From 6d2445fa6f16b39b175cb03605c986b622b30af3 Mon Sep 17 00:00:00 2001 From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> Date: Wed, 27 May 2026 08:40:50 -0700 Subject: [PATCH] feat: add Homebrew tap with auto-generated formula and CI release publishing --- .codex.log | 3902 +++++++++++++++++++++++++ .github/homebrew/openfang.rb.template | 26 + .github/workflows/release.yml | 73 + README.md | 6 + docs/README.md | 1 + docs/install.md | 42 + 6 files changed, 4050 insertions(+) create mode 100644 .codex.log create mode 100644 .github/homebrew/openfang.rb.template create mode 100644 docs/install.md diff --git a/.codex.log b/.codex.log new file mode 100644 index 0000000000..2cc180080d --- /dev/null +++ b/.codex.log @@ -0,0 +1,3902 @@ +2026-05-27T13:51:54.934849Z ERROR codex_core::session: failed to load skill /Users/mvanhorn/.agents/skills/remotion-to-hyperframes/SKILL.md: invalid description: exceeds maximum length of 1024 characters +OpenAI Codex v0.132.0 +-------- +workdir: /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh +model: gpt-5.5 +provider: openai +approval: never +sandbox: danger-full-access +reasoning effort: high +reasoning summaries: none +session id: 019e69b4-c437-7cc1-aea1-81bcedf1953f +-------- +user +FIRST: source /Users/mvanhorn/.osc/scripts/load-gh-token.sh +Implement the plan below in this working directory. + +## Plan +--- +generated_by: osc-plan +source: osc-plan-issue +title: feat: add Homebrew tap with auto-generated formula and CI release publishing +type: feat +status: active +date: 2026-05-26 +upstream_issue: https://github.com/RightNow-AI/openfang/issues/889 +repo: RightNow-AI/openfang +merge_confidence: 9 +confidence_factors: + implementability: 2 + scope: 2 + maintainer_activity: 2 + label_quality: 1 + recency: 1 + engagement: 1 +ai_disclosure_mode: default +Files: + - .github/workflows/release.yml + - docs/install.md + - README.md +--- + +## Issue summary + +Issue #889 asks for an installable Homebrew path for openfang so macOS users can ==> Searching for similarly named formulae and casks... +==> Formulae +openfa +openfast + +To install openfa, run: + brew install openfa + +==> Casks +opensong + +To install opensong, run: + brew install --cask opensong instead of downloading release tarballs and wiring up the binary by hand. Maintainer jaberjaber23 confirmed in the issue thread the project is open to it and laid out the concrete plan: create a tap repo, regenerate the formula in CI after each macOS release with the new version + SHA256, and push to the tap. Homebrew-core is explicitly out of scope until release cadence is steady. The existing release workflow already produces arm64 and x86_64 release tarballs (release.yml:31, 36, 155, 158) so the formula has stable artifacts to point at. + +## Approach + +Extend with a new job that runs after the macOS upload jobs complete. The job: + +1. Downloads the two macOS release tarballs as workflow artifacts (or refetches them from the freshly-tagged release via ). +2. Computes SHA256 for each (e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 -). +3. Renders a from a template stored in , substituting , , , , . +4. Pushes the rendered formula to on using a repo secret. The job is gated on the tag matching so pre-release builds do not clobber the tap. + +Documentation: add a section to and a one-liner in install table. No code changes inside any Rust crate. + +## Test scenarios + +- Happy path: tag , workflow runs, both SHAs are computed, formula is rendered with , tap repo receives a commit on with the new formula, on a clean macOS runner installs and reports . +- Edge: tarballs missing one architecture - the job fails before pushing, leaves the previous formula intact in the tap, and surfaces a clear error in the action log. +- Edge: tag is a pre-release like - the job is skipped by the guard so the tap only tracks stable releases. +- Error path: tap push fails (deploy key revoked or auth error) - the workflow surfaces a non-zero exit and the release job does not block the rest of the release pipeline. The maintainer can rerun the single job after rotating the key. +- Verification on the tap side: passes against the rendered formula in CI on the tap repo (separate workflow, out of scope here but mentioned in the docs handoff). + +## Rules +- Keep changes minimal and focused on the issue +- Do NOT run git commit, git push, or git add +- After implementation, run: git status && git diff --stat + +hook: SessionStart +hook: SessionStart Completed +hook: UserPromptSubmit +hook: UserPromptSubmit Completed +codex +I’ll load the GitHub token first, then inspect the repo’s release workflow and install docs so the Homebrew changes match the existing structure. +hook: PreToolUse +hook: PreToolUse Completed +exec +/bin/zsh -lc "source /Users/mvanhorn/.osc/scripts/load-gh-token.sh && pwd && git status --short && rg --files | rg '("'^'"\\.github/workflows/release\\.yml"'$|''^docs/install'"\\.md"'$|''^README'"\\.md"'$)'"'" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + exited 127 in 0ms: +zsh:source:1: no such file or directory: /Users/mvanhorn/.osc/scripts/load-gh-token.sh + +hook: PostToolUse +hook: PostToolUse Completed +codex +The requested token script is not present at `/Users/mvanhorn/.osc/scripts/load-gh-token.sh`, so that source step failed before any repo commands ran. I’ll continue with local implementation since this task does not require GitHub API access, and I’ll note the missing script in the final. +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse Completed +hook: PreToolUse Completed +hook: PreToolUse Completed +exec +/bin/zsh -lc pwd in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +/Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + +hook: PostToolUse +exec +/bin/zsh -lc 'git status --short' in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +?? .codex.log + +hook: PostToolUse +exec +/bin/zsh -lc "rg --files | rg '("'^'"\\.github/workflows/release\\.yml"'$|''^docs/install'"\\.md"'$|''^README'"\\.md"'$)'"'" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +README.md + +hook: PostToolUse +hook: PostToolUse Completed +hook: PostToolUse Completed +hook: PostToolUse Completed +codex +The working tree has an untracked `.codex.log` that I did not create for this change. I’m leaving it alone and checking the repo layout because the planned `release.yml` and `docs/install.md` paths do not appear in the initial file scan. +hook: PreToolUse +hook: PreToolUse Completed +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse Completed +hook: PreToolUse Completed +hook: PreToolUse Completed +exec +/bin/zsh -lc 'ls -la' in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +total 760 +drwxr-xr-x 38 mvanhorn staff 1216 May 27 06:51 . +drwxr-xr-x 1006 mvanhorn staff 32192 May 27 06:51 .. +drwxr-xr-x 3 mvanhorn staff 96 May 27 06:51 .cargo +-rw-r--r-- 1 mvanhorn staff 5953 May 27 06:52 .codex.log +-rw-r--r-- 1 mvanhorn staff 171 May 27 06:51 .dockerignore +-rw-r--r-- 1 mvanhorn staff 2396 May 27 06:51 .env.example +drwxr-xr-x 15 mvanhorn staff 480 May 27 06:52 .git +drwxr-xr-x 7 mvanhorn staff 224 May 27 06:51 .github +-rw-r--r-- 1 mvanhorn staff 527 May 27 06:51 .gitignore +-rw-r--r-- 1 mvanhorn staff 192 May 27 06:51 AGENTS.md +-rw-r--r-- 1 mvanhorn staff 9910 May 27 06:51 CHANGELOG.md +-rw-r--r-- 1 mvanhorn staff 4936 May 27 06:51 CLAUDE.md +-rw-r--r-- 1 mvanhorn staff 11666 May 27 06:51 CONTRIBUTING.md +-rw-r--r-- 1 mvanhorn staff 227215 May 27 06:51 Cargo.lock +-rw-r--r-- 1 mvanhorn staff 3778 May 27 06:51 Cargo.toml +-rw-r--r-- 1 mvanhorn staff 353 May 27 06:51 Cross.toml +-rw-r--r-- 1 mvanhorn staff 1050 May 27 06:51 Dockerfile +-rw-r--r-- 1 mvanhorn staff 10242 May 27 06:51 LICENSE-APACHE +-rw-r--r-- 1 mvanhorn staff 1078 May 27 06:51 LICENSE-MIT +-rw-r--r-- 1 mvanhorn staff 11726 May 27 06:51 MIGRATION.md +-rw-r--r-- 1 mvanhorn staff 23733 May 27 06:51 README.md +-rw-r--r-- 1 mvanhorn staff 3402 May 27 06:51 SECURITY.md +drwxr-xr-x 33 mvanhorn staff 1056 May 27 06:51 agents +drwxr-xr-x 15 mvanhorn staff 480 May 27 06:51 crates +drwxr-xr-x 3 mvanhorn staff 96 May 27 06:51 deploy +-rw-r--r-- 1 mvanhorn staff 1072 May 27 06:51 docker-compose.yml +drwxr-xr-x 21 mvanhorn staff 672 May 27 06:51 docs +-rw-r--r-- 1 mvanhorn staff 2167 May 27 06:51 flake.nix +-rw-r--r-- 1 mvanhorn staff 2314 May 27 06:51 openfang.toml.example +drwxr-xr-x 3 mvanhorn staff 96 May 27 06:51 packages +drwxr-xr-x 3 mvanhorn staff 96 May 27 06:51 public +-rw-r--r-- 1 mvanhorn staff 66 May 27 06:51 rust-toolchain.toml +-rw-r--r-- 1 mvanhorn staff 16 May 27 06:51 rustfmt.toml +drwxr-xr-x 5 mvanhorn staff 160 May 27 06:51 scripts +drwxr-xr-x 4 mvanhorn staff 128 May 27 06:51 sdk +-rw-r--r-- 1 mvanhorn staff 480 May 27 06:51 start-vertex.bat +-rw-r--r-- 1 mvanhorn staff 5699 May 27 06:51 test_vertex_e2e.py +drwxr-xr-x 4 mvanhorn staff 128 May 27 06:51 xtask + +hook: PostToolUse +hook: PostToolUse Completed +exec +/bin/zsh -lc 'find docs -maxdepth 3 -type f -print 2>/dev/null | sort' in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh +exec +/bin/zsh -lc 'find .github -maxdepth 3 -type f -print 2>/dev/null | sort' in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +.github/FUNDING.yml +.github/ISSUE_TEMPLATE/bug_report.yml +.github/ISSUE_TEMPLATE/feature_request.yml +.github/dependabot.yml +.github/pull_request_template.md +.github/workflows/ci.yml +.github/workflows/release.yml + + succeeded in 0ms: +docs/README.md +docs/VERTEX_AI_LOCAL_TESTING.md +docs/agent-templates.md +docs/api-reference.md +docs/architecture.md +docs/benchmarks/architecture-overview.svg +docs/benchmarks/feature-coverage.svg +docs/benchmarks/performance.svg +docs/benchmarks/security-layers.svg +docs/channel-adapters.md +docs/cli-reference.md +docs/configuration.md +docs/desktop.md +docs/getting-started.md +docs/launch-roadmap.md +docs/mcp-a2a.md +docs/production-checklist.md +docs/providers.md +docs/security.md +docs/skill-development.md +docs/troubleshooting.md +docs/workflows.md + +hook: PostToolUse +exec +/bin/zsh -lc "find . -maxdepth 3 -type f | sort | sed 's#"'^./##'"' | head -200" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +.cargo/audit.toml +.codex.log +.dockerignore +.env.example +.git/FETCH_HEAD +.git/HEAD +.git/ORIG_HEAD +.git/config +.git/description +.git/hooks/applypatch-msg.sample +.git/hooks/commit-msg.sample +.git/hooks/fsmonitor-watchman.sample +.git/hooks/post-update.sample +.git/hooks/pre-applypatch.sample +.git/hooks/pre-commit.sample +.git/hooks/pre-merge-commit.sample +.git/hooks/pre-push.sample +.git/hooks/pre-rebase.sample +.git/hooks/pre-receive.sample +.git/hooks/prepare-commit-msg.sample +.git/hooks/push-to-checkout.sample +.git/hooks/sendemail-validate.sample +.git/hooks/update.sample +.git/index +.git/info/exclude +.git/logs/HEAD +.git/packed-refs +.git/shallow +.github/FUNDING.yml +.github/ISSUE_TEMPLATE/bug_report.yml +.github/ISSUE_TEMPLATE/feature_request.yml +.github/dependabot.yml +.github/pull_request_template.md +.github/workflows/ci.yml +.github/workflows/release.yml +.gitignore +AGENTS.md +CHANGELOG.md +CLAUDE.md +CONTRIBUTING.md +Cargo.lock +Cargo.toml +Cross.toml +Dockerfile +LICENSE-APACHE +LICENSE-MIT +MIGRATION.md +README.md +SECURITY.md +agents/analyst/agent.toml +agents/architect/agent.toml +agents/assistant/agent.toml +agents/code-reviewer/agent.toml +agents/coder/agent.toml +agents/customer-support/agent.toml +agents/data-scientist/agent.toml +agents/debugger/agent.toml +agents/devops-lead/agent.toml +agents/doc-writer/agent.toml +agents/email-assistant/agent.toml +agents/health-tracker/agent.toml +agents/hello-world/agent.toml +agents/home-automation/agent.toml +agents/langchain-code-reviewer/.gitignore +agents/langchain-code-reviewer/agent.py +agents/langchain-code-reviewer/config.example.toml +agents/langchain-code-reviewer/requirements.txt +agents/langchain-code-reviewer/server.py +agents/langchain-code-reviewer/workflow.json +agents/legal-assistant/agent.toml +agents/meeting-assistant/agent.toml +agents/ops/agent.toml +agents/orchestrator/agent.toml +agents/personal-finance/agent.toml +agents/planner/agent.toml +agents/recruiter/agent.toml +agents/researcher/agent.toml +agents/sales-assistant/agent.toml +agents/security-auditor/agent.toml +agents/social-media/agent.toml +agents/test-engineer/agent.toml +agents/translator/agent.toml +agents/travel-planner/agent.toml +agents/tutor/agent.toml +agents/writer/agent.toml +crates/openfang-api/Cargo.toml +crates/openfang-channels/Cargo.toml +crates/openfang-cli/Cargo.toml +crates/openfang-desktop/Cargo.toml +crates/openfang-desktop/build.rs +crates/openfang-desktop/tauri.conf.json +crates/openfang-extensions/Cargo.toml +crates/openfang-hands/Cargo.toml +crates/openfang-kernel/Cargo.toml +crates/openfang-memory/Cargo.toml +crates/openfang-migrate/Cargo.toml +crates/openfang-runtime/Cargo.toml +crates/openfang-skills/Cargo.toml +crates/openfang-types/Cargo.toml +crates/openfang-wire/Cargo.toml +deploy/openfang.service +docker-compose.yml +docs/README.md +docs/VERTEX_AI_LOCAL_TESTING.md +docs/agent-templates.md +docs/api-reference.md +docs/architecture.md +docs/benchmarks/architecture-overview.svg +docs/benchmarks/feature-coverage.svg +docs/benchmarks/performance.svg +docs/benchmarks/security-layers.svg +docs/channel-adapters.md +docs/cli-reference.md +docs/configuration.md +docs/desktop.md +docs/getting-started.md +docs/launch-roadmap.md +docs/mcp-a2a.md +docs/production-checklist.md +docs/providers.md +docs/security.md +docs/skill-development.md +docs/troubleshooting.md +docs/workflows.md +flake.nix +openfang.toml.example +packages/whatsapp-gateway/.gitignore +packages/whatsapp-gateway/index.js +packages/whatsapp-gateway/package.json +public/assets/openfang-logo.png +public/assets/openfang-vs-claws.png +public/assets/rightnow-logo.webp +rust-toolchain.toml +rustfmt.toml +scripts/docker/install-smoke.Dockerfile +scripts/install.ps1 +scripts/install.sh +sdk/javascript/index.d.ts +sdk/javascript/index.js +sdk/javascript/package.json +sdk/python/openfang_client.py +sdk/python/openfang_sdk.py +sdk/python/setup.py +start-vertex.bat +test_vertex_e2e.py +xtask/Cargo.toml +xtask/src/main.rs + +hook: PostToolUse +hook: PostToolUse +hook: PostToolUse Completed +hook: PostToolUse Completed +hook: PostToolUse Completed +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse Completed +hook: PreToolUse Completed +hook: PreToolUse +hook: PreToolUse +hook: PreToolUse Completed +hook: PreToolUse Completed +exec +/bin/zsh -lc "sed -n '1,260p' README.md" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh +exec +/bin/zsh -lc "sed -n '1,260p' .github/workflows/release.yml" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +

+ OpenFang Logo +

+ +

OpenFang

+

The Agent Operating System

+ +

+ Open-source Agent OS built in Rust. 137K LOC. 14 crates. 1,767+ tests. Zero clippy warnings.
+ One binary. Battle-tested. Agents that actually work for you. +

+ +

+ Documentation • + Quick Start • + Twitter / X +

+ +

+ Rust + MIT + v0.6.9 + Tests + Clippy + Buy Me A Coffee +

+ +--- + +> **v0.5.10 (April 2026)** +> +> OpenFang is feature complete but still pre-1.0. Expect rough edges and breaking changes between minor versions. We ship fast and fix fast. Pin to a specific commit for production use until v1.0. [Report issues here.](https://github.com/RightNow-AI/openfang/issues) + +--- + +## What is OpenFang? + +OpenFang is an **open-source Agent Operating System**. Not a chatbot framework. Not a Python wrapper around an LLM. Not a "multi-agent orchestrator." A full operating system for autonomous agents, built from scratch in Rust. + +Traditional agent frameworks wait for you to type something. OpenFang runs **autonomous agents that work for you**: on schedules, 24/7, building knowledge graphs, monitoring targets, generating leads, managing your social media, and reporting results to your dashboard. + +The entire system compiles to a **single ~32MB binary**. One install, one command, your agents are live. + +```bash +curl -fsSL https://openfang.sh/install | sh +openfang init +openfang start +# Dashboard live at http://localhost:4200 +``` + +
+Windows + +```powershell +irm https://openfang.sh/install.ps1 | iex +openfang init +openfang start +``` + +
+ +--- + +## Hands: Agents That Actually Do Things + +

"Traditional agents wait for you to type. Hands work for you."

