# Fireclaw Roadmap

## Phase 1: Core CLI (done)

- [x] Firecracker microVM lifecycle (boot, exec, destroy)
- [x] SSH-based command execution
- [x] Network isolation (tap + bridge + NAT)
- [x] IP pool management for concurrent VMs
- [x] Signal handling and cleanup
- [x] CLI interface (`fireclaw run`, `fireclaw setup`)

## Phase 2: Fast & Useful (done)

- [x] Alpine Linux rootfs (1 GiB sparse, 146 MiB on disk)
- [x] Precompiled binary, global `fireclaw` command
- [x] Snapshot & restore (~1.1s vs ~2.9s cold boot)

## Phase 3: Multi-Agent System (done)

- [x] ngircd configured (`nyx.fireclaw.local`, FireclawNet)
- [x] Channel layout: #control (overseer), #agents (common room), DMs, /invite
- [x] Ollama with 5 models (qwen2.5-coder, qwen2.5, llama3.1, gemma3, phi4-mini)
- [x] Agent rootfs — Alpine + Python IRC bot + podman + tools
- [x] Agent manager — start/stop/list/reload long-running VMs
- [x] Overseer — host-side IRC bot, !invoke/!destroy/!list/!model/!templates
- [x] 5 agent templates — worker, coder, researcher, quick, creative
- [x] Agent tool access — shell commands + podman containers
- [x] Persistent workspace — 64 MiB ext4 as second virtio drive at /workspace
- [x] Agent memory system — MEMORY.md + save_memory tool, survives restarts
- [x] Agent hot-reload — SSH config update + SIGHUP, no VM restart
- [x] Non-root agents — unprivileged `agent` user
- [x] Agent-to-agent via IRC mentions, 10s cooldown
- [x] DM support — private messages without mention
- [x] /invite support — agents auto-join invited channels
- [x] Overseer resilience — crash recovery, agent adoption, KillMode=process
- [x] Graceful shutdown — SSH SIGTERM → IRC QUIT → kill VM
- [x] Systemd service — fireclaw-overseer.service
- [x] Regression test suite — 20 tests

## Phase 4: Hardening & Performance

- [ ] Network policies per agent — iptables rules per tap device
- [ ] Warm pool — pre-booted VMs from snapshots for instant spawns
- [ ] Concurrent snapshot runs via network namespaces
- [ ] Thin provisioning — device-mapper snapshots instead of full rootfs copies
- [ ] Thread safety — lock around IRC socket writes in agent.py
- [ ] Agent health checks — overseer monitors and restarts dead agents

## Phase 5: Advanced Features

- [ ] Persistent agent memory v2 — richer structure, auto-save from conversations
- [ ] Scheduled/cron tasks — agents that run on a timer
- [ ] Advanced tool use — MCP tools, multi-step execution, file I/O
- [ ] Cost tracking — log duration, model, tokens per interaction
- [ ] Execution recording — full audit trail of agent actions

## Phase 6: Ideas & Experiments

- [ ] vsock — replace SSH with virtio-vsock for lower overhead
- [ ] Web dashboard — status page for running agents
- [ ] Podman-in-Firecracker — double isolation for untrusted container images
- [ ] Honeypot mode — test agent safety with fake credentials/services
- [ ] Self-healing rootfs — agents evolve their own images
- [ ] Claude API backend — for tasks requiring deep reasoning
- [ ] IRC federation — link nyx.fireclaw.local ↔ odin for external access