MaClaw 码卡龙
A governable AI capability foundation for enterprises, and a personal AI work partner for individuals.
An AI that truly remembers you, understands your business, and follows your enterprise rules.
Digital Companion · Two Identities, One Foundation
Enterprise-grade governance + Personal-grade companionship, sharing the same memory, knowledge and capability system
Far beyond an "AI Assistant" — capabilities you can actually deploy
From daily office work to enterprise IT systems, IT operations and factory production-line monitoring — enterprises push selected Skill/MCP capability packs to employees and field devices, building an AI capability foundation that belongs to them. Every capability is governable, auditable and revocable.
Daily Office Work
Package standard operating procedures as Skill packs and push them to employees' MaClaw. Documents, emails, expenses and approvals follow corporate standards automatically.
- Contract review / Bid response / Due diligence workflows
- One-click expense, leave and other business forms
- Email drafting, meeting minutes, PPT design
- Trigger anywhere via Lark / WeChat / DingTalk / Teams
Full Enterprise IT System
Replaces legacy MISStructured Data Service (MaClawDataSrv) + Agent Dynamic UI (AG-UI) — replace fixed menus, fixed pages and fixed forms with natural language. Covers 30+ enterprise business templates.
- Full schema for Sales / Finance / HR / Legal / Procurement / Inventory / Assets
- Say "yesterday I met a client in Hangzhou, train 174" — auto-recognized as an expense entry
- Business-rule engine + approval flow + operation plan
- SQLite / PostgreSQL — same API, seamless switch
IT Operations
Wrap your ops SOPs as Skills / Passthrough Tasks and push them to engineers' machines. From routine inspection to emergency recovery — handled by conversation or a single command.
- SSH with 10 concurrent sessions; password / key / agent auth
- Passthrough tasks: restart, backup, rollback, cleanup in one shot
- Scheduled inspections, anomaly alerts, auto-generated ops reports
- High-risk operations require approval; full audit trail
Factory Production-Line Monitoring
Connect PLC / SCADA / MES data via enterprise-managed MCP. MaClaw stays on the floor, collecting metrics, identifying anomalies, pushing alerts and producing shift reports automatically.
- MCP integration with PLC / SCADA / IoT gateways
- Vision models auto-inspect equipment state and line anomalies
- GoalWatch keeps tasks alive — unattended operation
- Equipment data flows into the enterprise knowledge base
Private Capability Market
Enterprise-managed Skill/MCP library. Employees' MaClaw prioritizes capabilities approved and stored here.
- Approved-only intake with full source provenance
- Centralized purchase for paid capabilities; license never leaves the enterprise
- Seamless for employees — enterprise capabilities always win
Deployment & Recommendation
Admins can force-deploy or simply recommend, scoped by department / role / device type.
- Deployment: auto-install on enterprise enrollment, retry on failure
- Recommendation: surfaced in the marketplace, user opts in
- Uninstalled deployments auto-reinstall on next sync
Source Verification & Revocation
Every capability pack carries provenance, version and checksum — and can be revoked in one click.
- SHA-256 checksum + signature verification
- Pinned versions and latest-approved tracking
- Capabilities can be revoked, disabled or rolled back
Data Sovereignty & Multi-Tenancy
Enterprise data stays in your Hub; the cloud never reads enterprise business data.
- Physical-path isolation per tenant / user
- Every table keyed by tenant_id
- Licenses centrally signed, offline-verified on-premise
Authentication & Credentials
Layered credential design — every key passes through strong hashing and full lifecycle management.
- scrypt (N=32768) + pepper for password digests
- HMAC-SHA256 session tokens, bcrypt admin secret
- Five states: active / suspended / revoked / expired / expiring
- Plaintext returned once only; masked after rotation
Policy Engine
Effective-policy from a top-down user-group tree, with five actions and four presets.
- Five actions: allow / deny / ask / audit / user_override
- Four presets: standard / strict / offline / developer
- Three-level capability-source allowlist: global / tenant / user
- Multi-role RBAC: admin / data_admin / data_user / auditor
End-to-End Encryption
Capability packs, licenses and transport — all encrypted; private keys stored separately from data keys.
- Capability packs: RSA-2048 + AES-256-GCM + PBKDF2 100k
- License: RSA-SHA256 signing, offline-verified by the enterprise
- TLS 1.2 minimum; StartTLS for email links
- Private keys at 0o600 with key-separation policy
Sandboxing & Isolation
Both execution context and network reach are configurable — tenants are separated at the physical layer.
