Proposal: optional AgentHiFive integration branch/skill for secure external workspace actions

[supersantux]

We’ve been prototyping an optional AgentHiFive integration for NanoClaw and wanted to check fit before proposing it more formally.

The goal is to let NanoClaw use brokered external actions for common work tools without exposing provider credentials to the agent. AgentHiFive handles provider auth, policy enforcement, audit trail, and step-up approval flows; NanoClaw keeps the conversational and channel side.

The current integration direction is especially useful for:

• Google Workspace flows like Gmail and Google Drive
• Microsoft 365 / Office flows like Outlook, OneDrive, and SharePoint
• other work tools over time, with Notion, Trello, Slack, and more coming

Why we think this may fit NanoClaw well:

• it is fully optional and dormant unless AGENTHIFIVE_* env vars are configured
• it follows the “skills over features” direction rather than turning NanoClaw core into a large integration platform
• it gives a secure path for external actions that need approval, auditing, or tighter control

What the current prototype covers today:

• Gmail read flows
• Drive list/download/export flows
• approval-required actions with replay after approval
• Telegram access to those capabilities through NanoClaw

What we validated:

• direct wrapper calls are working live
• step-up approval replay now works correctly for downloads too
• the integration can stay isolated behind a small adapter layer plus container-side tools/skills

What we are not proposing:

• not a mandatory dependency
• not a replacement for NanoClaw’s existing philosophy
• not a broad core plugin-system redesign in the first pass

Our preferred shape would be an optional integration branch/skill-style contribution rather than a core NanoClaw feature. If that direction sounds aligned, we can open a focused PR or share the implementation branch in a cleaner reviewable form.

Happy to adapt the shape to whatever is most maintainable for the project.