NanoClaw, the open-source AI agent platform, has partnered with Vercel to build a human approval layer that prevents AI agents from executing sensitive actions without explicit user consent.
The integration uses Vercel's Chat SDK to deliver interactive approval cards across 15 messaging platforms, including Slack, WhatsApp, Telegram, Microsoft Teams and iMessage, from a single TypeScript codebase.
When an agent attempts a high-stakes action such as making a payment, deleting cloud resources or accessing financial data, the system pauses and sends an approval request to the user's preferred messaging app.
The architecture is designed so that security sits at the infrastructure level rather than relying on the agent to police itself.
Agents run inside isolated Docker or Apple Containers and are given only placeholder credentials; outbound requests are intercepted by OneCLI's Rust-based gateway, which enforces user-defined policies and halts any sensitive "write" action until a human signs off.
Only after approval does the gateway inject the real, encrypted credential and forward the request.
Gavriel Cohen, co-founder of NanoCo, the company behind NanoClaw, said the design reflects a fundamental distrust of agentic systems.
He warned that if a potentially compromised agent were allowed to generate its own approval interface, it could deceive users by swapping accept and reject buttons, making infrastructure-level enforcement essential.
The partnership extends NanoClaw's security-first positioning, which has already attracted an integration with Docker announced last month.
That deal allowed NanoClaw to deploy inside Docker's micro-VM sandboxes, providing an additional layer of isolation against container escapes and zero-day exploits.
NanoClaw, which Cohen originally built as a lightweight alternative to the much larger OpenClaw framework, remains MIT-licensed and runs on Anthropic's Agent SDK.
Related reading
- Anthropic's Claude Mythos faces questions over value despite strong cybersecurity scores
- OpenAI warns macOS users to update apps after supply chain security breach
- Microsoft warns AI agents risk becoming "double agents" as it unveils security controls at RSAC
Its codebase spans roughly 15 source files, a deliberate contrast with OpenClaw's nearly half a million lines of code, which NanoClaw's developers argue is too large for meaningful security review.
The platform supports modular agent swarms, scheduled tasks and multi-channel messaging, and promotes what it calls a "Skills over Features" model, allowing users to extend functionality through lightweight, purpose-built modules rather than monolithic configuration.
The recap
- NanoClaw partners with Vercel and OneCLI for approval system
- Approval flow deploys interactive cards across 15 messaging channels
- OneCLI gateway pauses requests until human approval and injects credentials
