Skip to main content
Every Lowkey deployment runs exactly one agent pack — a self-contained module that installs a specific AI coding agent, wires it to a model provider, and configures the right permissions. You pick the pack at install time with --pack <name>, and the rest of the deploy flow (CloudFormation or Terraform, instance sizing, IAM roles) adapts automatically.

Pack comparison

PackStabilityProviderAuth methodKey characteristic
openclawStableAmazon BedrockIAM role (no key)24/7 gateway, persistent memory, multi-channel
claude-codeStableAmazon BedrockIAM role (no key)Anthropic’s native CLI, auto-updates, no data volume
codex-cliExperimentalOpenAI APIcodex login post-installBuilder agent, danger-full-access, never prompts
kiro-cliExperimentalKiro cloudSSO device flow or Secrets ManagerAWS MCP servers pre-installed
nemoclawExperimentalBedrock via bedrockifyIAM role (no key)OpenClaw inside OpenShell sandbox (Landlock + seccomp + netns)
hermesExperimentalBedrock via bedrockifyIAM role (no key)NousResearch CLI, self-improving skills, lightweight
Stable means the pack is production-quality and won’t change its auth or API shape without notice. Experimental means the upstream agent may release breaking changes between Lowkey versions — expect rough edges.

Decision guide

Persistent agent with memory and chat channels

Use OpenClaw. It runs a long-lived gateway service, stores conversation history in ~/.openclaw/ on an 80 GB volume, and connects to Telegram, Discord, Slack, or a TUI. The right choice for 24/7 operations.

Claude Code, exactly as Anthropic ships it

Use Claude Code. Native Bedrock support with no proxy layer, auto-updates from Anthropic, and full tool permissions. The simplest path if you just want claude on a server.

OpenAI Codex as the agent

Use Codex CLI. Connects directly to OpenAI’s API (not Bedrock). Configured as a builder agent — danger-full-access sandbox, approval policy set to never. You authenticate after deploy via codex login.

AWS agentic IDE with MCP tools

Use Kiro CLI. Comes with five AWS MCP servers pre-installed (Terraform, ECS, EKS, core, docs). Supports headless mode via a Secrets Manager key or interactive browser SSO.

Maximum sandbox isolation

Use NemoClaw. OpenClaw runs inside NVIDIA’s OpenShell sandbox (Landlock + seccomp + network namespace). The sandbox blocks all AWS API calls except Bedrock InvokeModel — only the personal_assistant profile is allowed.

Lightweight terminal-focused agent

Use Hermes. NousResearch’s CLI agent with a self-improving skills loop, running against Bedrock via bedrockify. Lighter than OpenClaw — no gateway, no memory service, runs on a t4g.medium.

How agents differ from each other

Bedrock-native packs (openclaw, claude-code, nemoclaw, hermes) authenticate via the EC2 instance’s IAM role — no API keys to manage. The model call goes to Amazon Bedrock inside your account, governed by the Bedrock data privacy policy.Provider-API packs (codex-cli, kiro-cli) connect to an external API owned by a third party (OpenAI or Kiro). You must authenticate after deploy — either through a browser login flow or by storing a key in AWS Secrets Manager. Your prompts and code leave your AWS account to reach that provider.
OpenClaw installs a long-running openclaw-gateway systemd user service on port 3001. The gateway stays alive between sessions, handles channel integrations (Telegram, Discord, Slack), and processes scheduled tasks while you’re away.Every other pack is a pure CLI binary. You invoke it directly after SSM-ing into the instance. Nothing runs in the background between your sessions.
hermes and nemoclaw depend on bedrockify — an OpenAI-compatible proxy that translates standard OpenAI-style API calls into Bedrock InvokeModel calls. Those packs install bedrockify automatically as a dependency.claude-code talks to Bedrock natively (CLAUDE_CODE_USE_BEDROCK=1) — no proxy needed. openclaw uses bedrockify in its default bedrock model-mode, but can also be pointed at a LiteLLM proxy or a direct Anthropic API key.
Stateful packs (openclaw, nemoclaw) mount an 80 GB EBS data volume to hold conversation history, agent memory, and workspace files that must survive instance restarts.Stateless CLI packs (claude-code, codex-cli, kiro-cli, hermes) set the data volume to 0 GB — they don’t need persistent disk beyond the root volume.

Same install flow across all packs

Every pack uses the same one-liner, regardless of which agent it installs: 
curl -sfL install.lowkey.run | bash -s -- -y \
  --pack <pack-name> \
  --profile <builder|account_assistant|personal_assistant>
Pack-specific flags (such as --kiro-from-secret for Kiro CLI) are documented on each agent’s page. If you omit --pack, the installer defaults to openclaw.