Skip to content
TokenArch v0.1.0

NightClaw gives OpenClaw a memory, a conscience, and a morning briefing.

For OpenClaw · Open source · v0.1.0

Turn OpenClaw into an agent that works on your projects around the clock — not just when you're there to prompt it. Define the work. Set it running. Wake up to a briefing of what happened, what decisions it needs, and what it wants to tackle next.

Download v0.1.0 View on GitHub
96 validation checks pass · MIT License · No runtime · No daemon · Runs inside the workspace
Built for: OpenClaw operators who want their agent working through real projects overnight — not just responding to messages when asked.
The Pattern

Define it. Let it run. Read the briefing.

This is the designed interaction model — not a chatbot you prompt, but an agent with a running job. Your involvement is the direction and the decisions. Everything else runs on its own.

🎯
You set the direction

Create a project with a clear goal and a verifiable milestone — 'produce a ranked comparison of 12 tools across 4 categories.' Pre-authorize what the agent can do autonomously. It starts working.

⚙️
The agent works

Workers run every 60 minutes. A manager pass every 105 minutes reviews quality and direction. The agent makes progress, self-heals blockers, and only surfaces things that genuinely need a human call.

☀️
You read the briefing

NOTIFICATIONS.md is your morning inbox. One pass summary, one pending decision, one proposal for tonight. Two minutes. Say yes or redirect. It runs again.

NOTIFICATIONS.md — Morning Briefing 
[2026-04-08 02:47] | Priority: HIGH | Project: ai-productivity-research | Status: PENDING-REVIEW

Pass summary: Completed exploration phase. Discovery file written with 14 tools across 4 categories,
each with pricing, key AI feature, and user sentiment. stop_condition met.

Decision needed: Phase transition — ready to begin adversarial-challenge phase.
If approved: worker will begin pass 1 of adversarial-challenge tonight.
If not: project stays in TRANSITION-HOLD.

[2026-04-08 03:15] | Priority: PROPOSAL | Project: ai-productivity-research | Status: PENDING-REVIEW

Proposal: Notion AI and Mem.ai share a memory architecture pattern worth a dedicated comparison pass
before shortlisting. Estimated cost: STANDARD. Blocking current work: NO.
If approved: add comparison sub-task to next pass.
If declined: proceed with standard shortlist criteria.

[2026-04-08 04:02] | Priority: LOW | Project: ai-productivity-research | Status: INFO

Session registry: Worker RUN-20260408-003 completed. 3 web searches used.
Output: ai-productivity-discovery-2026-04-08.md (14 entries). Quality: STRONG. Tokens: ~8,400.
The Ecosystem

Built for the platform the world is building on.

OpenClaw is the fastest-growing open-source project in history — surpassing React, Linux, and every comparable project. These are public statements from the people framing what comes next. They establish why governance for this platform is infrastructure-scale work. Not an endorsement of this project.

295,000+ GitHub stars · Most-starred project in GitHub history · 38M monthly visitors · 3.2M monthly active users
"

It's basically LLM plus shell, plus file system, plus markdown, plus cron. And it turns out that's an agent. And every part of that, other than the model is something that we already completely know and understand.

Marc Andreessen
Co-founder, a16z — Latent Space Podcast, April 3, 2026

On why the OpenClaw + Pi architecture is "one of the ten most important software breakthroughs" — the components are known; the combination is the insight.

"

Every single company in the world today has to have an OpenClaw strategy. Agents that execute without governance are obviously a problem.

Jensen Huang
CEO, NVIDIA — GTC 2026, March 16, 2026

At GTC, Huang compared OpenClaw to Linux and introduced NemoClaw — NVIDIA's runtime security layer for OpenClaw deployments.

"

Isn't Dropbox just FTP with extra steps? Maybe there's no magic in there but sometimes just rearranging things and adding a few new ideas is all the magic that you need.

Peter Steinberger
Creator, OpenClaw — Lex Fridman Podcast #491, February 12, 2026

Steinberger built OpenClaw on the premise that agents can be made deeply aware of their own context — 'it knows what its source code is, it understands how it sits and runs in its own harness.' NightClaw extends this principle to governance: the rulebook lives where the agent works. Responding to the criticism that it's 'just a cron job' — the same answer applies to any system built on simple, well-understood primitives.

