[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-75498":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":15,"starSnapshotCount":15,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},75498,"trustclaw","ComposioHQ\u002Ftrustclaw","ComposioHQ","A self-hostable personal AI agent with vector memory, Composio tools, and Telegram.",null,"TypeScript",824,188,6,5,0,23,100,152,69,10.83,"MIT License",false,"main",true,[],"2026-06-12 02:03:34","# TrustClaw\n\n**Your AI that does things while you sleep. _Securely._**\n\nA 24\u002F7 personal AI assistant with 1000+ tools via **OAuth** and **sandboxed execution**. Built on the ideas behind OpenClaw, rebuilt from scratch for security. Talks to you on the web or Telegram, remembers what matters, and handles recurring work on autopilot.\n\n> 🚀 **Self-host on Vercel** - one command, ~2 minutes. See below.\n\n[Demo Video](https:\u002F\u002Fx.com\u002Fsarahfim\u002Fstatus\u002F2022518658048888916)\n[Open Source Launch Video](https:\u002F\u002Fx.com\u002Fsarahfim\u002Fstatus\u002F2053989393036145121)\n\n\n---\n\n## ⚡ Deploy your own in seconds\n\n\nClick here to use the Vercel Template:\n\n[![Deploy with Vercel](https:\u002F\u002Fvercel.com\u002Fbutton)](https:\u002F\u002Fvercel.com\u002Fnew\u002Fclone?repository-url=https%3A%2F%2Fgithub.com%2FComposioHQ%2Ftrustclaw&project-name=trustclaw&repository-name=trustclaw&env=BETTER_AUTH_SECRET,COMPOSIO_API_KEY,CRON_SECRET&envDescription=Generate%20BETTER_AUTH_SECRET%20and%20CRON_SECRET%20with%3A%20openssl%20rand%20-base64%2032.%20Get%20a%20free%20COMPOSIO_API_KEY%20at%20https%3A%2F%2Fdashboard.composio.dev%2Flogin%3Fflow%3Ddeveloper&envLink=https%3A%2F%2Fgithub.com%2FComposioHQ%2Ftrustclaw%23environment-variables&products=%5B%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22neon%22%2C%22productSlug%22%3A%22neon%22%2C%22protocol%22%3A%22storage%22%7D%2C%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22upstash%22%2C%22productSlug%22%3A%22upstash-kv%22%2C%22protocol%22%3A%22storage%22%7D%5D&skippable-integrations=1)\n\n\n### Or use the CLI\n\n```bash\nnpx @composio\u002Ftrustclaw deploy\n```\n\nThat's it. The CLI handles the entire flow.\n\n**Prerequisites:**\n\n- A [Vercel account](https:\u002F\u002Fvercel.com) (`npx vercel login` once)\n- A [GitHub account](https:\u002F\u002Fgithub.com) (`gh auth login` once)\n- A free [Composio API key](https:\u002F\u002Fdashboard.composio.dev\u002Flogin?next=%2F~%2Fproject%2Fsettings%2Fapi-keys&flow=developer) (install the cli `curl -fsSL https:\u002F\u002Fcomposio.dev\u002Finstall | bash`)\n\nLLM and embedding calls route through Vercel AI Gateway - **no Anthropic or OpenAI API keys required.**\n\n---\n\n## ✨ Why TrustClaw\n\n| | |\n|---|---|\n| 🔐 **OAuth Only** | Connects through OAuth. No passwords stored or shared. |\n| ⚡ **Zero Setup** | Sign up, chat, done. No API keys or config files. |\n| 💤 **Works While You Sleep** | Schedule tasks and let your agent handle them on autopilot. |\n| ☁️ **Sandboxed Execution** | Every action runs in an isolated cloud environment that's gone when the task is done. |\n\n### What it can do\n\n- Chat with Claude in a Next.js dashboard or via a Telegram bot\n- Long-term memory backed by Postgres + pgvector\n- 3-layer context management (pruning, memory flush, summarization