ZeroClaw Codebase Architecture Analysis Report
Written on February 26, 2026
Overview
ZeroClaw is a high-performance autonomous agent runtime written in Rust. This report summarizes the analysis of the codebase structure and security architecture.
1. Core Architecture Patterns
ZeroClaw adopts trait-driven extensibility as its core design principle.
1.1 Major Traits (7)
| Trait | Location | Role |
|---|---|---|
Provider | src/providers/traits.rs | AI model provider interface |
Channel | src/channels/traits.rs | Communication channel interface |
Tool | src/tools/traits.rs | Tool execution interface |
Memory | src/memory/traits.rs | Memory backend interface |
Observer | src/observability/traits.rs | Observability interface |
RuntimeAdapter | src/runtime/traits.rs | Runtime adapter interface |
Peripheral | src/peripherals/traits.rs | Hardware peripheral interface |
2. Security Architecture
ZeroClaw implements security through a Defense-in-Depth strategy.
2.1 Security Layers (6)
- SecurityPolicy Core - Autonomy level management
- Gateway Security - Bearer token authentication
- Tool Validation - Injection prevention
- Runtime Sandbox - Landlock/Firejail/Docker
- Secret Management - ChaCha20-Poly1305
- Audit Logging - Event tracking
2.2 Core Security Boundaries
- Command allowlist: 15 items
- Rate limiting: 20 requests/hour
- Environment variables: only 8 allowed
3. Multi-Agent System
Implementation Roadmap
| Phase | Duration | Content |
|---|---|---|
| 1 | 1 week | Core traits, DelegateTool extension |
| 2 | 2-3 weeks | Docker/Wasm execution modes |
| 3 | 4+ weeks | Distributed message bus, consensus algorithm |
Conclusion
ZeroClaw has an excellent architecture in terms of extensibility, security, performance, and maintainability.
This report was written based on collaborative analysis by the ZeroClaw development team.
Korean Version: 한국어 버전