[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-75018":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":34,"readmeContent":35,"aiSummary":36,"trendingCount":16,"starSnapshotCount":16,"syncStatus":37,"lastSyncTime":38,"discoverSource":39},75018,"claw-empire","GreenSheep01201\u002Fclaw-empire","GreenSheep01201","Command Your AI Agent Empire from the CEO Desk — A local-first AI agent office simulator that orchestrates CLI, OAuth, and API-connected agents (Claude Code, Codex CLI, Gemini CLI, OpenCode, and more) as a virtual autonomous company.","",null,"TypeScript",1220,252,8,3,0,11,57,75,33,20.21,"Apache License 2.0",false,"main",true,[27,28,29,30,31,32,33],"agentic-workflow","agents","ochestration","openclaw","openclaw-agent","openclaw-extension","openclaw-plugin","2026-06-12 02:03:31","\u003Cp align=\"center\">\n \u003Cimg src=\"public\u002Fclaw-empire.svg\" width=\"80\" alt=\"Claw-Empire\" \u002F>\n\u003C\u002Fp>\n\n\u003Ch1 align=\"center\">Claw-Empire\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\n \u003Cstrong>Command Your AI Agent Empire from the CEO Desk\u003C\u002Fstrong>\u003Cbr>\n A local-first AI agent office simulator that orchestrates \u003Cb>CLI\u003C\u002Fb>, \u003Cb>OAuth\u003C\u002Fb>, and \u003Cb>API-connected\u003C\u002Fb> providers (including \u003Cb>Claude Code\u003C\u002Fb>, \u003Cb>Codex CLI\u003C\u002Fb>, \u003Cb>Gemini CLI\u003C\u002Fb>, \u003Cb>OpenCode\u003C\u002Fb>, \u003Cb>Kimi Code\u003C\u002Fb>, \u003Cb>GitHub Copilot\u003C\u002Fb>, and \u003Cb>Antigravity\u003C\u002Fb>) as a virtual company of autonomous agents.\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fversion-2.0.4-blue\" alt=\"Releases\" \u002F>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire\u002Factions\u002Fworkflows\u002Fci.yml\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg?branch=main\" alt=\"CI\" \u002F>\u003C\u002Fa>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fnode-%3E%3D22-brightgreen\" alt=\"Node.js 22+\" \u002F>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-orange\" alt=\"License\" \u002F>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fplatform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey\" alt=\"Platform\" \u002F>\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI-Claude%20%7C%20Codex%20%7C%20Gemini%20%7C%20OpenCode%20%7C%20Kimi%20%7C%20Copilot%20%7C%20Antigravity-purple\" alt=\"AI Agents\" \u002F>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"#quick-start\">Quick Start\u003C\u002Fa> ·\n \u003Ca href=\"#ai-installation-guide\">AI Install Guide\u003C\u002Fa> ·\n \u003Ca href=\"docs\u002Freleases\u002Fv2.0.4.md\">Release Notes\u003C\u002Fa> ·\n \u003Ca href=\"#openclaw-integration\">OpenClaw\u003C\u002Fa> ·\n \u003Ca href=\"#direct-messenger-without-openclaw\">Direct Messenger\u003C\u002Fa> ·\n \u003Ca href=\"#dollar-command-logic\">$ Command\u003C\u002Fa> ·\n \u003Ca href=\"#features\">Features\u003C\u002Fa> ·\n \u003Ca href=\"#screenshots\">Screenshots\u003C\u002Fa> ·\n \u003Ca href=\"#tech-stack\">Tech Stack\u003C\u002Fa> ·\n \u003Ca href=\"#cli-provider-setup\">Providers\u003C\u002Fa> ·\n \u003Ca href=\"#docker-deployment-quick-start\">Docker Deploy\u003C\u002Fa> ·\n \u003Ca href=\"#security\">Security\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cb>English\u003C\u002Fb> | \u003Ca href=\"README_ko.md\">한국어\u003C\u002Fa> | \u003Ca href=\"README_jp.md\">日本語\u003C\u002Fa> | \u003Ca href=\"README_zh.md\">中文\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"Sample_Img\u002FOffice.png\" alt=\"Office View\" width=\"100%\" \u002F>\n\u003C\u002Fp>\n\n---\n\n## What is Claw-Empire?\n\nClaw-Empire transforms your AI coding assistants — connected via **CLI**, **OAuth**, or **direct API keys** — into a fully simulated **virtual software company**. You are the CEO. Your AI agents are the employees. Watch them collaborate across departments, hold meetings, deliver tasks, and level up — all visualized through a charming pixel-art office interface.\n\n### Why Claw-Empire?\n\n- **One interface, many AI agents** — Manage CLI, OAuth, and API-backed agents from a single dashboard\n- **Local-first & private** — All data stays on your machine. SQLite database, no cloud dependency\n- **Visual & intuitive** — Pixel-art office view makes AI orchestration fun and transparent\n- **Real autonomous collaboration** — Agents work in isolated git worktrees, attend meetings, and produce deliverables\n\n---\n\n## Install with AI\n\n> **Just paste this to your AI coding agent (Claude Code, Codex, Gemini CLI, etc.):**\n>\n> ```\n> Install Claw-Empire following the guide at:\n> https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire\n> ```\n>\n> The AI will read this README and handle everything automatically.\n\n---\n\n## Latest Release (v2.0.4)\n\n- **Docker deployment is now an officially documented path** - the repo now ships a production-oriented `Dockerfile`, `docker-compose.yml`, `.dockerignore`, and container-aware runtime path handling.\n- **Stale `working` agents recover automatically after interrupted runs** - lifecycle startup and interval sweeps now reset agents that are still marked `working` without a live `in_progress` task.\n- **Settings > API now supports official direct-API presets** - OpenCode Go and Bailian Coding Plan presets lock the expected Base URL, seed fallback models immediately, and keep refresh\u002Fretry behavior explicit.\n- **Kimi Code is now supported end to end** - Kimi is wired through CLI execution, provider labels, skills learn\u002Funlearn flow, prompt-skill rendering, video-preprod bootstrap, and provider-aware schema\u002Fruntime checks.