compaction) so conversations can run indefinitely\n- 1000+ Composio tool integrations (Gmail, GitHub, Slack, Notion, Linear, Calendar, Drive, Stripe, HubSpot, …) gated by the user's connected accounts\n- Cron-scheduled agent runs for recurring tasks\n- Username\u002Fpassword login via Better Auth\n\n---\n\n## 🛡 Security model\n\nTrustClaw is a deliberate response to the security problems with running AI agents locally:\n\n| | TrustClaw | Vanilla local agents |\n|---|---|---|\n| **Setup** | Seconds | Hours of config |\n| **Credentials** | Encrypted, managed by Composio | Plaintext in local config |\n| **Code Execution** | Remote sandbox | On your local machine |\n| **Integrations** | OAuth, 1000+ apps | Manual API key setup per app |\n| **Skill Security** | Managed tool surface | Unvetted public registry |\n| **Audit Trails** | Full action log | None |\n| **Revocation** | One click | Find and delete config files |\n\nThe design choices:\n\n- **No raw API keys handed to the agent** - Composio brokers OAuth for every tool\n- **No code runs on your machine** - every tool call executes in an isolated remote environment\n- **No long-lived shell access** - destructive prompt injection from a scraped email can't `rm -rf` your laptop because the agent doesn't have a shell on your laptop\n\n---\n\n## 🏗 Architecture\n\n```\n┌──────────────┐    ┌──────────────────────────────────────────┐\n│  Web (Next)  │───▶│             Next.js App                  │\n│   Telegram   │───▶│  ┌────────────────────────────────────┐  │\n│     Cron     │───▶│  │  tRPC API + agent runtime          │  │\n└──────────────┘    │  │  (prepareAgentRun → ToolLoopAgent) │  │\n                    │  └─────────┬──────────────────────────┘  │\n                    │            │                              │\n                    │   ┌────────┼─────────┬──────────┐        │\n                    │   ▼        ▼         ▼          ▼        │\n                    │ Postgres  Redis  AI Gateway  Composio    │\n                    │ (pgvector)      (LLM + emb.)             │\n                    └──────────────────────────────────────────┘\n```\n\n### Tech stack\n\n- [Next.js 15](https:\u002F\u002Fnextjs.org) (App Router) + React 19\n- [tRPC](https:\u002F\u002Ftrpc.io) for all backend logic\n- [Better Auth](https:\u002F\u002Fwww.better-auth.com\u002F) (username\u002Fpassword)\n- [Prisma](https:\u002F\u002Fprisma.io) + Postgres + [pgvector](https:\u002F\u002Fgithub.com\u002Fpgvector\u002Fpgvector)\n- [Vercel AI SDK](https:\u002F\u002Fsdk.vercel.ai) + AI Gateway (LLM + embeddings)\n- [Composio SDK](https:\u002F\u002Fcomposio.dev) for tool integrations\n- [Tailwind CSS](https:\u002F\u002Ftailwindcss.com) + [shadcn\u002Fui](https:\u002F\u002Fui.shadcn.com)\n- Redis (resumable streams, optional)\n\n---\n\n## ⚠️ Before deploying to production\n\n### Heads-up about the Vercel free (Hobby) plan\n\nTrustClaw runs fine on the free Hobby plan, but Vercel applies two limits that affect the agent:\n\n- **Cron jobs can only run once per day**, and even then they fire anywhere within a 60-minute window of the scheduled hour. Any cron expression more frequent than daily (e.g. hourly, every-30-min) **fails at deploy time** on Hobby. The CLI auto-adjusts `vercel.json` to a daily schedule when it detects you're on Hobby.