# IronClaw

> IronClaw is a secure, open-source AI agent platform built in Rust that runs in encrypted enclaves on NEAR AI Cloud, keeping your credentials safe from LLM exposure.

IronClaw is a secure, open-source alternative to OpenClaw that deploys AI agents inside Trusted Execution Environments (TEEs) on NEAR AI Cloud. Built entirely in Rust, it ensures your API keys, tokens, and passwords are stored in an encrypted vault and never exposed to the LLM. It offers one-click cloud deployment and the same agentic capabilities as OpenClaw — browsing, research, coding, and automation — without the credential-leak risks.

- **Encrypted Vault**: *Credentials are encrypted at rest and injected at the network boundary only for pre-approved endpoints, keeping secrets invisible to the AI.*
- **Sandboxed Tools**: *Every tool runs in its own WebAssembly container with capability-based permissions, allowlisted endpoints, and strict resource limits.*
- **Trusted Execution Environments**: *Instances run inside TEEs on NEAR AI Cloud, encrypted in memory from boot to shutdown — even the cloud provider cannot see your data.*
- **Leak Detection**: *All outbound traffic is scanned in real-time; any data resembling a secret heading out is automatically blocked.*
- **Built in Rust**: *Memory safety is enforced at compile time, eliminating entire classes of exploits like buffer overflows and use-after-free errors.*
- **Network Allowlisting**: *Tools can only reach endpoints you pre-approve, preventing silent data exfiltration to unknown servers.*
- **Architectural Prompt Injection Defense**: *Unlike OpenClaw's "please don't leak" approach, IronClaw's architecture makes credential exposure structurally impossible.*
- **One-Click Deployment**: *Launch a secure IronClaw instance on NEAR AI Cloud with no infrastructure setup required — just deploy and start working.*

## Features
- Encrypted credential vault
- Trusted Execution Environment (TEE)
- WebAssembly sandboxed tools
- Real-time leak detection
- Network allowlisting
- Built in Rust (compile-time memory safety)
- One-click cloud deployment on NEAR AI Cloud
- Prompt injection protection
- Per-tool capability-based permissions
- Open source

## Integrations
NEAR AI Cloud, OpenClaw, WebAssembly, NEAR AI Inference

## Platforms
WEB, API

## Pricing
Open Source, Free tier available

## Links
- Website: https://www.ironclaw.com
- Repository: https://github.com/nearai/ironclaw
- EveryDev.ai: https://www.everydev.ai/tools/ironclaw