← Back to blog
2026-03-20 · dcode · architecture, security, open-source

Why We Forked OpenClaw and Built Klawty

How a production deployment with 8 AI agents running a real business led us to build an open-source agent operating system with deny-by-default security.

The problem we had

In late 2025, we deployed our first AI agent for a design & build company in Luxembourg. One agent. One model. One channel. It worked — for about a week.

Then the agent started hallucinating invoice amounts. It tried to rm -rf a log directory. It forwarded a client email to the wrong person. It burned through $47 in API costs on a single health check loop.

We realized something: building an AI agent is easy. Operating one safely in production is hard.

What we needed

We needed an operating system, not a framework. Something that:

- Denied everything by default — network, filesystem, exec — and required explicit allowlists - Sandboxed shell commands — Docker containers with no network, read-only root, memory limits - Detected PII — email addresses, phone numbers, IBANs — before they reached the LLM - Routed models by cost — health checks on Qwen Flash ($0.07/M), not Claude Sonnet ($15/M) - Required approval for risky actions — with a rollback window

What we built

We started with OpenClaw — the most-starred AI agent project on GitHub (302K+ stars, MIT). It gave us the CLI, 20+ channels, plugin SDK, and 52 community skills.

We then integrated the security layer from NVIDIA's NemoClaw (MIT) — their enterprise fork of OpenClaw that adds Docker exec sandboxing, a deny-by-default policy engine, inference routing through controlled gateways, and a blueprint system for versioned deployments.

On top of that, we added our own layer: PII detection with local model routing, credential monitoring every 6 hours, SHA-256 runtime integrity checks, privacy router, auto-update with rollback, and a full TUI dashboard.

The result is Klawty — an AI agent operating system that's been running in production since late 2025. Today it orchestrates 1,000+ tasks per month across 8 agents for about €37 in total AI spend.

Why open-source

We believe every AI agent deployment deserves production-grade security — not just enterprises with compliance budgets. The free version includes the full security stack. The premium version adds multi-agent coordination, smart routing, and managed hosting.

If you're deploying AI agents in production, you shouldn't have to build the safety infrastructure from scratch. That's what Klawty is for.

Get started

curl -fsSL https://klawty.ai/install.sh | bash
klawty onboard
klawty run

Or visit klawty.ai for the full story.