docs: rewrite README and prune upstream/WhatsApp/Docker debris from debug+security

README.md:
- rewrite from scratch: remove OpenClaw comparison + upstream author first-person voice, "gh repo fork qwibitai" Quick Start, dead docs.nanoclaw.dev links, Docker/Linux/Windows support claims (runtime is hardcoded to Apple `container` CLI), "Agent Swarms" framing, and the upstream PR/contribution section
- describe current reality: Slack pat/mat dual bots + Gmail, Claude+Codex dual SDK, Apple Container + OneCLI, whisper-cpp local transcription, per-group isolated memory
- Key Files table reflects src/ as it is now (slack-mat.ts, container-runtime.ts, transcribe.ts)

docs/DEBUG_CHECKLIST.md:
- drop Issue nanocoai#4 (Kubernetes/Rancher Desktop image GC) — Docker-only problem, runtime is hardcoded to Apple container
- docker ps/run → container list/run
- delete Channel Auth Issues section (QR code, store/auth/, npm run auth — all WhatsApp-era dead weight)

docs/SECURITY.md:
- drop `store/auth/` NOT-Mounted bullet (WhatsApp session dir, unused in this fork)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: chocoSprite

README.md

@@ -1,179 +1,110 @@
-<p align="center">
-  <img src="assets/nanoclaw-logo.png" alt="NanoClaw" width="400">
-</p>
+# NanoClaw
 
-<p align="center">
-  An AI assistant that runs agents securely in their own containers. Lightweight, built to be easily understood and completely customized for your needs.
-</p>
+A Claude-powered personal assistant that routes Slack and Gmail messages to agents running in isolated Apple Container sandboxes.
 
----
+## What It Does
 
-## Why I Built NanoClaw
-
-[OpenClaw](https://github.com/openclaw/openclaw) is an impressive project, but I wouldn't have been able to sleep if I had given complex software I didn't understand full access to my life. OpenClaw has nearly half a million lines of code, 53 config files, and 70+ dependencies. Its security is at the application level (allowlists, pairing codes) rather than true OS-level isolation. Everything runs in one Node process with shared memory.
-
-NanoClaw provides that same core functionality, but in a codebase small enough to understand: one process and a handful of files. Claude agents run in their own Linux containers with filesystem isolation, not merely behind permission checks.
-
-## Quick Start
-
-```bash
-gh repo fork qwibitai/nanoclaw --clone
-cd nanoclaw
-claude
-```
-
-<details>
-<summary>Without GitHub CLI</summary>
-
-1. Fork [qwibitai/nanoclaw](https://github.com/qwibitai/nanoclaw) on GitHub (click the Fork button)
-2. `git clone https://github.com/<your-username>/nanoclaw.git`
-3. `cd nanoclaw`
-4. `claude`
-
-</details>
-
-Then run `/setup`. Claude Code handles everything: dependencies, authentication, container setup and service configuration.
-
-> **Note:** Commands prefixed with `/` (like `/setup`, `/add-slack`) are [Claude Code skills](https://code.claude.com/docs/en/skills). Type them inside the `claude` CLI prompt, not in your regular terminal. If you don't have Claude Code installed, get it at [claude.com/product/claude-code](https://claude.com/product/claude-code).
+Messages arrive on a connected channel (Slack, Gmail). The orchestrator polls a SQLite queue, spawns an agent container with the group's memory and allowed mounts, streams the conversation into Claude Agent SDK (or Codex SDK), and sends the response back through the owning channel. Each group has isolated memory, sessions, and filesystem.
 
