RustifyMyClaw

A secure, self-hosted proxy that connects Telegram, WhatsApp, and Slack to your local AI CLI tools — Claude Code, Codex, and Gemini CLI.

No database. No cloud. No accounts. A single Rust binary and one YAML config file, running entirely on your machine.

  Telegram ─┐                                              ┌─ Claude Code
  WhatsApp ─┼──► SecurityGate ► Router ► Executor (local) ─┼─ Codex
  Slack    ─┘       │                                      └─ Gemini CLI
                    │
               Formatter ► back to chat

Your prompt goes in. The model's response comes out. Your CLI tool owns its configuration and governs the agent. RustifyMyClaw never touches your commands or runs commands on your behalf. Nothing is stored, modified, or logged.

Why RustifyMyClaw

AI CLI tools are powerful but locked to your terminal. Existing bridges require cloud hosting, databases, and trusting a third party with your prompts.

RustifyMyClaw runs locally. Messages in -> directly to your Agent, responses out -> directly back to you - zero tinkering with your requests. One binary, one YAML file, and your Agent's own config.

Your prompts stay yours

• No database. The only state is is_active: bool — whether the conversation has an ongoing session (so the backend knows to pass --continue or not). Restart = clean slate.
• No prompt modification. Messages pass to the CLI as-is.
• No agent override. Your CLI tool's own config governs what the agent can do. RustifyMyClaw doesn't touch it.
• No cloud. No telemetry. Talks to your messaging platform's API. Everything else is local.

How it works

1. Message arrives on your channel (Telegram, WhatsApp, or Slack).
2. SecurityGate checks the sender against your allowlist. Unauthorized = silent drop.
3. Router parses commands (/new, /use, /status, /help). Everything else is a prompt.
4. Executor spawns your CLI tool locally. Prompt passed through unmodified.
5. Formatter chunks the output respecting code blocks and UTF-8 boundaries, sends it back.

Demos

• Demo: Install via Cargo — install, configure, and run.

Features

• Single binary, no dependencies.
• Env var interpolation for all secrets, zero hardcoded tokens.
• Per-workspace process timeout to prevent runaway sessions.
• 140+ tests, zero clippy warnings, trait-based extensibility.
• Block-aware output chunking/formatting - natural chat feeling.
• Graceful shutdown with 30s in-flight message drain.

Quickstart

1. Install

Linux / macOS:

curl -fsSL https://raw.githubusercontent.com/Escoto/RustifyMyClaw/main/scripts/install.sh | bash

Specific version:

curl -fsSL https://raw.githubusercontent.com/Escoto/RustifyMyClaw/main/scripts/install.sh | bash -s -- v0.1.0

Windows (PowerShell script):

irm https://raw.githubusercontent.com/Escoto/RustifyMyClaw/main/scripts/install.ps1 | iex

Windows (Chocolatey):

choco install rustifymyclaw

crates.io (any platform with Rust installed):

cargo install rustifymyclaw

Or build from source.

2. Configure

Generate a starter config with config init:

rustifymyclaw config init                # writes to default platform location
rustifymyclaw config init -d .           # writes config.yaml in current directory
rustifymyclaw config init -f my.yaml     # writes to a specific file path

Default locations:

• Linux / macOS: ~/.rustifymyclaw/config.yaml
• Windows: %APPDATA%\RustifyMyClaw\config.yaml

RustifyMyClaw auto-discovers config.yaml in the current directory, so config init -d . followed by rustifymyclaw just works. See docs/configuration.md for the full resolution chain.

Minimal example:

workspaces:
  - name: "my-project"
    directory: "/home/user/projects/my-project"
    backend: "claude-cli"
    channels:
      - kind: telegram
        token: "${TELEGRAM_BOT_TOKEN}"
        allowed_users:
          - "@your_handle"

output:
  max_message_chars: 600
  file_upload_threshold_bytes: 51200
  chunk_strategy: "natural"

Tokens are never hardcoded — use ${ENV_VAR} interpolation. Full reference: docs/configuration.md

3. Run

Use default config location OR current directory when config.yaml is present:

rustifymyclaw

Or with a custom config path:

rustifymyclaw -f /path/to/config.yaml

Validate your config without starting the daemon:

rustifymyclaw --validate

4. Run as a Linux daemon

[!IMPORTANT]
1 - Requires explicit workspace write permissions (otherwise your workspaces are readonly).
2 - As a daemon, rustifymyclaw defaults to /etc/rustifymyclaw/config.yaml. To use a different config file, set the RUSTIFYMYCLAW_CONFIG var and ensure the file is world-readable with chmod 644 so the daemon can access it.

curl -fsSL https://raw.githubusercontent.com/Escoto/RustifyMyClaw/main/scripts/install.sh | sudo bash -s -- --system

This places the binary in /usr/local/bin/, config in /etc/rustifymyclaw/, and installs a hardened systemd unit. Then:

sudo nano /etc/rustifymyclaw/config.yaml     # configure workspaces/channels
sudo nano /etc/rustifymyclaw/env             # add API tokens and/or RUSTIFYMYCLAW_CONFIG to overwrite default config location.
sudo systemctl enable --now rustifymyclaw
journalctl -u rustifymyclaw -f               # check logs

To allow your CLI Agent to write, use the built-in command:

sudo rustifymyclaw config allow-path /home/user/projects/my-project

See docs/configuration.md for full setup details and security hardening options.

Backends

RustifyMyClaw proxies to whichever AI CLI tool you have installed locally. Adding a new backend is one file and one trait implementation — see How to Add a New Backend.

Channels

Each channel connects using the platform's native protocol. No webhooks required for Telegram or Slack.

Chat commands

Documentation

• Architecture — system design, data flow, and extension points
• Configuration — full field reference and examples
• Building from Source — build instructions and requirements

Contributing

Contributions welcome. See CONTRIBUTING.md.

License

Licensed under Apache-2.0.