[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-52":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":28,"readmeContent":29,"aiSummary":30,"trendingCount":16,"starSnapshotCount":16,"syncStatus":31,"lastSyncTime":32,"discoverSource":33},52,"crabbox","openclaw\u002Fcrabbox","openclaw","Crabbox: warm a box, sync the diff, run the suite.","http:\u002F\u002Fcrabbox.sh",null,"Go",601,68,1,13,0,14,46,225,42,9.52,"MIT License",false,"main",true,[27],"remote-test-runner","2026-06-12 02:00:07","# 🦀 📦 Crabbox\n\n[![CI](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg?branch=main)](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Factions\u002Fworkflows\u002Fci.yml)\n[![Release](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Factions\u002Fworkflows\u002Frelease.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Factions\u002Fworkflows\u002Frelease.yml)\n[![Latest release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fopenclaw\u002Fcrabbox?sort=semver)](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Freleases\u002Flatest)\n\n**Warm a box, sync the diff, run the suite.**\n\nCrabbox is an open-source remote testbox runner for maintainers and AI agents. Lease fast managed cloud capacity, or point at an existing SSH host, sync your dirty checkout, run a command remotely, stream output, and release. Local edit-save-run loop, cloud-grade compute.\n\n```sh\ncrabbox run -- pnpm test\n```\n\nBehind that single command: a Go CLI on your laptop, a Cloudflare Worker broker that owns provider credentials and lease state, and a managed runner on Hetzner Cloud or AWS EC2. Crabbox can also wrap Blacksmith Testboxes when you choose `provider: blacksmith-testbox`, use Daytona or Islo sandboxes for direct-provider workflows, or use `provider: ssh` for existing macOS and Windows targets.\n\n---\n\n## Install\n\n```sh\nbrew install openclaw\u002Ftap\u002Fcrabbox\ncrabbox --version\n```\n\nNo Homebrew? Grab a [GoReleaser archive](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fcrabbox\u002Freleases) for macOS, Linux, or Windows.\n\nPrerequisites on the laptop: `git`, `ssh`, `ssh-keygen`, `rsync`, `curl`.\n\n## Quick start\n\n```sh\n# log in once per machine (stores a broker token in user config)\ncrabbox login\n\n# verify local prerequisites and broker reachability\ncrabbox doctor\n\n# one-shot: lease, sync, run, release\ncrabbox run -- pnpm test\n\n# or warm a box once, then reuse it\ncrabbox warmup # prints cbx_... + a slug\ncrabbox run --id blue-lobster -- pnpm test:changed\ncrabbox ssh --id blue-lobster\ncrabbox stop blue-lobster\n```\n\nEvery lease has a stable `cbx_...` ID and a friendly crustacean slug (`blue-lobster`, `swift-hermit`, …). Either works wherever an `--id` is accepted.\n\n## How it works\n\n```text\nyour laptop Cloudflare Worker cloud provider\n------------- ------------------ --------------\ncrabbox CLI -- HTTPS --> Fleet Durable Object --> Hetzner \u002F AWS EC2\n | lease + cost state |\n | |\n +------------ SSH + rsync to leased runner \u003C--------------+\n```\n\n- **CLI** — Go binary. Loads config, mints a per-lease SSH key, asks the broker for a lease, waits for SSH, seeds remote Git, rsyncs the dirty checkout (with fingerprint skip when nothing changed), runs the command, streams output, releases.\n- **Broker** — Cloudflare Worker at `crabbox.openclaw.ai` plus a single Durable Object. Owns provider credentials, serializes lease state, enforces active-lease and monthly spend caps, and expires stale leases by alarm. Auth is GitHub login or a shared bearer token.\n- **Runner** — vanilla Ubuntu prepared by cloud-init with SSH on the primary port, default `2222`, plus configured fallback ports, Git, rsync, curl, jq, and `\u002Fwork\u002Fcrabbox`. No broker credentials live on the box. Project runtimes (Go, Node, Docker, services, secrets) come from your repo's GitHub Actions hydration, devcontainer, Nix, mise\u002Fasdf, or setup scripts — not from Crabbox.