Sharpclaw is an advanced, highly capable autonomous AI agent framework built on .NET 10. Its core distinctiveness lies in its robust cross-conversation long-term memory system and system-level operation capabilities.
By leveraging the Microsoft.Extensions.AI abstraction layer, Sharpclaw seamlessly integrates with multiple LLM providers (Anthropic, OpenAI, Gemini) and interacts with users through multiple frontend channels including a Terminal UI (TUI), a Web interface, and QQ Bots.
- Three-Layer Pipeline: Automatically manages context through Working Memory (current session) β Recent Memory (detailed summaries) β Primary Memory (consolidated core facts).
- Agentic Memory Saver: An autonomous background agent actively decides what to save, update, or delete after each conversation turn.
- Vector Database Integration: Built-in vector search powered by Sharc and SQLite, featuring semantic deduplication and a 2-stage retrieval process (Vector Search + DashScope Rerank).
- File System: Comprehensive file operations including searching, reading, appending, editing, and directory management.
- Process & Task Management: Execute native OS commands, external processes, HTTP requests, and manage background tasks. Tasks support foreground (blocking) and background modes, with full lifecycle management including output streaming (stdout/stderr/combined), stdin writing, keyword/regex-based output waiting, and process tree termination. All background tasks are automatically killed and cleaned up on application exit.
- Sandboxed Python: Run Python code safely inside a WASM sandbox (see WASM Python Sandbox below).
- Sandboxed Execution: Runs Python code inside a RustPython WASM module via Wasmtime (primary) or Wasmer (fallback) runtimes, providing strong hardware-level isolation from the host process.
- Filesystem Isolation: File access is strictly limited to
/workspace(the agent's working directory) and an isolated per-run temporary directory via WASI capability-based security. The host filesystem is completely inaccessible. - Guaranteed Timeout: Wasmtime's epoch interruption mechanism enforces a hard, non-bypassable execution timeout (default 180 s), preventing infinite loops and CPU exhaustion.
- No Shell Injection:
stdout/stderrare captured at the WASI syscall level via native callbacks, completely bypassing the host shell and eliminating shell-injection risks. - Per-Execution Isolation: Every run creates a fresh WASM engine instance inside a unique GUID-named temporary directory, which is automatically deleted after completion β no state leaks between invocations.
- TUI (Terminal.Gui): A feature-rich terminal interface with collapsible logs, slash-command auto-completion, and configuration dialogs.
- Web (WebSocket): A lightweight ASP.NET Core web server with a modern UI (Tokyo Night theme) and real-time streaming.
- QQ Bot: Native integration with QQ channels, groups, and private messages.
- External Skills: Load custom skills from
~/.sharpclaw/skills/viaAgentSkillsDotNet, seamlessly merged with built-in commands as a unified tool collection.
- Cross-platform secure credential storage (Windows Credential Manager, macOS Keychain, Linux libsecret) using AES-256-GCM encryption for API keys.
- Automatic configuration version migration (up to v8).
- Per-provider custom request body injection (e.g.
"thinking","reasoning_split") β configurable globally or per-agent via the Config Dialog.
