow.md
• Reviewer playbook (triage + deep review): docs/reviewer-playbook.md
• CI ownership and triage map: docs/ci-map.md
• Security disclosure policy: SECURITY.md

ZeroClaw is an open-source project maintained with passion. If you find it useful and would like to support its continued development, hardware for testing, and coffee for the maintainer, you can support me here:

MIT — see LICENSE

See CONTRIBUTING.md. Implement a trait, submit a PR:

• CI workflow guide: docs/ci-map.md
• New Provider → src/providers/
• New Channel → src/channels/
• New Observer → src/observability/
• New Tool → src/tools/
• New Memory → src/memory/
• New Tunnel → src/tunnel/
• New Skill → ~/.zeroclaw/workspace/skills/<name>/

ZeroClaw — Zero overhead. Zero compromise. Deploy anywhere. Swap anything. 🦀