CASL consent management. PIPEDA audit trails. Default-deny networking. Forked from NanoClaw. Built for Canadian enterprise. Open source.
No other agent framework enforces Canadian privacy law. NorthClaw makes compliance automatic, not optional.
Every outbound message passes through real-time consent verification. Commercial vs transactional classification, jurisdiction detection, automatic CASL field injection. Runs on the host, outside agent containers. A compromised agent cannot bypass it.
Agents cannot reach the internet. Period. Docker --internal network blocks all outbound traffic. The credential proxy is the only path out. Even under prompt injection, your data stays put.
Every agent runs in its own sealed container. Read-only root filesystem, seccomp syscall filtering, no-new-privileges flag. One agent cannot see another agent's data. OS-level walls, not app-level promises.
Every agent action logged with SHA-256 hash chain. Each entry references the previous. Tampering breaks the chain. Stored outside container reach. When regulators ask what your AI did, you can prove it.
Persistent data stays on Canadian infrastructure. Consent database, audit logs, agent memory, all local. Inference routing through nearest endpoints with full sovereignty roadmap via TELUS AI Factory.
New capabilities via SKILL.md files. No PRs to main branch. The core stays lean. Pipeline briefings, meeting debriefs, proposal drafting, compliance exports. Add what you need, nothing you don't.
We built this. We're biased. We also show you the data.
Scores reflect our assessment. OpenClaw has 13,729 skills, 20% flagged as malicious. ZeroClaw boots in 10ms on 8MB of RAM, but the real bottleneck for agent tasks is API latency, not local compute. IronClaw has WASM sandboxing that can prove agent behavior cryptographically. Nobody needs that for sending follow-up emails. NorthClaw competes on compliance and trust, not on startup milliseconds.
In OpenClaw: it exfiltrates your data. In NorthClaw: it can't reach the internet.
Agent runs in sealed Docker container. Read-only filesystem. Seccomp syscall filtering. 120s hard timeout. Destroyed after use.
Docker --internal network. No internet access. Credential proxy is the only path out. Even DNS is blocked.
API keys never enter containers. OAuth tokens never enter containers. All external calls proxied through host.
Every action logged with SHA-256 hash chain. Append-only. Tamper detection via chain verification. Stored outside container reach.
CASL consent gate runs on host. PIPEDA logging on host. Law 25 decision logging on host. Compromised agent cannot bypass.
Clone the repo, run setup, connect Slack. Claude Code handles everything else.
/pipelineDaily briefing. Overdue follow-ups, today's meetings, stale contacts.
/debriefPost-meeting processing. Decisions, commitments, intelligence extracted.
/discoverPre-meeting intel. Web research, past context, conversation approach.
/proposalDraft proposals. Value calculation before pricing. Verify pass included.
/value-reportMonthly client value reports. 5-layer model with evidence.
/egress addManage network allowlist. One command to allow a domain.
/consent-exportExport consent records for regulatory requests. JSON, CSV, or text.
/weeklyMonday review. Revenue, pipeline, decisions, content opportunities.
/new-skillCreate new skills from a template. Extend without touching core.
NorthClaw is built by AIFC, founded by Patrick Farrar. AI Entrepreneur in Residence at DMZ, Canada's #1 ranked university incubator. 500+ Canadian ecosystem partnerships. $18M+ in funding enabled. 90+ web applications. 30+ custom AI tools delivered.