nanoclaw

Routes incoming messages from WhatsApp, Telegram, Slack, Discord, and Gmail to Claude agents by maintaining a self-registering channel system that activates adapters at startup when credentials are present. Each channel adapter implements a standardized interface that the host process (src/index.ts) polls via a message processing pipeline, decoupling platform-specific authentication from core orchestration logic.

Spawns isolated Linux container instances (via Docker or Apple Container) for each Claude Agent SDK session, with the host process communicating to agents through monitored file directories (src/ipc.ts 1-133) rather than direct process calls. This architecture ensures that agent code execution, filesystem access, and environment variables are sandboxed, preventing malicious or buggy agent code from affecting the host or other agents.

Implements automatic retry logic with exponential backoff for transient failures (network timeouts, temporary API unavailability, container startup delays). Failed message processing is logged and retried with increasing delays, allowing the system to recover from temporary outages without manual intervention. Permanent failures (invalid credentials, malformed messages) are logged and skipped to prevent infinite retry loops.

Maintains conversation state across multiple message turns by persisting session metadata (conversation ID, participant list, last message timestamp) in SQLite and passing this context to agents on each invocation. Agents can access conversation history through the message archive and maintain turn-by-turn context without requiring external session management systems. Session state is automatically cleaned up after inactivity to prevent unbounded growth.

Provides a skills framework where developers can create custom agent capabilities by implementing a standardized skill interface (documented in .claude/skills/debug/SKILL.md). Skills are discovered and loaded at agent startup, allowing agents to extend their functionality without modifying core agent code. Each skill declares its inputs, outputs, and dependencies, enabling the system to validate skill compatibility and manage skill lifecycle.

Streams agent responses back to messaging platforms in real-time as they are generated, rather than waiting for the entire response to complete before sending. This is implemented through the container runner's output streaming mechanism, which monitors agent output and forwards it to the host process, which then sends it to the messaging platform. This creates a more responsive user experience for long-running agent operations.

Implements a token counting system (referenced in DeepWiki as 'Token Counting System') that estimates the number of tokens consumed by messages and agent responses, enabling cost tracking and budget enforcement. The system counts tokens for both input (messages sent to Claude) and output (responses from Claude), allowing operators to monitor API costs and implement per-agent or per-user spending limits.

Each container agent maintains a CLAUDE.md file that persists across conversation turns, allowing the agent to accumulate facts, preferences, and task state without requiring external vector databases or RAG systems. The host process manages this file as part of the agent's isolated filesystem, and the Claude Agent SDK reads/updates it during each invocation, creating a lightweight long-term memory mechanism.

Stores scheduled tasks in SQLite (src/db.ts 1-48) with execution timestamps, allowing agents to schedule work for future execution. The host process polls the task table at regular intervals and invokes agents when task deadlines are reached, enabling agents to create reminders, recurring jobs, and time-delayed actions without external job schedulers like cron or Celery.

Implements a group queue system (referenced in architecture as 'Group Queue') that batches messages from the same conversation group and processes them sequentially to maintain conversation coherence. Messages are tagged with a group ID (derived from channel and sender), queued in order, and dispatched to the agent one group at a time, preventing race conditions where multiple messages from the same user arrive simultaneously.

Integrates with Model Context Protocol (MCP) servers to expose tools and resources to agents through a standardized schema-based function calling interface. Agents can discover available tools from MCP servers, invoke them with validated arguments, and receive structured responses, enabling extensibility without modifying core agent code. The system manages MCP server lifecycle (startup, shutdown) and handles tool schema validation.

Implements sender-based access control where agents can be configured to only respond to messages from whitelisted senders, enforced at the host level before messages are dispatched to containers. This prevents unauthorized users from invoking agents and enables privilege separation where different agents have different sender allowlists, creating a lightweight authorization system without external identity providers.

Maintains message cursors in SQLite for each channel, tracking the last successfully processed message ID. On host restart or after failures, the system resumes from the last cursor position rather than reprocessing all historical messages or losing messages. This enables graceful recovery from transient failures (network outages, agent crashes) without message loss or duplication.

Automatically archives conversation transcripts to SQLite, storing messages, agent responses, and metadata (timestamps, sender, group) for each conversation. This creates a queryable audit trail and enables agents to reference past conversations, implement conversation search, and provide users with conversation history without requiring external logging systems.

Manages environment variables and secrets for agents through the container runtime, injecting credentials and configuration into isolated container environments without exposing them to the host process or other agents. Secrets are read from environment variables or configuration files and passed to containers at runtime, ensuring that sensitive data (API keys, database passwords) is compartmentalized and not accessible to other agents or the host.