Sea-Claw
Sovereign AI Agent Platform
A zero-dependency AI agent written in pure C11. No garbage collector. No runtime. No excuses.
Arena allocation. Grammar Shield. 57 compiled-in tools. One binary.
Install in 2 Minutes
One command. Interactive wizard. Builds from source on your machine.
curl -fsSL https://raw.githubusercontent.com/t4tarzan/seaclaw/main/install.sh | bashInteractive wizard: picks your LLM provider, API key, Telegram bot, then launches the TUI.
Three Steps to Your Own AI Agent
From zero to a running agent with 57 tools in under 3 minutes.
Install
~2 minOne command installs deps, builds from source, runs 61 tests, and drops you into the setup wizard.
curl -fsSL https://raw.githubusercontent.com/t4tarzan/seaclaw/main/install.sh | bash
Configure
~30 secThe wizard asks for your LLM provider (OpenRouter/OpenAI/Gemini/Anthropic/Local) and optional Telegram bot token.
# The wizard handles this, or configure manually: nano ~/.config/seaclaw/config.json
Launch
InstantStart the interactive TUI or connect your Telegram bot. Type naturally or use /exec to call any of the 50 tools.
sea_claw # Interactive TUI sea_claw --telegram TOKEN --chat CHAT_ID # Telegram bot
What Makes It Different
Not another wrapper. A ground-up sovereign engine.
Pure C11, No Runtime
No Node.js, no Python, no JVM. Single binary, ~203KB stripped. Starts in microseconds, not seconds.
Arena Memory Model
Zero malloc, zero free, zero leaks. Two arenas: session (16MB) + request (1MB). Reset is one pointer move.
Grammar Shield
Every input byte validated against charset bitmaps in <1μs. Shell injection, SQL injection, XSS — all rejected at the byte level.
57 Compiled-In Tools
File I/O, shell, web, DNS, SSL, weather, math, text, data, encoding, memory recall — all static function pointers. No eval, no dynamic loading.
Multi-Provider Fallback
OpenRouter → OpenAI → Gemini → Anthropic → Local. Automatic failover. Never stuck on one provider.
Telegram + TUI
Interactive terminal mode or Telegram bot. 15 slash commands. Natural language routed through Shield → Agent → Tools.
Sea-Claw vs Typical AI Agents
Numbers don't lie.
| Metric | Sea-Claw (C11) | Typical (TS/Python) |
|---|---|---|
| Binary size | ~82 KB | 200+ MB (node_modules) |
| Startup time | <1 ms | 2-5 seconds |
| Memory usage | 17 MB (arena) | 200-500 MB |
| Dependencies | 2 (libcurl, sqlite) | 500-2000 npm packages |
| Memory leaks | Impossible (arena) | Common (GC pressure) |
| Input validation | Byte-level (<1μs) | Regex (10-100μs) |
| Tool loading | Static (compile-time) | Dynamic (runtime eval) |
| Attack surface | 74 files, auditable | Thousands of deps |
Feature Checklist
What ships in v2.0.0 — all compiled into one binary.
Core Engine
- ✓Arena allocator (mmap, 11ns/alloc)
- ✓Zero-copy JSON parser (5.4μs)
- ✓Structured logging with ms timestamps
- ✓SQLite DB (WAL mode, chat + tasks)
- ✓JSON config loader with defaults
Security
- ✓Grammar Shield (10 grammars, <1μs)
- ✓Shell injection detection
- ✓SQL injection detection
- ✓XSS pattern blocking
- ✓URL validation (HTTPS only)
- ✓File magic byte checking
AI Agent
- ✓Multi-provider LLM (5 providers)
- ✓Automatic fallback chain (up to 4)
- ✓Tool calling from natural language
- ✓Conversation memory (SQLite)
- ✓System prompt with tool descriptions
- ✓Agent-to-Agent delegation (A2A)
Interfaces
- ✓Interactive TUI (15 commands)
- ✓Telegram bot (long-polling)
- ✓Chat history per conversation
- ✓Session clear / model info
- ✓Audit trail logging
- ✓Delegate to remote agents
57 Tools
- ✓File: read, write, list, info, search, checksum
- ✓System: shell, process, env, disk, syslog, uptime
- ✓Network: fetch, DNS, HTTP, IP, WHOIS, SSL, weather
- ✓Text: grep, wc, sort, diff, regex, replace, head/tail
- ✓Data: JSON format/query/to-csv, CSV parse
- ✓Math: eval, unit convert, calendar, cron
- ✓Memory: recall, manage, notes
Build & Deploy
- ✓Single Makefile (auto-detect arch)
- ✓x86 (AVX2), ARM (NEON), generic
- ✓Debug build with AddressSanitizer
- ✓Release build (~203KB stripped)
- ✓116 tests across 10 suites
- ✓One-liner install script
What Developers Are Saying
Early adopters and contributors share their experience.
