Mickai Product
MickaiClaw™
MickaiClaw is the agentic-coding sandbox inside the Mickai desktop app. Run autonomous coding agents on your own machine, under a signed perimeter, with every action recorded in the Open Audit Record substrate. No cloud relay, no third-party telemetry, every tool invocation cryptographically attested. Mickai is downloadable at mickai.co.uk/download and runs on Windows, Linux, or macOS.
View capabilitiesThe Mickai SIOS
Mickai is a Sovereign Intelligence Operating System (SIOS). It runs entirely on your own hardware, on Windows, Linux, or macOS. No cloud, no telemetry. This page describes one subsystem of the Mickai SIOS. Download Mickai at mickai.co.uk/download.
Included with Mickai. Available on Windows, Linux, and macOS. No subscription. No cloud. Runs on your hardware.
Agentic coding, on your own hardware.
What MickaiClaw does
Eight primitives that make autonomous coding safe to run on your own hardware. Each one is wired into the same Open Audit Record substrate, so every action is signed before it lands.
01 / Sandbox
Sovereign agent perimeter
Every coding agent runs inside a hardware-bound perimeter. File reads, shell calls, network fetches and editor mutations are intercepted before they execute. Nothing reaches the disk or the network without an explicit allow rule, signed by the operator.
02 / Audit
Open Audit Record on every action
Every tool invocation, every file write, every retrieved page, every model call appended to a tamper-evident hash chain. The chain is verifiable offline by anyone. A regulator, a client, or your future self can walk back from any output to the originating prompt in seconds.
03 / Clearance
Per-skill clearance gates
Each tool the agent can reach carries a clearance ceiling. A read-only retrieval skill cannot escalate to a write-shell skill without a fresh authorisation envelope. Compromise of any single skill cannot escalate into the rest of the system.
04 / Egress
Allowlist-based egress firewall
Outbound network calls pass through a per-fetch egress proxy. Every external host must be on a signed allowlist or the call is denied. No data exfiltration, no silent calls home, no third-party trackers smuggled in by a dependency.
05 / Redaction
Deterministic placeholder redaction
Outbound prompts to any external model have secrets replaced with placeholder tokens. The reverse map lives only on the host. Inbound responses are walked byte-by-byte and the originals restored. Streaming SSE responses are restored on chunk boundaries without breaking client parsers.
06 / Lineage
Decision lineage you can walk
Every reasoning hop emits a signed node in a lineage graph. Given any output, the verifier returns the path of inputs, retrievals, tool calls and model decisions that produced it. Auditable enough for regulated work, lightweight enough for daily use.
07 / Local
Runs on your own brains
MickaiClaw is wired by default to the Mickai sovereign LLMs (mickai-coder for code, mickai-reasoning for planning, mickai-medium for fast turn-around). Plug a different model in if you wish. The sandbox does not change.
08 / Perimeter
Copy-on-write workspace
Destructive shell commands stage to an encrypted copy-on-write snapshot before they touch the real workspace. A bad rm -rf, a runaway git reset, a script that wipes a folder; all caught at the perimeter and reversible from the ledger.
Patent anchors
MickaiClaw sits on three of the 31 filed UK patent applications behind the Mickai desktop app. Each patent below covers a distinct primitive that the sandbox exercises in production.
- 03Sovereign Security Framework, egress firewall, prompt-injection inspection, per-tool rate limits.
- 12Typed-Action Ontology, every action typed, every action declares its inverse for compensating rollback.
- 13Voice-Gated Deterministic Tool Invocation, high-stakes tools require voice-biometric quorum before execution.
UK00004373277 · 31 filed UK patent applications · 914 claims
How to run it
- 01
Install
One binary. Sovereign Mickai gateway points at your local brains. No account, no signup, no telemetry.
- 02
Pair
Hardware-bound device pairing. Operator scopes recorded in the local identity store, signed by the host.
- 03
Run
Open the sandbox, hand it a brief, watch the ledger. Every action signed before it is executed.
- 04
Verify
Drop the audit chain into the offline verifier on mickai.co.uk. Confirms hash continuity and signatures without a server round trip.
- 05
Govern
Per-skill clearance ceilings, per-tenant egress allowlists, signed policy bundles. Roll forward without losing audit history.
Wired with
- Mickai sovereign LLMs (mickai-coder, mickai-reasoning, mickai-medium)
- Sandbox perimeter with hardware-bound device identity
- Open Audit Record substrate, hash-chained, ML-DSA-65 signed
- Per-skill clearance gates with signed authorisation envelopes
- Allowlist-based egress firewall and prompt-injection inspector
- Copy-on-write workspace with encrypted snapshot pre-staging
- Decision lineage graph; offline verifier in the browser
- 100 percent on-device; no cloud relay; no third-party telemetry
Ship signed work, not silent code.
MickaiClaw ships inside the Mickai desktop app, downloadable at mickai.co.uk/download. Request access on the Mickai access desk, or read more about the wider sovereign operating system first.
Engineered by Micky Irons in Cumbria, United Kingdom · @mickyirons