\n- **API model assignment now starts from the development pack and expands to initialized office packs** - `development` remains the default baseline, and office packs that have already been hydrated through initial setup also appear as assign targets.\n- **Local E2E validation is safer and cleaner** - `pnpm run test:e2e` now resets the isolated runtime before and after Playwright runs, and existing `8810` servers are no longer reused unless you explicitly opt in.\n\n- Full notes: [`docs\u002Freleases\u002Fv2.0.4.md`](docs\u002Freleases\u002Fv2.0.4.md)\n- API docs: [`docs\u002Fapi.md`](docs\u002Fapi.md), [`docs\u002Fopenapi.json`](docs\u002Fopenapi.json)\n- Security policy: [`SECURITY.md`](SECURITY.md)\n\n## Office Pack Profiles (v2.0.1)\n\nEach office pack applies a different collaboration topology, naming seed, and workflow bias.\n\n| Pack | Core Focus | Representative Structure |\n| ----------------------------- | -------------------------------------------------------------- | ---------------------------------------------------------------- |\n| `development` (`DEV`) | Default engineering baseline with backward-compatible behavior | Planning \u002F Development \u002F Design \u002F QA-QC \u002F DevSecOps \u002F Operations |\n| `report` (`RPT`) | Structured report and document production | Editorial Planning, Research Engine, Doc Design, Review Desk |\n| `web_research_report` (`WEB`) | Source collection and citation-first fact validation | Research Strategy, Crawler Team, Fact Check |\n| `novel` (`NOV`) | Worldbuilding, narrative flow, and tone consistency | Worldbuilding, Narrative Engine, Character Art, Tone QA |\n| `video_preprod` (`VID`) | Concept\u002Fscript\u002Fshot-list\u002Fediting-note pre-production | Pre-production, Scene Engine, Art & Camera, Cut QA |\n| `roleplay` (`RPG`) | In-character dialogue immersion and role consistency | Character Planning, Dialogue Engine, Stage Art, Character QA |\n\n## Screenshots\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\n**Dashboard** — Real-time KPI metrics, agent rankings, and department status at a glance\n\n\u003Cimg src=\"Sample_Img\u002FDashboard.png\" alt=\"Dashboard\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\n**Kanban Board** — Drag-and-drop task management with department and agent filters\n\n\u003Cimg src=\"Sample_Img\u002FKanban.png\" alt=\"Kanban Board\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\n**Skills Library** — Browse and assign 600+ agent skills across categories\n\n\u003Cimg src=\"Sample_Img\u002FSkills.png\" alt=\"Skills Library\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\n**Multi-Provider CLI** — Configure Claude Code, Codex, Gemini CLI, OpenCode, and Kimi Code with model selection\n\n\u003Cimg src=\"Sample_Img\u002FCLI.png\" alt=\"CLI Tools Settings\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\n**OAuth Integration** — Secure GitHub & Google OAuth with encrypted token storage\n\n\u003Cimg src=\"Sample_Img\u002FOAuth.png\" alt=\"OAuth Settings\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\n**Meeting Minutes** — AI-generated meeting summaries with multi-round review approval\n\n\u003Cimg src=\"Sample_Img\u002FMeeting_Minutes.png\" alt=\"Meeting Minutes\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\n**Messenger Integration** — Configure Telegram, WhatsApp, Discord, Google Chat, Slack, Signal, iMessage sessions and send `$` CEO directives\n\n\u003Cimg src=\"Sample_Img\u002Ftelegram.png\" alt=\"Telegram Integration\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\n**Settings** — Configure company name, CEO name, default provider preferences (CLI\u002FOAuth\u002FAPI), and language preferences\n\n\u003Cimg src=\"Sample_Img\u002FSetting.png\" alt=\"Settings\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\n**Detailed Report** — Example of completion report popup, report history, and detailed report view for a request\n\n\u003Cimg src=\"Sample_Img\u002FReport.png\" alt=\"Detailed Report\" width=\"100%\" \u002F>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\n**PPT Generation** — Example captures of PPT generation output for a report request\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"Sample_Img\u002FPPT_Gen0.png\" alt=\"PPT Generation Example 0\" width=\"49%\" \u002F>\n \u003Cimg src=\"Sample_Img\u002FPPT_Gen1.png\" alt=\"PPT Generation Example 1\" width=\"49%\" \u002F>\n\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n### Video Output Sample\n\nPreview sample intro video output:\n\n\u003Cp align=\"center\">\n \u003Cvideo src=\"Sample_Img\u002Fclaw-empire-intro.mp4\" controls muted playsinline width=\"100%\">\u003C\u002Fvideo>\n\u003C\u002Fp>\n\n- Direct file: [`Sample_Img\u002Fclaw-empire-intro.mp4`](Sample_Img\u002Fclaw-empire-intro.mp4)\n\n### PPT Sample Sources\n\nUse the sample sources below when reviewing or extending report-to-PPT generation:\nUsage path: **Chat window > Report Request button**, then enter your request.\n\n- Folder: [`docs\u002Freports\u002FSample_Slides`](docs\u002Freports\u002FSample_Slides)\n- Sample deck (`.pptx`): [`docs\u002Freports\u002FPPT_Sample.pptx`](docs\u002Freports\u002FPPT_Sample.pptx)\n- HTML slides: [`slide-01.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-01.html), [`slide-02.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-02.html), [`slide-03.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-03.html), [`slide-04.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-04.html), [`slide-05.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-05.html), [`slide-06.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-06.html), [`slide-07.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-07.html), [`slide-08.