NanoClaw Moved from Apple Containers to Docker
78 points - today at 7:12 PM
Sourcebotusaurus
today at 7:39 PM
> But NanoClaw isn't just my personal project anymore. Thousands of people are using it. People are running production workloads on it. Businesses are building on it. There's a real community now.
as OpenClaw and now NanoClaw became "enterprise", now we need a new FemtoClaw to pick up the indie/boutique place
daemonologist
today at 9:45 PM
I'm sure whatever LLM FemtoClaw calls out to will also write a blurb about its growing adoption in production enterprise applications. This sentiment is probably very well represented in the training data.
How is this "becoming enterprise"? If anything it now defaults to millions of Linux users being able to access it
arcanemachiner
today at 7:45 PM
Well, there was Picoclaw, but I think it was renamed to Clawlet.
That's old news. Now there's Plancklaw, renamed to ∅. It has no code base, no bugs, no security issues, infinitely scalable, and all the features of every other *claw.
Well actually there is ROE.md, no code, just a Markdown file to generate a claw.
The code is always generated using the latest LLM, ensuring that it takes advantage of the latest architectures and programming language features.
MicroClaw.. No fear of it becoming corporate LOL.
For my version of the AI assistant, I used a Docker container and Unix permissions:
https://github.com/skorokithakis/stavrobot
All plugins run in one Docker container, but they're isolated from each other by different *nix users, so they can't read each other's files. That's much more lightweight, and you don't have to run one container per plugin.
Crucially, plugins can't read each other's secrets or modify each other's code. I even have a plugin configuration webpage that doesn't go through an LLM, so the LLM never sees your secrets if you don't want to.
Putting these NanoClowns inside a container will not protect you from all kinds of safety hazards.
That's the fun part! You spend all day hardening it... run it in docker in a vm on a separate machine. And then you hook it up to your gmail and give it unrestricted internet access :)
arcanemachiner
today at 7:46 PM
Wearing a seatbelt will not protect you from all kinds of car accidents.
Yes. That's why you don't put a Clown behind the steering wheel.
weinzierl
today at 8:56 PM
It is more like getting in the car with Stuntman Mike. The risk is not that the driver might make a mistake but that it actively turns against you and a container is not a security boundary against an adversary.
bdcravens
today at 8:42 PM
Tesla Robotaxi says hold my beer
InsideOutSanta
today at 7:58 PM
Wearing a helmet will not protect you from all injuries caused by jumping off a cliff.
Point is, don't jump off a cliff.
The nature of these tools is that you tell them not to jump off a cliff, so they ride the bicycle over it. Or a car. Or "you're completely right. I assumed it was possible to fly". Or...
or you pass by graffiti telling it to jump off a cliff, written in iambic pentameter (or whatever is the jailbreak meta of the month)
I’ve been building sandboxing for Claude code workloads. So I can let it run wild without breaking my computer. Originally I used docker, but I’m now in the process of jettisoning that, and switching to qemu.
For my use case I want ssh access and being able to use docker in docker. This allows for things like test containers and docker compose. You can get all of that working with docker. But you kind of have to fight docker the whole way.
NanoClaw might have different needs, and docker could work better for it, and I hope so for their sake. But I’m not optimistic.
I'm surprised that the developer experience around sandboxing on macOS is generally so bad. Seatbelt is in limbo and apple containers are just a pain to work with as some have highlighted in this thread
Xx_crazy420_xX
today at 8:55 PM
I can't believe the solution is creating uncompatibile branch and forcing users to use cladue for resolving merge conflits. Why not bake in the dual compatibility?
you may slot in podman, but apple container is not very good atm.
sergiotapia
today at 10:07 PM
I installed nanoclaw last night funny to see it here on HN.
It was easy to install it, and get it running. I could @Andy message it on whatsapp but after that it fell apart fast.
I asked it to login to Facebook and check my notifications, and it started saving credentials and random things in the repo as json files. And din't work. It was hard to even figure out what was happening and why it didn't work.
Then I tried messaging it again and it didn't respond to me.