“I replaced a 200MB Node.js agent with a 203KB binary. Same tools, same Telegram bot, 1/10th the memory. The arena allocator alone is worth studying.”
“The install wizard is slick — picked OpenRouter, pasted my key, and had a working Telegram bot in under 3 minutes. The Grammar Shield caught injection attempts I didn't even think of.”
“Finally an AI agent I can actually audit. 74 files, pure C11, no node_modules black hole. I read the entire codebase in an afternoon. Try doing that with LangChain.”
“We run Sea-Claw on a $7/month VPS for our internal team bot. 56 tools, 4 LLM fallback providers, zero downtime in 3 weeks. The arena reset between requests is genius.”
“Added a custom tool in 15 minutes — write one C function, register it, recompile. No plugin system, no YAML config, no runtime discovery. Just a function pointer. Beautiful.”
“The multi-provider fallback saved us during the OpenAI outage last week. Sea-Claw silently switched to Gemini and our Telegram bot never missed a message. That's sovereign computing.”
The Sovereign Computing Manifesto
The principles that guide every line of code.
“We stop building software that breaks. We start building logic that survives.”— Sea-Claw Manifesto
“Memory is a notebook. Write forward, rip out the page. Arena allocation means zero leaks are not a goal — they are a mathematical certainty.”— Phase 1: The Notebook
“The AI is a genius in a straightjacket. Grammar constraints mean it can only speak in shapes we understand. Every byte is validated before it touches the engine.”— Phase 3b: Shield & Hands
“The Cloud is Burning. The Vault Stands. Your agent runs on your hardware, your rules. No SaaS dependency. No vendor lock-in. One binary.”— Sovereign Computing
The Five Pillars
Every module has one job. No module knows about modules above it.
Substrate
src/core/Arena allocator, logging, SQLite DB, JSON config
Senses
src/senses/Zero-copy JSON parser, HTTP client (libcurl)
Shield
src/shield/Byte-level grammar validation, injection detection
Brain
src/brain/LLM agent loop with multi-provider fallback + tool calling
Hands
src/hands/57 static tools: file, shell, web, text, data, network, security, cron, memory, recall, spawn
┌───────────────────────────────────────────────────────┐
│ Sea-Claw Binary (~203KB) │
├──────────┬──────────┬───────────┬────────┬────────────┤
│ Substrate│ Senses │ Shield │ Brain │ Hands │
│(Arena,DB)│(JSON,HTTP)│(Grammar) │(Agent) │ (57 Tools) │
├──────────┴──────────┴───────────┴────────┴────────────┤
│ Telegram Bot / Interactive TUI │
├───────────────────────────────────────────────────────┤
│ A2A Protocol (Agent-to-Agent) │
└───────────────────────────────────────────────────────┘
Dependencies: libcurl + libsqlite3 (that's it)Build & Include Graph
Every module depends only on modules below it. Zero circular dependencies.