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-08.html), [`slide-09.html`](docs\u002Freports\u002FSample_Slides\u002Fslide-09.html)\n- Build scripts: [`build-pptx.mjs`](docs\u002Freports\u002FSample_Slides\u002Fbuild-pptx.mjs), [`build-pptx.cjs`](docs\u002Freports\u002FSample_Slides\u002Fbuild-pptx.cjs), [`html2pptx.cjs`](docs\u002Freports\u002FSample_Slides\u002Fhtml2pptx.cjs)\n\n---\n\n## Features\n\n| Feature | Description |\n| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| **Pixel-Art Office** | Animated office view with agents walking, working, and attending meetings across 6 departments |\n| **Workflow Pack Profiles** | Six built-in workflow packs (`development`, `report`, `web_research_report`, `novel`, `video_preprod`, `roleplay`) provide pack-specific routing schema, QA rules, and output templates |\n| **Office Pack Profiles** | Pack-scoped office profiles apply dedicated department topology, naming\u002Ftheme presets, and isolated agent\u002Fdepartment data per pack (except DB-backed development baseline) |\n| **Kanban Task Board** | Full task lifecycle — Inbox, Planned, Collaborating, In Progress, Review, Done — with drag-and-drop |\n| **CEO Chat & Directives** | Direct communication with team leaders; `$` directives support meeting choice plus project path\u002Fcontext routing (`project_path`, `project_context`) |\n| **Multi-Provider Support** | Claude Code, Codex CLI, Gemini CLI, OpenCode, Kimi Code, Antigravity — all from one dashboard |\n| **External API Providers** | Connect agents to external LLM APIs (OpenAI, Anthropic, Google, Ollama, OpenRouter, Together, Groq, Cerebras, custom) via Settings > API tab, with official presets for OpenCode Go and Bailian Coding Plan |\n| **OAuth Integration** | GitHub & Google OAuth with AES-encrypted token storage in local SQLite |\n| **Real-time WebSocket** | Live status updates, activity feed, and agent state synchronization |\n| **Active Agent Control** | Active-agent monitor with process\u002Factivity\u002Fidle metadata and direct kill action for stuck tasks |\n| **Task Report System** | Completion popup, report history, team report drilldown, and planning-lead consolidated archive |\n| **Agent Management** | Hire, edit, and delete agents with multilingual names, role\u002Fdepartment\u002Fprovider selection, and personality fields |\n| **Agent Ranking & XP** | Agents earn XP for completed tasks; ranking board tracks top performers |\n| **Skills Library** | 600+ categorized skills (Frontend, Backend, Design, AI, DevOps, Security, etc.) with custom skill upload support |\n| **Meeting System** | Planned and ad-hoc meetings with AI-generated minutes and multi-round review |\n| **Git Worktree Isolation** | Each agent works in isolated git branches, merged only on CEO approval |\n| **Multi-Language UI** | English, Korean, Japanese, Chinese — auto-detected or manually set |\n| **Messenger Integration** | Telegram, Discord, Slack and more — send `$` CEO directives and receive updates through built-in direct channel sessions (OpenClaw optional) |\n| **PowerPoint Export** | Generate presentation slides from meeting minutes and reports |\n| **Connectivity QA Scripts** | Built-in `test:comm:*` scripts for CLI\u002FOAuth\u002FAPI communication validation with retry and evidence logs |\n| **In-App Update Notice** | Checks GitHub latest release and shows a top banner with OS-specific `git pull` guidance when a newer version is available |\n| **Department Management** | Planning, Development, Design, QA\u002FQC, DevSecOps, Operations — with dedicated management tab for arrow\u002Fdrag-and-drop sort order editing |\n| **Manual Agent Assignment** | Assign specific agents to projects; meetings\u002Fdelegation respect manual selection, with pre-save safeguards for no-agent or leader-only selections |\n| **Sprite Registration Safety** | Prevents duplicate sprite-number file overwrite by rejecting conflicting uploads with explicit `409 sprite_number_exists` responses |\n| **Custom Skill Upload** | Upload `.md` skill files through the UI to train CLI representatives with custom skills, complete with classroom training animation and management interface |\n\n---\n\n## Tech Stack\n\n| Layer | Technology |\n| -------------------- | --------------------------------------------------- |\n| **Frontend** | React 19 + Vite 7 + Tailwind CSS 4 + TypeScript 5.9 |\n| **Pixel Art Engine** | PixiJS 8 |\n| **Backend** | Express 5 + SQLite (zero-config embedded DB) |\n| **Real-time** | WebSocket (ws) |\n| **Validation** | Zod 4 |\n| **Icons** | Lucide React |\n| **Routing** | React Router 7 |\n| **Export** | PptxGenJS (PowerPoint generation) |\n\n\u003Ca id=\"ai-installation-guide\">\n## AI Installation Guide\n\n> This section is for AI coding agents. Execute each step and run verification commands before moving to the next step.\n\n### Step 0: Verify prerequisites\n\n```bash\n# Node.js 22+\nnode -v\n\n# pnpm (or enable corepack)\npnpm -v || corepack enable\n\n# git\ngit --version\n```\n\n### Step 1: Clone and run one-click setup\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git\ncd claw-empire\ngit submodule update --init --recursive\nbash install.sh\n```\n\nWindows PowerShell:\n\n```powershell\ngit clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git\ncd claw-empire\ngit submodule update --init --recursive\npowershell -ExecutionPolicy Bypass -File .\\install.ps1\n```\n\n### Step 2: Verify setup output\n\nmacOS\u002FLinux:\n\n```bash\n# Required files after setup\n[ -f .env ] && [ -f scripts\u002Fsetup.mjs ] && echo \"setup files ok\"\n\n# AGENTS orchestration rules installed\ngrep -R \"BEGIN claw-empire orchestration rules\" ~\u002F.openclaw\u002Fworkspace\u002FAGENTS.md AGENTS.md 2>\u002Fdev\u002Fnull || true\ngrep -R \"INBOX_SECRET_DISCOVERY_V2\" ~\u002F.openclaw\u002Fworkspace\u002FAGENTS.md AGENTS.md 2>\u002Fdev\u002Fnull || true\n\n# OpenClaw inbox requirements in .env\ngrep -E '^(INBOX_WEBHOOK_SECRET|OPENCLAW_CONFIG)=' .env || true\n```\n\nWindows PowerShell:\n\n```powershell\nif ((Test-Path .