ClaudeClaw, plus the heavy stuff. Governance, orchestration, persistent memory, hardened web UI.
ClaudeClaw+ is a sister project to moazbuilds/claudeclaw — the lightweight Claude Code daemon you already know. Plus exists to house the features that are too heavy or too opinionated for the core repo: a full governance and policy layer, durable multi-step orchestration, persistent cross-session memory, and a hardened web UI.
Everything from upstream lives here too. ClaudeClaw+ syncs from upstream automatically every day, so you never fall behind.
Note: Please don't use ClaudeClaw+ for hacking any bank system or doing anything illegal. Same rules apply.
ClaudeClaw+ is built on top of the original moazbuilds/claudeclaw, created by @moazbuilds. The core daemon, Telegram/Discord adapters, heartbeat, web dashboard, skills system — all of that comes from upstream and the amazing contributors who built it.
Upstream contributors — thank you:
A GitHub Actions workflow (.github/workflows/sync-upstream.yml) runs at 07:00 UTC every day. It pulls moazbuilds/claudeclaw master and opens a PR if there are new commits. Every fix and feature that lands upstream is here within a day.
If you see a PR titled "chore: sync upstream" — that's the robot doing its job. Review it, resolve any conflicts if needed, and merge.
| Category | ClaudeClaw | ClaudeClaw+ | OpenClaw |
|---|---|---|---|
| Anthropic Will Come After You | No | No | Yes |
| API Overhead | Directly uses your Claude Code subscription | Same | Nightmare |
| Setup & Installation | ~5 minutes | ~5 minutes | Nightmare |
| Isolation | Folder-based and isolated as needed | Folder-based + per-agent scope | Nightmare |
| Reliability | Simple reliable system | Simple + durable workflows that survive restarts | Nightmare |
| Feature Scope | Lightweight features you actually use | Everything in ClaudeClaw, plus governance and orchestration | 600k+ LOC nightmare |
| Security | Average Claude Code usage | Policy engine, audit log, CSRF protection | Nightmare |
| Cost Control | Manual | Automatic token budgets + model routing per task type | Nightmare |
| Memory | Claude internal memory + CLAUDE.md |
Persistent cross-session MEMORY.md with dual-layer write guarantee |
Nightmare |
| Multi-step Jobs | Cron + heartbeat | DAG orchestrator with dependency resolution and resumable state | Nightmare |
claude plugin marketplace add TerrysPOV/ClaudeClaw-Plus
claude plugin install claudeclaw-plusThen open a Claude Code session and run:
/claudeclaw:start
The setup wizard covers model, heartbeat, Telegram, Discord, and security. Your daemon is live in under five minutes — same as upstream.
These features originated as PRs to moazbuilds/claudeclaw and have been closed upstream — they're out of scope for the lightweight core and live here permanently. Links below point to the originating PRs so you can read the full rationale.
PR #71 — closed upstream — lives here
Every tool call (Bash, Read, Edit, etc.) is evaluated against deterministic rules before execution. Rules can allow, deny, or gate behind operator approval — scoped by channel, user, skill, and source. Includes an audit log and a bounded LRU approval cache.
Why: Replaces blanket --dangerously-skip-permissions with actual governance. Operators can deny destructive tools in public channels, require approval for high-risk operations, and keep a tamper-evident audit trail for compliance.
PR #72 — closed upstream — lives here
Sits between the daemon and Claude CLI. Automatically routes planning tasks to Opus and implementation tasks to Sonnet. Tracks token and cost spend per session and globally, with configurable warn/throttle/block states. Watchdog kills runaway sessions before they drain your credits.
Why: Stops cost overruns before they happen. Makes ClaudeClaw safe to leave unattended — the thing that needs a babysitter becomes the babysitter.
PR #73 — closed upstream — lives here
Unified message ingestion pipeline normalises Discord/Telegram messages to a common format. Crash-safe append-only event log, retry queue with exponential backoff, dead-letter queue, full event replay, and an escalation framework (pause session, hand off to a human, notify across channels).
Why: Eliminates duplicated per-adapter logic and gives you an audit trail you can replay. When something goes wrong at 3am, you can see exactly what happened and re-run it.
