← Documentation index Foundations › Architecture

Mykleos

Architecture — Introduction
Version 1.0 — 21 April 2026
Reference: myclaw v0.0.1 (design phase)
Self-contained HTML — PDF-printable

Audience: Roberto, anyone who wants to understand in 20 minutes what is about to be built.
Status: documentation only. Not a single line of code written yet. This document fixes the "what" and the "why"; the microdesign of each component will live in docs/architecture/*.html.

Contents

  1. What is Mykleos?
  2. Why openclaw and zeroclaw aren't enough
  3. Key idea: the four layers
  4. The flow of a request
  5. The LLM interface: the provider-agnostic pattern
  6. The three autonomy levels
  7. DM pairing
  8. The workspace: markdown files instead of code
  9. Repository layout
  10. What Mykleos is NOT
  11. Roadmap & further reading

1. What is Mykleos?

Mykleos is a digital butler for the home: an AI assistant that lives on a family computer, speaks through the channels you already use (terminal, Telegram, later WhatsApp or voice), performs real actions (read files, run commands, query the web) but asks permission before doing anything serious.

The butler analogy is useful. A good butler:

Technically it is a Python ≥ 3.11 process running at /opt/myclaw/, made of four layers (gateway, policy, sandbox, workspace/tool). Every AI service (LLM, STT, TTS, embedding, speaker-ID) is consumed through an abstract interface — Mykleos is provider-agnostic by construction. In the author's specific environment that interface is implemented by suprastructure, a pre-existing sibling package; in another environment it could be implemented by any equivalent adapter.

Explicit goals

GoalWhat it means in practice
Local-firstRuns on the home PC. No data required to be in the cloud. Cloud is optional only (e.g. remote LLM providers, tunnels).
Safe by defaultBind on 127.0.0.1, autonomy Supervised, mandatory sandbox, forbidden paths, approval for risky actions.
Multi-channelSame "mind", different interfaces: CLI, Telegram, later Signal, voice, web dashboard.
Open-endedNew tools and channels without rewriting the core: just conform to a Protocol.
Lock-in-freeThe AI layer sits behind an abstract interface: swapping Claude for Ollama = one config line, no code change. In the author's environment the pattern is implemented by suprastructure.

2. Why openclaw and zeroclaw aren't enough

Both are excellent projects and have been the primary source of inspiration. Both, however, have traits that make them not-ready for home use on my PC:

ProjectStrengthsLimits for my case
openclaw
TypeScript, Node 24+		 Gateway-first design, 20+ channels, pluggable sandbox (Docker/SSH/OpenShell), skills registry, multi-agent routing Node stack foreign to my other projects, more permissive defaults, cloud-oriented sandboxes
zeroclaw
Rust 2024		 Minimal footprint, autonomy levels, layered sandbox (Landlock+Bubblewrap), DM pairing, encrypted auth, 129+ security tests Rust reintroduces a separate stack; rewrites from scratch the LLM/STT/TTS layer that I have already solved with an abstract interface and its own implementation (in my case suprastructure)

The decision: take the best patterns from both (openclaw's gateway-first, zeroclaw's autonomy+pairing+layered-sandbox) and reimplement them in Python, where:

  1. I can reuse the LLM interface implementation I already have in-house (in my case suprastructure) instead of rewriting it;
  2. Mykleos is consistent with the other sibling agents in the environment (one language, shared conventions);
  3. I can raise the security defaults for the home context without fighting cloud-native conventions.

3. Key idea: the four layers

Mykleos is an onion: the outside talks with the world, the inside executes. Each layer trusts only the layer further in, and grants less privilege the closer one gets to the centre.

Layer 1 — Gateway HTTP/WS/SSE on 127.0.0.1 · inbound channels · sessions · webhooks · cron Layer 2 — Policy autonomy level · approval gating · rate/cost limits · forbidden paths · pairing Layer 3 — Sandbox bubblewrap · systemd-run hardened · (Docker optional) Layer 4 — Workspace & Tool markdown files (IDENTITY, USER, MEMORY, ...) · Tool Protocol · LLM via supra this is where the agent "thinks" and "acts" outside / less trusted inside / more privileged receives from the world, authenticates decides what is allowed isolates execution does the actual work
Figure 1 — The four layers of Mykleos. Every request crosses all four, in order, before producing an effect.

Layer 1 — Gateway

A single FastAPI process exposing HTTP/WebSocket/SSE on 127.0.0.1:42618. It receives messages from channels, manages sessions, dispatches webhooks, schedules cron jobs. It is the sole point of contact with the world. It never directly executes sensitive commands.

Layer 2 — Policy

The legality filter. Given an event ("user X wants to do Y"), it answers: allowed, denied, or allowed only after approval. It applies the autonomy level (see ch. 6), rate-limits, cost-caps (how much to spend on LLM calls per day), forbidden paths, and the state of pairing (ch. 7).

