MCPcopy Index your code
hub / github.com/ComposioHQ/trustclaw

github.com/ComposioHQ/trustclaw @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
492 symbols 1,295 edges 220 files 7 documented · 1% updated 25d ago★ 8495 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

TrustClaw

Your AI that does things while you sleep. Securely.

A 24/7 personal AI assistant with 1000+ tools via OAuth and sandboxed execution. Built on the ideas behind OpenClaw, rebuilt from scratch for security. Talks to you on the web or Telegram, remembers what matters, and handles recurring work on autopilot.

🚀 Self-host on Vercel - one command, ~2 minutes. See below.

Demo Video Open Source Launch Video Star History Chart


⚡ Deploy your own in seconds

Click here to use the Vercel Template:

Deploy with Vercel

Or use the CLI

npx @composio/trustclaw deploy

That's it. The CLI handles the entire flow.

Prerequisites:

LLM and embedding calls route through Vercel AI Gateway - no Anthropic or OpenAI API keys required.


✨ Why TrustClaw

🔐 OAuth Only Connects through OAuth. No passwords stored or shared.
Zero Setup Sign up, chat, done. No API keys or config files.
💤 Works While You Sleep Schedule tasks and let your agent handle them on autopilot.
☁️ Sandboxed Execution Every action runs in an isolated cloud environment that's gone when the task is done.

What it can do

  • Chat with Claude in a Next.js dashboard or via a Telegram bot
  • Long-term memory backed by Postgres + pgvector
  • 3-layer context management (pruning, memory flush, summarization compaction) so conversations can run indefinitely
  • 1000+ Composio tool integrations (Gmail, GitHub, Slack, Notion, Linear, Calendar, Drive, Stripe, HubSpot, …) gated by the user's connected accounts
  • Cron-scheduled agent runs for recurring tasks
  • Username/password login via Better Auth

🛡 Security model

TrustClaw is a deliberate response to the security problems with running AI agents locally:

TrustClaw Vanilla local agents
Setup Seconds Hours of config
Credentials Encrypted, managed by Composio Plaintext in local config
Code Execution Remote sandbox On your local machine
Integrations OAuth, 1000+ apps Manual API key setup per app
Skill Security Managed tool surface Unvetted public registry
Audit Trails Full action log None
Revocation One click Find and delete config files

The design choices:

  • No raw API keys handed to the agent - Composio brokers OAuth for every tool
  • No code runs on your machine - every tool call executes in an isolated remote environment
  • No long-lived shell access - destructive prompt injection from a scraped email can't rm -rf your laptop because the agent doesn't have a shell on your laptop

🏗 Architecture

┌──────────────┐    ┌──────────────────────────────────────────┐
│  Web (Next)  │───▶│             Next.js App                  │
│   Telegram   │───▶│  ┌────────────────────────────────────┐  │
│     Cron     │───▶│  │  tRPC API + agent runtime          │  │
└──────────────┘    │  │  (prepareAgentRun → ToolLoopAgent) │  │
                    │  └─────────┬──────────────────────────┘  │
                    │            │                              │
                    │   ┌────────┼─────────┬──────────┐        │
                    │   ▼        ▼         ▼          ▼        │
                    │ Postgres  Redis  AI Gateway  Composio    │
                    │ (pgvector)      (LLM + emb.)             │
                    └──────────────────────────────────────────┘

Tech stack


⚠️ Before deploying to production

Heads-up about the Vercel free (Hobby) plan

TrustClaw runs fine on the free Hobby plan, but Vercel applies two limits that affect the agent:

  • Cron jobs can only run once per day, and even then they fire anywhere within a 60-minute window of the scheduled hour. Any cron expression more frequent than daily (e.g. hourly, every-30-min) fails at deploy time on Hobby. The CLI auto-adjusts vercel.json to a daily schedule when it detects you're on Hobby.
  • Functions are capped at 300s (5 min) — long-running agent turns may time out.

To get per-minute cron precision and up to 800s (~13 min) per function, upgrade to Vercel Pro and re-run the CLI (or manually flip vercel.json back to * * * * * + bump maxDuration).

Usage caps and billing

TrustClaw ships with Redis-backed per-user rate limiting on the chat, cron, and Telegram agent entrypoints. It is enabled by default and controlled with:

  • RATE_LIMIT_CHAT_PER_MINUTE / RATE_LIMIT_CHAT_PER_DAY
  • RATE_LIMIT_CRON_PER_DAY
  • RATE_LIMIT_TELEGRAM_PER_MINUTE
  • RATE_LIMIT_FAIL_MODE (open in development, closed otherwise)
  • RATE_LIMIT_ENABLED=false to bypass all agent entrypoint limits

In production, configure REDIS_URL or explicitly set RATE_LIMIT_FAIL_MODE=open / RATE_LIMIT_ENABLED=false.

If you put a TrustClaw instance on the public internet for strangers to sign up to, add at least:

  • A monthly per-user message / tool-call cap enforced server-side
  • Billing or invite-only signup if you want to recoup costs

🧰 Manual setup (local dev)

If you'd rather skip the deploy CLI and run TrustClaw locally:

pnpm install
cp .env.example .env       # fill in DATABASE_URL, BETTER_AUTH_SECRET, COMPOSIO_API_KEY
pnpm prisma db push        # apply schema (Postgres + pgvector required)
pnpm dev                   # http://localhost:3000

For local AI Gateway access, run vercel link && vercel env pull to get a short-lived OIDC token, or set AI_GATEWAY_API_KEY manually.

For Telegram, point your bot's webhook at <NEXT_PUBLIC_APP_URL>/api/telegram-webhook with TELEGRAM_WEBHOOK_SECRET as the secret token.

Required env vars

Variable Purpose
DATABASE_URL Postgres + pgvector connection string
BETTER_AUTH_SECRET Session signing key (32+ random bytes)
COMPOSIO_API_KEY Composio tool integrations
CRON_SECRET Auth for /api/cron/* routes (auto-injected on Vercel)
REDIS_URL (optional) Resumable streams + abort flags
TELEGRAM_BOT_TOKEN (optional) Telegram bot
TELEGRAM_BOT_USERNAME (optional) Telegram bot
TELEGRAM_WEBHOOK_SECRET (optional) Telegram webhook auth

See .env.example for the full template.


🤝 Contributing

Bug reports, feature ideas, and PRs all welcome. See CONTRIBUTING.md for setup, project layout, coding conventions, and the PR checklist.

For security issues, email sarah@composio.dev directly - please don't open a public issue.

📝 License

MIT - see LICENSE.

Built on top of Composio. Inspired by OpenClaw, rebuilt for security.

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Function 404
Interface 82
Method 4
Class 2

Languages

TypeScript100%

Modules by API surface

src/components/ui/alert-dialog.tsx12 symbols
cli/src/stores.ts12 symbols
src/server/clients/redis.ts11 symbols
src/server/api/routers/trustclaw/agent/context/build-context.ts11 symbols
src/app/(authenticated)/dashboard/_components/onboarding/onboarding.tsx11 symbols
cli/src/auth.ts11 symbols
src/components/ui/sheet.tsx10 symbols
src/components/ui/select.tsx10 symbols
src/components/ui/dialog.tsx10 symbols
cli/src/local-repo.ts9 symbols
src/components/ui/table.tsx8 symbols
src/components/core/error-boundary.tsx8 symbols

For agents

$ claude mcp add trustclaw \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page