PR #74 — closed upstream — lives here
Multi-step task execution via dependency graph with topological sort. Durable workflow state with atomic writes. Jobs survive daemon restarts mid-execution. Governance-integrated executor with configurable parallelism.
Why: Complex requests decompose into dependent subtasks that run in parallel where possible and resume exactly where they left off after a crash. No more lost work.
PR #75 — closed upstream — lives here
Cryptographically random single-use UUID tokens per session, timing-safe comparison, conditional Secure cookie flag, and a client-side mutatingFetch() wrapper that auto-retries on 403.
Why: Prevents malicious cross-origin pages from triggering heartbeat toggles, job runs, or chat actions in an operator's logged-in browser — hardening on top of whatever reverse-proxy auth you're running.
PR #77 — closed upstream — lives here
MEMORY.md loaded into --append-system-prompt on every invocation. Dual-layer write guarantee: Claude is instructed to write after each task, and a daemon-side fallback appends a log entry if MEMORY.md is unchanged after a run. Pre-compact and pre-shutdown saves, 200-line cap with auto-trim, per-agent memory paths.
Why: Sessions stop being amnesiac. Claude remembers prior work across restarts, compactions, and crashes — making long-running deployments coherent.
Each Discord thread gets its own Claude CLI session, fully isolated. Thread conversations run concurrently without blocking each other. First message in a new thread bootstraps a fresh session automatically.
See docs/MULTI_SESSION.md for technical details.
PR #144 — closed upstream — lives here
OpenClaw-compatible lifecycle events at the daemon level — gateway_start, before_agent_start, before_prompt_build, tool_result_persist, agent_end, and more. Plugins hook in via api.on(), api.registerService(), and api.registerCommand(). Includes path traversal prevention, SSRF-safe health checks, and fire-and-forget async emission.
Why: Lets external code extend the daemon without modifying it — memory systems, observability, custom routing, anything.
Everything ClaudeClaw ships, Plus ships too:
- Heartbeat — periodic check-ins, configurable intervals, quiet hours
- Cron Jobs — timezone-aware schedules, one-time and repeating
- Telegram — text, image, and voice support
- Discord — DMs, server mentions/replies, slash commands, voice, images
- GLM Fallback — continue with GLM models when your primary limit is hit
- Web Dashboard — manage jobs, monitor runs, inspect logs in real time
- Security Levels — four access levels from read-only to full system access
- Skills & Plugins — folder-based, isolated as needed
Scope matters here. ClaudeClaw+ is for heavy, opinionated, and architecturally significant work. If your idea fits the lightweight upstream repo, it should go to moazbuilds/claudeclaw — that's still the right home for bug fixes, small improvements, and new integrations. Work submitted here that belongs upstream won't be merged; it'll be redirected back.
See CONTRIBUTING.md for the full scope guide and how to decide where your contribution belongs.
Short version for ClaudeClaw+: open an issue first, then the PR. Large refactors fine. New subsystems fine. Multi-file stacks fine. Just talk first, code second.
Watch the Issues tab for upcoming work. Want to propose something? Open a discussion — all ideas welcome.
Is this a hard fork?
No. ClaudeClaw+ syncs from moazbuilds/claudeclaw every day. Upstream fixes land here within 24 hours. It's a sister project — same foundation, wider scope.
Will features here go back upstream?
Unlikely for the Plus-exclusive features — they've been closed upstream as out-of-scope for the lightweight core. @moazbuilds decides what fits the lightweight core. Whether they get merged upstream or not, they're available here today.
Why not just keep these as PRs upstream?
Six PRs totalling ~55,000 lines of additions need a home where they can actually be used. Sitting as open PRs with no activity doesn't help anyone. ClaudeClaw+ is that home.
Is this breaking Anthropic ToS?
No. Same answer as upstream: ClaudeClaw+ is local usage inside the Claude Code ecosystem. It wraps Claude Code directly and does not require third-party OAuth outside that flow.
Will Anthropic / @moazbuilds sue you for building ClaudeClaw+?
I hope not.
Thanks for building ClaudeClaw+.