\\.env) -and (Test-Path .\\scripts\\setup.mjs)) { \"setup files ok\" }\n$agentCandidates = @(\"$env:USERPROFILE\\.openclaw\\workspace\\AGENTS.md\", \".\\AGENTS.md\")\n$agentCandidates | ForEach-Object { if (Test-Path $_) { Select-String -Path $_ -Pattern \"BEGIN claw-empire orchestration rules\" } }\n$agentCandidates | ForEach-Object { if (Test-Path $_) { Select-String -Path $_ -Pattern \"INBOX_SECRET_DISCOVERY_V2\" } }\n\n# OpenClaw inbox requirements in .env\nGet-Content .\\.env | Select-String -Pattern '^(INBOX_WEBHOOK_SECRET|OPENCLAW_CONFIG)='\n```\n\n### Step 3: Start and health-check\n\n```bash\npnpm dev:local\n```\n\nIn another terminal:\n\n```bash\ncurl -s http:\u002F\u002F127.0.0.1:8790\u002Fhealthz\n```\n\nExpected: `{\"ok\":true,...}`\n\nMessenger channels are configured in Settings UI and persisted to SQLite (`settings.messengerChannels`). `.env` messenger token\u002Fchannel variables are no longer used.\n\n### Step 4: Optional messenger + inbox verification\n\n```bash\ncurl -s http:\u002F\u002F127.0.0.1:8790\u002Fapi\u002Fmessenger\u002Fsessions\n```\n\nThis returns messenger sessions saved in Settings.\n\n```bash\ncurl -X POST http:\u002F\u002F127.0.0.1:8790\u002Fapi\u002Finbox \\\n -H \"content-type: application\u002Fjson\" \\\n -H \"x-inbox-secret: $INBOX_WEBHOOK_SECRET\" \\\n -d '{\"source\":\"telegram\",\"author\":\"ceo\",\"text\":\"$README v1.1.6 inbox smoke test\",\"skipPlannedMeeting\":true}'\n```\n\nExpected:\n\n- `200` when `INBOX_WEBHOOK_SECRET` is configured and `x-inbox-secret` matches.\n- `401` when the header is missing\u002Fmismatched.\n- `503` when `INBOX_WEBHOOK_SECRET` is not configured on the server.\n\n\u003Ca id=\"direct-messenger-without-openclaw\">\u003C\u002Fa>\n\n### Step 5: Direct messenger setup (no OpenClaw required)\n\nYou can run messenger channels directly from Claw-Empire without OpenClaw.\n\n1. Open `Settings > Channel Messages`.\n2. Click `Add Chat`.\n3. Select a messenger (`telegram`, `whatsapp`, `discord`, `googlechat`, `slack`, `signal`, `imessage`).\n4. Fill in session fields:\n - `Name` (session label)\n - messenger token\u002Fcredential\n - `Channel\u002FChat ID` (target)\n - mapped conversation `Agent`\n5. Click `Confirm` to save immediately (no extra global save step required).\n6. Enable the session, then test:\n - normal message -> direct agent chat\n - `$ ...` -> directive flow\n\nNotes:\n\n- Messenger sessions are persisted in SQLite (`settings.messengerChannels`).\n- Messenger tokens are encrypted at rest (AES-256-GCM) using `OAUTH_ENCRYPTION_SECRET` (fallback: `SESSION_SECRET`) and decrypted only at runtime.\n- `.env` messenger variables (`TELEGRAM_BOT_TOKEN`, `DISCORD_BOT_TOKEN`, `SLACK_BOT_TOKEN`, etc.) are not used.\n- `\u002Fapi\u002Finbox` + `INBOX_WEBHOOK_SECRET` is only needed for webhook\u002Finbox flows (including OpenClaw bridge).\n\n---\n\n## Quick Start\n\n## Docker Deployment (Quick Start)\n\nThis repo now ships production-oriented Docker defaults:\n\n- Runs as **non-root** user (`app`, uid\u002Fgid `10001`)\n- Includes required CLI\u002Fruntime tools (`git`, `bash`, `openssh-client`)\n- Uses `docker-compose.yml` + `Dockerfile`\n- Persists runtime data in `.\u002Fdata` (already gitignored)\n\n### 1) Prepare environment files\n\n```bash\ncp .env.example .env.docker\n```\n\nCreate `.env.docker.private` for sensitive runtime secrets (keep this file local only):\n\n```bash\ncat > .env.docker.private \u003C\u003C'EOF'\n# Claude Code via compatible endpoint\nANTHROPIC_BASE_URL=https:\u002F\u002Fapi.minimaxi.com\u002Fanthropic\nANTHROPIC_API_KEY=YOUR_ANTHROPIC_API_KEY\nEOF\nchmod 600 .env.docker.private\n```\n\n> `.env.docker*` is ignored by git (`.env.*`), so tokens are not committed by default.\n\n### 2) Start\n\n```bash\ndocker compose up -d --build\n```\n\n### 3) Verify\n\n```bash\ndocker ps --filter name=claw-empire\ndocker logs -f claw-empire\n```\n\nOpen: `http:\u002F\u002F127.0.0.1:8790`\n\n### Optional: publish image to GHCR\n\n```bash\n# requires token with package write scope\necho \"\u003CGITHUB_TOKEN_WITH_PACKAGES_WRITE>\" | docker login ghcr.io -u \u003Cgithub-user> --password-stdin\ndocker tag claw-empire-claw-empire:latest ghcr.io\u002F\u003Cgithub-user>\u002Fclaw-empire:latest\ndocker push ghcr.io\u002F\u003Cgithub-user>\u002Fclaw-empire:latest\n```\n\n### Prerequisites\n\n| Tool | Version | Install |\n| ----------- | ------- | -------------------------------------- |\n| **Node.js** | >= 22 | [nodejs.org](https:\u002F\u002Fnodejs.org\u002F) |\n| **pnpm** | latest | `corepack enable` (built into Node.js) |\n| **Git** | any | [git-scm.com](https:\u002F\u002Fgit-scm.com\u002F) |\n\n### One-Click Setup (Recommended)\n\n| Platform | Command |\n| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- |\n| **macOS \u002F Linux** | `git clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git && cd claw-empire && bash install.sh` |\n| **Windows (PowerShell)** | `git clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git; cd claw-empire; powershell -ExecutionPolicy Bypass -File .\\install.ps1` |\n\nIf the repo is already cloned:\n\n| Platform | Command |\n| ------------------------ | ---------------------------------------------------------------------------------------------------------------- |\n| **macOS \u002F Linux** | `git submodule update --init --recursive && bash scripts\u002Fopenclaw-setup.sh` |\n| **Windows (PowerShell)** | `git submodule update --init --recursive; powershell -ExecutionPolicy Bypass -File .