Homebrew

May 23, 2026 Β· View on GitHub

Zippy β€” ZeptoClaw mascot

ZeptoClaw

Fast, small, secure, and local-first personal AI assistant infrastructure.

Documentation

CI Release License


$ zeptoclaw agent --stream -m "Analyze our API for security issues"

πŸ€– ZeptoClaw β€” Streaming analysis...

  [web_fetch]        Fetching API docs...
  [shell]            Running integration tests...
  [longterm_memory]  Storing findings...

β†’ Found 12 endpoints, 3 missing auth headers, 1 open redirect
β†’ Saved findings to long-term memory under "api-audit"

βœ“ Analysis complete in 4.2s

ZeptoClaw is one Rust binary for running personal AI agents locally, at the edge, or on a VPS β€” with tools, memory, channels, providers, and sandboxed autonomy built in. We studied the best AI assistants β€” and their tradeoffs: OpenClaw's integrations without the large TypeScript app footprint, NanoClaw's container-isolated simplicity without narrowing to a tiny assistant core, NemoClaw's OpenShell guardrails without the Docker/k3s footprint, and PicoClaw's edge efficiency with Rust's safety and runtime controls.

~6MB binary ~50ms startup ~6MB RAM 3,900+ tests 18 providers

Why ZeptoClaw

We studied what works β€” and what doesn't.

OpenClaw proved a personal AI assistant can grow into a broad integration and skills ecosystem. NanoClaw proved container isolation can be simple enough to understand and customize. NemoClaw proved managed guardrails matter β€” policy-gated sandboxes, routed inference, credential injection, channel messaging, and digest-verified blueprints. PicoClaw proved edge assistants can run on $10 hardware with a Go binary under 10MB of RAM.

ZeptoClaw took notes. The integrations, the security, the governance, the size discipline β€” without the tradeoffs each one made. One 6MB Rust binary that starts in 50ms, uses 6MB of RAM, and ships with container isolation, prompt injection detection, and a circuit breaker provider stack.

OpenClawNemoClawNanoClawPicoClawZeptoClaw
Core shapeBroad TypeScript assistant + skills ecosystemOpenClaw managed through OpenShellSmall TypeScript Claude assistantGo edge assistantSingle Rust binary
Footprint focusIntegration breadthDocker/k3s guardrails, ~2.4GB sandbox image~500-line core<10MB RAM~6MB binary / ~6MB RAM
Tools & memory100+ skillsOpenClaw tools in sandboxMinimal, customizable coreWeb search, memory, scheduled tasks33 built-ins + plugins + memory
ProvidersMulti-provider ecosystemRouted managed inferenceClaude-focusedMulti-LLM18 providers
ChannelsBroad chat integrationsTelegram/Discord/Slack via OpenShellWhatsApp-focused16+ channels10 active built-ins + plugins
IsolationSkill/user-permission modelOpenShell: Landlock + seccomp + netnsOS containersWorkspace sandbox6 runtimes
Runs on $10 HWNot the targetNot the targetNot the targetYesYes

Security

AI agents execute code. Most frameworks trust that nothing will go wrong.

The OpenClaw ecosystem has seen CVE-2026-25253 (CVSS 8.8 β€” cross-site WebSocket hijacking to RCE), ClawHavoc (341 malicious skills, 9,000+ compromised installations), and 42,000 exposed instances with auth bypass. ZeptoClaw was built with this threat model in mind.

LayerWhat it does
6 Sandbox RuntimesDocker, Apple Container, Landlock, Firejail, Bubblewrap, or native β€” per request
Prompt Injection DetectionAho-Corasick multi-pattern matcher (17 patterns) + 4 regex rules
Secret Leak Scanner22 regex patterns catch API keys, tokens, and credentials before they reach the LLM
Policy Engine7 rules blocking system file access, crypto key extraction, SQL injection, encoded exploits
Input Validator100KB limit, null byte detection, whitespace ratio analysis, repetition detection
Shell BlocklistRegex patterns blocking reverse shells, rm -rf, privilege escalation
SSRF PreventionDNS pinning, private IP blocking, IPv6 transition guard, scheme validation
Chain AlertingDetects dangerous tool call sequences (write→execute, memory→execute)
Tool Approval GateRequire explicit confirmation before executing dangerous tools

Every layer runs by default. No flags to remember, no config to enable.

Install

# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/qhkm/zeptoclaw/main/install.sh | sh

# Homebrew
brew install qhkm/tap/zeptoclaw

# Docker
docker pull ghcr.io/qhkm/zeptoclaw:latest

# Build from source
cargo install zeptoclaw --git https://github.com/qhkm/zeptoclaw

The control panel is an optional compile-time feature. To use zeptoclaw panel or zeptoclaw serve, build/install with --features panel.