- Sandbox modes: none / os / docker
- Network tiers: full / intranet / none
- YOLO mode can be disabled per tenant / user
- Multi-tenant path and database-level isolation
Audit, Redaction & Injection Defense
Every call is structurally logged; sensitive data is auto-detected and masked.
- JSONL audit log: 50MB rotation, 30-day retention
- Fields: risk_level / decision / reason / sensitive_categories
- 5 built-in sensitive patterns (API key / AWS / private key / password / JWT)
- 4-class prompt-injection detection across messages, tools, web, files
High-Risk Operation Approval
Risk tiering + double-confirm + smart review — important ops are stopped, routine ones don't get in the way.
- Risk levels: low / medium / high / critical
- Passthrough tasks default to confirm_required=true
- Smart Approval: LLM re-review for high-risk actions
- Session allowlist + async approval (2-minute timeout)
Not a chatbot — it actually does the work
From document processing to data analysis, PC maintenance, study-abroad applications, research writing and image processing — MaClaw understands your intent, remembers your preferences, calls knowledge and tools, and walks the whole way with you from requirement to delivery. You say the idea, it delivers the result.
Document Processing
Word / Excel / PPT / PDF — generate, modify and convert across formats, following your style and templates.
- One-click Markdown → Word / PDF
- Excel read/write, formulas, pivot tables
- PPT from outline to deck, with design suggestions
- PDF parsing, merging, section-level rewriting
Data Analysis
Hand over your raw Excel / CSV / DB exports — ask in natural language to get insights and charts.
- Auto cleaning, dedup, missing-value handling
- Multi-table joins and pivots
- Smart visualization (line / bar / scatter / heatmap)
- Trend forecasting and outlier detection
PC Maintenance
Desktop GUI automation + command-line tasks — let MaClaw drive your computer: install software, clean disks, edit configs, run scripts.
- Local CLI and background process management
- Desktop GUI automation (Notepad, Excel, etc.)
- Vision model identifies buttons / icons / fields
- Scheduled tasks for routine operations
Workflow Templates
19 structured workflow templates following "requirement → design → step-by-step execution" — pause, confirm and edit at every step.
- Business plan, competitive analysis, project proposal
- Contract review, due diligence, compliance audit
- Research report, PRD, software testing
- Outputs auto-distilled into long-term memory
Study Abroad
From school selection and essays to timeline management — MaClaw walks the whole journey with you, remembering your background and preferences.
- School shortlisting (by GPA / language scores / interests)
- Personal Statement (PS / SOP) iterative polishing
- Recommendation letter drafts and outreach emails
- Deadline reminders and material checklists
Research Assistant
Import papers, patents and experimental data into the knowledge base — MaClaw works with its "external brain" to do literature reviews, experiment design and paper writing.
- Literature review: batch import, auto-extract claims
- Experiment design and method comparison
- Grant proposals / paper sections by structure
- Fact graph: entity–relation–entity triples
Image Processing
Via Skills / MCP, drive image tools — from retouching to generation to recognition — all by conversation.
- Cutout, watermark removal, batch resize/crop
- OCR text extraction (CN-EN mixed)
- AI image generation / editing (mainstream models)
- Image understanding and caption generation
Memory + Knowledge Base
Long-term memory is the inner brain; the knowledge base is the outer brain. It remembers your preferences across sessions; import docs to inject domain knowledge.
- BM25 + vector hybrid semantic search
- Ebbinghaus forgetting curve, auto-maintained
- Import any format: PDF / Word / web pages
- Context Pack auto-injection during work
Digital Employees — 7×24 workforce with zero salary cost
Digital Employees are a new workforce model built by MaClaw for enterprises: digital avatars for existing employees, and cloud-based virtual employees that fill roles without physical hires. Together they dramatically boost operational efficiency and service coverage — without adding to the payroll.
Daily Task Automation
Automatically handles email triage and reply suggestions, meeting minutes generation, schedule coordination, expense report filing and other repetitive chores — freeing employees to focus on high-value work.
Information Concierge
The digital avatar continuously learns the employee's domain knowledge and answers common questions, policy lookups, and regulation interpretations on their behalf — routing only complex issues that require human judgment.
Document & Report Generation
Auto-generates weekly and monthly reports, project progress summaries, analysis documents with charts. Drafts contracts and proposals, drastically reducing time spent on document creation.
Cross-System Delegation
Connects OA, ERP, CRM and other enterprise systems. One natural language command triggers multi-step cross-system operations — "Send last week's quote to Zhang for approval" — no more switching between apps.
