Memanto/Product/MemantoClaw

MemantoClaw

A secure, context-aware reference stack for autonomous agents.

Run OpenClaw inside OpenShell, powered by Memanto for long-term memory. Unlock routed inference and instant recall with one MOORCHEH_API_KEY.

InstallRead the docs
89.8%LongMemEval
32×compression
0indexing wait
fig. 1 · runtime topology · single-key onboardinghost ⇄ host-bridge ⇄ sandbox
SANDBOX · OPENSHELL ISOLATIONHOST · YOUR MACHINEMOORCHEH_API_KEYcredentials.jsonhost-bridgepolicy · proxy · routeAOpenClawagent runtimememorymoorcheh · memantoinferencerouted · OpenAI-compategress: 4 allowedISOLATION BOUNDARY
MemantoClaw mascotmemantoclaw
Security & Architecture

A hardened bridge between your machine
and an agent you can trust.

OpenClaw is powerful, but it's also a process that wants to read your files, spawn subshells, and call out to the internet. MemantoClaw inherits four independent enforcement layers from OpenShell — each with its own scope and reload cadence.

Total isolation. The agent never gets raw host credentials or access to your full memory databases — only the specific retrieved context.
host-bridge architecturememantoclaw/policies/openclaw-sandbox.yaml
host · your machine
~/.memantoclaw/credentials.jsonMOORCHEH_API_KEY · NVIDIA · OpenAI
memanto · long-term memoryvector store · 32× compression
network policy controllerhot-reloadable egress allowlist
host-bridge proxyroutes calls · injects context
sandbox · openshell
openclaw agentprocesses the user query
local route · model apilocalhost:8801 → host bridge
local route · memory apiretrieved context only · no DB access
filesystem · /sandbox /tmpjail enforced at creation
egress · 4 allowed
→ the agent only receives the specific retrieved context, never raw credentials or your DBs.click a layer to inspect
Three core pillars

Autonomy, locked down. Memory, built in.

MemantoClaw isn't a new agent framework. It's a curated stack of three best-in-class technologies, glued together with a single key and a thoughtful host bridge.

Autonomy
A
OpenClawopen-source agent framework
  • CLI + TUI runtimes
  • Pluggable model providers
  • Session-aware loops
Security
NVIDIA OpenShellhardened sandbox
  • Network egress allowlist
  • Filesystem jail
  • Seccomp + namespace boundary
Memory
0xa10xc4
Memantolong-term memory architecture
  • Context across sessions
  • Information-theoretic search
  • Instant ingestion
Proudly built on top of
NVIDIANemoClawhardened sandbox framework

We took NVIDIA's sandbox framework — containerization, network egress filtering, OpenShell isolation — and supercharged it with the Moorcheh memory stack.

MemantoClaw=NemoClaw+instant LTM
what we started with
Battle-tested securityNemoClaw's network policies and filesystem jails set the gold standard for running autonomous agents safely.
Seamless proxyingIts architecture supports intercepting API calls, which let us inject long-term memory retrieval before the prompt ever hits the model.
what we added
Moorcheh-native memory bridgeA new host-side proxy that pre-fetches relevant context from Memanto and injects it inline — no extra DBs, no extra keys.
One-key onboardingA single MOORCHEH_API_KEY unlocks routed inference and long-term memory together, no juggling vendor consoles.
The memory advantage

Solves agent amnesia
better than a vector DB.

Most stacks bolt on a vector database and call it a memory layer. MemantoClaw uses Moorcheh — an information-theoretic search engine — to give your agent instant, stateful recall without indexing overhead.

benchmarksstate-of-the-art accuracy
LongMemEval89.8%
prev SOTA: 73.5%+16.3 pts
LoCoMo87.1%
prev SOTA: 71.2%+15.9 pts
32×compression ratiovs traditional vector DBs
0msindexing waitingestion is instant
$0when idletrue serverless · scales to zero
session continuity · same agent, next day
Yesterday · onboarding
youwe prefer tab indents, 2 spaces, and Vitest over Jest.
agentgot it — i'll match that style.
session ended — context persisted to Moorcheh
Today · new task
youadd a test for the new auth route.
agentpulling Vitest config… ↩ tab/2sp · vitest
agentwrote auth.test.ts in your preferred style.
Quickstart

Four lines.
No config, no DB to spin up.

prerequisites · minimum
CPU4 vCPU
RAM8 GB
Disk20 GB
supported platforms
Ubuntu 22.04+macOS · Apple SiliconWSL · Docker DesktopDGX Spark
1
InstallA one-line installer pulls OpenShell, the sandbox image, and the MemantoClaw CLI.
2
One keyExport your MOORCHEH_API_KEY — that's all the credentials anyone ever needs to see.
3
OnboardThe wizard creates a fresh OpenClaw instance, wires the host bridge, and installs default policies.
4
ConnectDrop into the sandbox shell. Run openclaw tui or pipe agent calls through the CLI.
~/dev — bash — memantoclaw1/4
supported inference providerskeys stay in ~/.memantoclaw/credentials.json · the sandbox only sees routed local endpoints
MoorchehdefaultNVIDIAOpenAIAnthropicGeminiOpenAI-compatAnthropic-compat
MemantoClaw

One key. One install. A safer way to ship agents.

MemantoClaw is open-source under Apache 2.0. Bring your own model, your own memory, your own policies — or use ours.

Read the docsGitHub · moorcheh-ai/memantoclaw