2026.02.25:BETA

MikroClaw

Ultra-lightweight AI agent runtime for MikroTik RouterOS container deployments. Sub-200KB binary, VPN-first, zero local persistence.

<200KB binary14 function tools13 LLM providersmemU cloud memory

View on GitHub llms.txt

Why MikroClaw?

Traditional AI agents are heavy and require cloud connectivity. MikroClaw inverts this.

Sub-200KB Binary

Tiny C runtime with static builds. Runs in 2MB RAM RouterOS containers with zero external dependencies.

VPN-First Security

Your AI agent lives on your internal network. Pairing-token auth, rate limiting, sender allowlists, and encrypted secrets.

memU Cloud Memory

Zero local persistence. Conversational memory via memU cloud with store, recall, and forget primitives.

13 LLM Providers

Provider registry with reliable fallback chains and streaming support. OpenRouter, OpenAI, Anthropic, Ollama, and more.

Multi-Channel

Telegram, Discord, and Slack channels with per-channel sender allowlists. Gateway API for direct integration.

RouterOS Native

REST API automation, firewall-scoped commands, workspace-only file access, and symlink escape prevention.

Quick Start

1Configure environment

export BOT_TOKEN="your_telegram_bot_token"
export OPENROUTER_KEY="your_openrouter_key"
export ROUTER_HOST="192.168.88.1"
export ROUTER_USER="admin"
export ROUTER_PASS="your_password"

2Build

make clean && make

3Run agent mode

./mikroclaw agent

4Test via Gateway API

curl http://localhost:18789/health

Function Tools

14 registered tools with JSON Schema definitions. These are exposed to the LLM via function_register_with_schema() in src/functions.c and follow the OpenAI function-calling format.

LLM Integration: All tool schemas are automatically registered at boot and passed to the provider as available functions. The LLM can invoke any tool via standard function-calling. Responses are routed back through the tool router.

parse_urlNetwork

Parse URL host/path

{
  "type": "object",
  "properties": {
    "url": {
      "type": "string"
    }
  },
  "required": [
    "url"
  ]
}

health_checkSystem

Return process health

{
  "type": "object",
  "properties": {}
}

memory_storeMemory

Store key/value memory

{
  "type": "object",
  "properties": {
    "key": {
      "type": "string"
    },
    "value": {
      "type": "string"
    }
  },
  "required": [
    "key",
    "value"
  ]
}

memory_recallMemory

Recall key memory

{
  "type": "object",
  "properties": {
    "key": {
      "type": "string"
    }
  },
  "required": [
    "key"
  ]
}

memory_forgetMemory

Forget key memory

{
  "type": "object",
  "properties": {
    "key": {
      "type": "string"
    }
  },
  "required": [
    "key"
  ]
}

web_searchNetwork

Search web documents

{
  "type": "object",
  "properties": {
    "query": {
      "type": "string"
    }
  },
  "required": [
    "query"
  ]
}

web_scrapeNetwork

Scrape URL via cloud services

{
  "type": "object",
  "properties": {
    "url": {
      "type": "string"
    }
  },
  "required": [
    "url"
  ]
}

skill_listSkills

List skills directory entries

{
  "type": "object",
  "properties": {}
}

skill_invokeSkills

Invoke executable skill from skills directory

{
  "type": "object",
  "properties": {
    "skill": {
      "type": "string"
    },
    "params": {
      "type": "string"
    }
  },
  "required": [
    "skill"
  ]
}

routeros_executeRouterOS

Execute RouterOS command from args

{
  "type": "object",
  "properties": {
    "command": {
      "type": "string"
    }
  },
  "required": [
    "command"
  ]
}

shell_execRouterOS

Execute allowed shell command

{
  "type": "object",
  "properties": {
    "command": {
      "type": "string"
    }
  },
  "required": [
    "command"
  ]
}

file_readFilesystem

Read file in workspace

{
  "type": "object",
  "properties": {
    "path": {
      "type": "string"
    }
  },
  "required": [
    "path"
  ]
}

file_writeFilesystem

Write file in workspace

{
  "type": "object",
  "properties": {
    "path": {
      "type": "string"
    },
    "content": {
      "type": "string"
    }
  },
  "required": [
    "path",
    "content"
  ]
}

composio_callSystem

Call Composio-compatible endpoint

{
  "type": "object",
  "properties": {
    "tool": {
      "type": "string"
    },
    "input": {
      "type": "string"
    }
  },
  "required": [
    "tool",
    "input"
  ]
}

Runtime Constraints

shell_exec is constrained by ALLOWED_SHELL_CMDS
file_read / file_write enforce workspace checks, forbidden paths, and symlink escape prevention
web_scrape behavior controlled by WEBSCRAPE_SERVICES
composio_call requires COMPOSIO_URL and COMPOSIO_API_KEY

Gateway API

Default port 18789. When PAIRING_REQUIRED=1, bearer token auth is enforced on non-health routes.

GET/health

Returns component health status for LLM, gateway, RouterOS, and memU.

{"status":"ok","components":{"llm":true,"gateway":true,"routeros":true,"memu":true}}

GET/health/heartbeat

Lightweight heartbeat probe.

{"heartbeat":"ok"}

POST/pair

Exchange X-Pairing-Code header for a bearer token.

{"paired":true,"token":"<bearer-token>"}

POST/tasks

Submit a task to the subagent runtime. Requires type in body.

{"task_id":"...","status":"queued"}

GET/tasks

List all queued tasks from the subagent.

GET/tasks/:id

Get status and result for a specific task.

DELETE/tasks/:id

Cancel a running or queued task.

{"status":"cancelled"}

Architecture

A layered C runtime with clear module boundaries.

Inbound Request (Telegram / Discord / Slack / Direct)
        |
        v
  [Allowlist Check] ---- rejected ----> X
        |
        v
  [Gateway Auth] ---- unauthorized ----> 403
        |
        v
  [Rate Limit] ---- throttled ----> 429
        |
        v
  [LLM Provider]  (reliable fallback chain)
        |
        v
  [Tool Router] ----> RouterOS API
        |              shell_exec
        |              file_read/write
        |              web_search/scrape
        |              memory_*
        v
  [memU Cloud] <---- persistence
        |
        v
  Response Routing

Core Runtime

Bootstrap, orchestration loop, CLI routing, config validation

main.cmikroclaw.ccli.clog.c

LLM + Providers

Chat transport, streaming parser, 13 named providers with fallback

llm.cllm_stream.cprovider_registry.c

Tooling + Execution

Tool registry, async task dispatch, worker pool, subagent APIs

functions.ctask_queue.cworker_pool.csubagent.c

Gateway + Security

Socket listener, pairing auth, per-IP throttling, lockout tracking

gateway.cgateway_auth.crate_limit.c

Channel Layer

Multi-channel messaging with per-channel sender allowlists

telegram.cdiscord.cslack.callowlist.c

CLI Commands

Command	Description
`./mikroclaw agent`	Run the AI agent loop
`./mikroclaw gateway [--port 0]`	Start the HTTP gateway
`./mikroclaw daemon`	Run as background daemon
`./mikroclaw status`	Check runtime status
`./mikroclaw doctor`	Diagnose configuration issues
`./mikroclaw channel`	Test channel connectivity
`./mikroclaw config --dump`	Dump current configuration
`./mikroclaw integrations [list\|info <name>]`	List or inspect integrations
`./mikroclaw identity [--rotate]`	Manage device identity
`./mikroclaw encrypt KEY=VALUE`	Encrypt secret values