sharpclaw
mcp
AI agent with long-term memory, built on .NET 10. Supports Anthropic, OpenAI, and Gemini, featuring a Python WASM sandbox for secure code execution.
README.md
πΎ Sharpclaw
Sharpclaw is an advanced, highly capable autonomous AI agent framework built on .NET 10. Its core distinctiveness lies in its robust cross-conversation long-term memory system and system-level operation capabilities.
By leveraging the Microsoft.Extensions.AI abstraction layer, Sharpclaw seamlessly integrates with multiple LLM providers (Anthropic, OpenAI, Gemini) and interacts with users through multiple frontend channels including a Terminal UI (TUI), a Web interface, and QQ Bots.
β¨ Key Features
π§ Multi-Tier Long-Term Memory System
- Three-Layer Pipeline: Automatically manages context through Working Memory (current session) β Recent Memory (detailed summaries) β Primary Memory (consolidated core facts).
- Agentic Memory Saver: An autonomous background agent actively decides what to save, update, or delete after each conversation turn.
- Vector Database Integration: Built-in vector search powered by Sharc and SQLite, featuring semantic deduplication and a 2-stage retrieval process (Vector Search + DashScope Rerank).
π οΈ System Operation Capabilities (Tools/Commands)
- File System: Comprehensive file operations including searching, reading, appending, editing, and directory management.
- Process & Task Management: Execute native OS commands, external processes, HTTP requests, and manage background tasks. Tasks support foreground (blocking) and background modes, with full lifecycle management including output streaming (stdout/stderr/combined), stdin writing, keyword/regex-based output waiting, and process tree termination. All background tasks are automatically killed and cleaned up on application exit.
- Sandboxed Python: Run Python code safely inside a WASM sandbox (see WASM Python Sandbox below).
π WASM Python Sandbox
- Sandboxed Execution: Runs Python code inside a RustPython WASM module via Wasmtime (primary) or Wasmer (fallback) runtimes, providing strong hardware-level isolation from the host process.
- Filesystem Isolation: File access is strictly limited to
/workspace(the agent's working directory) and an isolated per-run temporary directory via WASI capability-based security. The host filesystem is completely inaccessible. - Guaranteed Timeout: Wasmtime's epoch interruption mechanism enforces a hard, non-bypassable execution timeout (default 180 s), preventing infinite loops and CPU exhaustion.
- No Shell Injection:
stdout/stderrare captured at the WASI syscall level via native callbacks, completely bypassing the host shell and eliminating shell-injection risks. - Per-Execution Isolation: Every run creates a fresh WASM engine instance inside a unique GUID-named temporary directory, which is automatically deleted after completion β no state leaks between invocations.
π± Multi-Channel Support
- TUI (Terminal.Gui): A feature-rich terminal interface with collapsible logs, slash-command auto-completion, and configuration dialogs.
- Web (WebSocket): A lightweight ASP.NET Core web server with a modern UI (Tokyo Night theme) and real-time streaming.
- QQ Bot: Native integration with QQ channels, groups, and private messages.
π Extensible Skills System
- External Skills: Load custom skills from
~/.sharpclaw/skills/viaAgentSkillsDotNet, seamlessly merged with built-in commands as a unified tool collection.
π Secure Configuration
- Cross-platform secure credential storage (Windows Credential Manager, macOS Keychain, Linux libsecret) using AES-256-GCM encryption for API keys.
- Automatic configuration version migration (up to v8).
- Per-provider custom request body injection (e.g.
"thinking","reasoning_split") β configurable globally or per-agent via the Config Dialog.