\\scripts\\openclaw-setup.ps1` |\n\n### OpenClaw `.env` Requirements (for `\u002Fapi\u002Finbox`)\n\nSet both values in `.env` before sending chat webhooks:\n\n- `INBOX_WEBHOOK_SECRET=\u003Clong-random-secret>`\n- `OPENCLAW_CONFIG=\u003Cabsolute-path-to-openclaw.json>` (unquoted preferred)\n\n`scripts\u002Fopenclaw-setup.sh` \u002F `scripts\u002Fopenclaw-setup.ps1` now auto-generate `INBOX_WEBHOOK_SECRET` when it is missing.\nInitial install via `bash install.sh` \u002F `install.ps1` already goes through these setup scripts, so this is applied from day one.\nFor existing clones that only run `git pull`, `pnpm dev*` \u002F `pnpm start*` now auto-apply this once when needed and then persist `CLAW_MIGRATION_V1_0_5_DONE=1` to prevent repeated execution.\n\n`\u002Fapi\u002Finbox` requires server-side `INBOX_WEBHOOK_SECRET` plus an `x-inbox-secret` header that exactly matches it.\n\n- Missing\u002Fmismatched header -> `401`\n- Missing server config (`INBOX_WEBHOOK_SECRET`) -> `503`\n\n### Manual Setup (Fallback)\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>macOS \u002F Linux\u003C\u002Fb>\u003C\u002Fsummary>\n\n```bash\n# 1. Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git\ncd claw-empire\n\n# 2. Enable pnpm via corepack\ncorepack enable\n\n# 3. Install dependencies\npnpm install\n\n# 4. Create your local environment file\ncp .env.example .env\n\n# 5. Generate a random encryption secret\nnode -e \"\n const fs = require('fs');\n const crypto = require('crypto');\n const p = '.env';\n const content = fs.readFileSync(p, 'utf8');\n fs.writeFileSync(p, content.replace('__CHANGE_ME__', crypto.randomBytes(32).toString('hex')));\n\"\n\n# 6. Setup AGENTS.md orchestration rules (teaches your AI agent to be a Claw-Empire project manager)\npnpm setup -- --port 8790\n\n# 7. Start the development server\npnpm dev:local\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Windows (PowerShell)\u003C\u002Fb>\u003C\u002Fsummary>\n\n```powershell\n# 1. Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002FGreenSheep01201\u002Fclaw-empire.git\ncd claw-empire\n\n# 2. Enable pnpm via corepack\ncorepack enable\n\n# 3. Install dependencies\npnpm install\n\n# 4. Create your local environment file\nCopy-Item .env.example .env\n\n# 5. Generate a random encryption secret\nnode -e \"const fs=require('fs');const crypto=require('crypto');const p='.env';const c=fs.readFileSync(p,'utf8');fs.writeFileSync(p,c.replace('__CHANGE_ME__',crypto.randomBytes(32).toString('hex')))\"\n\n# 6. Setup AGENTS.md orchestration rules (teaches your AI agent to be a Claw-Empire project manager)\npnpm setup -- --port 8790\n\n# 7. Start the development server\npnpm dev:local\n```\n\n\u003C\u002Fdetails>\n\nOpen your browser:\n\n| URL | Description |\n| ------------------------------- | -------------------------- |\n| `http:\u002F\u002F127.0.0.1:8800` | Frontend (Vite dev server) |\n| `http:\u002F\u002F127.0.0.1:8790\u002Fhealthz` | API health check |\n\n### AGENTS.md Setup\n\nThe `pnpm setup` command injects **CEO directive orchestration rules** into your AI agent's `AGENTS.md` file. This teaches your AI coding agent (Claude Code, Codex, etc.) how to:\n\n- Interpret `$` prefix **CEO directives** for priority task delegation\n- Call the Claw-Empire REST API to create tasks, assign agents, and report status\n- Work within isolated git worktrees for safe parallel development\n\n```bash\n# Default: auto-detects AGENTS.md location\npnpm setup\n\n# Custom path\npnpm setup -- --agents-path \u002Fpath\u002Fto\u002Fyour\u002FAGENTS.md\n\n# Custom port\npnpm setup -- --port 8790\n```\n\n\u003Ca id=\"openclaw-integration\">\u003C\u002Fa>\n\n### OpenClaw Integration Setup (Telegram\u002FWhatsApp\u002FDiscord\u002FGoogle Chat\u002FSlack\u002FSignal\u002FiMessage)\n\n`install.sh` \u002F `install.ps1` (or `scripts\u002Fopenclaw-setup.*`) will auto-detect and write `OPENCLAW_CONFIG` when possible.\n\nRecommended `.env` format: absolute path for `OPENCLAW_CONFIG` (unquoted preferred).\n`v1.0.5` also normalizes surrounding quotes and leading `~` at runtime for compatibility.\n\nDefault config paths:\n\n| OS | Path |\n| ----------------- | --------------------------------------- |\n| **macOS \u002F Linux** | `~\u002F.openclaw\u002Fopenclaw.json` |\n| **Windows** | `%USERPROFILE%\\.openclaw\\openclaw.json` |\n\nManual commands:\n\n```bash\n# macOS \u002F Linux\nbash scripts\u002Fopenclaw-setup.sh --openclaw-config ~\u002F.openclaw\u002Fopenclaw.json\n```\n\n```powershell\n# Windows PowerShell\npowershell -ExecutionPolicy Bypass -File .\\scripts\\openclaw-setup.ps1 -OpenClawConfig \"$env:USERPROFILE\\.openclaw\\openclaw.json\"\n```\n\nVerify messenger sessions:\n\n```bash\ncurl -s http:\u002F\u002F127.0.0.1:8790\u002Fapi\u002Fgateway\u002Ftargets\n```\n\n\u003Ca id=\"dollar-command-logic\">\u003C\u002Fa>\n\n### `$` Command -> OpenClaw Chat Delegation Logic\n\nWhen a chat message starts with `$`, Claw-Empire handles it as a CEO directive:\n\n1. Orchestrator asks whether to hold a team-leader meeting first.\n2. Orchestrator asks for project path\u002Fcontext (`project_path` or `project_context`).\n3. It sends the directive to `POST \u002Fapi\u002Finbox` with the `$` prefix and `x-inbox-secret` header.\n4. If meeting is skipped, include `\"skipPlannedMeeting\": true`.\n5. Server stores it as `directive`, broadcasts company-wide, then delegates to Planning (and mentioned departments when included).\n\nIf `x-inbox-secret` is missing\u002Fmismatched, the request is rejected with `401`.\nIf `INBOX_WEBHOOK_SECRET` is not configured on the server, the request is rejected with `503`.