Layer 3 — Sandbox

When policy says "yes", the action is still not executed free-hand. For tools that touch filesystem or shell, we enter bubblewrap (or systemd-run with hardening) with a profile picked from the autonomy level. No direct subprocess.run, ever. Docker is a future option for the strictest mode.

Layer 4 — Workspace & Tool

Inside the sandbox, the tool does its work: read a file from the workspace (/opt/myclaw/workspace/), call an LLM via registry.get(LLMProvider) on suprastructure, write a line in the audit log. The workspace is the agent's "home": its markdown files of personality and memory live there (ch. 8).

4. The flow of a request

Let's follow a concrete example. You're in the garden, you write from Telegram: "tell me what's in tonight's log".

User / Channel Gateway Policy Sandbox Tool suprastructure 1 "what's in tonight's log?" 2 recognises sender (already paired) "wants to read a file" 4 autonomy=Supervised, path OK → allowed open bwrap read-only profile tool fs_read(/var/log/...) LLM: summarize this log summary (3 lines) response + audit log written Telegram message Note: if the request were "delete the log", Policy (step 4) would ask for approval via channel before proceeding.
Figure 2 — Flow of a "read log" request from Telegram. Each lane crossing means traversing a layer. The audit log (step 9) is implicit in every execution.

5. The LLM interface: the provider-agnostic pattern

Mykleos never talks directly to Claude, OpenAI, Ollama or any other provider of language models. It talks to an abstract interface (typically a typing.Protocol) that the registry resolves at runtime into a concrete implementation. The same holds for STT, TTS, embedding, speaker ID. This is the pattern that makes Mykleos provider-agnostic: whoever writes Mykleos doesn't need to know which model will actually run, and whoever administers the environment can change it with a single line of configuration.

In the diagram that follows, Mykleos is one consumer among others: a home agent for voice and smart-home control, further bots specialised on narrow domains. All share the same abstraction. None of them rewrites the AI layer: they use it.

myclaw gateway + agent + sandbox · channels: CLI, Telegram · tools: fs, shell, web · markdown workspace home agent (sibling agent, example) · wake-word → STT → LLM → TTS · smart-home control (MQTT) specialised bot (sibling agent, example) · narrow domain · one channel, few tools registry.get(...) suprastructure hub of AI services — typing.Protocol interfaces + registry + swappable implementations LLM STT TTS Embedding Speaker ID Model Registry Backends (interchangeable via config) Claude / Anthropic OpenAI llama.cpp / Ollama faster-whisper Piper xtts-rocm Swap backend = one YAML line. No consumer notices.
Figure 3 — The provider-agnostic pattern. Mykleos is one consumer among possible others (here a home agent and a specialised bot as examples). All of them speak to the same abstract interface; the concrete implementation (in the author's case suprastructure) stays interchangeable.

The concrete benefit: a new model (e.g. Claude 4.7 when available) is configured once inside the interface implementation and all consumers inherit it simultaneously — Mykleos included. No code to rewrite, no deploy to coordinate.

6. The three autonomy levels

Concept borrowed and adapted from zeroclaw. Every session runs at a declared autonomy level. The level determines how much Mykleos can do before having to ask for confirmation.

LevelDefault forWhat it can do without askingWhat requires approval
ReadOnly First contacts, guests Read files in the workspace, call LLM, run web search Any write, any shell command, any outbound message
Supervised
default		 Everyday use The above + writes inside the workspace, allowlisted shell commands Writes outside the workspace, non-allowlist commands, cost > threshold, outbound messages to third parties
Full Explicit administrative sessions Almost anything inside the home domain Actions touching forbidden paths (/etc, ~/.ssh, ...): always denied, not approvable
Forbidden paths are hard-coded in source, not configurable via YAML. Even Full does not get through. Minimum list: /etc, /root, ~/.ssh, ~/.aws, ~/.config/claude, /var/backups, other-project folders in /opt/ distinct from myclaw.

The level can be raised temporarily via an explicit command (myclaw session --level full --for 10m), logged and with automatic expiry.

7. DM pairing

A channel like Telegram is inherently multi-user: anyone who knows the bot's handle can write to it. Pairing is the mechanism that distinguishes a family member from a stranger.