 ## Philosophy
 
-**Small enough to understand.** One process, a few source files and no microservices. If you want to understand the full NanoClaw codebase, just ask Claude Code to walk you through it.
-
-**Secure by isolation.** Agents run in Linux containers (Apple Container on macOS, or Docker) and they can only see what's explicitly mounted. Bash access is safe because commands run inside the container, not on your host.
-
-**Built for the individual user.** NanoClaw isn't a monolithic framework; it's software that fits each user's exact needs. Instead of becoming bloatware, NanoClaw is designed to be bespoke. You make your own fork and have Claude Code modify it to match your needs.
-
-**Customization = code changes.** No configuration sprawl. Want different behavior? Modify the code. The codebase is small enough that it's safe to make changes.
-
-**AI-native.**
-- No installation wizard; Claude Code guides setup.
-- No monitoring dashboard; ask Claude what's happening.
-- No debugging tools; describe the problem and Claude fixes it.
-
-**Skills over features.** Instead of adding features to the codebase, [claude code skills](https://code.claude.com/docs/en/skills) like `/add-slack` transform your fork. You end up with clean code that does exactly what you need.
-
-**Best harness, best model.** NanoClaw runs on the Claude Agent SDK, which means you're running Claude Code directly. Claude Code is highly capable and its coding and problem-solving capabilities allow it to modify and expand NanoClaw and tailor it to each user.
+- **Small enough to understand.** One Node.js process, a handful of source files under `src/`. Read the file you're curious about — that's the authoritative spec.
+- **Secure by isolation.** Agents run inside Apple Container VMs with only explicitly mounted directories visible. Bash is safe because it runs inside the container, not on the host.
+- **Credentials never reach the container.** [OneCLI's Agent Vault](https://github.com/onecli/onecli) intercepts outbound HTTPS and injects credentials at the gateway — agents can't read real tokens from env, files, or `/proc`.
+- **Customization = code changes.** No configuration sprawl. Want different behavior? Edit the code. The codebase is small enough to make changes safely.
+- **Skills over features.** Operational workflows (`/setup`, `/debug`, `/customize`) are [Claude Code skills](https://code.claude.com/docs/en/skills) that guide tasks rather than being hardcoded.
 
 ## What It Supports
 
-- **Multi-channel messaging** - Talk to your assistant from Slack or Gmail. Add channels with skills like `/add-slack` or `/add-gmail`.
-- **Isolated group context** - Each group has its own `CLAUDE.md` memory, isolated filesystem, and runs in its own container sandbox with only that filesystem mounted to it.
-- **Main channel** - Your private channel (self-chat) for admin control; every group is completely isolated
-- **Scheduled tasks** - Recurring jobs that run Claude and can message you back
-- **Web access** - Search and fetch content from the Web
-- **Container isolation** - Agents are sandboxed in Apple Container (macOS) or Docker (macOS/Linux)
-- **Credential security** - Agents never hold raw API keys. Outbound requests route through [OneCLI's Agent Vault](https://github.com/onecli/onecli), which injects credentials at request time and enforces per-agent policies and rate limits.
-- **Agent Swarms** - Spin up teams of specialized agents that collaborate on complex tasks
-- **Optional integrations** - Add Gmail (`/add-gmail`) and more via skills
+- **Slack channels** — Dual-bot setup (`@패트` / `@매트`) via Socket Mode. Add with `/add-slack`.
+- **Gmail** — As a tool (read/send/search/draft) or a full channel (emails can trigger the agent). Add with `/add-gmail`.
+- **Dual SDK** — Claude Agent SDK and Codex SDK side by side, selectable per bot identity.
+- **Isolated group context** — Each group has its own `CLAUDE.md` memory, sessions, and filesystem, mounted into a fresh container per invocation.
+- **Main channel admin** — Your private channel (self-chat) registers/removes groups and schedules cross-group tasks.
+- **Scheduled tasks** — Cron, interval, and one-time jobs that run a full Claude/Codex agent in the group's context.
+- **Web access** — `WebSearch` and `WebFetch` tools inside the container.
+- **Local audio transcription** — Slack voice messages are transcribed locally via `whisper-cpp` before reaching the agent.
+- **Ollama MCP** — Optional local-model MCP server via `/add-ollama-tool`.
+- **Context compaction** — `/compact` forwards the SDK's built-in compaction for long sessions.
 
