MemantoClaw is a secure, context-aware reference stack for autonomous agents. It combines three core technologies:
- Autonomy (OpenClaw): a powerful open-source agent framework.
- Security (NVIDIA OpenShell): a hardened sandbox that restricts network egress and file access.
- Memory (Memanto): a long-term memory architecture that carries context across sessions.
You can get started with a single MOORCHEH_API_KEY, unlocking both routed inference and long-term memory immediately.
MemantoClaw keeps sensitive host integrations outside the sandbox while preserving a seamless agent experience inside it:
- The host manages credentials and provider routing to long-term memory services.
- The sandbox runs OpenClaw under OpenShell policy enforcement.
- The agent receives only the context it needs for each task, not raw host credentials or memory databases.
This gives you autonomous workflows with strong controls over network, filesystem, and process behavior.
Traditional AI agents suffer from amnesia between sessions, but solving this with standard vector databases often introduces high latency, indexing delays, and expensive overhead. MemantoClaw solves this by natively integrating Memanto, a universal memory layer powered by Moorcheh.
Moorcheh is an Information-Theoretic Search Engine that provides a 32x compression ratio over traditional Vector DBs and true serverless scaling to zero cost when idle. By leveraging Moorcheh's infrastructure, the Memanto memory layer offers:
- State-of-the-art accuracy: 89.8% on LongMemEval and 87.1% on LoCoMo benchmarks.
- Zero-wait ingestion: No indexing delays; your agent remembers what you taught it instantly.
- Secure host-bridge architecture: Memory stays safely on Moorcheh, the sandbox only receives the specific, retrieved context it needs.
MemantoClaw is optimized for a Moorcheh-first workflow. With a single MOORCHEH_API_KEY, you automatically unlock both routed model inference and Moorcheh's zero-config search infrastructure for long-term memory. No need to stand up separate vector databases or manage multiple API keys.
The sandbox starts with a default policy that controls network egress and filesystem access:
| Layer | What it protects | When it applies |
|---|---|---|
| Network | Blocks unauthorized outbound connections. | Hot-reloadable at runtime. |
| Filesystem | Prevents reads and writes outside /sandbox and /tmp. |
Locked at sandbox creation. |
| Process | Blocks privilege escalation and dangerous syscalls. | Locked at sandbox creation. |
| Inference | Reroutes model API calls to controlled backends. | Hot-reloadable at runtime. |
Follow these steps to get your first sandboxed OpenClaw agent running with long-term memory.
Note
MemantoClaw creates a fresh OpenClaw instance inside the sandbox during onboarding.
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 4 vCPU | 4+ vCPU |
| RAM | 8 GB | 16 GB |
| Disk | 20 GB free | 40 GB free |
The sandbox image is approximately 2.4 GB compressed. On systems with less than 8 GB RAM, combined usage from Docker, k3s, and OpenShell services can trigger OOM conditions. If needed, configure at least 8 GB of swap as a workaround.
| Dependency | Version |
|---|---|
| Linux | Ubuntu 22.04 LTS or later |
| Node.js | 20 or later |
| npm | 10 or later |
| Container runtime | Installed and running |
| OpenShell | Installed |
Platform-specific setup details (click to expand)
| Platform | Supported runtimes | Notes |
|---|---|---|
| Linux | Docker | Primary supported path today |
| macOS (Apple Silicon) | Colima, Docker Desktop | Recommended runtimes |
| macOS | Podman | Not supported yet due to current OpenShell limitation |
| Windows WSL | Docker Desktop (WSL backend) | Supported target path |
- Install Xcode Command Line Tools:
xcode-select --install
- Install and start a supported container runtime:
- Docker Desktop
- Colima
- Run the MemantoClaw installer.
This avoids common first-run failures caused by missing developer tools or inactive container runtimes.
Tip
For DGX Spark, see the DGX Spark setup guide before running the standard installer.
Download and run the installer script:
curl -fsSL https://raw.githubusercontent.com/moorcheh-ai/memantoclaw/refs/heads/main/install.sh | bashIf you use nvm or fnm, the installer may not update your current shell PATH. If memantoclaw is not found after install, run source ~/.bashrc or source ~/.zshrc, or open a new terminal.
When install completes, a summary confirms sandbox, endpoint, model, and memory status.
memantoclaw my-assistant connectThis opens the sandbox shell, where you can run OpenClaw commands.
openclaw tuiUse the TUI for interactive back-and-forth.
openclaw agent --agent main --local -m "hello" --session-id testUse the CLI when you want full output in the terminal, especially for longer responses.
At a high level, MemantoClaw handles each request inside the OpenShell container by letting OpenClaw process the query, work with short-term context, and route memory and model calls through dedicated host-aware proxies. One path connects to Memanto for durable long-term memory, while the other handles inference through Moorcheh-native endpoints.
That routing pattern is what keeps credentials and external integrations on the host side, while the agent runtime remains isolated in the sandbox.
Inference requests never leave the sandbox directly. OpenShell intercepts requests and routes them to your selected provider.
Supported non-experimental onboarding paths:
| Provider | Notes |
|---|---|
| Moorcheh (default) | OpenAI-compatible route through a host bridge; only MOORCHEH_API_KEY required |
| NVIDIA Endpoints | Curated hosted models on integrate.api.nvidia.com |
| OpenAI | Curated GPT models plus manual model entry |
| Other OpenAI-compatible endpoint | For proxies and compatible gateways |
| Anthropic | Curated Claude models plus manual model entry |
| Other Anthropic-compatible endpoint | For Claude proxies and compatible gateways |
| Google Gemini | Google OpenAI-compatible endpoint |
Credentials remain on the host in ~/.memantoclaw/credentials.json. The sandbox sees only routed local endpoints, not raw provider keys.
MemantoClaw ships a default policy in memantoclaw-blueprint/policies/openclaw-sandbox.yaml that denies all network egress except explicitly listed endpoints.
| Method | How | Scope |
|---|---|---|
| Static | Edit openclaw-sandbox.yaml and rerun memantoclaw onboard |
Persists across restarts |
| Dynamic | Run openshell policy set <policy-file> on a running sandbox |
Session only; resets on restart |
Preset policies for common integrations (for example PyPI, Docker Hub, Slack, Jira) are available in memantoclaw-blueprint/policies/presets/.
For details, see Customize Network Policy and OpenShell documentation on Policy Schema.
| Command | Description |
|---|---|
memantoclaw onboard |
Interactive setup wizard for gateway, providers, and sandbox |
memantoclaw <name> connect |
Open a shell inside the sandbox |
openshell term |
Launch OpenShell TUI for monitoring and approvals |
memantoclaw start / stop / status |
Manage auxiliary services |
See the CLI reference for all commands and options.
curl -fsSL https://raw.githubusercontent.com/moorcheh-ai/memantoclaw/refs/heads/main/uninstall.sh | bash| Flag | Effect |
|---|---|
--yes |
Skip confirmation prompt |
--keep-openshell |
Keep openshell binary installed |
--delete-models |
Also remove MemantoClaw-pulled Ollama models |
Example:
curl -fsSL https://raw.githubusercontent.com/moorcheh-ai/memantoclaw/refs/heads/main/uninstall.sh | bash -s -- --yesMoorcheh MemantoClaw builds directly upon the robust foundation of NVIDIA OpenShell and NVIDIA NemoClaw. We extend our gratitude to NVIDIA for their open-source contributions to secure agentic infrastructure. Certain structural patterns, deployment strategies, and blueprint methodologies in this repository were adapted from or inspired by NVIDIA NemoClaw.
This project is licensed under the Apache License 2.0.