\n\nWith meeting:\n\n```bash\ncurl -X POST http:\u002F\u002F127.0.0.1:8790\u002Fapi\u002Finbox \\\n -H \"content-type: application\u002Fjson\" \\\n -H \"x-inbox-secret: $INBOX_WEBHOOK_SECRET\" \\\n -d '{\"source\":\"telegram\",\"author\":\"ceo\",\"text\":\"$Release v0.2 by Friday with QA sign-off\",\"project_path\":\"\u002Fworkspace\u002Fmy-project\"}'\n```\n\nWithout meeting:\n\n```bash\ncurl -X POST http:\u002F\u002F127.0.0.1:8790\u002Fapi\u002Finbox \\\n -H \"content-type: application\u002Fjson\" \\\n -H \"x-inbox-secret: $INBOX_WEBHOOK_SECRET\" \\\n -d '{\"source\":\"telegram\",\"author\":\"ceo\",\"text\":\"$Hotfix production login bug immediately\",\"skipPlannedMeeting\":true,\"project_context\":\"existing climpire project\"}'\n```\n\n---\n\n## Environment Variables\n\nCopy `.env.example` to `.env`. All secrets stay local — never commit `.env`.\n\n| Variable | Required | Description |\n| -------------------------------------- | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- |\n| `OAUTH_ENCRYPTION_SECRET` | **Yes** | Encrypts OAuth tokens and messenger channel tokens in SQLite (AES-256-GCM) |\n| `SESSION_SECRET` | Fallback | Legacy fallback key used only when `OAUTH_ENCRYPTION_SECRET` is not set |\n| `PORT` | No | Server port (default: `8790`) |\n| `HOST` | No | Bind address (default: `127.0.0.1`) |\n| `API_AUTH_TOKEN` | Recommended | Bearer token for non-loopback API\u002FWebSocket access |\n| `INBOX_WEBHOOK_SECRET` | **Yes for `\u002Fapi\u002Finbox`** | Shared secret required in `x-inbox-secret` header |\n| `OPENCLAW_CONFIG` | Recommended for OpenClaw | Absolute path to `openclaw.json` used for gateway target discovery\u002Fchat relay |\n| `DB_PATH` | No | SQLite database path (default: `.\u002Fclaw-empire.sqlite`) |\n| `LOGS_DIR` | No | Log directory (default: `.\u002Flogs`) |\n| `OAUTH_GITHUB_CLIENT_ID` | No | GitHub OAuth App client ID |\n| `OAUTH_GITHUB_CLIENT_SECRET` | No | GitHub OAuth App client secret |\n| `OAUTH_GOOGLE_CLIENT_ID` | No | Google OAuth client ID |\n| `OAUTH_GOOGLE_CLIENT_SECRET` | No | Google OAuth client secret |\n| `OPENAI_API_KEY` | No | OpenAI API key (for Codex) |\n| `REVIEW_MEETING_ONESHOT_TIMEOUT_MS` | No | One-shot meeting timeout in milliseconds (default `65000`; backward-compatible: values `\u003C= 600` are treated as seconds) |\n| `UPDATE_CHECK_ENABLED` | No | Enable in-app update check banner (`1` default, set `0` to disable) |\n| `UPDATE_CHECK_REPO` | No | GitHub repo slug used for update checks (default: `GreenSheep01201\u002Fclaw-empire`) |\n| `UPDATE_CHECK_TTL_MS` | No | Update-check cache TTL in milliseconds (default: `1800000`) |\n| `UPDATE_CHECK_TIMEOUT_MS` | No | GitHub request timeout in milliseconds (default: `4000`) |\n| `AUTO_UPDATE_ENABLED` | No | Default auto-update value when `settings.autoUpdateEnabled` is missing (`0` default) |\n| `AUTO_UPDATE_CHANNEL` | No | Allowed update channel: `patch` (default), `minor`, `all` |\n| `AUTO_UPDATE_IDLE_ONLY` | No | Apply only when no `in_progress` tasks\u002Factive CLI processes (`1` default) |\n| `AUTO_UPDATE_CHECK_INTERVAL_MS` | No | Auto-update check interval in milliseconds (default follows `UPDATE_CHECK_TTL_MS`) |\n| `AUTO_UPDATE_INITIAL_DELAY_MS` | No | Delay before first auto-update check after startup (default `60000`, min `60000`) |\n| `AUTO_UPDATE_TARGET_BRANCH` | No | Branch name used for branch guard and `git fetch\u002Fpull` target (default `main`) |\n| `AUTO_UPDATE_GIT_FETCH_TIMEOUT_MS` | No | Timeout for `git fetch` during update apply (default `120000`) |\n| `AUTO_UPDATE_GIT_PULL_TIMEOUT_MS` | No | Timeout for `git pull --ff-only` during update apply (default `180000`) |\n| `AUTO_UPDATE_INSTALL_TIMEOUT_MS` | No | Timeout for `pnpm install --frozen-lockfile` during update apply (default `300000`) |\n| `AUTO_UPDATE_COMMAND_OUTPUT_MAX_CHARS` | No | Max in-memory capture size per stdout\u002Fstderr stream before tail-trimming (default `200000`) |\n| `AUTO_UPDATE_TOTAL_TIMEOUT_MS` | No | Global timeout cap for one apply run (default `900000`) |\n| `AUTO_UPDATE_RESTART_MODE` | No | Restart policy after auto-apply: `notify` (default), `exit`, `command` |\n| `AUTO_UPDATE_EXIT_DELAY_MS` | No | Delay before process exit in `exit` mode (default `10000`, min `1200`) |\n| `AUTO_UPDATE_RESTART_COMMAND` | No | Executable + args used when restart mode is `command` (shell metacharacters + direct shell launchers rejected; runs with server permissions) |\n\nWhen `API_AUTH_TOKEN` is enabled, remote browser clients enter it at runtime. The token is stored only in `sessionStorage` and is not embedded in Vite build artifacts.\nFor `OPENCLAW_CONFIG`, absolute path is recommended. In `v1.0.5`, quoted values and leading `~` are normalized automatically.\n\n---\n\n## Run Modes\n\n```bash\n# Development (local-only, recommended)\npnpm dev:local # binds to 127.0.0.1\n\n# Development (network-accessible)\npnpm dev # binds to 0.0.0.0\n\n# Production build\npnpm build # TypeScript check + Vite build\npnpm start # start API\u002Fbackend server (serves dist in production mode)\n\n# Health check\ncurl -fsS http:\u002F\u002F127.0.0.1:8790\u002Fhealthz\n```\n\n### CI Verification (Current PR Pipeline)\n\nOn every pull request, `.github\u002Fworkflows\u002Fci.yml` runs:\n\n1. Hidden\u002Fbidi Unicode guard for workflow files\n2. `pnpm install --frozen-lockfile`\n3. `pnpm run format:check`\n4. `pnpm run lint`\n5. `pnpm exec playwright install --with-deps`\n6. `pnpm run test:ci` (`test:web --coverage` + `test:api --coverage` + `test:e2e`)\n\nNote: `pnpm run test:e2e` now boots an isolated `.tmp\u002Fe2e-runtime` database and clears it again after the run. Set `PW_REUSE_EXISTING_SERVER=1` only when you intentionally want to reuse an already-running local server on `8810`.