Stranger @new_telegram_user myclaw gateway + pairing Roberto admin channel (CLI) "hi, can I talk to you?" "I don't know you. Code: K7-DELTA-19" admin notice: "pairing request K7-DELTA-19" myclaw pairing approve telegram K7-DELTA-19 --as guest after approval: @new_telegram_user is registered as "guest" (autonomy ReadOnly) "what time is it?" "9:43 PM on Tuesday" "delete ~/.ssh/id_rsa" → forbidden path, denied at once, not even asked
Figure 4 — Pairing sequence for a new Telegram user. Until Roberto approves, the new sender can do nothing. Even after, they stay at the lowest level (ReadOnly) by default.
Pairing vs login. Pairing identifies a channel+sender, not a physical person. If the same family member writes from both Telegram and Signal, those are two separate pairings. Each with its own autonomy level.

8. The workspace: markdown files instead of code

Mykleos's "personality" is not in a Python file. It lives in the workspace/, in five markdown files that Roberto can edit whenever he wants without restarting. The idea comes from openclaw/zeroclaw and is right on target: behavioural configuration is readable text, not a data structure buried in code.

FileContents
IDENTITY.mdWho the agent is: name, tone, preferred language, response style. E.g.: "you are a formal but terse butler, reply in English".
USER.mdWho the primary user is: Roberto, habits, timezone, preferences, constraints.
MEMORY.mdLong-term facts accumulated: "the router password is in Bitwarden", "the dog is called X", "calls Aunt every Sunday".
AGENTS.mdOrchestration rules: when to delegate to a sub-agent, how channels map to autonomy levels.
SOUL.mdHigh-level operating principles: "never lie about actions taken", "when in doubt, ask", "local-first".

These files are injected into the system prompt at every LLM call (with proper caching so as not to burn tokens). Editing them is the primary way to "reprogram" Mykleos.

The audit log lives under workspace/.audit/ as append-only JSONL: one row per tool call, with timestamp, sender, action, outcome, estimated cost.

9. Repository layout

/opt/myclaw/ docs/ index.html Mykleos_Architecture_Intro_v1.html Mykleos_Survival_Kit_v1.html architecture/ gateway.html, policy.html, ... workspace/ IDENTITY.md USER.md MEMORY.md AGENTS.md · SOUL.md .audit/ (JSONL append-only) config/ default.yaml (safe to ship) secrets.env (chmod 600) sandbox-profiles/ readonly.bwrap, supervised.bwrap, full.bwrap src/myclaw/ gateway/ FastAPI, sessions webhook, cron agent/ reasoning loop tool dispatch channels/ Protocol Channel cli, telegram, ... tools/ Protocol Tool fs, shell, web, supra sandbox/ bwrap, systemd-run Docker (opt.) policy/ autonomy, approval rate/cost limits memory/ Protocol Memory sqlite, jsonl pairing/ signed codes approve/revoke config/ pydantic schema loader other things grow here over time (observability/, cron/, tunnel/, ...) systemd/ myclaw-gateway.service (user unit, hardened) pyproject.toml · VERSION · CHANGELOG.md · README.md · AGENTS.md same conventions as suprastructure
Figure 5 — Repository layout. Same philosophy as suprastructure: docs alongside the root, src/ contains the package, systemd/ the service file, config/ the defaults.

10. What Mykleos is NOT

Scope discipline. The list of what we don't do is as important as the list of what we do. Every temptation to add an item from this list must be refused.

11. Roadmap & further reading

The roadmap is deliberately small. One step at a time, with the microdesign document preceding the code.

PhaseGoalGate
0 (now)This document + survival kitRoberto approves the overall architecture
1Repo skeleton + "hello world" gateway + CLI channel + sandboxed shell toolgateway.html, channel.html, tool.html, sandbox.html written and approved
2Policy engine + markdown workspace + audit logpolicy.html, workspace.html, observability.html
3Telegram channel + DM pairingpairing.html + damage-containment plan
4Persistent memory + provider failover via suprastructurememory.html; suprastructure ≥ v0.4 if needed
5+Voice channel (reuses supra's STT/TTS), optional tunnel, minimal web dashboardevaluated case by case

Keep reading

extension · 30 min
Neurons, Synapses and Memory v1.1
The natural extension: how an agent builds new actuators when the existing ones fail, with a Darwinian law of selection.
 practical · 10 min
Survival Kit — what you'll be able to do
Same system, seen from the user's side. What you'll be able to do on day one, with sample dialogues and commands.
 rationale · 15 min · in Italian
Literature & Adaptations
The rationale behind the choices: 30+ references from Voyager to CoALA, mapped against each design decision. English version not yet available.
 microdesign · in Italian
Component index
The microdesign documents (gateway, policy, sandbox, tool, ...) — grows progressively. English version not yet available.
 home
← Documentation index
Back to the list of all documents and their relationships.
Document versioning. This is v1. Non-marginal changes increment the number; the previous file stays accessible to trace the evolution of architectural thinking.

Mykleos — Architecture: Introduction v1.0 — 2026-04-21
Inspired by openclaw and zeroclaw, built on top of suprastructure.