Pre Alpha - Don't install yet ;)
The Secure Way to Use Autonomous AI Agents
Sheriff Claw is a security layer that sits between your AI agent and your sensitive data. It allows you to use powerful AI tools without giving them access to your passwords or API keys.
Copy and paste this one line into your terminal and hit Enter:
curl -fsSL https://raw.githubusercontent.com/Gazman-Dev/sheriffclaw/main/install.sh | bashThis script downloads Sheriff Claw, installs it, and guides you through the setup.
Here are the two updated sections for your README:
Sheriff Claw uses two separate Telegram channels to keep your digital life safe.
-
The Sheriff Channel (Secure Control): This is a private line between you and the Sheriff, a secure computer program running on your machine. The Sheriff is not an AI; it is a strict security guard that manages your secrets and permissions.
-
The AI Channel (The Worker): This is where you chat with your AI Agent. You can ask it to do amazing things like:
- "Research the latest tech news and write a summary."
- "Check my calendar and book a meeting."
- "Write code to fix a bug in my website."
The AI is smart and capable, but because it lives in a separate channel, it cannot access the secrets in the Sheriff's vault.
Here is exactly how you can let the AI manage your accounts without ever giving it your password. Let's say you want the AI to post a daily tweet about trending news:
- You ask the AI: "Please check the news and tweet the top story every morning."
- The AI checks its tools: It realizes it needs an X (Twitter) Token to post on your behalf, but it doesn't have it.
- The Sheriff alerts you: The AI asks the Sheriff for help. The Sheriff immediately messages you on the Secure Sheriff Channel: "The AI needs an X Token to proceed. Please provide it."
- You provide the secret: You paste the token directly into the secure chat with the Sheriff.
- The Sheriff locks it away: The Sheriff encrypts the token in its vault and tells the AI, "I have the token. You may proceed."
- The AI works safely: The AI generates the tweet and sends the text to the Sheriff. The Sheriff takes the token from the vault, signs the message, and posts it to X.
The Result: The tweet is posted, but the AI never saw your token. It simply used the Sheriff to get the job done safely.
- Immune to Trickery: Since the Sheriff is a rigid program and not an AI, it cannot be tricked into revealing your secrets by a malicious website or a clever prompt.
- Encrypted Storage: Your secrets are not saved in plain text files that the AI can read. They are encrypted with a Master Password that only you know.
- Total Separation: Because the AI and the Sheriff live in different channels, the AI has no physical way to access the raw data inside the Sheriff's vault.
After install, start an interactive terminal channel:
sheriff-ctl chatRouting rules:
- messages starting with
/go to Sheriff - any other text goes to the AI bot
Examples:
/status→ Sheriff/ yes I agree→ Sheriffwhat / do?→ AI bot
Configure Codex auth (outside Sheriff channel, stored in encrypted vault):
sheriff-ctl configure-llm --provider openai-codex --api-key <OPENAI_API_KEY> --master-password <MASTER_PASSWORD>Optional test bot route:
sheriff-ctl chat --model-ref test/defaultDeterministic scenario simulator (for testing permissions + secrets):
sheriff-ctl chat --model-ref scenario/defaultRun scripted E2E simulation locally:
./scripts/e2e_cli_simulation.shRun install-path E2E check (fresh ~/.sheriffclaw install + chat flow):
./scripts/e2e_installation_check.shRun Linux validation in Docker (unit + CLI E2E + installer E2E + reinstall idempotency):
./scripts/test_linux_docker.shRun reinstall idempotency check locally:
./scripts/e2e_reinstall_idempotency.sh- Run the install command above.
- Set your Master Password: This is used to encrypt your local vault.
- Connect the Channels: The setup script will help you link the Sheriff Program and the AI Agent to Telegram.
- Start Working: Send your keys to the Sheriff, and give tasks to the AI.
Stay Safe, Partner! 🤠