πŸ¦€

Harness Engineering,
Crustaceans &
Near-Autonomous Agents

Event-driven AI agents: from personal infra to professional applications

Quentin Adam • AI/Data Engineer @ Dakota Analytics • AI Tinkerers Calgary • March 26, 2026

The Crab Revolution πŸ¦€

Claude Code
Anthropic's CLI agent
The OG crab πŸ¦€
β†’
OpenClaw
Full-featured life assistant
~400K lines, 199K β˜…
β†’
NanoClaw
Minimal, secure, extensible
~500 lines core
The community adopted the crab. Then the crustacean metaphors got... out of claw. β€” A pinch of context for the uninitiated

The question: how much code do you need for an always-on personal AI agent?

OpenClaw vs NanoClaw

OpenClaw

  • πŸ”΄ ~400,000 lines / 70+ deps
  • πŸ”΄ App-level sandboxing
  • πŸ”΄ Shared Node.js process
  • πŸ”΄ CVE-2026-25253 (CVSS 8.8)
  • πŸ”΄ 12% of ClawHub skills malicious
vs

NanoClaw

  • βœ… ~500 lines core / 6 deps
  • βœ… OS-level container isolation
  • βœ… Separate Linux VM per group
  • βœ… Auditable in 8 minutes
  • βœ… Skills = .md files (no registry)

NanoClaw: "Don't add features. Add skills." β€” Channels (Telegram, Slack, Discord) added via /add-telegram skills that transform your fork. Core stays tiny.

Harness Engineering

2025 was agents. 2026 is agent harnesses. β€” source

What is a harness?

The system wrapping the AI model for reliable long-running tasks. (Anthropic blog)

  • Permissions & sandboxing
  • State persistence across sessions
  • Tool orchestration (MCP servers)
  • Lifecycle (launchd, containers)
  • Context engineering β€” right context, right tools, right time
"I haven't written a single line of code myself since December 2025. I run 10-20 AI agents in parallel." β€” Andrej Karpathy, March 2026

The pattern: tiny core, extensible via skills, iterate β€” add context, tools, and autonomy gradually.

Karpathy's AutoResearch: 630 lines. NanoClaw: ~500 lines. Same insight.

NanoClaw Architecture

HOST (macOS) β€” Single Node.js Process Telegram grammY + /add-slack ... SQLite messages.db Message Loop Scheduler IPC Watcher Mount Security ~/.config/nanoclaw/ MCP Servers kitchen-mcp β€’ weather β€’ gmail google-calendar β€’ google-drive + any MCP server via .mcp.json spawns ephemeral container (--rm) CONTAINERS β€” Apple Container (macOS) / Docker (Linux) 🐳 Docker partnership: cross-platform main (admin) /workspace/project (rw) /workspace/group (rw) /home/node/.claude (rw) Claude Agent SDK + all tools securityProfile: "trusted" Ephemeral: spawn β†’ run β†’ destroy adam-family /workspace/group (rw) /workspace/global (ro) NO project root access Claude SDK + kitchen-mcp securityProfile: "restricted" Ephemeral: spawn β†’ run β†’ destroy telegram-news /workspace/group (rw) /workspace/global (ro) NO project root access Claude SDK + RSS + browser Scheduled: cron-triggered Ephemeral: spawn β†’ run β†’ destroy

Security: Size IS the Attack Surface

LayerOpenClawNanoClaw
IsolationApp-level permsOS containers
ProcessShared Node.jsVM per group
CredentialsAll env vars2 vars allowlisted
MountsApp path checksExternal allowlist
SkillsClawHub (12% bad)Auditable .md
Audit~400K lines~500 lines (8 min)

container-runner.ts

if (isMain) {
  mounts.push({ hostPath: projectRoot,
    containerPath: '/workspace/project' });
} else {
  // Non-main: ONLY their own folder
  mounts.push({ hostPath: groupDir,
    containerPath: '/workspace/group' });
}
// Per-group isolated sessions
mounts.push({ hostPath: groupSessionsDir,
  containerPath: '/home/node/.claude' });

// Only 2 env vars exposed
const allowedVars = [
  'CLAUDE_CODE_OAUTH_TOKEN',
  'ANTHROPIC_API_KEY'
];