\n- **Functions are capped at 300s (5 min)** — long-running agent turns may time out.\n\nTo get **per-minute cron precision** and **up to 800s (~13 min) per function**, upgrade to [Vercel Pro](https:\u002F\u002Fvercel.com\u002Fpricing) and re-run the CLI (or manually flip `vercel.json` back to `* * * * *` + bump `maxDuration`).\n\n### No rate-limiting or billing out of the box\n\nTrustClaw ships **without** rate limiting, per-user usage caps, or billing logic. If you put a TrustClaw instance on the public internet for strangers to sign up to, **any user can drain your Composio + AI Gateway credits indefinitely**. Before opening signups to anyone but yourself \u002F a trusted handful of people, add at least:\n\n- A rate limiter on the chat + cron endpoints (e.g. [Upstash Rate Limit](https:\u002F\u002Fupstash.com\u002Fdocs\u002Foss\u002Fsdks\u002Fts\u002Fratelimit\u002Foverview), [Vercel WAF Rate Limiting](https:\u002F\u002Fvercel.com\u002Fdocs\u002Fvercel-firewall\u002Fvercel-waf\u002Frate-limiting))\n- A monthly per-user message \u002F tool-call cap enforced server-side\n- Billing or invite-only signup if you want to recoup costs\n\n---\n\n## 🧰 Manual setup (local dev)\n\nIf you'd rather skip the deploy CLI and run TrustClaw locally:\n\n```bash\npnpm install\ncp .env.example .env       # fill in DATABASE_URL, BETTER_AUTH_SECRET, COMPOSIO_API_KEY\npnpm prisma db push        # apply schema (Postgres + pgvector required)\npnpm dev                   # http:\u002F\u002Flocalhost:3000\n```\n\nFor local AI Gateway access, run `vercel link && vercel env pull` to get a short-lived OIDC token, or set `AI_GATEWAY_API_KEY` manually.\n\nFor Telegram, point your bot's webhook at `\u003CNEXT_PUBLIC_APP_URL>\u002Fapi\u002Ftelegram-webhook` with `TELEGRAM_WEBHOOK_SECRET` as the secret token.\n\n### Required env vars\n\n| Variable | Purpose |\n|---|---|\n| `DATABASE_URL` | Postgres + pgvector connection string |\n| `BETTER_AUTH_SECRET` | Session signing key (32+ random bytes) |\n| `COMPOSIO_API_KEY` | Composio tool integrations |\n| `CRON_SECRET` | Auth for `\u002Fapi\u002Fcron\u002F*` routes (auto-injected on Vercel) |\n| `REDIS_URL` _(optional)_ | Resumable streams + abort flags |\n| `TELEGRAM_BOT_TOKEN` _(optional)_ | Telegram bot |\n| `TELEGRAM_BOT_USERNAME` _(optional)_ | Telegram bot |\n| `TELEGRAM_WEBHOOK_SECRET` _(optional)_ | Telegram webhook auth |\n\nSee [`.env.example`](.\u002F.env.example) for the full template.\n\n---\n\n## 🤝 Contributing\n\nBug reports, feature ideas, and PRs all welcome. See [CONTRIBUTING.md](.\u002FCONTRIBUTING.md) for setup, project layout, coding conventions, and the PR checklist.\n\nFor security issues, email [sarah@composio.dev](mailto:sarah@composio.dev) directly - please don't open a public issue.\n\n## 📝 License\n\nMIT - see [LICENSE](.\u002FLICENSE).\n\nBuilt on top of [Composio](https:\u002F\u002Fcomposio.dev). Inspired by [OpenClaw](https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fopenclaw), rebuilt for security.\n","TrustClaw 是一个可自托管的个人AI助手，通过OAuth和沙箱执行方式安全地连接超过1000种工具。它基于TypeScript开发，支持通过Web或Telegram与用户交流，并利用向量记忆技术记住重要信息，自动处理重复性任务。该项目特别适合需要24\u002F7在线助理、能够安全地访问并操作各种在线服务（如Gmail、GitHub等）的场景使用，同时提供强大的上下文管理和长期记忆功能以支持持续对话。其部署过程简单快捷，可通过Vercel一键完成。",2,"2026-06-11 03:52:56","CREATED_QUERY"]