Security-first sandboxing for AI agents.
Declaw runs untrusted, AI-generated code in isolated Firecracker microVMs — hardware-level isolation with sub-second starts — and layers runtime security controls on top:
- 🔒 MicroVM isolation — every sandbox is a dedicated microVM, not a shared-kernel container
- 🌐 Network policy enforcement — per-sandbox egress filtering and domain allowlists
- 🛡️ Built-in guardrails — PII scanning, prompt injection defense, and toxicity detection
- 📝 Audit logging — full visibility into what your agents do
- ☁️ Managed cloud or self-hosted — run it as a service, or deploy in your own infrastructure
| 🐍 Python SDK | declaw · PyPI |
| 📇 TypeScript SDK | @declaw/sdk · npm |
| 🐹 Go SDK | declaw-go |
| ⌨️ CLI | declaw-cli |
| 🔌 MCP server | mcp-server — sandbox any MCP client |
| 🧩 Integrations | n8n node · Dify plugin |
All SDKs and the CLI are open source under Apache-2.0.
- 🌍 Website: declaw.ai
- 📚 Docs: docs.declaw.ai