Uninstall

# Remove ZeptoClaw state (~/.zeptoclaw)
zeptoclaw uninstall --yes

# Also remove a direct-install binary from ~/.local/bin or /usr/local/bin
zeptoclaw uninstall --remove-binary --yes

# Package-managed installs still use their package manager
brew uninstall qhkm/tap/zeptoclaw
cargo uninstall zeptoclaw

Quick Start

# Interactive setup (walks you through API keys, channels, workspace)
zeptoclaw onboard

# Talk to your agent
zeptoclaw agent -m "Hello, set up my workspace"

# Stream responses token-by-token
zeptoclaw agent --stream -m "Explain async Rust"

# Use a built-in template
zeptoclaw agent --template researcher -m "Search for Rust agent frameworks"

# Process prompts in batch
zeptoclaw batch --input prompts.txt --output results.jsonl

# Start as a Telegram/Slack/Discord/Webhook gateway
zeptoclaw gateway

# With full container isolation per request
zeptoclaw gateway --containerized

Migrate from OpenClaw

Already running OpenClaw? ZeptoClaw can import your config and skills in one command.

# Auto-detect OpenClaw installation (~/.openclaw, ~/.clawdbot, ~/.moldbot)
zeptoclaw migrate

# Specify path manually
zeptoclaw migrate --from /path/to/openclaw

# Preview what would be migrated (no files written)
zeptoclaw migrate --dry-run

# Non-interactive (skip confirmation prompts)
zeptoclaw migrate --yes

The migration command:

  • Converts provider API keys, model settings, and channel configs
  • Copies skills to ~/.zeptoclaw/skills/
  • Backs up your existing ZeptoClaw config before overwriting
  • Validates the migrated config and reports any issues
  • Lists features that can't be automatically ported

Supports JSON and JSON5 config files (comments, trailing commas, unquoted keys).

Deploy

Deploy to DigitalOcean Deploy to Railway Deploy to Render Deploy to Fly.io

Any VPS

curl -fsSL https://zeptoclaw.com/setup.sh | bash

Installs the binary and prints next steps. Run zeptoclaw onboard to configure providers and channels.

Providers

ZeptoClaw supports 18 LLM providers. All OpenAI-compatible endpoints work out of the box.

ProviderConfig keySetup
Anthropicanthropicapi_key
OpenAIopenaiapi_key
OpenRouteropenrouterapi_key
Google Geminigeminiapi_key
Google Vertex AIvertexADC or access token
Groqgroqapi_key
DeepSeekdeepseekapi_key
xAI (Grok)xaiapi_key
NVIDIA NIMnvidiaapi_key
Azure OpenAIazureapi_key + api_base
AWS Bedrockbedrockapi_key
Kimi (Moonshot)kimiapi_key
Zhipu (GLM)zhipuapi_key
Qianfan (Baidu)qianfanapi_key
Novita AInovitaapi_key
Liquid AIliquidapi_key
Ollamaollamalocal/keyless
VLLMvllmlocal/keyless

Configure in ~/.zeptoclaw/config.json or via environment variables:

{
  "providers": {
    "openrouter": { "api_key": "sk-or-..." },
    "ollama": { "api_key": "ollama" }
  },
  "agents": { "defaults": { "model": "anthropic/claude-sonnet-4" } }
}
export ZEPTOCLAW_PROVIDERS_GROQ_API_KEY=gsk_...

Any provider's base URL can be overridden with api_base for proxies or self-hosted endpoints. See the provider docs for full details.

Features

Core

FeatureWhat it does
Multi-Provider LLM18 providers with SSE streaming, retry with backoff + budget cap, auto-failover
33 Tools + PluginsShell, filesystem, grep, find, web, git, stripe, PDF, transcription, Android ADB, and more
Tool CompositionCreate new tools from natural language descriptions β€” composable {{param}} templates
Agent SwarmsDelegate to sub-agents with parallel fan-out, aggregation, and cost-aware routing
Library FacadeEmbed as a crate β€” ZeptoAgent::builder().provider(p).tool(t).build() for Tauri/GUI apps
Batch ModeProcess hundreds of prompts from text/JSONL files with template support
Agent ModesObserver, Assistant, Autonomous β€” category-based tool access control

Channels & Integration

FeatureWhat it does
Multi-Channel GatewayTelegram, Slack, Discord, WhatsApp Web + Cloud API, Lark, Email, Webhook, Serial, ACP, plus plugin channels β€” unified message bus
Persona SystemPer-chat personality switching via /persona command with LTM persistence
Plugin SystemJSON manifest plugins auto-discovered from ~/.zeptoclaw/plugins/
Hooksbefore_tool, after_tool, on_error with Log, Block, and Notify actions
Cron & HeartbeatSchedule recurring tasks, proactive check-ins, background spawning
Memory & HistoryWorkspace memory, long-term key-value store, conversation history