sea_types.hsea_arena.hsea_log.hsea_json.hsea_http.hsea_shield.hsea_db.hsea_config.hsea_tools.hsea_agent.hsea_telegram.hsea_a2a.hmain.cRuntime Initialization Order
int main() {
sea_log_init(SEA_LOG_INFO); // 1. Start logging clock
load_dotenv(".env"); // 2. Load API keys
sea_config_load(&cfg, path, &arena); // 3. Parse config.json
sea_arena_create(&session, 16MB); // 4. Session arena (mmap)
sea_arena_create(&request, 1MB); // 5. Per-request arena
sea_tools_init(); // 6. Log "57 tools"
sea_db_open(&db, path); // 7. Open SQLite + create tables
sea_agent_init(&agent_cfg); // 8. Configure LLM provider chain
run_telegram() OR tui_loop(); // 9. Start interface
}Telegram Message Flow
User sends message via Telegram
│
▼
┌─────────────────┐
│ Shield Validate │ ← Reject injection / invalid bytes
└────────┬────────┘
│
┌────┴────┐
│ Command? │
└──┬───┬──┘
Yes │ │ No (natural language)
▼ ▼
┌────────┐ ┌──────────────────┐
│ /exec │ │ Load chat history │
│ /tools │ │ from SQLite │
│ /task │ └────────┬─────────┘
│ /file │ ▼
│ /shell │ ┌──────────────────┐
└───┬────┘ │ sea_agent_chat() │
│ │ → Call LLM API │
▼ │ → Parse tool call│
┌────────┐ │ → Execute tool │
│ Direct │ │ → Loop until done│
│ tool │ └────────┬─────────┘
│ exec │ │
└───┬────┘ │
└───────┬────────┘
▼
sea_telegram_send(response)
sea_arena_reset() ← instant cleanupEvery C File, Documented
Code examples from the actual source. Each module has one responsibility.
sea_types.hFoundation Types
Fixed-width types (u8-u64, i8-i64, f32/f64), SeaSlice zero-copy string view, 22 error codes, agent states, version constants.
typedef struct {
const u8* data; // Pointer into existing buffer
u32 len; // Length in bytes
} SeaSlice;
#define SEA_SLICE_LIT(s) ((SeaSlice){(const u8*)(s), sizeof(s) - 1})
// 22 error codes
typedef enum {
SEA_OK = 0,
SEA_ERR_OOM, SEA_ERR_ARENA_FULL,
SEA_ERR_IO, SEA_ERR_TIMEOUT,
SEA_ERR_INVALID_INPUT, SEA_ERR_GRAMMAR_REJECT,
SEA_ERR_TOOL_NOT_FOUND, SEA_ERR_TOOL_FAILED,
// ... 14 more
} SeaError;sea_arena.hThe Memory Notebook
Bump-pointer arena allocator. One big mmap block, sequential writes, instant reset. Zero leaks, zero fragmentation.
SeaArena arena;
sea_arena_create(&arena, 1024 * 1024); // 1 MB via mmap
char* buf = sea_arena_alloc(&arena, 256, 1); // bump alloc
snprintf(buf, 256, "Hello from arena!");
SeaSlice s = sea_arena_push_cstr(&arena, "zero-copy");
// s.data points into arena memory — no malloc
sea_arena_reset(&arena); // ONE instruction — all memory reusable
sea_arena_destroy(&arena); // munmapsea_json.hThe Shape Sorter
Zero-copy JSON parser. Values are SeaSlice pointers into the original input buffer. No malloc, no string copies.
const char* json = "{\"name\":\"Sea-Claw\",\"tools\":50}";
SeaSlice input = { .data = (const u8*)json, .len = strlen(json) };
SeaJsonValue root;
sea_json_parse(input, &arena, &root);
SeaSlice name = sea_json_get_string(&root, "name");
// name.data points into original json buffer — zero copy!
f64 tools = sea_json_get_number(&root, "tools", 0);
// tools == 50.0sea_shield.hThe Grammar Filter
Every byte is validated against a charset bitmap. Shell injection, SQL injection, XSS — all rejected at the byte level in under 1 microsecond.
SeaSlice user_input = SEA_SLICE_LIT("hello world");
// Detect shell injection: $(cmd), `cmd`, ; rm, | cat, etc.
if (sea_shield_detect_injection(user_input)) {
return SEA_ERR_INVALID_INPUT; // REJECTED
}
// Validate against grammar bitmap
if (!sea_shield_check(user_input, SEA_GRAMMAR_SAFE_TEXT)) {
return SEA_ERR_GRAMMAR_REJECT; // Invalid bytes
}
// Safe to process — every byte verifiedsea_db.hThe Ledger
SQLite-backed persistent storage. Chat history, tasks, audit trail, key-value config. Single file, WAL mode.
