Introducing Geneclaw: Safe, Auditable Agent Self-Evolution

Today we're open-sourcing Geneclaw — a framework for safe, auditable self-evolving agents, built on top of nanobot. We built it because we kept running into the same problem: agents that could diagnose their own failures and propose improvements, but had no safe, auditable path to actually apply those improvements.

The Problem with Self-Improving Agents

Self-improving agents are genuinely useful. An agent that can observe its own failure patterns, reason about root causes, and propose targeted fixes is dramatically more maintainable than one that requires constant manual tuning. The research community has demonstrated this capability convincingly.

The problem is trust. Most self-improving agent frameworks share a common design pattern: observe → propose → apply, with the "apply" step happening automatically, often without any human review, and almost always without a meaningful audit trail. When something goes wrong — and in a self-modifying system, things will go wrong — you often have no record of what changed, why it changed, or how to reverse it.

For teams building agents in production settings, this is a non-starter. Enterprise deployments, regulated industries, and any team that has suffered from a runaway agent mutation know exactly what we mean.

What Geneclaw Does Differently

Geneclaw's core design principle is simple: everything is dry-run by default, and nothing is applied without explicit human approval.

This isn't a configuration option — it's a design invariant baked into the runtime. Geneclaw generates structured evolution proposals (we call them GEPs) as reviewable JSON documents with unified diffs, but it never writes those diffs to disk until you explicitly say so.

Between proposal generation and application, every proposal must pass through the 5-layer Gatekeeper:

1. Path allowlist/denylist: Only configured paths can be touched
2. Diff size limit: Large changes require explicit override
3. Secret scan: No credentials, keys, or PII in the diff
4. Code pattern detection: Dangerous code constructs are flagged
5. Pytest gate: Tests must pass before the proposal is approved

All gate decisions — pass or fail — are appended to the event store. You have a complete, tamper-evident audit trail of every proposal and every decision.

Built on nanobot

Geneclaw is built on nanobot (HKUDS/nanobot), which provides the agent execution runtime, tool use, and LLM integration. Geneclaw adds the evolution layer: structured proposals, the Gatekeeper, the event store, the dashboard, and the CLI.

We chose nanobot as the foundation because it gives us a solid, production-tested runtime to build on, and because its architecture maps cleanly to Geneclaw's observe-diagnose-propose model. If you're already using nanobot, integrating Geneclaw should feel natural.

Who Is This For?

Geneclaw is designed for teams who:

• Run AI agents in production and need auditable change management
• Want to safely iterate on prompts and configs with a full diff history
• Are debugging agent loops and need structured visibility into failures
• Work in regulated or enterprise environments where "the agent changed itself" is not an acceptable answer in a post-incident review

The Road Ahead

This v0 release ships the core GEP protocol, the 5-layer Gatekeeper, the CLI (doctor, evolve, gate, apply, report, autopilot, benchmark), the event store, and the dashboard. We've kept the scope deliberately narrow because we believe safe foundations matter more than feature breadth at this stage.

Upcoming work includes: multi-agent coordination, a richer dashboard with inline proposal review, i18n support, and tighter integration with CI/CD pipelines.

We want Geneclaw to be the framework you reach for when "the agent improved itself" is a trustworthy sentence, not a source of dread.

Star the repo, try geneclaw doctor, and join the conversation in GitHub Discussions.