 ## Usage
 
-Talk to your assistant with the trigger word (default: `@패트`):
+Talk to the assistant with the trigger word (default `@패트` or `@매트`):
 
 ```
-@패트 send an overview of the sales pipeline every weekday morning at 9am (has access to my Obsidian vault folder)
-@패트 review the git history for the past week each Friday and update the README if there's drift
-@패트 every Monday at 8am, compile news on AI developments from Hacker News and TechCrunch and message me a briefing
+@패트 send me an overview of today's work calendar every weekday morning at 9am
+@패트 review the git history for the past week each Friday and summarize drift
+@매트 매일 오전 8시에 HN AI 뉴스 큐레이션해줘
 ```
 
-From the main channel (your self-chat), you can manage groups and tasks:
+From the main channel you can manage groups and tasks:
+
 ```
 @패트 list all scheduled tasks across groups
 @패트 pause the Monday briefing task
-@패트 join the Family Chat group
+@패트 add group "Family Chat"
 ```
 
 ## Customizing
 
-NanoClaw doesn't use configuration files. To make changes, just tell Claude Code what you want:
+NanoClaw has almost no configuration files. Tell Claude Code what you want and it modifies the source:
 
-- "Change the trigger word to @Bob"
-- "Remember in the future to make responses shorter and more direct"
-- "Add a custom greeting when I say good morning"
-- "Store conversation summaries weekly"
+- "Change the trigger word to `@Bob`"
+- "Keep responses under three sentences"
+- "Add a greeting when I say good morning"
 
 Or run `/customize` for guided changes.
 
-The codebase is small enough that Claude can safely modify it.
-
 ## Requirements
 
-- macOS, Linux, or Windows (via WSL2)
+- macOS with [Apple Container](https://github.com/apple/container) (the runtime is hardcoded to the `container` CLI)
 - Node.js 20+
 - [Claude Code](https://claude.ai/download)
-- [Apple Container](https://github.com/apple/container) (macOS) or [Docker](https://docker.com/products/docker-desktop) (macOS/Linux)
+- [OneCLI](https://github.com/onecli/onecli) for credential vaulting
+- `whisper-cpp` + `ggml-large-v3-turbo.bin` (for Slack audio transcription)
+- Slack Socket Mode app with bot + app-level tokens
+- GCP OAuth credentials for Gmail
 
-## Architecture
-
-```
-Channels --> SQLite --> Polling loop --> Container (Claude Agent SDK) --> Response
-```
-
-Single Node.js process. Channels are added via skills and self-register at startup — the orchestrator connects whichever ones have credentials present. Agents execute in isolated Linux containers with filesystem isolation. Only mounted directories are accessible. Per-group message queue with concurrency control. IPC via filesystem.
-
-For the full architecture details, see the [documentation site](https://docs.nanoclaw.dev/concepts/architecture).
-
-Key files:
-- `src/index.ts` - Orchestrator: state, message loop, agent invocation
-- `src/channels/registry.ts` - Channel registry (self-registration at startup)
-- `src/ipc.ts` - IPC watcher and task processing
-- `src/router.ts` - Message formatting and outbound routing
-- `src/group-queue.ts` - Per-group queue with global concurrency limit
-- `src/container-runner.ts` - Spawns streaming agent containers
-- `src/task-scheduler.ts` - Runs scheduled tasks
-- `src/db.ts` - SQLite operations (messages, groups, sessions, state)
-- `groups/*/CLAUDE.md` - Per-group memory
-
-## FAQ
-
-**Why Docker?**
-
-Docker provides cross-platform support (macOS, Linux and even Windows via WSL2) and a mature ecosystem. This fork uses Apple Container on macOS as the default runtime.
-
-**Can I run this on Linux or Windows?**
-
-Yes. Docker is the default runtime and works on macOS, Linux, and Windows (via WSL2). Just run `/setup`.
-
-**Is this secure?**
-
-Agents run in containers, not behind application-level permission checks. They can only access explicitly mounted directories. Credentials never enter the container — outbound API requests route through [OneCLI's Agent Vault](https://github.com/onecli/onecli), which injects authentication at the proxy level and supports rate limits and access policies. You should still review what you're running, but the codebase is small enough that you actually can. See the [security documentation](https://docs.nanoclaw.dev/concepts/security) for the full security model.
-
-**Why no configuration files?**
-
-We don't want configuration sprawl. Every user should customize NanoClaw so that the code does exactly what they want, rather than configuring a generic system. If you prefer having config files, you can tell Claude to add them.
-
-**Can I use third-party or open-source models?**
-
-Yes. NanoClaw supports any Claude API-compatible model endpoint. Set these environment variables in your `.env` file:
+## Getting Started
 
 ```bash
-ANTHROPIC_BASE_URL=https://your-api-endpoint.com
-ANTHROPIC_AUTH_TOKEN=your-token-here
+cd nanoclaw
+claude
 ```
 