The Always-On Stack

MacBook Pro (headless) β€” Tailscale mesh VPN β€” zero cloud bills launchd services (always-on, auto-restart): com.nanoclaw Virtual assistant (Telegram) Ephemeral containers per group Scheduled tasks + MCP tools + dashboard UI com.macserve Server monitoring dashboard CPU, RAM, disk, battery, thermals launchd service management :4244 (PWA) life-os / kitchen Family kitchen management Shopping, pantry, meal plans MCP server β†’ NanoClaw :4245 (PWA) + PostgreSQL Tailscale Mesh VPN β€” hostname:port from any device β€’ no port forwarding β€’ no public IP Zero-trust: every connection authenticated end-to-end iPhone (PWAs on home screen) macserve + kitchen-app + Telegram Laptop / Termius (SSH) Full terminal via Tailscale

Live Demo LIVE

iPhone Command Center

  • MacServe PWA β€” live metrics, restart services
  • Kitchen App PWA β€” shopping list, meal plan
  • Telegram β€” chat with Claw, trigger agent
  • Termius β€” SSH into Mac via Tailscale

All PWAs on home screen. No app store. Just hostname:port over Tailscale.

Every service runs on hostname:port via Tailscale. No cloud. No API gateways. No public IP.

The Mac IS the server. Tailscale IS the network. launchd IS the orchestrator.

Event-Driven Loop

Event
(message, cron)
β†’
Agent
(NanoClaw)
β†’
Action
(notify, execute)

MCP: Agent-to-World Bridge

kitchen-mcp: 19 tools

server.tool('search_recipes',
  'Search by cuisine, difficulty...',
  searchRecipesSchema.shape,
  wrap(searchRecipes))

server.tool('generate_shopping_list',
  'Auto-generate from meal plan.
   Aggregates ingredients, subtracts
   pantry stock.',
  generateShoppingListSchema.shape,
  wrap(generateShoppingList))

server.tool('check_pantry',
  'Current inventory. Filter by
   category or expiring items.',
  checkPantrySchema.shape,
  wrap(checkPantry))

Real conversation (Telegram)

User: @Claw what should we cook? Quick.

β†’ check_pantry β†’ search_recipes

Claw: Chicken, rice, broccoli in pantry. 3 options under 30 min...

User: Go with #2. Add missing to list.

β†’ create_meal_plan β†’ generate_shopping_list

Claw: Done! Added 4 items to Superstore list.

One Telegram message β†’ 5 MCP tool calls β†’ meal planned.

The Autonomy Spectrum

Manual
Assisted
Near-Autonomous
Autonomous
Independent

Autonomous today

  • Scheduled tasks (news digest, reminders)
  • Server monitoring + Telegram alerts
  • Pantry tracking + shopping lists

Needs a human

  • Initiating complex workflows
  • Approving external actions
  • Resolving ambiguity

The iterative approach

  • Step 1: Deploy the harness (500 lines)
  • Step 2: Add skills (/add-telegram)
  • Step 3: Add MCP tools (kitchen, calendar)
  • Step 4: Add event triggers (cron, RSS feeds, webhooks)
  • Step 5: Refine context engineering (CLAUDE.md)

Each step adds capability. The cognitive layer builds up gradually.

From Personal to Professional

Same pattern, industrial scale

PersonalProfessional
Telegram messageSCADA telemetry event
Kitchen pantry checkPipeline pressure anomaly
Telegram alertPagerDuty escalation
MacServe monitoringGrid frequency monitoring
launchd + TailscaleKubernetes + service mesh
Event
β†’
Agent reasons
β†’
Act or escalate

Pipeline Monitoring

Pressure sensor β†’ agent loads history via MCP β†’ isolates valve autonomously OR pages engineer with context.

Electricity Grid

Frequency deviation β†’ agent checks load, weather, demand β†’ adjusts demand response OR escalates with recommendation.

The shift: heuristic rules ("if X then Y") β†’ contextual reasoning with escalation on uncertainty.

πŸ¦€

The Claw is Strong

~500
Lines of core code
3
Always-on services
$0
Cloud infrastructure

Build systems around harnesses. Add context, tools, and autonomy iteratively.

NanoClawgithub.com/gavrielc/nanoclaw
MacServegithub.com/QuentinAd/macserve
Kitchengithub.com/QuentinAd/life-os
SlidesQuentinAd.github.io/ait-claw-preso

Quentin Adam • AI/Data Engineer @ Dakota Analytics • AI Tinkerers Calgary