+ +**Hands** are OpenFang's core innovation. Pre-built autonomous capability packages that run independently, on schedules, without you having to prompt them. This is not a chatbot. This is an agent that wakes up at 6 AM, researches your competitors, builds a knowledge graph, scores the findings, and delivers a report to your Telegram before you've had coffee. + +Each Hand bundles: +- **HAND.toml**: manifest declaring tools, settings, requirements, and dashboard metrics. +- **System Prompt**: multi-phase operational playbook. Not a one-liner. These are 500+ word expert procedures. +- **SKILL.md**: domain expertise reference injected into context at runtime. +- **Guardrails**: approval gates for sensitive actions (e.g. Browser Hand requires approval before any purchase). + +All compiled into the binary. No downloading, no pip install, no Docker pull. + +### The 7 Bundled Hands + +| Hand | What It Actually Does | +|------|----------------------| +| **Clip** | Takes a YouTube URL, downloads it, identifies the best moments, cuts them into vertical shorts with captions and thumbnails, optionally adds AI voice-over, and publishes to Telegram and WhatsApp. 8-phase pipeline. FFmpeg + yt-dlp + 5 STT backends. | +| **Lead** | Runs daily. Discovers prospects matching your ICP, enriches them with web research, scores 0-100, deduplicates against your existing database, and delivers qualified leads in CSV/JSON/Markdown. Builds ICP profiles over time. | +| **Collector** | OSINT grade intelligence. You give it a target (company, person, topic). It monitors continuously: change detection, sentiment tracking, knowledge graph construction, and critical alerts when something important shifts. | +| **Predictor** | Superforecasting engine. Collects signals from multiple sources, builds calibrated reasoning chains, makes predictions with confidence intervals, and tracks its own accuracy using Brier scores. Has a contrarian mode that deliberately argues against consensus. | +| **Researcher** | Deep autonomous researcher. Cross-references multiple sources, evaluates credibility using CRAAP criteria (Currency, Relevance, Authority, Accuracy, Purpose), generates cited reports with APA formatting, supports multiple languages. | +| **Twitter** | Autonomous Twitter/X account manager. Creates content in 7 rotating formats, schedules posts for optimal engagement, responds to mentions, tracks performance metrics. Has an approval queue, so nothing posts without your OK. | +| **Browser** | Web automation agent. Navigates sites, fills forms, clicks buttons, handles multi-step workflows. Uses Playwright bridge with session persistence. **Mandatory purchase approval gate**: it will never spend your money without explicit confirmation. | + +```bash +# Activate the Researcher Hand. It starts working immediately. +openfang hand activate researcher + +# Check its progress anytime +openfang hand status researcher + +# Activate lead generation on a daily schedule +openfang hand activate lead + +# Pause without losing state +openfang hand pause lead + +# See all available Hands +openfang hand list +``` + +**Build your own.** Define a `HAND.toml` with tools, settings, and a system prompt. Publish to FangHub. + +--- + +## OpenFang vs The Landscape + +

