Functional AI agents on your hardware.

Open-source software that runs AI agents on your own servers. No cloud, no telemetry, no lock-in. Deploy on bare metal, VMs, or Kubernetes.

Try DemoStar on GitHub
physiclaw — quick-start
$ curl -fsSL https://physiclaw.dev | sh -s -- \
  --cluster-name my-agents \
  --enable-gpu \
  --license oss

How it works

1. Deploy on your infrastructure

Run Physiclaw on bare metal, VMs, or Kubernetes. Everything stays inside your perimeter.

2. Connect to your tools

Agents plug into Prometheus, K8s, Vault, Slack, and other on-prem services you already use.

3. Chat or command; agents run

From terminal or API you assign tasks. Agents execute on your stack with no data leaving your network.

Community voices

Why Physiclaw

10 stars3 forks
Ok this is more what I was looking for. No cloudshits, no social media logins.
The data egress issue is exactly why more teams are going local-first.
The 'one generic assistant with root access to everything' problem is exactly what kills agent setups… Breaking it into role-specific agents with scoped tool access is the right call.
How dare you not want to give all your banking and API keys to a cloud company!
SQLite FTS5 + LanceDB is exactly the kind of 'no-cloud-dependency' stack that belongs in Physiclaw.
The air-gapped agent runtime space is weirdly underserved for how many people need it.
Agent Roles

Specialized agents, your infrastructure

Pre-built roles for SRE, security, data, and code tasks. Each loads its own toolchain.

PrometheusK8sTerraformGrafanaAlertingLog AnalysisCVE ScanIAMSIEMComplianceSQLETLSnowflakedbtQualityRefactorTestsLintingCI/CDDocs

← Hover a persona to illuminate

Integrations

Common enterprise on-prem services

Connect agents to the tools you already run inside your perimeter.

Prometheus

Metrics and alerting

Grafana

Dashboards and visualization

Kubernetes

Orchestration and workloads

Vault

Secrets and identity

LDAP / Active Directory

Identity and access

PostgreSQL

Data and vector store

GitLab

Source and CI

Jenkins

Pipelines and automation

SIEM

Security events and audit

Slack

Chat and notifications

Microsoft Teams

Chat and collaboration

OpenTelemetry

Traces and observability

Splunk

Log aggregation and search

Elastic

Search and analytics

Security

Nothing leaves your network.

Every layer runs inside your perimeter. No telemetry, no phone-home, no external trust boundaries.

YOUR INFRA

← Hover a security layer to illuminate

Control plane

Your stack, at a glance

Metrics, latency, and activity—all on-prem. Scrape Prometheus, import Grafana, or watch the audit log. No cloud, no SaaS.

Goals

312

Tool calls

1084

Violations

0

Egress blocks

0

Request rate (5m)

req/min
GoalsTool calls

Memory retrieval

ms avg
L2
12
L3
34
combined
41

Goals by persona

sre: 142secops: 68data_architect: 52

Auth outcomes

100
ok 98%denied 2%

Top tools (24h)

kubectl-get
89
bandit-scan
42
duckdb-query
31
dbt run
28
log-aggregator
19

Recent activity

goalsrerestart nginx12:04:02
tool_callsecopsbandit-scan12:03:58
goaldata_architectdbt run12:03:41
tool_callsrekubectl-get12:03:22
goalsrecheck pod status12:03:10
tool_calldata_architectduckdb-query12:02:55
Try demoGrafana dashboard
Extend

Everything is a config change.

Swap runtimes, vector stores, and audit backends in YAML. No vendor calls, no lock-in.

physiclaw.yaml
config v0.9
# physiclaw.yaml
---
runtime:
backend: "vllm"# hot-swappable inference engine
model: "llama-3-70b"# any GGUF / safetensors weight
gpu_layers: "auto"# offload control
max_concurrent: "32"# per-node parallelism
knowledge:
store: "pgvector"# your vectors, your network
embedder: "bge-large"# on-prem embedding model
chunker: "semantic"# document splitting strategy
reranker: "cross-encoder"# optional re-ranking pass
audit:
backend: "merkle-log"# tamper-evident storage
signing: "cosign"# cryptographic verification
export: "siem-sink"# compliance export target
retention: "forever"# WORM retention policy
runtime: vllmknowledge: pgvectoraudit: merkle-log
valid