\n\nA direct-provider mode (`--provider hetzner|aws` with local credentials) exists for debugging the broker itself; the brokered path is the default.\n\nFor the full mental model, see [How Crabbox Works](docs\u002Fhow-it-works.md). For the doc-to-code map, see [Source Map](docs\u002Fsource-map.md).\n\n## Highlights\n\n- **One-shot or warm.** `crabbox run` for fire-and-forget; `crabbox warmup` + `--id` for repeated runs against the same box.\n- **Run observability.** Every coordinator-backed run gets an early `run_...` handle. Use `crabbox attach \u003Crun-id>` while it is active, `crabbox events \u003Crun-id> --after \u003Cseq> --limit \u003Cn>` for durable lifecycle\u002Foutput events, and `crabbox logs \u003Crun-id>` for retained output after completion.\n- **Stable timing records.** `--timing-json` on `run`, `warmup`, and `actions hydrate` gives scripts one machine-readable sync\u002Fcommand\u002Ftotal timing schema across AWS, Hetzner, and Blacksmith Testboxes.\n- **Local-first sync.** No clean-checkout requirement. Tracked + nonignored files only, fingerprint skip on no-op runs, sanity checks against suspicious mass deletions, optional shallow base-ref hydration for changed-test workflows.\n- **Brokered cloud.** Maintainers and agents share infra without sharing provider tokens. Hetzner and AWS EC2 are first-class managed providers; AWS also owns managed Windows and EC2 Mac targets. Linux defaults to Spot unless capacity config says otherwise. Providers fall back across compatible instance families when capacity or quota rejects a request.\n- **macOS and Windows static hosts.** `provider: ssh` reuses existing machines; it does not create macOS or Windows Crabbox boxes. macOS and Windows WSL2 use the POSIX rsync path; native Windows uses PowerShell plus tar archive sync.\n- **Blacksmith Testbox wrapper.** Set `provider: blacksmith-testbox` to delegate warmup\u002Frun\u002Flist\u002Fstatus\u002Fstop to the Blacksmith CLI while Crabbox keeps local slugs, repo claims, timing summaries, config conventions, and portal visibility for active external runners.\n- **Daytona and Islo sandboxes.** Set `provider: daytona` for Daytona SDK\u002Ftoolbox execution from a snapshot with explicit SSH access when needed, or `provider: islo` for delegated Islo sandbox execution through the Islo Go SDK.\n- **Trusted AWS images.** Operators can create AMIs from active brokered AWS leases and promote a known-good image as the coordinator default.\n- **Cost guardrails.** Per-lease and monthly spend caps. Live pricing from EC2 Spot history or Hetzner server-type prices, with static fallbacks. `crabbox usage` summarizes spend by user, org, provider, and type.\n- **GitHub Actions hydration.** `crabbox actions hydrate` registers a leased box as an ephemeral Actions runner, so the repo's own workflow installs runtimes, services, and secrets. Crabbox does not parse Actions YAML.\n- **Interactive desktop and browser leases.** `--browser` provisions Chrome or Chromium for headless automation, `--desktop` provisions visible UI with tunnel-only VNC takeover on managed Linux, AWS native Windows, and AWS EC2 Mac targets, and QA systems such as Mantis own scenario logic, screenshots, and PR evidence. Hetzner Windows is not a managed target; use AWS for managed Windows or `provider: ssh` for an existing Windows host.\n- **Authenticated web portal.** Browser login opens owner-scoped lease and run views with searchable, paginated tables, muted external-runner rows, compact provider\u002FOS\u002Faccess icons, relative sortable times, recent run logs\u002Fevents, WebVNC, code-server, and Linux lease\u002Frun telemetry charts. Admin sessions can also see non-owned runner leases behind `mine`\u002F`system` filters.\n- **Hardened coordinator auth.