"

There needs to be a level of like AI is your savior almost. And the question is where will AI land in productivity gains at the end of the day.

Ken Griffin
CEO, Citadel — World Economic Forum, Davos, January 21, 2026

On $500 billion in AI infrastructure spending this year alone, and why the stakes make governance a serious question — not a future consideration.

Quotes sourced from publicly available recordings and transcripts. NightClaw is an independent community project unaffiliated with any individual or organization named above. No endorsement is implied or claimed.

What Makes It Work

Six things that keep continuous operation on track.

Running an agent around the clock creates problems that don't exist in single sessions. These are the pieces that solve them.

LONGRUNNER
Projects that span sessions

A per-project control file that defines the current phase, a machine-testable completion milestone, and what comes next. The agent knows what it's building toward, when a phase is actually done, and what the next pass should accomplish — across as many sessions as it takes.

Stop conditions must be verifiable: 'a dated file exists with at least 12 entries each containing name, pricing, and user sentiment' — not 'when the research feels complete.'
WORKER + MANAGER
One runs. One reviews.

Workers execute passes every 60 minutes. A manager pass runs every 105 minutes — offset deliberately to review a completed pass, not a running one. The manager checks quality, direction, and whether the worker is stuck. Different agent, different session, no stake in defending the worker's choices.

Crash detection: if the manager finds a stale lock with no heartbeat, it knows the worker hung and surfaces recovery.
PRE-APPROVAL
Grant authority before you go offline

Define what the agent is authorized to do autonomously — and what still requires your call — before you close the laptop. Pre-approvals have scope, expiry, and an audit log of every invocation. The agent acts within the boundary you set, not based on its own judgment about what you'd approve.

Default conservative mode: anything outside a declared pre-approval surfaces to NOTIFICATIONS.md and waits. The agent never improvises permission.
FAILURE MODES
Learns from every failure

33 indexed failure modes — each with a detection signal, root cause, and documented fix. When the agent hits a problem, it looks up the failure class before retrying. Novel failures get appended so the same wall is never hit twice. The system gets more capable over time.

Designed to never halt on recoverable blockers. The agent self-heals, re-routes, or surfaces — it doesn't stop.
SESSION REGISTRY
A record of every pass

Every cron run logged: model used, tokens consumed, projects touched, quality result, integrity check outcome. Not session history — a cross-session operational record of what actually ran across days and weeks of overnight work.

The manager reads this at startup to understand recent operational context before deciding what to review.
IDLE CYCLE
Improves itself between projects

When all projects are paused or complete, the agent doesn't sit idle — it works through a structured improvement ladder: scan for demand signals, check for stale knowledge, consolidate memory, update operational files, propose new projects from the domain you've configured.

The system that runs around the clock gets more capable the longer it runs.
Three Layers

Three distinct layers. Each with a different job.

These are complementary technologies with separate scopes. Each can be adopted independently. Running all three together is the full picture.

Execution Layer
OpenClaw
The agent runtime
  • LLM sessions and tool access
  • Cron scheduling and heartbeat
  • Shell, filesystem, memory
  • Skills and plugin system
  • Session UI and delivery
Security Layer
NemoClaw
Runtime security by NVIDIA
  • Filesystem isolation
  • Deny-by-default networking
  • PII privacy routing
  • Allow/deny decision log
  • Enterprise policy enforcement
Governance Layer
NightClaw
Workspace governance — this project
  • Operational audit trail
  • Long-running task lifecycle
  • 33 indexed failure modes
  • Behavioral drift detection
  • Async human proposal surface

NightClaw works with or without NemoClaw · Both are unaffiliated with each other · NemoClaw is NVIDIA's product · NightClaw is a community project

Architecture

Two parts. One workspace. No infrastructure.

