nanoclaw: a secure AI assistant framework that runs agents in isolated containers with multi-channel messaging support

What it solves

NanoClaw is a lightweight AI assistant framework that allows users to run agents securely in isolated Linux containers. It solves the problem of giving complex AI agents full access to a host system by providing OS-level isolation, ensuring agents can only access explicitly mounted directories and files.

How it works

NanoClaw uses a Node.js host process that acts as a router. When a message arrives from a supported messaging channel, the host routes it to the specific agent's session. Communication between the host and the agent is handled via two SQLite databases (inbound and outbound) per session to avoid IPC or stdin piping. The agents themselves run in Docker containers (or Apple Container on macOS) using the Claude Agent SDK. Outbound API requests are routed through OneCLI's Agent Vault to inject credentials securely without the agent ever holding raw API keys.

Who it’s for

It is designed for individual users who want a bespoke, highly customizable AI assistant that can be integrated into various messaging apps (like WhatsApp, Telegram, and Discord) and can perform scheduled tasks or web searches.

Highlights

• Container-based Isolation: Agents run in sandboxed Docker containers for true OS-level security.
• Multi-channel Support: On-demand installation of adapters for platforms like WhatsApp, Telegram, Discord, Slack, and more.
• AI-Native Customization: Instead of complex config files, users customize the system by having Claude Code modify the codebase directly.
• Credential Security: Integration with OneCLI Agent Vault ensures API keys are never stored within the agent containers.
• Flexible Agent Workspaces: Each agent group has its own memory, container, and filesystem (including a CLAUDE.md file).
• Scheduled Tasks: Ability to set up recurring jobs that run the AI and message the user back.