SeaDb* db;
sea_db_open(&db, "seaclaw.db");
// Auto-creates: trajectory, config, tasks, chat_history
sea_db_log_event(db, "startup", "Sea-Claw started", "1.0.0");
sea_db_task_create(db, "Write docs", "high", "All 56 tools");
sea_db_chat_log(db, 890034905, "user", "What's the weather?");
// Load last 20 messages for conversation memory
SeaDbChatMsg msgs[20];
i32 count = sea_db_chat_history(db, chat_id, msgs, 20, &arena);sea_agent.hThe Brain
LLM agent loop: takes user input, calls LLM API, parses tool calls, executes them, loops until final answer. Multi-provider fallback chain.
// Provider chain: OpenRouter -> OpenAI -> Gemini
SeaAgentConfig cfg = {
.provider = SEA_LLM_OPENROUTER,
.model = "moonshotai/kimi-k2.5",
.api_key = getenv("OPENROUTER_API_KEY"),
.fallbacks = {
{ SEA_LLM_OPENAI, getenv("OPENAI_API_KEY"), NULL, "gpt-4o-mini" },
{ SEA_LLM_GEMINI, getenv("GEMINI_API_KEY"), NULL, "gemini-2.0-flash" },
},
.fallback_count = 2,
};
SeaAgentResult result = sea_agent_chat(&cfg, history, count,
"What files are in /tmp?", &arena);
// Agent may call file_read, dir_list, shell_exec tools automaticallysea_tools.hStatic Tool Registry
AI can ONLY call tools wired at compile time. No dynamic loading, no eval. Tools are function pointers — one CPU JUMP instruction.
// Every tool has this exact signature
typedef SeaError (*SeaToolFunc)(
SeaSlice args, SeaArena* arena, SeaSlice* output
);
// Execute by name — O(n) scan of static array
SeaSlice args = SEA_SLICE_LIT("/root/seaclaw/README.md");
SeaSlice output;
SeaError err = sea_tool_exec("file_read", args, &arena, &output);
if (err == SEA_OK) {
printf("%.*s\n", (int)output.len, (const char*)output.data);
}The Complete Tool Registry
Every tool compiled in at build time. No dynamic loading. No eval. No surprises.
Core
(2 tools)echoEcho text back
/exec echo Hello!system_statusMemory, uptime, arena stats
/exec system_statusFile I/O
(6 tools)file_readRead file contents
/exec file_read /etc/hostnamefile_writeWrite file (path|content)
/exec file_write /tmp/test.txt|Hellodir_listList directory contents
/exec dir_list /root/seaclaw/srcfile_infoFile metadata & permissions
/exec file_info /root/seaclaw/sea_clawchecksum_fileCRC32 + FNV-1a checksums
/exec checksum_file /etc/passwdfile_searchFind files by pattern
/exec file_search .c /root/seaclaw/srcSystem
(6 tools)shell_execRun shell command (sandboxed)
/exec shell_exec uname -aenv_getGet env variable (whitelisted)
/exec env_get HOMEprocess_listList processes by CPU/mem
/exec process_listdisk_usageFilesystem usage
/exec disk_usage /syslog_readRead system log entries
/exec syslog_read 20uptimeUptime, load, RAM via sysinfo()
/exec uptimeNetwork
(8 tools)web_fetchFetch URL content
/exec web_fetch https://httpbin.org/ipdns_lookupDNS resolve hostname
/exec dns_lookup google.comnet_infoInterfaces, IP, ping, ports
/exec net_info iphttp_requestGET/POST/HEAD requests
/exec http_request GET https://httpbin.org/getip_infoIP geolocation (ip-api.com)
/exec ip_info 8.8.8.8whois_lookupDomain WHOIS data