These things are extremely brittle despite the enourmous amount of github stars. I think it's just normies starring things trying to get on the train unfortunately. The promise of an AI Jarvis is unrealized still.
brcmthrowaway
today at 7:45 PM
Can someone explain the special sauce of the claws compared to just use claude.ai etc
There is no special sauce, it's mass hysteria driven by fake adoption metrics and people who don't know anything about computers who let "agents" run free on theirs. It's the equivalent of showing a magician cut a women in a box in half to a 5 years old kid... Put them in the same category as the neckbeards getting a hard on every 3 weeks for the past 2 years when they get to see the new version of ThE PeLiCaN On A BiCyCle... I wonder how long the circus will keep on going, at least it's funny to witness from the outside
They're "always" running, so they can notify you out of the blue, without you having to initiate a conversation. It's really nice UX to get a message from my assistant saying "hey, it's time to leave for the gym, and don't forget the supermarket bag because you're picking up milk on the way back, as you've run out".
Dunno, my calendar reminds me "out of the blue", without me having to initiate a conversation, that it's time to leave for the gym, no "claw" or "ai" involved.
I always have my backpack with me, so if I need milk I can pick it up on the way back. And I am pretty sure that I have to notice if I need milk myself.
The tech sounds cool, but whenever I hear about actual applications, I don't see the point.
If you don't have a need for a personal assistant, that's fine, not everyone does. That doesn't mean nobody does.
The milk thing was just an example of a tool that can intelligently combine things for you, not a literal "it's a calendar with a milk function".
This is a bit like "if I want to call my friends, I have a phone a home, why would I need a mobile?" which somewhat betrays a lack of imagination.
You're just not providing any good examples of what I cant already do with current automation tools.
Everything I’ve seen about it feels so over engineered
Hmm, Google Gemini has access to my Google Tasks and can set reminders. It's also asked me if I want it to check something at "tomorrow 9am", and when I said yes, it managed to do that.
Yeah, that's kind of like it. Agents just have many many more integrations, so they can do many more things. For example, it knows all my preferences, and can search for flights and say things like "this one is more expensive, but skipping the morning wakeup is worth the $20".
caminante
today at 8:41 PM
But have you had consistently good experience with Google Gemini and Google apps? Or read the mixed reviews?
For me, Gemini has been hit or miss and somehow less useful than Assistant was 2+ years ago.
The coding assistant for VSCode is nuts (i.e. gets it wrong a lot, also one time it just got so confused).
I have Gemini Pro for free for a year because I bought a Pixel phone, it answers very fast, so I like it. Let's see how I'll feel about shelling out real money when the subscription ends. But on the phone, I still use Assistant (and just have a shortcut to launch the webpage in my browser), because the phone was forcing Gemini, but after 5 minutes of usage I found it was slower for my usages (usually I just tell it to set an alarm and add a reminder/calendar event), and when I asked about my tasks, Gemini would get the task listing from Google Tasks, and keep it in its history... that'll pollute my chat history!
dimitri-vs
today at 7:49 PM
How would it know you've ran out of milk?
I told it when I noticed. I made a little pendant with a mic I can speak into and it goes to the bot.
LeafItAlone
today at 8:00 PM
I would love to hear more about this!
I haven't written it up yet but the repo is here:
It's just a MEMS mic, a battery, and an ESP32, very simple but it works amazingly well. I wrote a companion Android app for it and it works extremely reliably!
liminal-dev
today at 9:45 PM
Are you running NanoClaw or a different project?
Turns out Humane was ahead of its time.
brcmthrowaway
today at 8:04 PM
How do people afford this?
Claude max $100 is way more usage than I need. And yeah its not running all the time, just has a heartbeat file telling it how to check something and run
A subscription, really. It doesn't actually run all the time, it just has a cron job that makes it feel that way.
gas9S9zw3P9c
today at 9:10 PM
It can schedule stuff and run in a loop, so it's like claude combined with cron. Truly amazing technology.
Crons. A local daemon. System access as a user with the ability to listen to changes. Some idea of shared “memory” between sessions. Provider agnostic about AI. Multi-model.
dimitri-vs
today at 7:52 PM
It's for people that don't know how or don't want to be bothered with setting up a messenger integration and a scheduler.
saberience
today at 8:05 PM
There is no special sauce. They are claude or codex in a loop. The loop is facilitated by basic cron jobs. That's it.
Ai Agent as it has been for months, plus skills, plus a cron job to prompt it to do things every 20 minutes or 2 hours or however often you want.
boywitharupee
today at 8:06 PM
they have a watchdog loop, it runs periodically
ericbuildsio
today at 8:27 PM
Sensible, this broadens our hosting options.
apple container is really buggy with networking
That’s not the fault of containers, I have significant Bluetooth and WiFi issues on my apple devices without running any containers.
So they're making it use OCI images? Cool. Hopefully there will be good support for Podman.
john_alan
today at 8:21 PM
Use containerd , Docker is cancer.