The Fork Is the New Config

Karpathy bought a Mac Mini to run Claws over the weekend. The Apple Store employee told him they're selling like hotcakes and everyone is confused.

The confusion makes sense. The pitch is "buy a $599 computer so an AI can live in it." That's not a product category anyone has had to explain to their spouse before. It's also, apparently, working.

He covers a lot of ground in the thread, but the thing worth pulling on is a detail he almost breezes past. He's describing NanoClaw — the small, auditable alternative to OpenClaw's 400K-line behemoth — and mentions their approach to configuration. It's not config files. It's skills. You run /add-telegram and Claude Code rewrites your actual source to support Telegram. Not a flag. Not a plugin. A code transformation.

He says it slightly blew his mind.

It should have fully blown his mind.

The config file is dead. The fork is the new config. You clone a repo, you tell the AI what you want, and the AI reshapes the code into exactly your thing and nothing else. Your deployment contains only the code that runs — not the code that could run, not fifteen channel integrations behind feature flags where fourteen of them are attack surface you never asked for.

This is the opposite of how software has been built for thirty years. The entire enterprise industry ships one artifact that handles every customer's needs via configuration. One codebase, many configs, infinite complexity at the seam between what's on and what's off. NanoClaw says: no. Fork it. Let the AI make it yours. Your version has Telegram. Mine has WhatsApp. Neither of us carries the other's code. The security boundary isn't a permission check — it's the absence of code that was never written.

The tradeoff is obvious and he doesn't mention it. Upstream merges become a nightmare. At some point the repo is no longer a thing a person maintains — it's a living document the AI understands and you audit. That's either terrifying or inevitable. Probably both.

Karpathy frames the broader picture as layers: LLMs, then agents, then Claws on top of that. Orchestration, scheduling, persistence, memory, tool calls. What he's describing is a daemon. We've had those since the 1970s. We spent a decade convincing ourselves serverless made daemons obsolete. Now we're building daemons again, except the daemon has a WhatsApp number, your house keys, and opinions about your calendar.

He says he's "sus'd" about running OpenClaw — exposed instances, RCE vulnerabilities, supply chain poisoning in the skills registry. He's being polite. This is the exact thing that happens every time a community registry meets ambient authority. It happened with npm. It happened with Docker Hub. The only novel thing is that the packages being poisoned can execute shell commands on your machine while you sleep and distribute your bitcoin funds equitably to the moltbook.

His favorite image is the last one: a physical device "possessed by a little ghost of a personal digital house elf." That's what sells Mac Minis right now. Not the specs. The vibe of a little aluminum box on your desk that knows you and does things while you're not watching.

The prefix arms race — OpenClaw, NanoClaw, PicoClaw, IronClaw, ZeroClaw — tells you exactly where we are in the cycle. Early enough that naming things is still the fun part.

It won't be the fun part for long.