+ OpenFang vs OpenClaw vs ZeroClaw +

+ +### Benchmarks: Measured, Not Marketed + +All data from official documentation and public repositories, February 2026. + +#### Cold Start Time (lower is better) + +``` +ZeroClaw ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 10 ms +OpenFang ██████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 180 ms ★ +LangGraph █████████████████░░░░░░░░░░░░░░░░░░░░░░░░░ 2.5 sec +CrewAI ████████████████████░░░░░░░░░░░░░░░░░░░░░░ 3.0 sec +AutoGen ██████████████████████████░░░░░░░░░░░░░░░░░ 4.0 sec +OpenClaw █████████████████████████████████████████░░ 5.98 sec +``` + +#### Idle Memory Usage (lower is better) + +``` +ZeroClaw █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 5 MB +OpenFang ████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 40 MB ★ +LangGraph ██████████████████░░░░░░░░░░░░░░░░░░░░░░░░░ 180 MB +CrewAI ████████████████████░░░░░░░░░░░░░░░░░░░░░░░ 200 MB +AutoGen █████████████████████████░░░░░░░░░░░░░░░░░░ 250 MB +OpenClaw ████████████████████████████████████████░░░░ 394 MB +``` + +#### Install Size (lower is better) + +``` +ZeroClaw █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 8.8 MB +OpenFang ███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 32 MB ★ +CrewAI ████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 100 MB +LangGraph ████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 150 MB +AutoGen ████████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░ 200 MB +OpenClaw ████████████████████████████████████████░░░░ 500 MB +``` + +#### Security Systems (higher is better) + +``` +OpenFang ████████████████████████████████████████████ 16 ★ +ZeroClaw ███████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 6 +OpenClaw ████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 3 +AutoGen █████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 2 +LangGraph █████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 2 +CrewAI ███░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1 +``` + +#### Channel Adapters (higher is better) + +``` +OpenFang ████████████████████████████████████████████ 40 ★ +ZeroClaw ███████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 15 +OpenClaw █████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 13 +CrewAI ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 0 +AutoGen ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 0 +LangGraph ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 0 +``` + +#### LLM Providers (higher is better) + +``` +ZeroClaw ████████████████████████████████████████████ 28 +OpenFang ██████████████████████████████████████████░░ 27 ★ +LangGraph ██████████████████████░░░░░░░░░░░░░░░░░░░░░ 15 +CrewAI ██████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 10 +OpenClaw ██████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 10 +AutoGen ███████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 8 +``` + +### Feature-by-Feature Comparison + +| Feature | OpenFang | OpenClaw | ZeroClaw | CrewAI | AutoGen | LangGraph | +|---------|----------|----------|----------|--------|---------|-----------| +| **Language** | **Rust** | TypeScript | **Rust** | Python | Python | Python | +| **Autonomous Hands** | **7 built-in** | None | None | None | None | None | +| **Security Layers** | **16 discrete** | 3 basic | 6 layers | 1 basic | Docker | AES enc. | +| **Agent Sandbox** | **WASM dual-metered** | None | Allowlists | None | Docker | None | +| **Channel Adapters** | **40** | 13 | 15 | 0 | 0 | 0 | +| **Built-in Tools** | **53 + MCP + A2A** | 50+ | 12 | Plugins | MCP | LC tools | +| **Memory** | **SQLite + vector** | File-based | SQLite FTS5 | 4-layer | External | Checkpoints | +| **Desktop App** | **Tauri 2.0** | None | None | None | Studio | None | +| **Audit Trail** | **Merkle hash-chain** | Logs | Logs | Tracing | Logs | Checkpoints | +| **Cold Start** | **<200ms** | ~6s | ~10ms | ~3s | ~4s | ~2.5s | +| **Install Size** | **~32 MB** | ~500 MB | ~8.8 MB | ~100 MB | ~200 MB | ~150 MB | +| **License** | MIT | MIT | MIT | MIT | Apache 2.0 | MIT | + +--- + +## 16 Security Systems: Defense in Depth + +OpenFang doesn't bolt security on after the fact. Every layer is independently testable and operates without a single point of failure. + +| # | System | What It Does | +|---|--------|-------------| +| 1 | **WASM Dual-Metered Sandbox** | Tool code runs in WebAssembly with fuel metering + epoch interruption. A watchdog thread kills runaway code. | +| 2 | **Merkle Hash-Chain Audit Trail** | Every action is cryptographically linked to the previous one. Tamper with one entry and the entire chain breaks. | +| 3 | **Information Flow Taint Tracking** | Labels propagate through execution. Secrets are tracked from source to sink. | +| 4 | **Ed25519 Signed Agent Manifests** | Every agent identity and capability set is cryptographically signed. | +| 5 | **SSRF Protection** | Blocks private IPs, cloud metadata endpoints, and DNS rebinding attacks. | +| 6 | **Secret Zeroization** | `Zeroizing` auto-wipes API keys from memory the instant they're no longer needed. | +| 7 | **OFP Mutual Authentication** | HMAC-SHA256 nonce-based, constant-time verification for P2P networking. | +| 8 | **Capability Gates** | Role based access control. Agents declare required tools, the kernel enforces it. | +| 9 | **Security Headers** | CSP, X-Frame-Options, HSTS, X-Content-Type-Options on every response. | +| 10 | **Health Endpoint Redaction** | Public health check returns minimal info. Full diagnostics require authentication. | +| 11 | **Subprocess Sandbox** | `env_clear()` + selective variable passthrough. Process tree isolation with cross-platform kill. | +| 12 | **Prompt Injection Scanner** | Detects override attempts, data exfiltration patterns, and shell reference injection in skills. | +| 13 | **Loop Guard** | SHA256-based tool call loop detection with circuit breaker. Handles ping-pong patterns. | +| 14 | **Session Repair** | 7-phase message history validation and automatic recovery from corruption. | +| 15 | **Path Traversal Prevention** | Canonicalization with symlink escape prevention. ``../`` doesn't work here. | +| 16 | **GCRA Rate Limiter** | Cost-aware token bucket rate limiting with per-IP tracking and stale cleanup. | + +--- + +## Architecture + +14 Rust crates. 