Security & Ops

FeatureWhat it does
6 Sandbox RuntimesDocker, Apple Container, Landlock, Firejail, Bubblewrap, or native
Gateway Startup GuardDegrade gracefully after N crashes β€” prevents crash loops
Channel SupervisorAuto-restart dead channels with cooldown and max-restart limits
Tool Approval GatePolicy-based gating β€” require confirmation for dangerous tools
SSRF PreventionDNS pinning, private IP blocking, IPv6 transition guard, scheme validation
Shell BlocklistRegex patterns blocking reverse shells, rm -rf, privilege escalation
Token Budget & CostPer-session budget enforcement, per-model cost estimation for 8 models
Rich Health Endpoint/health with version, uptime, RSS, usage metrics, component checks
TelemetryPrometheus + JSON metrics export, structured logging, per-tenant tracing
Self-Updatezeptoclaw update downloads latest release from GitHub
Loop GuardSHA256 tool-call repetition detection with circuit-breaker stop
Context TrimmingNormal/emergency/critical compaction tiers (70%/90%/95%) for context window management
Session RepairAuto-fixes orphan tool results, empty/duplicate messages, and alternation issues
Config Hot-ReloadGateway polls config mtime every 30s and applies provider/channel/safety updates live
Hands-LiteHAND.toml agent profiles with bundled presets (researcher, coder, monitor) and hand CLI
Multi-TenantHundreds of tenants on one VPS β€” isolated workspaces, ~6MB RAM each

Full documentation β€” zeptoclaw.com/docs covers configuration, environment variables, CLI reference, deployment guides, and more.

Inspired By

ZeptoClaw is inspired by projects in the open-source AI agent ecosystem β€” OpenClaw, NemoClaw, NanoClaw, and PicoClaw β€” each taking a different approach to the same problem. NemoClaw's policy model, routed inference, credential boundary, and digest-verified blueprint flow influenced our security thinking. ZeptoClaw's contribution is Rust's memory safety, async performance, and configurable isolation for local-first, edge, and production multi-tenant deployments β€” all in a 6MB binary that runs where Docker containers can't.

Usage

# CLI agent (one-shot or streaming)
zeptoclaw agent -m "Summarize this repo"
zeptoclaw agent --stream -m "Explain async Rust"
zeptoclaw agent --template coder -m "Add error handling to main.rs"

# Multi-channel gateway
zeptoclaw gateway                    # Telegram, Slack, Discord, etc.
zeptoclaw gateway --containerized    # With container isolation per request

# Memory, secrets, profiles
zeptoclaw memory set project:name "ZeptoClaw" --category project
zeptoclaw secrets encrypt
zeptoclaw hand activate researcher

# Batch, diagnostics, self-update
zeptoclaw batch --input prompts.txt --output results.jsonl
zeptoclaw doctor                     # Diagnose config/provider issues
zeptoclaw update                     # Self-update to latest release

Development

# Build
cargo build

# Run all tests (~3,900 total)
cargo nextest run --lib

# Lint and format (required before every PR)
cargo clippy -- -D warnings
cargo fmt -- --check

See CLAUDE.md for full architecture reference, AGENTS.md for coding guidelines, and docs/ for benchmarks, multi-tenant deployment, and performance guides.

Zepto Stack

ZeptoClaw is part of the Zepto stack β€” a modular local-first system for running on-device AI agents in production.

ZeptoPM        β€” orchestration, supervision, retries, job lifecycle
    β”‚
    β”‚  create(spec) + spawn(worker, args, env)
    β–Ό
ZeptoCapsule   β€” capsule creation, process isolation, resource enforcement
    β”‚
    β”‚  fork/namespace/microVM + stdio transport
    β–Ό
ZeptoClaw      β€” LLM calls, tool use, artifact production
    β”‚
    └── JSON-line IPC over stdin/stdout back to ZeptoPM
LayerRepoRole
ZeptoPMqhkm/zeptopmProcess manager β€” config-driven daemon, HTTP API, pipelines, orchestration
ZeptoCapsuleqhkm/zeptocapsuleSandbox β€” process/namespace/Firecracker isolation, resource limits, fallback chains
ZeptoRTqhkm/zeptortDurable runtime β€” journaled effects, snapshot recovery, OTP-style supervision
ZeptoClawqhkm/zeptoclawPersonal AI assistant infrastructure β€” tools, memory, providers, channels, sandboxed autonomy

Contributing

We welcome contributions! Please read CONTRIBUTING.md for:

  • How to set up your fork and branch from upstream
  • Issue-first workflow (open an issue before coding)
  • Pull request process and quality gates
  • Guides for adding new tools, channels, and providers

License

Apache 2.0 β€” see LICENSE

Disclaimer

ZeptoClaw is a pure open-source software project. It has no token, no cryptocurrency, no blockchain component, and no financial instrument of any kind. This project is not affiliated with any token or financial product.


ZeptoClaw β€” Local-first personal AI assistant infrastructure in one Rust binary.

Built by Aisar Labs


For commercial licensing, enterprise support, or managed hosting inquiries: qaiyyum@aisar.ai