Virtual Receptionist & Customer Service
7×24 visitor reception, customer support, and product introductions across multiple languages and channels. Replaces basic customer service roles with faster response, consistent service quality, and zero training cost.
Process Approval Assistant
Auto-approves standard business workflows (leave requests, procurement, reimbursements, contracts) in seconds; escalates exceptions to human reviewers. Reduces approval turnaround from hours to seconds.
Data Entry & Validation
Automatically extracts structured data from emails, PDFs, images, and web pages, then performs entry, comparison, and validation — eliminating manual errors and freeing data-entry staff for higher-value work.
Knowledge Base Curator
Continuously ingests company documents, manuals, and product specs. Auto-updates knowledge base entries, flags outdated content, and suggests revisions — keeping your corporate knowledge assets fresh and reliable.
4-Tier Capability System
Enterprises prefer their own approved capabilities; external sources are introduced under enterprise policy
Private Capability Market
Enterprise Hub Marketplace
Enterprise-built Skill/MCP library curated by admins. Employees' MaClaw calls these first by default; licenses for paid capabilities are centrally held and never leave enterprise boundaries.
Public Capability Market
HubCenter Marketplace
Official and commercial-partner marketplace. Free Skills install directly; paid Skills/MCPs go through enterprise procurement. Admins can bulk-import to their private market.
ClawHub
Community capabilities
Open community-built capability source. Free Skills can be tried with low friction; validated ones get promoted into the enterprise private market as enterprise assets.
GitHub
Open-source ecosystem
Direct GitHub-repo Skills/MCPs offer the broadest reach. Enterprise admins can whitelist allowed sources to control what gets pulled in.
🔍 Smart Routing in Enterprise Mode
When MaClaw is in enterprise mode, capability lookup order is: Private Market → Public Market → ClawHub → GitHub. Capabilities published in the enterprise Hub always win; whether external sources can be searched, trialed or imported is decided by enterprise policy.
- Free capabilities: configurable as "trial-then-adopt" — validated capabilities are auto-archived into the enterprise market.
- Paid capabilities: must be "approved and purchased, then made available" — license stays in the enterprise Hub throughout.
- MCP services: when a secret is missing, status shows "needs configuration" without blocking the main flow.
Enterprise Capability Build Process
Four steps to turn external capabilities into enterprise-owned assets
Discover
Admins search public market, ClawHub, GitHub for matching Skills/MCPs — or employees raise an intake request.
Approve / Purchase
Free capabilities follow trial or approval policy; paid ones go through procurement — license centrally held by the enterprise Hub.
Intake & Publish
Approved capabilities enter the private market with version, permission allowlist and source-provenance metadata.
Deploy & Install
Push to employees' MaClaw by department/role/project — force-install or recommend, with auto-retry on failure.
Office Workflow Templates
19 structured workflows covering business, research, compliance and tech scenarios
Bid Response
Tender parsing, qualification response, technical proposal, bid assembly — end to end
EnterpriseContract Review
Clause-by-clause risk analysis, compliance check, edit suggestions for all contract types
EnterpriseDue Diligence
Business, financial, legal, technical multi-angle DD with a complete report
Compliance Audit
Regulatory compliance assessment, risk rating, remediation planning
Patent Analysis
Prior-art search, infringement risk, patent-strategy recommendations
Business Plan
Market analysis, financial projections, strategic planning docs
Competitive Analysis
Market landscape, competitor profiling, strategic positioning
Innovation Plan
Tech-trend analysis, innovation-opportunity identification, R&D planning
Event Planning
End-to-end event organization workflow from concept to execution checklist
Project Proposal
Scope definition, resource planning, timeline generation
Research Report
Literature review, data synthesis, academic writing
Presentation Design
Slide structure, content organization, visual-design guidance
Core Technology
The engines that power the Digital Companion
Memory Architecture
8 memory categories, semantic/episodic tiers, temporal hierarchy, protected entries
Hybrid Search
BM25 keyword + vector similarity, SIMD-accelerated cosine scoring
Knowledge Graph
Bidirectional weighted edges, BFS expansion, multiple relation types
Forgetting Curve
Ebbinghaus decay with configurable half-life and dormant threshold
Swarm Orchestrator
Task splitting, conflict detection, auto-merge, feedback-loop coordination
MCP Integration
Local stdio and remote HTTP MCP servers with auto-discovery and health monitoring
Tool Routing
40+ tools matched via hybrid search; conditional activation and progressive exposure
Workflow Engine
Phase-based execution, tool policies, double-confirm, persistence