Marc Andreessen described the agent architecture as 'LLM + shell + filesystem + markdown + cron.' NightClaw lives entirely inside that architecture — two scheduled passes per hour, no external services, no daemon. The worker runs every 60 minutes. The manager runs every 105 minutes. Everything the agent needs to govern itself is in the same workspace it already reads.

nightclaw-architecture — Two-Pass Cron System 
┌──────────────────────────────────────────────────────────────────┐
  PART 1: ORCHESTRATION FRAMEWORK                                 
├──────────────────────────────────────────────────────────────────┤
             SOUL.md + AGENTS-CORE.md  (Behavioral Identity)       
    Hard Lines (behavioral defaults encoded as agent identity — not enforced by the runtime) · sub-agent contracts · pre-write protocol         
├─────────────────────────────┬────────────────────────────────────┤
   Worker (every 60 min)        Manager (every 105 min)          
   T0 Drift + integrity         T0 Crash detection               
   T1 Dispatch                  T1 Integrity verification        
   T2 LONGRUNNER read           T2 Surface escalations           
   T3 Tool pre-flight           T3 Change detection              
   T4 Execute pass              T4 Value check                   
   T5 Validate + quality        T5 Direction check               
   T6 State update              T6 Priority rebalancing          
   T7 OS improvement gate       T7 Update manager registry       
   T9 Session close             T8 Audit review + OS improve     
                                 T9 Session close                 
   ↓ on blocker:                                                 
   Self-healing decision tree                                    
├─────────────────────────────┴────────────────────────────────────┤
   NOTIFICATIONS.md  ·  Agent appends → Owner reviews             
   LOCK.md           ·  Mutex preventing concurrent cron overlap  
   audit/ — 5 files  ·  REGISTRY.md  ·  LONGRUNNER per project   
├──────────────────────────────────────────────────────────────────┤
  PART 2: ETL SKILL LAYER  (Proof of Concept — Replaceable)       
├──────────────────────────────────────────────────────────────────┤
  OPS-KNOWLEDGE-EXECUTION.md                                      
  Field maps · schema quirks · script templates for known APIs    
  Agent reads before writing code → confirmed knowledge           
  Agent extends after successful runs → compounding accuracy      
  Replace with field maps for your own systems                    
└──────────────────────────────────────────────────────────────────┘
Self-Healing

Diagnose before retrying. Never halt.

When a pass hits a blocker, the agent runs the decision tree — applies the documented fix, checks pre-approvals, attempts partial completion, or surfaces a proposal and re-routes. It never stops working entirely.

BLOCKER ENCOUNTERED
Known failure mode?
YES Apply documented fix from OPS-FAILURE-MODES.md
Resolved?
YES Continue execution
NO Pre-approval covers this?
YES Execute pre-approved action, continue
NO Partial completion possible?
YES Complete what's safe, log partial result
NO Can objective be reformulated?
YES Reframe next_pass, continue
NO Surface to NOTIFICATIONS.md — Log as new failure mode — Re-route to next project — NEVER halt entirely
Async Workflow

The agent works. You review when you're ready.

Proposals, blockers, and decisions surface to NOTIFICATIONS.md as the agent encounters them. You review at your own cadence. The next pass acts on your decisions. This is the designed interaction pattern — not an exception flow.

Agent runs overnight

Worker executes passes, hits a blocker requiring judgment — a schema drift, an ambiguous direction, a proposed enhancement.

Proposal surfaces

Agent writes a structured entry to NOTIFICATIONS.md: proposal, estimated cost, if-approved action, if-declined fallback. Continues on other projects.

Morning check

You review NOTIFICATIONS.md, approve or redirect. The next worker pass acts on the decision. No real-time involvement required.

NOTIFICATIONS.md — Proposed Enhancement 
[2026-04-06 02:14] | Priority: PROPOSAL | Project: etl-pipeline | Status: PENDING-REVIEW

Proposal: [data-source] changed column header
  "Net Summer Capacity (MW)" → "Capacity_Net_Summer_MW"
  in April 2026 vintage

Proposed path: Update field map in OPS-KNOWLEDGE-EXECUTION.md,
  re-run diff script against corrected header

Estimated cost:  STANDARD
Blocking current work: NO

If approved:  Update field map on next pass, re-run validation
If declined:  Continue with last known-good vintage until manual review
Contents

Zero external dependencies.