** GitHub browser login, owner-scoped leases, admin-only routes, optional GitHub team allowlists, Cloudflare Access JWT verification, and service-token support keep normal use and operator automation separate.\n- **OpenClaw plugin.** The repo root is a native OpenClaw plugin for box lifecycle operations: `crabbox_run`, `crabbox_warmup`, `crabbox_status`, `crabbox_list`, and `crabbox_stop`. Run inspection stays in the CLI and Crabbox skill.\n- **Operator surface.** `doctor`, `init`, `status`, `inspect`, `list`, `usage`, `history`, `logs`, `results`, `cache`, `admin`, `cleanup`, plus `--json` output where it matters.\n\n## Machine classes\n\n`beast` is the default. Both providers fall back across an ordered list of instance types.\n\n```text\nHetzner standard ccx33, cpx62, cx53\n fast ccx43, cpx62, cx53\n large ccx53, ccx43, cpx62, cx53\n beast ccx63, ccx53, ccx43, cpx62, cx53\n\nAWS Linux standard c7a\u002Fc7i\u002Fm7a\u002Fm7i.8xlarge family\n fast …16xlarge family\n large …24xlarge family\n beast …48xlarge family, falling back to 32x\u002F24x\u002F16x\n\nAWS Win standard m7i.large, m7a.large, t3.large\n fast m7i.xlarge, m7a.xlarge, t3.xlarge\n large m7i.2xlarge, m7a.2xlarge, t3.2xlarge\n beast m7i.4xlarge, m7a.4xlarge, m7i.2xlarge\n\nAWS WSL2 standard m8i.large, m8i-flex.large, c8i.large, r8i.large\n fast m8i.xlarge, m8i-flex.xlarge, c8i.xlarge, r8i.xlarge\n large m8i.2xlarge, m8i-flex.2xlarge, c8i.2xlarge, r8i.2xlarge\n beast m8i.4xlarge, m8i-flex.4xlarge, c8i.4xlarge, r8i.4xlarge, m8i.2xlarge\n\nAWS macOS all mac2.metal unless --type is set\n```\n\nOverride with `--type` or `CRABBOX_SERVER_TYPE` for a specific instance.\n\n## Configuration\n\nConfig resolves in order: flags → env → repo `.crabbox.yaml` → user `~\u002F.config\u002Fcrabbox\u002Fconfig.yaml` → defaults.\n\n```yaml\nbroker:\n url: https:\u002F\u002Fcrabbox.openclaw.ai\n provider: aws\n token: ...\nclass: beast\ncapacity:\n market: spot\n strategy: most-available\n fallback: on-demand-after-120s\n hints: true\naws:\n region: eu-west-1\n rootGB: 400\nlease:\n idleTimeout: 30m\n ttl: 90m\nssh:\n key: ~\u002F.ssh\u002Fid_ed25519\n user: crabbox\n port: \"2222\"\n # Ordered fallback ports tried after ssh.port; use [] to disable fallback.\n fallbackPorts:\n - \"22\"\n```\n\nOptional Blacksmith Testbox wrapper:\n\n```yaml\nprovider: blacksmith-testbox\nblacksmith:\n org: openclaw\n workflow: .github\u002Fworkflows\u002Fci-check-testbox.yml\n job: test\n ref: main\n idleTimeout: 90m\n```\n\n`crabbox list --provider blacksmith-testbox` also refreshes muted external\nrunner rows in the portal lease table from the current all-status Testbox list\nwhen coordinator auth is configured. When GitHub is reachable, Crabbox also\nlinks those rows back to the inferred Actions run and workflow, surfaces the\nActions status\u002Fconclusion, flags long-queued or long-running rows as `stuck`,\nand exposes a copyable local `crabbox stop --provider blacksmith-testbox ...`\ncommand. Clicking an external row opens a visibility-only runner detail page\nwith owner, workflow, timestamps, boundary notes, and the same stop command.\nThose rows are visibility-only records for Blacksmith-owned Testboxes, not\nCrabbox leases.\n\nOptional Daytona sandbox:\n\n```yaml\nprovider: daytona\ndaytona:\n snapshot: crabbox-ready\n workRoot: \u002Fhome\u002Fdaytona\u002Fcrabbox\n```\n\nOptional Islo sandbox:\n\n```yaml\nprovider: islo\nislo:\n image: docker.io\u002Flibrary\u002Fubuntu:24.04\n workdir: crabbox\n```\n\nOptional static macOS or Windows target:\n\n```yaml\nprovider: ssh\ntarget: windows\nwindows:\n mode: normal # or wsl2\nstatic:\n host: win-dev.local\n user: Peter\n port: \"22\"\n workRoot: C:\\crabbox\n```\n\nOptional Tailscale reachability for managed Linux leases:\n\n```yaml\ntailscale:\n enabled: true\n network: auto\n tags:\n - tag:crabbox\n hostnameTemplate: crabbox-{slug}\n authKeyEnv: CRABBOX_TAILSCALE_AUTH_KEY\n exitNode: mac-studio.example.ts.net\n exitNodeAllowLanAccess: true\n```\n\nTailscale is a network plane, not a provider. `--tailscale` joins new managed\nLinux leases to the tailnet; `--network auto|tailscale|public` chooses how SSH\nand VNC tunnel commands resolve the host. Brokered mode uses Worker OAuth\nsecrets to mint one-off keys; direct-provider mode reads the auth key from the\nconfigured env var. `exitNode` is opt-in per lease for routing outbound internet\nthrough an approved tailnet exit node. See [Tailscale](docs\u002Ffeatures\u002Ftailscale.md).