137,728 lines of code. Modular kernel design. + +``` +openfang-kernel Orchestration, workflows, metering, RBAC, scheduler, budget tracking +openfang-runtime Agent loop, 3 LLM drivers, 53 tools, WASM sandbox, MCP, A2A +openfang-api 140+ REST/WS/SSE endpoints, OpenAI-compatible API, dashboard +openfang-channels 40 messaging adapters with rate limiting, DM/group policies +openfang-memory SQLite persistence, vector embeddings, canonical sessions, compaction +openfang-types Core types, taint tracking, Ed25519 manifest signing, model catalog +openfang-skills 60 bundled skills, SKILL.md parser, FangHub marketplace +openfang-hands 7 autonomous Hands, HAND.toml parser, lifecycle management +openfang-extensions 25 MCP templates, AES-256-GCM credential vault, OAuth2 PKCE +openfang-wire OFP P2P protocol with HMAC-SHA256 mutual authentication +openfang-cli CLI with daemon management, TUI dashboard, MCP server mode +openfang-desktop Tauri 2.0 native app (system tray, notifications, global shortcuts) +openfang-migrate OpenClaw, LangChain, AutoGPT migration engine +xtask Build automation +``` + +--- + +## 40 Channel Adapters + +Connect your agents to every platform your users are on. + +**Core:** Telegram, Discord, Slack, WhatsApp, Signal, Matrix, Email (IMAP/SMTP) +**Enterprise:** Microsoft Teams, Mattermost, Google Chat, Webex, Feishu/Lark, Zulip +**Social:** LINE, Viber, Facebook Messenger, Mastodon, Bluesky, Reddit, LinkedIn, Twitch + + succeeded in 0ms: +name: Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + packages: write + +env: + CARGO_TERM_COLOR: always + +jobs: + # ── Tauri Desktop App (Windows + macOS + Linux) ─────────────────────────── + # Produces: .msi, .exe (Windows) | .dmg, .app (macOS) | .AppImage, .deb (Linux) + # Also generates and uploads latest.json (the auto-updater manifest) + desktop: + name: Desktop / ${{ matrix.platform.name }} + strategy: + fail-fast: false + matrix: + platform: + - name: Linux x86_64 + os: ubuntu-22.04 + args: "--target x86_64-unknown-linux-gnu" + rust_target: x86_64-unknown-linux-gnu + + - name: macOS x86_64 + os: macos-latest + args: "--target x86_64-apple-darwin" + rust_target: x86_64-apple-darwin + + - name: macOS ARM64 + os: macos-latest + args: "--target aarch64-apple-darwin" + rust_target: aarch64-apple-darwin + + - name: Windows x86_64 + os: windows-latest + args: "--target x86_64-pc-windows-msvc" + rust_target: x86_64-pc-windows-msvc + + - name: Windows ARM64 + os: windows-latest + args: "--target aarch64-pc-windows-msvc" + rust_target: aarch64-pc-windows-msvc + + runs-on: ${{ matrix.platform.os }} + steps: + - uses: actions/checkout@v6 + + - name: Install system deps (Linux) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y \ + libwebkit2gtk-4.1-dev \ + libgtk-3-dev \ + libayatana-appindicator3-dev \ + librsvg2-dev \ + patchelf + + - uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ matrix.platform.rust_target }} + + - uses: Swatinem/rust-cache@v2 + with: + key: desktop-${{ matrix.platform.rust_target }} + + - name: Import macOS signing certificate + if: runner.os == 'macOS' + env: + MAC_CERT_BASE64: ${{ secrets.MAC_CERT_BASE64 }} + MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }} + run: | + echo "$MAC_CERT_BASE64" | base64 --decode > $RUNNER_TEMP/certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + KEYCHAIN_PASSWORD=$(openssl rand -base64 32) + security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" + security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + security import $RUNNER_TEMP/certificate.p12 -P "$MAC_CERT_PASSWORD" \ + -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH" + security list-keychain -d user -s "$KEYCHAIN_PATH" + security set-key-partition-list -S apple-tool:,apple:,codesign: \ + -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" + IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | head -1 | awk -F'"' '{print $2}') + echo "Using signing identity: $IDENTITY" + echo "APPLE_SIGNING_IDENTITY=$IDENTITY" >> $GITHUB_ENV + rm -f $RUNNER_TEMP/certificate.p12 + + - name: Build and bundle Tauri desktop app + uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }} + APPLE_ID: ${{ secrets.MAC_NOTARIZE_APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.MAC_NOTARIZE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.MAC_NOTARIZE_TEAM_ID }} + with: + tagName: ${{ github.ref_name }} + releaseName: "OpenFang ${{ github.ref_name }}" + releaseBody: | + ## What's New + + See the [CHANGELOG](https://github.com/RightNow-AI/openfang/blob/main/CHANGELOG.md) for full details. + + ## Installation + + **Desktop App** — Download the installer for your platform below. + + **CLI (Linux/macOS)**: + ```bash + curl -sSf https://openfang.sh | sh + ``` + + **Docker**: + ```bash + docker pull ghcr.io/rightnow-ai/openfang:latest + ``` + + **Coming from OpenClaw?