Every file is markdown, shell, or YAML. No build step. No package manager. Nothing to install beyond OpenClaw itself.

Root/26 files
  • SOUL.md · AGENTS.md
  • AGENTS-CORE.md
  • AGENTS-LESSONS.md
  • IDENTITY.md · USER.md
  • MEMORY.md · HEARTBEAT.md
  • WORKING.md · LOCK.md
  • ACTIVE-PROJECTS.md
  • NOTIFICATIONS.md · TOOLS.md
  • VERSION · .gitignore
  • INSTALL.md · DEPLOY.md
  • README.md · LICENSE
  • CHANGELOG.md · SECURITY.md
  • CONTRIBUTING.md · CODE_OF_CONDUCT.md
  • UPGRADING.md · TROUBLESHOOTING.md
  • nightclaw-architecture.svg
audit/5 files
  • AUDIT-LOG.md
  • INTEGRITY-MANIFEST.md
  • APPROVAL-CHAIN.md
  • SESSION-REGISTRY.md
  • CHANGE-LOG.md
orchestration-os/18 files
  • CRON-WORKER-PROMPT.md
  • CRON-MANAGER-PROMPT.md
  • CRON-HARDLINES.md
  • REGISTRY.md
  • OPS-FAILURE-MODES.md
  • OPS-QUALITY-STANDARD.md
  • OPS-AUTONOMOUS-SAFETY.md
  • OPS-PREAPPROVAL.md
  • OPS-CRON-SETUP.md
  • OPS-KNOWLEDGE-EXECUTION.md
  • LONGRUNNER-TEMPLATE.md
  • ORCHESTRATOR.md · START-HERE.md
  • OPS-IDLE-CYCLE.md · OPS-TOOL-REGISTRY.md
  • OPS-PASS-LOG-FORMAT.md · TOOL-STATUS.md
  • PROJECT-SCHEMA-TEMPLATE.md
scripts/8 files
  • install.sh
  • validate.sh
  • verify-integrity.sh
  • new-project.sh
  • resign.sh
  • smoke-test.sh
  • upgrade.sh
  • check-lock.py
validate.sh — 96 checks · 0 failures
verify-integrity.sh — 11/11 hash verified
PROJECTS/1 file
  • MANAGER-REVIEW-REGISTRY.md
Global project scoreboard.
Per-project LONGRUNNERs created at runtime.
Quick Start

Three commands. No build step.

Requires OpenClaw 2026.2.13+ (2026.4.5+ recommended). Confirmed working: Claude Sonnet 4.5+, GPT-5 class models. Lower-capability models are not recommended for autonomous passes — reliable instruction-following at the LONGRUNNER and CRON-HARDLINES level requires a frontier model.

terminal 
# Clone directly into your OpenClaw workspace
git clone https://github.com/ChrisTimpe/nightclaw ~/.openclaw/workspace
cd ~/.openclaw/workspace

# Run the install script (substitutes placeholders, generates hashes)
bash scripts/install.sh

# Validate the install
bash scripts/validate.sh
# → 96 passed, 0 failed, 0 warnings

# Smoke test (new installs): bash scripts/smoke-test.sh → 18 checks

# Then: configure SOUL.md §Domain Anchor, update USER.md,
# create two crons per DEPLOY.md §Step 5.
# For future upgrades: see UPGRADING.md for merge/overwrite guidance.
Community

Follow This Project

GitHub Discussions Questions, ideas, and community threads
Star & Watch Get notified of releases and updates
View Repository Source, issues, and contribution guide
  • AI-assisted framework — review before production use
  • Behavioral discipline, not enforced security
  • SHA-256 drift detection, not tamper prevention
  • Requires GPT-5 class model minimum for reliable autonomous operation
  • Currently OpenClaw-specific — not portable to other agent runtimes
  • MIT License — no warranty of fitness
  • Nothing in NightClaw guarantees the agent won't do something unintended — it makes unintended behavior less likely, detectable, and recoverable
  • CRON-HARDLINES are behavioral prompts, not enforced constraints — they work because a well-calibrated agent internalizes them as identity