- Add UX note instructing Claude to use AskUserQuestion tool for better
interactive experience during setup
- Add new Section 7 explaining the main channel's elevated privileges
(admin control portal) before registration
- Include interactive security acknowledgment with follow-up for users
choosing shared groups
- Renumber subsequent sections (7→8, 8→9, 9→10)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Update setup skill to detect platform and offer Docker/Apple Container choice
- On Linux, automatically use Docker via /convert-to-docker skill
- On macOS, ask user preference if Apple Container not installed
- Update README to reflect Docker support and Linux compatibility
- Fix exact line number reference in convert-to-docker skill
- Add thank you to @dotsetgreg for the Docker skill contribution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Isolate Claude sessions per-group (data/sessions/{group}/.claude/)
to prevent cross-group access to conversation history
- Remove Gmail MCP from built-in (now available via /add-gmail skill)
- Add SECURITY.md documenting the security model
- Move docs to docs/ folder (SPEC.md, REQUIREMENTS.md, SECURITY.md)
- Update documentation to reflect changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused claude-agent-sdk from host deps (only used in container)
- Remove dead scheduler MCP config (built into IPC)
- Remove unused eslint script
- Add clear error message when Apple Container fails to start
- Auto-generate launchd plist with real paths in setup skill
- Standardize Node.js version to 20+ everywhere
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Add secure mount allowlist validation
Addresses arbitrary host mount vulnerability by validating additional
mounts against an external allowlist stored at ~/.config/nanoclaw/.
This location is never mounted into containers, making it tamper-proof.
Security measures:
- Allowlist cached in memory (edits require process restart)
- Real path resolution (blocks symlink and .. traversal attacks)
- Blocked patterns for sensitive paths (.ssh, .gnupg, .aws, etc.)
- Non-main groups forced to read-only when nonMainReadOnly is true
- Container path validation prevents /workspace/extra escape
https://claude.ai/code/session_01BPqdNy4EAHHJcdtZ27TXkh
* Add mount allowlist setup to /setup skill
Interactive walkthrough that asks users:
- Whether they want agents to access external directories
- Which directories to allow (with paths)
- Read-write vs read-only for each
- Whether non-main groups should be restricted to read-only
Creates ~/.config/nanoclaw/mount-allowlist.json based on answers.
https://claude.ai/code/session_01BPqdNy4EAHHJcdtZ27TXkh
---------
Co-authored-by: Claude <noreply@anthropic.com>
- Setup skill now asks subscription vs API key, can auto-grab token
- Debug skill updated for both auth methods
- SPEC.md documents both authentication options
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix session mount path: ~/.claude/ now mounts to /home/node/.claude/
(container runs as 'node' user with HOME=/home/node, not root)
- Fix ~/.gmail-mcp/ mount path similarly
- Use absolute paths for GROUPS_DIR and DATA_DIR (required for container mounts)
- Auto-start Apple Container system on NanoClaw startup
- Update debug skill with session troubleshooting guide
- Update spec.md with startup sequence and troubleshooting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Container fixes:
- Run as non-root 'node' user (required for --dangerously-skip-permissions)
- Add allowDangerouslySkipPermissions: true to SDK options
- Mount .env file to work around Apple Container -i env var bug
- Use --mount for readonly, -v for read-write (Apple Container quirk)
- Bump SDK to 0.2.29, zod to v4
- Install Claude Code CLI globally in container
Logging improvements:
- Write per-run logs to groups/{folder}/logs/container-*.log
- Add debug-level logging for mounts and container args
Documentation:
- Add /debug skill with comprehensive troubleshooting guide
- Update /setup skill with API key configuration step
- Update SPEC.md with container details, mount syntax, security notes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Explain Gmail/GCP prerequisites upfront before asking
- Replace hardcoded "Andy" with ASSISTANT_NAME placeholder
- Replace hardcoded timestamp with CURRENT_ISO_TIMESTAMP
- Add step 3 to ask user for their preferred trigger word
- Renumber sections accordingly
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add src/auth.ts for interactive QR code authentication
- Add `npm run auth` script
- Update setup skill for current Node.js architecture
- Daemon (src/index.ts) now only uses stored credentials
Auth is run during setup; daemon assumes credentials exist and
shows macOS notification if re-auth is needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
A minimal Node.js application that connects Claude Agent SDK to WhatsApp
using baileys. Features per-group memory via CLAUDE.md files, session
continuity, scheduled tasks, and Gmail integration via MCP.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