- .NET 10.0 SDK
- Git (for cloning submodules)
- Clone the repository with its submodules:
git clone --recursive https://github.com/yourusername/sharpclaw.git
cd sharpclaw- Build the entire solution:
dotnet build- Run the application via the CLI. Sharpclaw routes the startup based on the command provided:
- Start Terminal UI (Default):
dotnet run --project sharpclaw tuiFirst run automatically launches the configuration wizard:
- Start Web Server:
dotnet run --project sharpclaw web
- Start QQ Bot:
dotnet run --project sharpclaw qqbot- Open Configuration UI:
dotnet run --project sharpclaw configβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend Layer (Channels/) β
β βββ Tui/ β Terminal.Gui v2 (ChatWindow, ConfigDialog) β
β βββ Web/ β ASP.NET Core WebSocket server β
β βββ QQBot/ β QQ Bot integration (Luolan.QQBot) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Agent Layer (Agents/) β
β βββ MainAgent β Conversation loop, tool orchestration β
β βββ MemorySaver β Autonomous memory management β
β βββ ConversationArchiver β Two-phase memory consolidation β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Memory Pipeline (Chat/, Memory/) β
β βββ MemoryPipelineChatReducer β Context window management β
β βββ VectorMemoryStore β Sharc + SQLite vector search β
β βββ InMemoryMemoryStore β Keyword-based fallback β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Skills & Commands (Commands/, ~/.sharpclaw/skills/) β
β βββ Built-in β File, Process, HTTP, Task, System commands β
β βββ External Skills β AgentSkillsDotNet plugin loading β
β βββ Memory Tools β SearchMemory, GetRecentMemories β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β WASM Python Sandbox (Services/, Interop/, libs/) β
β βββ WasmtimePythonService β RunPython tool (primary) β
β βββ WasmtimeWasiRuntime β Epoch-timeout WASM executor β
β βββ WasmerWasiRuntime β Fallback WASM executor β
β βββ rustpython.wasm β Embedded Python 3 interpreter β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Core Infrastructure (Core/) β
β βββ AgentBootstrap β Shared initialization + skill loading β
β βββ SharpclawConfig β Configuration with encryption β
β βββ ClientFactory β LLM client creation β
β βββ DataProtector/KeyStore β AES-256-GCM encryption β
β βββ TaskManager β Background process management β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Sharpclaw implements a sophisticated three-layer memory pipeline:
| Layer | File | Purpose |
|---|---|---|
| Working Memory | working_memory.json |
Current conversation snapshot |
| Recent Memory | recent_memory.md |
Detailed summaries (append-only) |
| Primary Memory | primary_memory.md |
Consolidated core facts |
| Vector Store | memories.db |
Semantic embeddings + metadata |
| History | history/*.md |
Archived full conversations |
Pipeline Flow:
- After each turn β MemorySaver analyzes and updates vector store
- When context window overflows β Summarizer generates detailed summary β appends to recent memory
- When recent memory > 30k chars β Consolidator extracts core info β overwrites primary memory
The AI engine is decoupled from frontend through IChatIO interface:
- TUI:
Channels/Tui/ChatWindow.csβ Terminal.Gui v2 interface - Web:
Channels/Web/WebSocketChatIO.csβ WebSocket frontend - QQ Bot:
Channels/QQBot/QQBotServer.csβ QQ Bot interface
All frontends share the same MainAgent logic.
Sharpclaw provides a fully isolated, secure Python execution environment using WebAssembly (WASM) and WASI (WebAssembly System Interface). This allows the AI agent to generate and run Python code without any risk to the host system.
