Clawdapus

Appearance

ClawdapusDocker on Rails for Claws

Infrastructure-layer governance for AI agent containers. The layer below the framework, where deployment meets governance.

Get Started
View on GitHub
Clawdapus
๐Ÿ™

Untrusted by Design

Every agent is a container โ€” reproducible, inspectable, diffable, and killable. Purpose is bind-mounted read-only. Survives full container compromise.

๐Ÿ”’

Credential Starvation

The cllama governance proxy holds the real API keys. Agents get bearer tokens. No credentials means no bypass โ€” every LLM call flows through the proxy.

๐Ÿณ

Extends Docker

Clawfile extends Dockerfile. claw-pod.yml extends docker-compose.yml. Eject anytime โ€” you still have working OCI images and compose files.

๐ŸŽญ

7 Runner Drivers

OpenClaw, Hermes, NanoClaw, Nanobot, PicoClaw, NullClaw, MicroClaw. Pick your runtime. Same governance layer wraps them all.

๐Ÿ“ก

Social Topology

HANDLE declares platform identity. Every agent's Discord/Telegram/Slack IDs are broadcast pod-wide. Services can @mention bots without hardcoding.

๐Ÿง 

Master Claw

Delegate fleet oversight to an AI governor. It reads proxy telemetry and autonomously manages budgets, quarantines, and recipe promotions.

What It Looks Like โ€‹

The Image โ€” Clawfile โ€‹

An extended Dockerfile. Any valid Dockerfile is a valid Clawfile.

dockerfile
FROM openclaw:latest

CLAW_TYPE openclaw
AGENT AGENTS.md

MODEL primary openrouter/anthropic/claude-sonnet-4
CLLAMA passthrough

HANDLE discord
INVOKE 15 8 * * 1-5  pre-market

SURFACE service://trading-api
SURFACE volume://shared-research read-write

The Deployment โ€” claw-pod.yml โ€‹

An extended docker-compose.yml. Services inherit pod-level defaults.

yaml
x-claw:
  pod: trading-desk
  master: octopus
  cllama-defaults:
    proxy: [passthrough]
    env:
      OPENROUTER_API_KEY: "${OPENROUTER_API_KEY}"
  surfaces-defaults:
    - "service://trading-api"
    - "volume://shared-research read-write"

services:
  tiverton:
    image: trading-desk-tiverton:latest
    build:
      context: ./agents/tiverton
    x-claw:
      agent: ./agents/tiverton/AGENTS.md
      handles:
        discord:
          id: "${TIVERTON_DISCORD_ID}"
          username: "tiverton"

Five Minutes to Running โ€‹

bash
curl -sSL https://raw.githubusercontent.com/mostlydev/clawdapus/master/install.sh | sh
git clone https://github.com/mostlydev/clawdapus.git
cd clawdapus/examples/quickstart
cp .env.example .env   # add your keys
claw build -t quickstart-assistant:latest ./agents/assistant
claw up -f claw-pod.yml -d
claw health -f claw-pod.yml  # โœ“ all healthy

Core Principles โ€‹

  1. Purpose is sacred โ€” contract is bind-mounted read-only; survives full container compromise
  2. The workspace is alive โ€” bots install and adapt; mutations are tracked and promotable
  3. Configuration is code โ€” every deviation from defaults is diffable
  4. Drift is an open metric โ€” independent audit via the governance proxy, not self-report
  5. Surfaces are declared โ€” topology for operators; capability discovery for bots. The proxy enforces cognitive boundaries.
  6. Claws are users โ€” standard credentials; the proxy governs intent, the service's own auth governs execution
  7. Compute is a privilege โ€” operator assigns models and schedules; proxy enforces budgets
  8. Think twice, act once โ€” a reasoning model cannot be its own judge

Released under the MIT License.

Copyright ยฉ 2025-present Wojtek Grabski ยท @wojinald ยท mostlydev