\n\nRecommended local pre-PR check:\n\n```bash\npnpm run format:check\npnpm run lint\npnpm run build\npnpm run test:ci\n```\n\n### Communication QA Checks (v1.1.6)\n\n```bash\n# Individual checks\npnpm run test:comm:llm\npnpm run test:comm:oauth\npnpm run test:comm:api\n\n# Integrated suite (also available via legacy entrypoint)\npnpm run test:comm:suite\npnpm run test:comm-status\n```\n\n`test:comm:suite` writes machine-readable evidence to `logs\u002F` and a markdown report to `docs\u002F`.\n\n### Project Path QA Smoke (v1.1.6)\n\n```bash\n# Requires API auth token\nQA_API_AUTH_TOKEN=\"\u003CAPI_AUTH_TOKEN>\" pnpm run test:qa:project-path\n```\n\n`test:qa:project-path` validates path helper endpoints, project create flow, duplicate `project_path` conflict response, and cleanup behavior.\n\n### In-App Update Banner\n\nWhen a newer release is published on GitHub, Claw-Empire shows a top banner in the UI with pull instructions and a release-note link.\n\n- Windows PowerShell: `git pull; pnpm install`\n- macOS\u002FLinux shell: `git pull && pnpm install`\n- After pull\u002Finstall, restart the server.\n\n### Auto Update (Safe Mode, opt-in)\n\nYou can enable conservative auto-update behavior for release sync.\n\n- `GET \u002Fapi\u002Fupdate-auto-status` — current auto-update runtime\u002Fconfig state (**auth required**)\n- `POST \u002Fapi\u002Fupdate-auto-config` — update runtime auto-update toggle (`enabled`) without restart (**auth required**)\n- `POST \u002Fapi\u002Fupdate-apply` — apply update pipeline on demand (`dry_run` \u002F `force` \u002F `force_confirm` supported, **auth required**)\n - `force=true` bypasses most safety guards and therefore requires `force_confirm=true`\n - `dirty_worktree` and `channel_check_unavailable` guards are non-overridable (still block apply)\n - Restart mode (`notify|exit|command`) is applied for both auto and manual update runs\n - In `notify` mode, successful apply includes `manual_restart_required` reason\n\nDefault behavior remains unchanged (**OFF**). When enabled, safe-mode guards skip updates if the server is busy or the repository is not in a clean fast-forward state.\nIf `AUTO_UPDATE_CHANNEL` has an invalid value, the server logs a warning and falls back to `patch`.\n\n#### Troubleshooting: `git_pull_failed` \u002F diverged local branch\n\nIf an apply result returns `error: \"git_pull_failed\"` (or `git_fetch_failed`) with `manual_recovery_may_be_required` in `result.reasons`, the repository likely needs operator intervention.\n\n1. Inspect the latest apply result via `GET \u002Fapi\u002Fupdate-auto-status` (`runtime.last_result`, `runtime.last_error`).\n2. In the server repo, check divergence:\n - `git fetch origin main`\n - `git status`\n - `git log --oneline --decorate --graph --max-count 20 --all`\n3. Resolve to a clean fast-forwardable state (for example, rebase local commits or reset to `origin\u002Fmain` based on your policy).\n4. Re-run `POST \u002Fapi\u002Fupdate-apply` (optionally `{\"dry_run\": true}` first).\n\nThe auto-update loop keeps running on its configured interval and will retry on future cycles after the repository returns to a safe state.\n\n⚠️ `AUTO_UPDATE_RESTART_COMMAND` runs with server permissions and is a privileged operation.\nThe command parser rejects shell metacharacters (`;`, `|`, `&`, `` ` ``, `$`, `\u003C`, `>`) and blocks direct shell launchers (for example `sh`, `bash`, `zsh`, `cmd`, `powershell`, `pwsh`).\nUse only a plain executable + fixed args format (no shell\u002Finterpreter wrappers, no dynamically constructed input).\n\n---\n\n\u003Ca id=\"cli-provider-setup\">\u003C\u002Fa>\n\n## Provider Setup (CLI \u002F OAuth \u002F API)\n\n### Official API presets\n\nThe **Settings > API** tab now includes four official direct-API presets:\n\n- `OpenCode Go (OpenAI)` -> `https:\u002F\u002Fopencode.ai\u002Fzen\u002Fgo\u002Fv1`\n- `OpenCode Go (Anthropic)` -> `https:\u002F\u002Fopencode.ai\u002Fzen\u002Fgo\u002Fv1`\n- `Bailian Coding Plan (OpenAI)` -> `https:\u002F\u002Fcoding-intl.dashscope.aliyuncs.com\u002Fv1`\n- `Bailian Coding Plan (Anthropic)` -> `https:\u002F\u002Fcoding-intl.dashscope.aliyuncs.com\u002Fapps\u002Fanthropic`\n\nNotes:\n\n- Bailian Coding Plan API keys must start with `sk-sp-`.\n- These presets seed fallback model lists immediately so agents can be assigned even when live `\u002Fmodels` discovery is unavailable or incomplete.\n- The assignment modal uses `development` as the default baseline and also includes office packs that have already completed initial setup and been hydrated into runtime state.\n- Direct API presets use the provider endpoint model IDs such as `glm-5`, `kimi-k2.5`, and `minimax-m2.5`. They do **not** use OpenCode CLI model IDs like `opencode-go\u002F\u003Cmodel-id>`.\n- Bailian Coding Plan keys are intended for the interactive coding tool flow. Review the provider documentation before reusing those keys in other environments.\n\nClaw-Empire supports three provider paths:\n\n- **CLI tools** — install local coding CLIs and run tasks through local processes\n- **OAuth accounts** — connect supported providers (for example GitHub\u002FGoogle-backed flows) via secure token exchange\n- **Direct API keys** — bind agents to external LLM APIs from **Settings > API**\n\nFor CLI mode, install at least one:\n\n| Provider | Install | Auth |\n| ------------------------------------------------------------- | ---------------------------------------- | ------------------------------ |\n| [Claude Code](https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code) | `npm i -g @anthropic-ai\u002Fclaude-code` | `claude` (follow prompts) |\n| [Codex CLI](https:\u002F\u002Fgithub.com\u002Fopenai\u002Fcodex) | `npm i -g @openai\u002Fcodex` | Set `OPENAI_API_KEY` in `.env` |\n| [Gemini CLI](https:\u002F\u002Fgithub.com\u002Fgoogle-gemini\u002Fgemini-cli) | `npm i -g @google\u002Fgemini-cli` | OAuth via Settings panel |\n| [OpenCode](https:\u002F\u002Fgithub.com\u002Fopencode-ai\u002Fopencode) | `npm i -g opencode` | Provider-specific |\n| [Kimi Code](https:\u002F\u002Fgithub.com\u002FMoonshotAI\u002Fkimi-cli) | `uv tool install --python 3.13 kimi-cli` | `kimi auth login` |\n\nConfigure providers and models in the **Settings > CLI Tools** panel within the app.