-This allows you to use:
-- Local models via [Ollama](https://ollama.ai) with an API proxy
-- Open-source models hosted on [Together AI](https://together.ai), [Fireworks](https://fireworks.ai), etc.
-- Custom model deployments with Anthropic-compatible APIs
-
-Note: The model must support the Anthropic API format for best compatibility.
+Inside the Claude Code prompt, run `/setup`. It walks through Node.js, Apple Container, OneCLI, channel skills (`/add-slack`, `/add-gmail`), launchd service install, and verification.
 
-**How do I debug issues?**
+## Architecture
 
-Ask Claude Code. "Why isn't the scheduler running?" "What's in the recent logs?" "Why did this message not get a response?" That's the AI-native approach that underlies NanoClaw.
+```
+Channels → SQLite → Polling loop → Apple Container (Claude/Codex SDK) → Response
+```
 
-**Why isn't the setup working for me?**
+Single Node.js process. Channels self-register at startup — the orchestrator connects whichever have credentials. Agents execute in fresh Apple Container VMs with filesystem isolation. Only mounted directories are accessible. Per-group message queue with global concurrency control. IPC via filesystem.
 
-If you have issues, during setup, Claude will try to dynamically fix them. If that doesn't work, run `claude`, then run `/debug`. If Claude finds an issue that is likely affecting other users, open a PR to modify the setup SKILL.md.
+### Key Files
 
-**What changes will be accepted into the codebase?**
+| File | Purpose |
+|------|---------|
+| `src/index.ts` | Orchestrator: state, message loop, agent invocation |
+| `src/channels/registry.ts` | Channel self-registration registry |
+| `src/channels/slack.ts`, `slack-mat.ts` | Slack pat/mat bots |
+| `src/router.ts` | Resolves owning channel for a JID |
+| `src/ipc.ts` | IPC watcher and task processing |
+| `src/group-queue.ts` | Per-group queue with global concurrency |
+| `src/container-runner.ts` | Spawns agents in Apple Container |
+| `src/container-runtime.ts` | Container runtime bindings |
+| `src/task-scheduler.ts` | Runs scheduled tasks |
+| `src/transcribe.ts` | whisper-cpp audio transcription |
+| `src/db.ts` | SQLite operations |
+| `groups/{folder}/CLAUDE.md` | Per-group memory (isolated) |
+| `container/skills/` | Skills loaded inside agent containers |
 
-Only security fixes, bug fixes, and clear improvements will be accepted to the base configuration. That's all.
+See [docs/SPEC.md](docs/SPEC.md) for full architecture details, [docs/SECURITY.md](docs/SECURITY.md) for the security model, [docs/SDK_DEEP_DIVE.md](docs/SDK_DEEP_DIVE.md) for Agent SDK internals, and [docs/APPLE-CONTAINER-NETWORKING.md](docs/APPLE-CONTAINER-NETWORKING.md) for macOS 26 vmnet setup.
 
-Everything else (new capabilities, OS compatibility, hardware support, enhancements) should be contributed as skills.
+## Debugging
 
-This keeps the base system minimal and lets every user customize their installation without inheriting features they don't want.
+Ask Claude Code directly: "Why isn't the scheduler running?" "What's in the recent logs?" That's the AI-native approach. Or run `/debug` for a guided checklist, or skim [docs/DEBUG_CHECKLIST.md](docs/DEBUG_CHECKLIST.md).
 
 ## License
 

docs/DEBUG_CHECKLIST.md

@@ -11,34 +11,6 @@ Both timers fire at the same time, so containers always exit via hard SIGKILL (c
 ### 3. Cursor advanced before agent succeeds
 `processGroupMessages` advances `lastAgentTimestamp` before the agent runs. If the container times out, retries find no messages (cursor already past them). Messages are permanently lost on timeout.
 