/exec whois_lookup google.comssl_checkSSL certificate details
/exec ssl_check github.comweatherWeather via wttr.in
/exec weather LondonSearch
(1 tools)exa_searchWeb search via Exa API
/exec exa_search "Rust vs C benchmarks"Text Processing
(9 tools)text_summarizeText stats (words, lines, chars)
/exec text_summarize "Hello world"text_transformupper/lower/reverse/base64
/exec text_transform upper helloregex_matchPOSIX ERE regex matching
/exec regex_match [0-9]+ "42 cats"diff_textLine-by-line comparison
/exec diff_text "a\nb"|||"a\nc"grep_textPattern search with line numbers
/exec grep_text TODO /root/seaclaw/src/main.cwcWord count (like Unix wc)
/exec wc /root/seaclaw/src/main.chead_tailFirst/last N lines
/exec head_tail head 5 /etc/passwdsort_textSort lines (-r -n -u)
/exec sort_text -n "10\n2\n30"string_replaceFind and replace
/exec string_replace foo|||bar|||"foo fun"Data Processing
(4 tools)json_formatPretty-print/validate JSON
/exec json_format {"a":1}csv_parseParse CSV (headers/count/col)
/exec csv_parse headers "a,b\n1,2"json_queryQuery JSON by dot-path
/exec json_query name {"name":"test"}json_to_csvJSON array to CSV
/exec json_to_csv [{"a":1}]Encoding & Hash
(3 tools)hash_computeCRC32/DJB2/FNV-1a hashing
/exec hash_compute crc32 "hello"url_parseParse URL components
/exec url_parse https://example.com/path?q=1encode_decodeURL/HTML encode/decode
/exec encode_decode urlencode "a b"Math & Utility
(9 tools)timestampCurrent time (unix/iso/utc)
/exec timestampmath_evalEvaluate expressions
/exec math_eval 2 + 3 * 4uuid_genUUID v4 from /dev/urandom
/exec uuid_genrandom_genRandom number/string/coin/dice
/exec random_gen dice 20cron_parseExplain cron expressions
/exec cron_parse "0 9 * * 1-5"calendarCalendar view, weekday, diff
/exec calendar 2 2026unit_convertLength/weight/temp/data/time
/exec unit_convert 100 km mipassword_genCrypto password (/dev/urandom)
/exec password_gen 32count_linesLines of code counter
/exec count_lines /root/seaclaw/srcTasks & Database
(2 tools)task_manageCreate/list/complete tasks
/exec task_manage listdb_queryRead-only SQL (SELECT only)
/exec db_query SELECT count(*) FROM tasksAdding a New Tool (4 Steps)
/*
* tool_example.c — Description of your tool
*
* Tool ID: 51
* Category: Your Category
* Args: <arg_description>
* Returns: What it returns
* Security: How inputs are validated.
*/
#include "seaclaw/sea_tools.h"
#include <stdio.h>
#include <string.h>
SeaError tool_example(SeaSlice args, SeaArena* arena, SeaSlice* output) {
if (args.len == 0) {
*output = SEA_SLICE_LIT("Usage: <args>");
return SEA_OK;
}
char buf[256];
int len = snprintf(buf, sizeof(buf), "Result: %.*s",
(int)args.len, (const char*)args.data);
u8* dst = (u8*)sea_arena_push_bytes(arena, buf, (u64)len);
if (!dst) return SEA_ERR_ARENA_FULL;
output->data = dst;
output->len = (u32)len;
return SEA_OK;
}
// Then: register in sea_tools.c, add to Makefile, make allPublic Header API
12 headers. Every struct, enum, and function signature documented.
