2026-02-10 — 2026-03-10
6 changes
NanoClaw became a production-ready conversational AI this week. We fixed two critical WhatsApp bugs that were preventing direct messages from working at all - the bot was looking for its own number instead of the user's number, breaking DM registration completely. With that resolved, we added emoji reactions so the agent can signal task progress (👀 received, 💭 thinking, ✅ done) and users can react to messages naturally. The bigger infrastructure move was implementing a credential proxy that keeps API keys completely outside containers, replacing our previous stdin approach with a transparent host-side authentication layer. We also shipped sender allowlists for group chat access control, letting admins choose between trigger mode (everyone's context stored but only allowed users activate) or drop mode (denied users ignored entirely). The /compact command now lets users manually compress conversation history when sessions get unwieldy, using Claude's native compaction. A container lifecycle bug was eating 30-minute idle windows after IPC tasks, which we fixed to close within 10 seconds. The product is now handling real conversations with proper access controls and reliable message delivery.
Social posts
Fixed two WhatsApp bugs this week that broke DM registration completely. The bot was checking its own number instead of the user's number, so every direct message got ignored. Sometimes the most critical fixes are the most mundane.
Why do AI agents need emoji reactions? Because 👀💭🔄✅❌ tells you exactly what's happening without parsing verbose status messages. Progress indication through symbols that every human already understands.
Should API keys live inside containers or outside them? We moved ours to a credential proxy on the host. Containers now see placeholder values that get swapped transparently during API calls. Zero secrets exposure.
We implemented a credential proxy this week that keeps all API keys and OAuth tokens outside our container execution environment. Previously we passed secrets via stdin and stripped them from subprocess environments, but this new approach runs a proxy server on the host that handles authentication while containers only see placeholder values. It's a more robust security model that eliminates secret exposure entirely.
Shipping access controls for group chats turned out to be more nuanced than expected. We built two modes: trigger mode where everyone's messages get stored for context but only allowed senders can activate the agent, and drop mode where denied senders are ignored completely. The choice depends on whether you want full conversation context or strict token conservation.