π Getting Started
Prerequisites
- .NET 10.0 SDK
- Git (for cloning submodules)
Build and Run
- Clone the repository with its submodules:
git clone --recursive https://github.com/yourusername/sharpclaw.git
cd sharpclaw
- Build the entire solution:
dotnet build
- Run the application via the CLI. Sharpclaw routes the startup based on the command provided:
- Start Terminal UI (Default):
dotnet run --project sharpclaw tui
First run automatically launches the configuration wizard:
- Start Web Server:
dotnet run --project sharpclaw web
- Start QQ Bot:
dotnet run --project sharpclaw qqbot
- Open Configuration UI:
dotnet run --project sharpclaw config
ποΈ Architecture
System Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend Layer (Channels/) β
β βββ Tui/ β Terminal.Gui v2 (ChatWindow, ConfigDialog) β
β βββ Web/ β ASP.NET Core WebSocket server β
β βββ QQBot/ β QQ Bot integration (Luolan.QQBot) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Agent Layer (Agents/) β
β βββ MainAgent β Conversation loop, tool orchestration β
β βββ MemorySaver β Autonomous memory management β
β βββ ConversationArchiver β Two-phase memory consolidation β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Memory Pipeline (Chat/, Memory/) β
β βββ MemoryPipelineChatReducer β Context window management β
β βββ VectorMemoryStore β Sharc + SQLite vector search β
β βββ InMemoryMemoryStore β Keyword-based fallback β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Skills & Commands (Commands/, ~/.sharpclaw/skills/) β
β βββ Built-in β File, Process, HTTP, Task, System commands β
β βββ External Skills β AgentSkillsDotNet plugin loading β
β βββ Memory Tools β SearchMemory, GetRecentMemories β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β WASM Python Sandbox (Services/, Interop/, libs/) β
β βββ WasmtimePythonService β RunPython tool (primary) β
β βββ WasmtimeWasiRuntime β Epoch-timeout WASM executor β
β βββ WasmerWasiRuntime β Fallback WASM executor β
β βββ rustpython.wasm β Embedded Python 3 interpreter β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Core Infrastructure (Core/) β
β βββ AgentBootstrap β Shared initialization + skill loading β
β βββ SharpclawConfig β Configuration with encryption β
β βββ ClientFactory β LLM client creation β
β βββ DataProtector/KeyStore β AES-256-GCM encryption β
β βββ TaskManager β Background process management β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Memory System
Sharpclaw implements a sophisticated three-layer memory pipeline:
| Layer | File | Purpose |
|---|---|---|
| Working Memory | working_memory.json |
Current conversation snapshot |
| Recent Memory | recent_memory.md |
Detailed summaries (append-only) |
| Primary Memory | primary_memory.md |
Consolidated core facts |
| Vector Store | memories.db |
Semantic embeddings + metadata |
| History | history/*.md |
Archived full conversations |
Pipeline Flow:
- After each turn β MemorySaver analyzes and updates vector store
- When context window overflows β Summarizer generates detailed summary β appends to recent memory
- When recent memory > 30k chars β Consolidator extracts core info β overwrites primary memory
IChatIO Abstraction
The AI engine is decoupled from frontend through IChatIO interface:
- TUI:
Channels/Tui/ChatWindow.csβ Terminal.Gui v2 interface - Web:
Channels/Web/WebSocketChatIO.csβ WebSocket frontend - QQ Bot:
Channels/QQBot/QQBotServer.csβ QQ Bot interface
All frontends share the same MainAgent logic.
π‘οΈ WASM Python Sandbox
Sharpclaw provides a fully isolated, secure Python execution environment using WebAssembly (WASM) and WASI (WebAssembly System Interface). This allows the AI agent to generate and run Python code without any risk to the host system.