-### 4. Kubernetes image garbage collection deletes nanoclaw-agent image
-
-**Symptoms**: `Container exited with code 125: pull access denied for nanoclaw-agent` — the container image disappears overnight or after a few hours, even though you just built it.
-
-**Cause**: If your container runtime has Kubernetes enabled (Rancher Desktop enables it by default), the kubelet runs image garbage collection when disk usage exceeds 85%. NanoClaw containers are ephemeral (run and exit), so `nanoclaw-agent:latest` is never protected by a running container. The kubelet sees it as unused and deletes it — often overnight when no messages are being processed. Other images (docker-compose services) survive because they have long-running containers referencing them.
-
-**Fix**: Disable Kubernetes if you don't need it:
-```bash
-# Rancher Desktop
-rdctl set --kubernetes-enabled=false
-
-# Then rebuild the container image
-./container/build.sh
-```
-
-**Diagnosis**: Check the k3s log for image GC activity:
-```bash
-grep -i "nanoclaw" ~/Library/Logs/rancher-desktop/k3s.log
-# Look for: "Removing image to free bytes" with the nanoclaw-agent image ID
-```
-
-Check NanoClaw logs for image status:
-```bash
-grep -E "image found|image NOT found|image missing" logs/nanoclaw.log
-```
-
-If you need Kubernetes enabled, set `CONTAINER_IMAGE` to an image stored in a registry that the kubelet won't GC, or raise the GC thresholds.
-
 ## Quick Status Check
 
 ```bash
@@ -47,18 +19,15 @@ launchctl list | grep nanoclaw
 # Expected: PID  0  com.nanoclaw (PID = running, "-" = not running, non-zero exit = crashed)
 
 # 2. Any running containers?
-docker ps --format '{{.Names}} {{.Status}}' 2>/dev/null | grep nanoclaw
+container list 2>/dev/null | grep nanoclaw
 
-# 3. Any stopped/orphaned containers?
-docker ps -a --format '{{.Names}} {{.Status}}' 2>/dev/null | grep nanoclaw
-
-# 4. Recent errors in service log?
+# 3. Recent errors in service log?
 grep -E 'ERROR|WARN' logs/nanoclaw.log | tail -20
 
-# 5. Are channels connected? (look for last connection event)
+# 4. Are channels connected? (look for last connection event)
 grep -E 'Connected|Connection closed|connection.*close|channel.*ready' logs/nanoclaw.log | tail -5
 
-# 6. Are groups loaded?
+# 5. Are groups loaded?
 grep 'groupCount' logs/nanoclaw.log | tail -3
 ```
 
@@ -134,21 +103,7 @@ cat ~/.config/nanoclaw/mount-allowlist.json
 sqlite3 store/messages.db "SELECT name, container_config FROM registered_groups;"
 
 # Test-run a container to check mounts (dry run)
-# Replace <group-folder> with the group's folder name
-docker run -i --rm --entrypoint ls nanoclaw-agent:latest /workspace/extra/
-```
-
-## Channel Auth Issues
-
-```bash
-# Check if QR code was requested (means auth expired)
-grep 'QR\|authentication required\|qr' logs/nanoclaw.log | tail -5
-
-# Check auth files exist
-ls -la store/auth/
-
-# Re-authenticate if needed
-npm run auth
+container run --rm --entrypoint ls nanoclaw-agent:latest /workspace/extra/
 ```
 
 ## Service Management

docs/SECURITY.md

@@ -78,7 +78,6 @@ Real API credentials **never enter containers**. NanoClaw uses [OneCLI's Agent V
 Each NanoClaw group gets its own OneCLI agent identity. This allows different credential policies per group (e.g. your sales agent vs. support agent). OneCLI supports rate limits, and time-bound access and approval flows are on the roadmap.
 
 **NOT Mounted:**
-- Channel auth sessions (`store/auth/`) — host only
 - Mount allowlist — external, never mounted
 - Any credentials matching blocked patterns
 - `.env` is shadowed with `/dev/null` in the project root mount