Your first secure AI agent in 10 minutes.
npx chitin-shellNo decisions. No configuration files. No security expertise needed.
Answer 5 questions. Get a production-hardened AI agent with contextual trust boundaries.
- Detects your system (OS, CPU, memory, available tools)
- Asks 5 simple questions (name, agent name, channel, provider, password)
- Installs OpenClaw and your chosen AI provider
- Configures your agent with secure defaults
- Hardens your system (UFW firewall, fail2ban, file permissions)
- Deploys Chitin Moat — contextual agent permissions
- Verifies everything works
Most agent setups are insecure by default because they require users to make security decisions. Every decision is a place to get it wrong.
Chitin Shell eliminates the decisions. Security is structural, not optional.
| Feature | Default | User Choice? |
|---|---|---|
| UFW firewall | Deny all incoming | No |
| fail2ban | Active on SSH | No |
| Gateway binding | Loopback only | No |
| Trust channels | Sovereign (owner DM), Observer (everything else) | No |
| Secrets encryption | Restricted file permissions (700) | No |
| Sub-agent sandbox | Docker isolation | No |
| Provider | Cost | Quality | Notes |
|---|---|---|---|
| 🆓 Groq | Free | Good | Llama 3.3 70B, fast inference |
| 🧠 Anthropic | Paid | Best | Claude Sonnet/Opus |
| 🌐 OpenAI | Paid | Great | GPT-4o |
| 🏠 Ollama | Free | Varies | Local, private, needs GPU |
- 📱 Telegram (recommended)
- 💬 Discord
- 💬 Signal
- 💻 CLI (no channel needed)
Test without making changes:
npx chitin-shell --dry-runAfter bootstrap, level up with The Vesper Blueprint — a comprehensive guide to understanding and customizing your agent's architecture.
Chitin.xyz — Trust infrastructure for the agent economy.
Apache 2.0