| Header | Purpose | Key Functions | Tests |
|---|---|---|---|
sea_types.h | Foundation types, error codes | sea_slice_eq(), sea_error_str() | - |
sea_arena.h | Arena allocator (mmap) | create, alloc, push, reset, destroy | 9 |
sea_log.h | Structured logging | sea_log_init(), SEA_LOG_INFO() | - |
sea_json.h | Zero-copy JSON parser | parse, get, get_string, get_number | 17 |
sea_shield.h | Grammar filter | validate, check, detect_injection | 19 |
sea_http.h | HTTP client (libcurl) | get, post_json, post_json_auth | - |
sea_db.h | SQLite database | open, close, log_event, chat_log | 10 |
sea_config.h | JSON config loader | load, defaults, print | 6 |
sea_tools.h | Tool registry | init, exec, by_name, by_id, list | - |
sea_agent.h | LLM agent loop | init, chat, build_system_prompt | - |
sea_telegram.h | Telegram bot | init, poll, send, get_me | - |
sea_a2a.h | Agent-to-Agent | delegate, heartbeat, discover | - |
6-Layer Defense Model
Every byte is validated before it touches the engine. No exceptions.
Grammar Filter
Every input byte checked against charset bitmap (<1μs)
Injection Detector
Pattern matching for $(cmd), `cmd`, ; rm, | cat, etc.
Tool-Level Validation
Each tool validates its own arguments. File paths checked by Shield.
Static Tool Registry
No eval(), no exec(), no dynamic loading. Function pointers only.
Arena Memory Safety
No malloc/free. No use-after-free. No double-free. Bounds checked.
A2A Output Verification
Remote agent responses Shield-validated before use.
Zero Malloc. Zero Leaks.
Two arenas, one pointer move to reset. Deterministic performance.
Session Arena
Long-lived data: config strings, system prompt. Lives for program lifetime.
Request Arena
Per-request: tool output, JSON parsing, HTTP responses. Reset after each message.
1. Message arrives (Telegram or TUI)
2. All processing uses request_arena
3. Tool outputs, JSON parsing, HTTP responses → arena
4. Response sent back to user
5. sea_arena_reset(&request_arena) // ONE instruction
6. All memory from steps 2-4 instantly reclaimed
Why no malloc:
✓ No memory leaks possible
✓ No use-after-free possible
✓ No fragmentation
✓ No GC pauses
✓ Arena reset is O(1)On-Prem Enterprise Solution
Your AI. Your network. Your rules. Zero data leakage.
Sea-Claw Mesh turns every machine on your local network into an AI-powered node — all coordinated by a single central brain running a local LLM. No data ever leaves your network. No cloud APIs. No API keys. No third-party dependencies. Zero operating cost.
Mesh Architecture
┌──────────────────────────────────────────────────────────────────┐
│ YOUR LOCAL NETWORK │
│ No data leaves this boundary │
│ │
│ ┌──────────────────────────────────────────┐ │
│ │ CAPTAIN (M4 Mac, 64 GB RAM) │ │
│ │ │ │
│ │ Ollama (70B model, Q8_0 KV cache) │ │
│ │ Sea-Claw (captain mode, port 9100) │ │
│ │ Telegram / WebChat (single outbound) │ │
│ │ SQLite (shared task queue + audit) │ │
│ └────────────┬─────────────────────────────┘ │
│ │ │
│ ┌────────┼────────┬──────────┐ │
│ ▼ ▼ ▼ ▼ │
│ ┌───────┐┌───────┐┌───────┐┌─────────┐ │
│ │ Node 1││ Node 2││ Node 3││ Node 4 │ │
│ │Laptop ││Desktop││ RPi ││ Server │ │
│ │ 2 MB ││ 2 MB ││ 2 MB ││ 2 MB │ │
│ │ ││ ││ ││ │ │
│ │ files ││docker ││sensors││database │ │
│ │ shell ││ build ││ GPIO ││ backup │ │
│ │ web ││ test ││camera ││ deploy │ │
│ └───────┘└───────┘└───────┘└─────────┘ │
│ │
└──────────────────────────────────────────────────────────────────┘How It Works
Deploy
Copy the 2 MB binary to any machine. One config file. Zero dependencies.
Register
Crew nodes auto-register with the Captain, advertising their capabilities.
Think
Captain routes tasks to the local LLM (Ollama). LLM decides which tools to call.
Execute
Captain dispatches tool calls to the right node. Shield-verified at every boundary.