Runtime Stack
| Component | Technology | Role |
|---|---|---|
| Python Interpreter | RustPython compiled to WASM | Python 3 runtime inside sandbox |
| Primary Runtime | Wasmtime v43 | WASM executor with epoch-based timeout |
| Fallback Runtime | Wasmer | Alternative executor |
| System Interface | WASI | Capability-based filesystem & I/O abstraction |
Security Boundaries
| Boundary | Mechanism | Effect |
|---|---|---|
| Filesystem | WASI pre-opened directories | Only /workspace and a per-run /sharpclaw_tmp are accessible |
| Memory | WASM linear memory | Complete isolation from host process memory |
| Execution Time | Wasmtime epoch interruption | Hard, non-bypassable timeout (default 180 s) |
| I/O | WASI syscall-level callbacks | Output captured before reaching the host shell |
| Concurrency | SemaphoreSlim mutex |
One Python execution at a time, preventing races |
| State | Fresh WASM instance per run | No shared state between invocations |
Execution Flow
Agent calls RunPython(code, purpose, timeoutSeconds)
β
βΌ
WasmtimePythonService (acquires mutex)
β
βΌ
WasmtimeWasiRuntime.ExecuteCode()
βββ Create isolated temp dir (GUID-named, auto-deleted on finish)
βββ Write user code to temp file
βββ Init Wasmtime engine (epoch interruption enabled)
βββ Configure WASI:
β βββ Pre-open /workspace (rw)
β βββ Pre-open /sharpclaw_tmp (rw)
β βββ Capture stdout/stderr via native callbacks
β βββ Set env vars (PWD=/workspace only)
βββ Instantiate rustpython.wasm + call _start
βββ Start timeout watchdog (Task.Delay β increment epoch)
βββ Return WasmCommandResult { Success, ExitCode, StdOut, StdErr, TimedOut }
Capability Matrix
| Capability | Status | Notes |
|---|---|---|
| Standard Python library | β | Frozen into rustpython.wasm |
File I/O in /workspace |
β | Maps to the agent's working directory on the host |
| Arbitrary computation | β | No restrictions beyond timeout |
| Host filesystem (outside workspace) | β | Blocked by WASI capability model |
Native extensions (.so/.dll) |
β | WASM cannot load host shared libraries |
| Spawning host processes | β | No subprocess/os.system to host |
| Unrestricted network access | β | No WASI socket mapping by default |
π Project Structure
sharpclaw/
βββ sharpclaw/ β Main project
β βββ Program.cs β Entry point (tui/web/qqbot/config)
β βββ sharpclaw.csproj β Project file (net10.0)
β βββ Abstractions/ β IChatIO, IAppLogger interfaces
β βββ Agents/ β MainAgent, MemorySaver, ConversationArchiver
β βββ Channels/ β Tui, Web, QQBot frontends
β βββ Chat/ β MemoryPipelineChatReducer
β βββ Clients/ β DashScopeRerankClient, ExtraFieldsPolicy
β βββ Commands/ β All tool implementations
β βββ Core/ β Config, Bootstrap, TaskManager
β βββ Memory/ β IMemoryStore, VectorMemoryStore
β βββ UI/ β ConfigDialog, AppLogger
β βββ wwwroot/ β Web UI (index.html)
βββ preview/ β Screenshots
βββ sharc/ β Submodule: high-performance SQLite library
β βββ src/ β 9 project folders (Sharc, Sharc.Vector, etc.)
β βββ tests/ β 11 test projects (3,467 tests)
β βββ bench/ β BenchmarkDotNet suites
β βββ docs/ β Architecture & feature docs
βββ CLAUDE.md β AI assistant instructions
βββ README.md / README_CN.md β Documentation
βββ sharpclaw.slnx β Solution file
π§ Configuration
Configuration is stored in ~/.sharpclaw/config.json (version 8):
{
"version": 8,
"default": {
"provider": "anthropic",
"apiKey": "...",
"model": "claude-3-5-sonnet-20241022"
},
"agents": {
"main": { "enabled": true },
"recaller": { "enabled": true },
"saver": { "enabled": true },
"summarizer": { "enabled": true }
},
"memory": {
"embeddingProvider": "openai",
"embeddingModel": "text-embedding-3-small"
},
"channels": {
"web": { "address": "127.0.0.1", "port": 5000 }
}
}
- API keys encrypted at rest with AES-256-GCM
- Encryption key stored in OS credential manager
- Per-agent overrides can specify different provider/model
- ExtraRequestBody supports custom fields (e.g.,
thinking)
𧩠Sharc Submodule
Sharpclaw includes Sharc as a submodule β a high-performance, pure managed C# library for reading/writing SQLite files:
- Pure managed C# β zero native dependencies
- 609x faster B-tree seeks than Microsoft.Data.Sqlite
- Zero allocation per-row reads via
Span<T> - Built-in features: Encryption, Graph queries (Cypher), Vector search, SQL pipeline
See sharc/README.md and sharc/CLAUDE.md for details.
π License
This project is licensed under the MIT License - see the LICENSE file for details.
Copyright (c) 2025 sharpclaw.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found