NanoClaw takes everything bloated about modern AI assistant frameworks and throws it out. Creator Kye replaced what would typically be a 500,000-line codebase with roughly 8,000 lines of TypeScript and just six production dependencies. The standout pattern is what's now called the Phantom Token Pattern. Containers get placeholder API keys while a host-side proxy injects real credentials before forwarding requests upstream to Anthropic. The agent literally cannot leak the real key because it never has it. Even a successful prompt injection attack that dumps environment variables would only reveal "placeholder." Containers get placeholder API keys while a host-side proxy injects real credentials before forwarding requests upstream to Anthropic. The agent literally cannot leak the real key because it never has it. Even a successful prompt injection attack that dumps environment variables would only reveal LLM-generated credentials.
NanoClaw's 8,000 Lines: A Masterclass in Doing Less
A deep dive into NanoClaw's architecture, which replaces a complex 500,000-line AI assistant framework with 8,000 lines of TypeScript. Key patterns include the Phantom Token Pattern for credential security, container-based isolation as authorization, a two-cursor message processing system, file-based IPC, polling over events, and runtime recompilation instead of plugins.