Why On-Prem?
| Concern | Cloud AI Agents | Sea-Claw Mesh |
|---|---|---|
| Data sovereignty | Every message → third-party servers | Nothing leaves your LAN |
| Compliance | GDPR, HIPAA, SOC2 concerns | Air-gappable. Full audit trail |
| Operating cost | $0.01–$0.10 per message | $0 — local LLM, no API fees |
| Availability | Internet outage = dead | Works without internet |
| Latency | 200–2000 ms (cloud round-trip) | 5–50 ms (LAN round-trip) |
| Binary size / node | 200+ MB (Node.js runtime) | 2 MB (static C binary) |
| RAM per node | 150–300 MB idle | 8–17 MB idle |
| Runs on | Servers with 2+ GB RAM | Anything — laptops, RPi, routers |
6-Layer Mesh Security
Mesh Authentication
Shared secret + HMAC tokens. No token = rejected immediately.
IP Allowlist
Only accepts connections from configured LAN subnets.
Capability Gating
Nodes only execute tools they advertised. No lateral movement.
Input Shield
Byte-level grammar validation. Shell/SQL/XSS injection blocked.
Output Shield
LLM responses scanned for prompt injection before delivery.
Full Audit Trail
Every task, tool call, and result logged to SQLite with timestamps.
Quick Start
Captain (Central M4 Mac)
Runs the LLM + coordinates all nodes
# Install Ollama + pull a powerful model
curl -fsSL https://ollama.ai/install.sh | sh
ollama pull qwen2.5:72b
# Run Sea-Claw as Captain
./sea_claw --mode captain --config captain.jsonCrew (Any Linux/macOS Machine)
2 MB binary + one config file
# Copy the 2 MB binary + one config file. That's it.
scp user@captain:~/seaclaw/sea_claw .
./sea_claw --mode crew --config crew.json
# Auto-registers with Captain, starts accepting work.Use Cases
Development Teams
Every developer's laptop is a node. Central M4 runs the LLM. Code review, testing, and deployment coordinated through Telegram.
IoT / Industrial
Raspberry Pi nodes monitor sensors, cameras, GPIO. Central brain analyzes data and triggers actions. Zero cloud dependency.
Regulated Industries
Healthcare, finance, legal. Data never leaves the premises. Full audit trail for compliance. Air-gappable.
Research Labs
Multiple workstations share one powerful LLM. Experiment data stays on-site. Results coordinated through a single interface.
Small Business
One Mac Mini as the brain, employee laptops as nodes. AI assistant for the whole office at zero recurring cost.
Air-Gapped Environments
Military, government, critical infrastructure. Complete network isolation. No internet required. Full local operation.
Ready to Deploy Sea-Claw Mesh?
We provide architecture consulting, custom deployment, on-site installation for air-gapped environments, team training, and priority support.
25+ years of security & networking infrastructure. We built Sea-Claw because we needed an AI agent we could actually trust on our own network.
SeaZero — Hybrid AI Platform
The discipline of C. The autonomy of Python. One command to install.
SeaZero combines SeaClaw (C11 orchestrator) with Agent Zero (Python autonomous agent). C handles orchestration, security, and memory. Python handles open-ended reasoning and code generation. Agent Zero runs in Docker — isolated, budget-controlled, and never sees your real API keys.
Hybrid Architecture
┌─────────────────────────────────────────────────────────────┐
│ SeaClaw (C11, ~203KB) │
│ │
│ Arena Memory │ Grammar Shield │ LLM Proxy │ 58 Tools │
│ (zero malloc)│ (byte-level) │ (port 7432)│ (compiled in) │
│ │ │ │ │
│ SQLite v3 DB │ PII Filter │ Workspace │ Tool #58: │
│ (8 tables) │ (redact all) │ Manager │ agent_zero │
├───────────────┴────────────────┴──────┬─────┴────────────────┤
│ HTTP JSON Bridge │ 8 Security Layers │
├───────────────────────────────────────┼──────────────────────┤
│ Docker Container (isolated) │ │
│ ▼ │
│ Agent Zero (Python) │
│ • Autonomous reasoning + code generation │
│ • LLM via SeaClaw proxy ONLY (never sees real API key) │
│ • Seccomp + read-only rootfs + network isolation │
│ • Shared workspace for file delivery │
└──────────────────────────────────────────────────────────────┘Why C + Python?