\n\nForwarded environment is intentionally narrow: `NODE_OPTIONS` and `CI`. Do not pass secrets as command-line arguments. Full env-var reference and per-command flags are in [docs\u002Fcli.md](docs\u002Fcli.md) and [docs\u002Fcommands\u002F](docs\u002Fcommands\u002FREADME.md).\n\n## OpenClaw plugin\n\nThe repo root is a native OpenClaw plugin package. Once installed, it exposes Crabbox as agent tools:\n\n- `crabbox_run`, `crabbox_warmup`, `crabbox_status`, `crabbox_list`, `crabbox_stop`\n\nThe plugin shells out to the configured `crabbox` binary, so local config, broker login, repo claims, and sync behavior stay owned by the CLI. Set `plugins.entries.crabbox.config.binary` if `crabbox` is not on `PATH`.\n\nDurable run inspection is intentionally CLI\u002Fskill-led instead of additional plugin tools: use `crabbox history`, `crabbox events --after --limit`, `crabbox attach`, `crabbox logs`, `crabbox results`, and `crabbox usage` from a shell-capable agent.\n\n## Development\n\n```sh\n# Go CLI\ngo build -o bin\u002Fcrabbox .\u002Fcmd\u002Fcrabbox\ngo test -race .\u002F...\nscripts\u002Fcheck-go-coverage.sh 85.0\n\n# Cloudflare Worker\nnpm ci --prefix worker\nnpm test --prefix worker\nnpm run build --prefix worker\n\n# Docs\nnpm run docs:check\n\n# Optional live smoke, when broker\u002Fprovider credentials are available\nCRABBOX_LIVE=1 CRABBOX_LIVE_REPO=\u002Fpath\u002Fto\u002Fopenclaw scripts\u002Flive-smoke.sh\n# Add Blacksmith only for repos with a Testbox workflow.\nCRABBOX_LIVE=1 CRABBOX_LIVE_PROVIDERS=blacksmith-testbox scripts\u002Flive-smoke.sh\n```\n\nCI runs the full gate (gofmt, vet, race tests, coverage threshold, docs link\u002Fbuild check, GoReleaser snapshot, Worker lint\u002Ftypecheck\u002Ftests\u002Fbuild) on every push and PR. Tagged pushes matching `v*` publish Go archives via GoReleaser and bump the Homebrew formula at [openclaw\u002Fhomebrew-tap](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fhomebrew-tap).\n\nWorker deployment, required secrets, and DNS routing live in [docs\u002Finfrastructure.md](docs\u002Finfrastructure.md).\n\n## Docs\n\n- **Get the model:** [How Crabbox Works](docs\u002Fhow-it-works.md), [Architecture](docs\u002Farchitecture.md), [Orchestrator](docs\u002Forchestrator.md)\n- **Use the CLI:** [CLI](docs\u002Fcli.md), [Commands](docs\u002Fcommands\u002FREADME.md), [Features](docs\u002Ffeatures\u002FREADME.md)\n- **Interactive QA:** [Interactive Desktop and VNC](docs\u002Ffeatures\u002Finteractive-desktop-vnc.md)\n- **Operate it:** [Operations](docs\u002Foperations.md), [Observability](docs\u002Fobservability.md), [Troubleshooting](docs\u002Ftroubleshooting.md)\n- **Set it up or audit it:** [Infrastructure](docs\u002Finfrastructure.md), [Security](docs\u002Fsecurity.md), [Source Map](docs\u002Fsource-map.md), [MVP Plan](docs\u002Fmvp-plan.md)\n- **Changes:** [CHANGELOG.md](CHANGELOG.md)\n\nThe GitHub Pages site at \u003Chttps:\u002F\u002Fopenclaw.github.io\u002Fcrabbox\u002F> is generated from the `docs\u002F` Markdown:\n\n```sh\nnpm run docs:check\nopen dist\u002Fdocs-site\u002Findex.html\n```\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","Crabbox 是一个远程测试盒运行器,支持维护者和AI代理在云端快速执行测试任务。其核心功能包括通过SSH同步代码差异、远程运行命令并实时流输出结果,同时支持多种云服务提供商如Hetzner Cloud或AWS EC2。Crabbox采用Go语言编写,具有轻量级CLI工具,并通过Cloudflare Worker管理租约状态与成本控制。适用于需要频繁进行本地开发与远程测试的场景,特别是在追求高效迭代周期的软件开发团队中。",2,"2026-06-11 02:30:38","CREATED_QUERY"]