\n\nAlternatively, connect agents to external LLM APIs (no CLI installation required) via the **Settings > API** tab. API keys are stored encrypted (AES-256-GCM) in the local SQLite database — not in `.env` or source code.\nSkills learn\u002Funlearn automation is currently designed for CLI-capable providers.\n\n---\n\n## Project Structure\n\n```\nclaw-empire\u002F\n├── .github\u002F\n│ └── workflows\u002F\n│ └── ci.yml # PR CI (Unicode guard, format, lint, tests)\n├── server\u002F\n│ ├── index.ts # backend entrypoint\n│ ├── server-main.ts # runtime wiring\u002Fbootstrap\n│ ├── modules\u002F # routes\u002Fworkflow\u002Fbootstrap lifecycle\n│ ├── test\u002F # backend test setup\u002Fhelpers\n│ └── vitest.config.ts # backend unit test config\n├── src\u002F\n│ ├── app\u002F # app shell, layout, state orchestration\n│ ├── api\u002F # frontend API modules\n│ ├── components\u002F # UI (office\u002Ftaskboard\u002Fchat\u002Fsettings)\n│ ├── hooks\u002F # polling\u002Fwebsocket hooks\n│ ├── test\u002F # frontend test setup\n│ ├── types\u002F # frontend type definitions\n│ ├── App.tsx\n│ ├── api.ts\n│ └── i18n.ts\n├── tests\u002F\n│ └── e2e\u002F # Playwright E2E scenarios\n├── public\u002Fsprites\u002F # pixel-art agent sprites\n├── scripts\u002F\n│ ├── setup.mjs # environment\u002Fbootstrap setup\n│ ├── auto-apply-v1.0.5.mjs # startup migration helper\n│ ├── openclaw-setup.sh # one-click setup (macOS\u002FLinux)\n│ ├── openclaw-setup.ps1 # one-click setup (Windows PowerShell)\n│ ├── prepare-e2e-runtime.mjs\n│ ├── preflight-public.sh # pre-release security checks\n│ └── generate-architecture-report.mjs\n├── install.sh # wrapper for scripts\u002Fopenclaw-setup.sh\n├── install.ps1 # wrapper for scripts\u002Fopenclaw-setup.ps1\n├── docs\u002F # design & architecture docs\n├── AGENTS.md # local agent\u002Forchestration rules\n├── CONTRIBUTING.md # branch\u002FPR\u002Freview policy\n├── eslint.config.mjs # flat ESLint config\n├── .env.example # environment variable template\n└── package.json\n```\n\n---\n\n## Security\n\nClaw-Empire is designed with security in mind:\n\n- **Local-first architecture** — All data stored locally in SQLite; no external cloud services required\n- **Encrypted OAuth + messenger tokens** — User-specific OAuth tokens and direct messenger channel tokens are stored **server-side only** in SQLite, encrypted at rest using AES-256-GCM with `OAUTH_ENCRYPTION_SECRET` (`SESSION_SECRET` fallback). The browser never receives refresh tokens\n- **Built-in OAuth Client IDs** — The GitHub and Google OAuth client IDs\u002Fsecrets embedded in the source code are **public OAuth app credentials**, not user secrets. Per [Google's documentation](https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fprotocols\u002Foauth2\u002Fnative-app), client secrets for installed\u002Fdesktop apps are \"not treated as a secret.\" This is standard practice for open-source apps (VS Code, Thunderbird, GitHub CLI, etc.). These credentials only identify the app itself — your personal tokens are always encrypted separately\n- **No personal credentials in source** — All user-specific tokens (GitHub, Google OAuth) are stored encrypted in the local SQLite database, never in source code\n- **No secrets in repo** — Comprehensive `.gitignore` blocks `.env`, `*.pem`, `*.key`, `credentials.json`, etc.\n- **Preflight security checks** — Run `pnpm run preflight:public` before any public release to scan for leaked secrets in both working tree and git history\n- **Localhost by default** — Development server binds to `127.0.0.1`, not exposed to network\n\n## API Docs & Security Quick Links\n\n- **API documentation** — Use [`docs\u002Fapi.md`](docs\u002Fapi.md) for endpoint overview and usage notes, and [`docs\u002Fopenapi.json`](docs\u002Fopenapi.json) for schema\u002Ftooling integration.\n- **Security policy** — Review disclosure and policy details in [`SECURITY.md`](SECURITY.md), and run `pnpm run preflight:public` before public releases.\n\n---\n\n## Contributing\n\nContributions are welcome! Please:\n\n1. Fork the repository\n2. Create a feature branch from `dev` (`git checkout -b feature\u002Famazing-feature`)\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\n4. Run local checks before PR:\n - `pnpm run format:check`\n - `pnpm run lint`\n - `pnpm run build`\n - `pnpm run test:ci`\n5. Push your branch (`git push origin feature\u002Famazing-feature`)\n6. Open a Pull Request to `dev` (default integration branch for contributors)\n7. Use `main` only for maintainer-approved emergency hotfixes, then back-merge `main -> dev`\n\nFull policy: [`CONTRIBUTING.md`](CONTRIBUTING.md)\n\n---\n\n## License\n\n[Apache 2.0](LICENSE) — Free for personal and commercial use.\n\n---\n\n\u003Cdiv align=\"center\">\n\n**Built with pixels and passion.**\n\n_Claw-Empire — Where AI agents come to work._\n\n\u003C\u002Fdiv>\n","Claw-Empire 是一个本地优先的AI代理办公模拟器,将通过CLI、OAuth和API连接的各种AI代理(如Claude Code、Codex CLI、Gemini CLI等)组织成一个虚拟自主公司。其核心功能包括在一个统一界面中管理多个AI代理,保持数据本地化以确保隐私,并通过像素风格的可视化办公室界面让AI协作过程直观有趣。适用于需要在开发过程中协调多个AI工具以提高效率和创造力的场景,尤其适合希望在本地环境中安全地利用AI助手进行软件开发或项目管理的用户。",2,"2026-06-11 03:51:57","high_star"]