C Orchestrates
SeaClaw handles memory (arena, zero leaks), security (Grammar Shield, byte-level), and all 57 compiled-in tools. Starts in <1ms, uses 17MB RAM.
Python Reasons
Agent Zero handles autonomous multi-step reasoning, code generation, web research, and complex analysis. Runs in isolated Docker container.
C Guards the Keys
Agent Zero never sees your real API key. All LLM calls go through SeaClaw's proxy on port 7432 with token validation and daily budget enforcement.
8 Security Layers
Docker isolation, seccomp, network isolation, credential isolation, token budget, Grammar Shield, PII filter, output size limit, full audit trail.
Shared Workspace
Agent Zero writes files to a shared workspace. SeaClaw reads, sanitizes, and delivers them. Path traversal blocked. 10MB per file limit.
Full Audit Trail
Every task, LLM call, and security event logged to SQLite. Token usage tracked per caller. /usage and /audit TUI commands.
How It Works
Install
One command installs SeaClaw + optional Agent Zero. Generates internal bridge token. Configures LLM proxy.
Delegate
User types /delegate <task>. SeaClaw validates input, creates task in SQLite, sends to Agent Zero via HTTP bridge.
Execute
Agent Zero reasons autonomously. Calls LLM through SeaClaw proxy (never sees real key). Writes files to shared workspace.
Filter & Deliver
Output passes through: 64KB limit → Grammar Shield → PII filter. Result delivered to user. Everything audited.
8-Layer Security Model
Docker Isolation
Seccomp profile, read-only rootfs, tmpfs for /tmp, no-new-privileges, cap_drop ALL.
Network Isolation
Bridge network. DNS restricted to 8.8.8.8 / 1.1.1.1. No LAN access.
Credential Isolation
Agent Zero only has an internal bridge token. Never sees real API keys, Telegram tokens, or any SeaClaw secrets.
Token Budget
Daily limit (default 100K tokens/day) enforced by the LLM proxy. Over budget = rejected.
Grammar Shield
Byte-level validation of all Agent Zero output. Injection patterns detected and blocked.
PII Filter
Automatic redaction of emails, phone numbers, SSNs, credit card numbers, and IP addresses.
Output Size Limit
64KB max response from Agent Zero. Prevents memory abuse and data exfiltration.
Full Audit Trail
Every task, LLM call, and security event logged to SQLite with timestamps and severity.
C vs Python — Division of Labor
| Aspect | C (SeaClaw) | Python (Agent Zero) |
|---|---|---|
| Role | Orchestrator, security, memory | Autonomous executor, reasoning |
| Binary size | ~203KB | ~500MB (Docker container) |
| Startup | <1ms | ~5s (container) |
| Memory model | Arena allocation, zero leaks | GC-managed, budget-controlled by C |
| Security | Grammar Shield, byte-level | Sandboxed in Docker |
| LLM access | Direct API calls | Via C proxy only (never sees key) |
| Tools | 57 compiled-in (static) | Dynamic (code generation) |
| Speed | μs-level operations | ms-level operations |
SeaZero TUI Commands
# List Agent Zero instances with status
🦀 > /agents
# Delegate a complex task to Agent Zero
🦀 > /delegate Write a Python script to analyze CSV data and create charts
# Show delegated task history
🦀 > /sztasks
# LLM token usage breakdown (SeaClaw vs Agent Zero)
🦀 > /usage
# Recent security events
🦀 > /auditQuick Start
Install with Agent Zero
Select "Yes" when asked about Agent Zero
curl -fsSL https://raw.githubusercontent.com/t4tarzan/seaclaw/main/install.sh | bash
# Then pull the Agent Zero Docker image
cd ~/seaclaw && make seazero-setupStart Delegating
Agent Zero handles complex tasks autonomously
sea_claw
🦀 > /agents # Check Agent Zero status
🦀 > /delegate Analyze my CSV # Delegate a complex task
🦀 > /sztasks # Check task progress
🦀 > /usage # See token consumption