| Component | Technology | Role |
|---|---|---|
| Python Interpreter | RustPython compiled to WASM | Python 3 runtime inside sandbox |
| Primary Runtime | Wasmtime v43 | WASM executor with epoch-based timeout |
| Fallback Runtime | Wasmer | Alternative executor |
| System Interface | WASI | Capability-based filesystem & I/O abstraction |
| Boundary | Mechanism | Effect |
|---|---|---|
| Filesystem | WASI pre-opened directories | Only /workspace and a per-run /sharpclaw_tmp are accessible |
| Memory | WASM linear memory | Complete isolation from host process memory |
| Execution Time | Wasmtime epoch interruption | Hard, non-bypassable timeout (default 180 s) |
| I/O | WASI syscall-level callbacks | Output captured before reaching the host shell |
| Concurrency | SemaphoreSlim mutex |
One Python execution at a time, preventing races |
| State | Fresh WASM instance per run | No shared state between invocations |
Agent calls RunPython(code, purpose, timeoutSeconds)
β
βΌ
WasmtimePythonService (acquires mutex)
β
βΌ
WasmtimeWasiRuntime.ExecuteCode()
βββ Create isolated temp dir (GUID-named, auto-deleted on finish)
βββ Write user code to temp file
βββ Init Wasmtime engine (epoch interruption enabled)
βββ Configure WASI:
β βββ Pre-open /workspace (rw)
β βββ Pre-open /sharpclaw_tmp (rw)
β βββ Capture stdout/stderr via native callbacks
β βββ Set env vars (PWD=/workspace only)
βββ Instantiate rustpython.wasm + call _start
βββ Start timeout watchdog (Task.Delay β increment epoch)
βββ Return WasmCommandResult { Success, ExitCode, StdOut, StdErr, TimedOut }
| Capability | Status | Notes |
|---|---|---|
| Standard Python library | β | Frozen into rustpython.wasm |
File I/O in /workspace |
β | Maps to the agent's working directory on the host |
| Arbitrary computation | β | No restrictions beyond timeout |
| Host filesystem (outside workspace) | β | Blocked by WASI capability model |
Native extensions (.so/.dll) |
β | WASM cannot load host shared libraries |
| Spawning host processes | β | No subprocess/os.system to host |
| Unrestricted network access | β | No WASI socket mapping by default |
sharpclaw/
βββ sharpclaw/ β Main project
β βββ Program.cs β Entry point (tui/web/qqbot/config)
β βββ sharpclaw.csproj β Project file (net10.0)
β βββ Abstractions/ β IChatIO, IAppLogger interfaces
β βββ Agents/ β MainAgent, MemorySaver, ConversationArchiver
β βββ Channels/ β Tui, Web, QQBot frontends
β βββ Chat/ β MemoryPipelineChatReducer
β βββ Clients/ β DashScopeRerankClient, ExtraFieldsPolicy
β βββ Commands/ β All tool implementations
β βββ Core/ β Config, Bootstrap, TaskManager
β βββ Memory/ β IMemoryStore, VectorMemoryStore
β βββ UI/ β ConfigDialog, AppLogger
β βββ wwwroot/ β Web UI (index.html)
βββ preview/ β Screenshots
βββ sharc/ β Submodule: high-performance SQLite library
β βββ src/ β 9 project folders (Sharc, Sharc.Vector, etc.)
β βββ tests/ β 11 test projects (3,467 tests)
β βββ bench/ β BenchmarkDotNet suites
β βββ docs/ β Architecture & feature docs
βββ CLAUDE.md β AI assistant instructions
βββ README.md / README_CN.md β Documentation
βββ sharpclaw.slnx β Solution file
Configuration is stored in ~/.sharpclaw/config.json (version 8):
{
"version": 8,
"default": {
"provider": "anthropic",
"apiKey": "...",
"model": "claude-3-5-sonnet-20241022"
},
"agents": {
"main": { "enabled": true },
"recaller": { "enabled": true },
"saver": { "enabled": true },
"summarizer": { "enabled": true }
},
"memory": {
"embeddingProvider": "openai",
"embeddingModel": "text-embedding-3-small"
},
"channels": {
"web": { "address": "127.0.0.1", "port": 5000 }
}
}- API keys encrypted at rest with AES-256-GCM
- Encryption key stored in OS credential manager
- Per-agent overrides can specify different provider/model
- ExtraRequestBody supports custom fields (e.g.,
thinking)
Sharpclaw includes Sharc as a submodule β a high-performance, pure managed C# library for reading/writing SQLite files:
- Pure managed C# β zero native dependencies
- 609x faster B-tree seeks than Microsoft.Data.Sqlite
- Zero allocation per-row reads via
Span<T> - Built-in features: Encryption, Graph queries (Cypher), Vector search, SQL pipeline
See sharc/README.md and sharc/CLAUDE.md for details.
This project is licensed under the MIT License - see the LICENSE file for details.
Copyright (c) 2025 sharpclaw.