Your AI that does things while you sleep. Securely.
A 24/7 personal AI assistant with 1000+ tools via OAuth and sandboxed execution. Built on the ideas behind OpenClaw, rebuilt from scratch for security. Talks to you on the web or Telegram, remembers what matters, and handles recurring work on autopilot.
🚀 Self-host on Vercel - one command, ~2 minutes. See below.
Demo Video
Open Source Launch Video
Click here to use the Vercel Template:
npx @composio/trustclaw deploy
That's it. The CLI handles the entire flow.
Prerequisites:
npx vercel login once)gh auth login once)curl -fsSL https://composio.dev/install | bash)LLM and embedding calls route through Vercel AI Gateway - no Anthropic or OpenAI API keys required.
| 🔐 OAuth Only | Connects through OAuth. No passwords stored or shared. |
| ⚡ Zero Setup | Sign up, chat, done. No API keys or config files. |
| 💤 Works While You Sleep | Schedule tasks and let your agent handle them on autopilot. |
| ☁️ Sandboxed Execution | Every action runs in an isolated cloud environment that's gone when the task is done. |
TrustClaw is a deliberate response to the security problems with running AI agents locally:
| TrustClaw | Vanilla local agents | |
|---|---|---|
| Setup | Seconds | Hours of config |
| Credentials | Encrypted, managed by Composio | Plaintext in local config |
| Code Execution | Remote sandbox | On your local machine |
| Integrations | OAuth, 1000+ apps | Manual API key setup per app |
| Skill Security | Managed tool surface | Unvetted public registry |
| Audit Trails | Full action log | None |
| Revocation | One click | Find and delete config files |
The design choices:
rm -rf your laptop because the agent doesn't have a shell on your laptop┌──────────────┐ ┌──────────────────────────────────────────┐
│ Web (Next) │───▶│ Next.js App │
│ Telegram │───▶│ ┌────────────────────────────────────┐ │
│ Cron │───▶│ │ tRPC API + agent runtime │ │
└──────────────┘ │ │ (prepareAgentRun → ToolLoopAgent) │ │
│ └─────────┬──────────────────────────┘ │
│ │ │
│ ┌────────┼─────────┬──────────┐ │
│ ▼ ▼ ▼ ▼ │
│ Postgres Redis AI Gateway Composio │
│ (pgvector) (LLM + emb.) │
└──────────────────────────────────────────┘
TrustClaw runs fine on the free Hobby plan, but Vercel applies two limits that affect the agent:
vercel.json to a daily schedule when it detects you're on Hobby.To get per-minute cron precision and up to 800s (~13 min) per function, upgrade to Vercel Pro and re-run the CLI (or manually flip vercel.json back to * * * * * + bump maxDuration).
TrustClaw ships with Redis-backed per-user rate limiting on the chat, cron, and Telegram agent entrypoints. It is enabled by default and controlled with:
RATE_LIMIT_CHAT_PER_MINUTE / RATE_LIMIT_CHAT_PER_DAYRATE_LIMIT_CRON_PER_DAYRATE_LIMIT_TELEGRAM_PER_MINUTERATE_LIMIT_FAIL_MODE (open in development, closed otherwise)RATE_LIMIT_ENABLED=false to bypass all agent entrypoint limitsIn production, configure REDIS_URL or explicitly set RATE_LIMIT_FAIL_MODE=open / RATE_LIMIT_ENABLED=false.
If you put a TrustClaw instance on the public internet for strangers to sign up to, add at least:
If you'd rather skip the deploy CLI and run TrustClaw locally:
pnpm install
cp .env.example .env # fill in DATABASE_URL, BETTER_AUTH_SECRET, COMPOSIO_API_KEY
pnpm prisma db push # apply schema (Postgres + pgvector required)
pnpm dev # http://localhost:3000
For local AI Gateway access, run vercel link && vercel env pull to get a short-lived OIDC token, or set AI_GATEWAY_API_KEY manually.
For Telegram, point your bot's webhook at <NEXT_PUBLIC_APP_URL>/api/telegram-webhook with TELEGRAM_WEBHOOK_SECRET as the secret token.
| Variable | Purpose |
|---|---|
DATABASE_URL |
Postgres + pgvector connection string |
BETTER_AUTH_SECRET |
Session signing key (32+ random bytes) |
COMPOSIO_API_KEY |
Composio tool integrations |
CRON_SECRET |
Auth for /api/cron/* routes (auto-injected on Vercel) |
REDIS_URL (optional) |
Resumable streams + abort flags |
TELEGRAM_BOT_TOKEN (optional) |
Telegram bot |
TELEGRAM_BOT_USERNAME (optional) |
Telegram bot |
TELEGRAM_WEBHOOK_SECRET (optional) |
Telegram webhook auth |
See .env.example for the full template.
Bug reports, feature ideas, and PRs all welcome. See CONTRIBUTING.md for setup, project layout, coding conventions, and the PR checklist.
For security issues, email sarah@composio.dev directly - please don't open a public issue.
MIT - see LICENSE.
Built on top of Composio. Inspired by OpenClaw, rebuilt for security.
$ claude mcp add trustclaw \
-- python -m otcore.mcp_server <graph>