** + ```bash + openfang migrate --from openclaw + ``` + releaseDraft: false + prerelease: false + includeUpdaterJson: true + projectPath: crates/openfang-desktop + args: ${{ matrix.platform.args }} + + # ── CLI Binary (7 platforms) ────────────────────────────────────────────── + cli: + name: CLI / ${{ matrix.target }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - target: x86_64-unknown-linux-gnu + os: ubuntu-22.04 + archive: tar.gz + - target: aarch64-unknown-linux-gnu + os: ubuntu-22.04 + archive: tar.gz + - target: armv7-unknown-linux-gnueabihf + os: ubuntu-22.04 + archive: tar.gz + - target: x86_64-apple-darwin + os: macos-latest + archive: tar.gz + - target: aarch64-apple-darwin + os: macos-latest + archive: tar.gz + - target: x86_64-pc-windows-msvc + os: windows-latest + archive: zip + - target: aarch64-pc-windows-msvc + os: windows-latest + archive: zip + + steps: + - uses: actions/checkout@v6 + - uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ matrix.target }} + - name: Install build deps (Linux) + if: runner.os == 'Linux' + run: sudo apt-get update && sudo apt-get install -y pkg-config libssl-dev + - name: Install cross (Linux aarch64/armv7) + if: matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'armv7-unknown-linux-gnueabihf' + run: cargo install cross --locked + - uses: Swatinem/rust-cache@v2 + with: + key: cli-${{ matrix.target }} + - name: Build CLI (cross) + if: matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'armv7-unknown-linux-gnueabihf' + run: cross build --release --target ${{ matrix.target }} --bin openfang + - name: Build CLI + if: matrix.target != 'aarch64-unknown-linux-gnu' && matrix.target != 'armv7-unknown-linux-gnueabihf' + run: cargo build --release --target ${{ matrix.target }} --bin openfang + - name: Ad-hoc codesign CLI binary (macOS) + if: runner.os == 'macOS' + run: | + xattr -cr target/${{ matrix.target }}/release/openfang || true + codesign --force --sign - target/${{ matrix.target }}/release/openfang + - name: Package (Unix) + if: matrix.archive == 'tar.gz' + run: | + cd target/${{ matrix.target }}/release + tar czf ../../../openfang-${{ matrix.target }}.tar.gz openfang + cd ../../.. + sha256sum openfang-${{ matrix.target }}.tar.gz > openfang-${{ matrix.target }}.tar.gz.sha256 + - name: Package (Windows) + if: matrix.archive == 'zip' + shell: pwsh + run: | + Compress-Archive -Path "target/${{ matrix.target }}/release/openfang.exe" -DestinationPath "openfang-${{ matrix.target }}.zip" + $hash = (Get-FileHash "openfang-${{ matrix.target }}.zip" -Algorithm SHA256).Hash.ToLower() + "$hash openfang-${{ matrix.target }}.zip" | Out-File -Encoding ASCII "openfang-${{ matrix.target }}.zip.sha256" + - name: Upload to GitHub Release + uses: softprops/action-gh-release@v3 + with: + files: openfang-${{ matrix.target }}.* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # ── Docker (linux/amd64 + linux/arm64) ──────────────────────────────────── + docker: + name: Docker Image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Log in to GHCR + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU (for arm64 emulation) + uses: docker/setup-qemu-action@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + - name: Extract version + id: version + run: echo "version=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT" + - name: Build and push (multi-arch) + uses: docker/build-push-action@v7 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: | + ghcr.io/rightnow-ai/openfang:latest + ghcr.io/rightnow-ai/openfang:${{ steps.version.outputs.version }} + labels: | + org.opencontainers.image.source=https://github.com/RightNow-AI/openfang + org.opencontainers.image.licenses=MIT + org.opencontainers.image.description=OpenFang Agent OS — single-binary Rust agent framework + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Set GHCR package visibility to public + run: | + curl -fsSL -X PATCH \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/orgs/RightNow-AI/packages/container/openfang \ + -d '{"visibility":"public"}' + +hook: PostToolUse +hook: PostToolUse +hook: PostToolUse Completed +hook: PostToolUse Completed +exec +/bin/zsh -lc "sed -n '1,220p' docs/README.md" in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +# OpenFang Documentation + +Welcome to the OpenFang documentation. OpenFang is the open-source Agent Operating System -- 14 Rust crates, 40 channels, 60 skills, 20 LLM providers, 76 API endpoints, and 16 security systems in a single binary. + +--- + +## Getting Started + +| Guide | Description | +|-------|-------------| +| [Getting Started](getting-started.md) | Installation, first agent, first chat session | +| [Configuration](configuration.md) | Complete `config.toml` reference with every field | +| [CLI Reference](cli-reference.md) | Every command and subcommand with examples | +| [Troubleshooting](troubleshooting.md) | Common issues, FAQ, diagnostics | + +## Core Concepts + +| Guide | Description | +|-------|-------------| +| [Architecture](architecture.md) | 12-crate structure, kernel boot, agent lifecycle, memory substrate | +| [Agent Templates](agent-templates.md) | 30 pre-built agents across 4 performance tiers | +| [Workflows](workflows.md) | Multi-agent pipelines with branching, fan-out, loops, and triggers | +| [Security](security.md) | 16 defense-in-depth security systems | + +## Integrations + +| Guide | Description | +|-------|-------------| +| [Channel Adapters](channel-adapters.md) | 40 messaging channels -- setup, configuration, custom adapters | +| [LLM Providers](providers.md) | 20 providers, 51 models, 23 aliases -- setup and model routing | +| [Skills](skill-development.md) | 60 bundled skills, custom skill development, FangHub marketplace | +| [MCP & A2A](mcp-a2a.md) | Model Context Protocol and Agent-to-Agent protocol integration | + +## Reference + +| Guide | Description | +|-------|-------------| +| [API Reference](api-reference.md) | All 76 REST/WS/SSE endpoints with request/response examples | +| [Desktop App](desktop.md) | Tauri 2.0 native app -- build, features, architecture | + +## Release & Operations + +| Guide | Description | +|-------|-------------| +| [Production Checklist](production-checklist.md) | Every step before tagging v0.1.0 -- signing keys, secrets, verification | + +## Additional Resources + +| Resource | Description | +|----------|-------------| +| [CONTRIBUTING.md](../CONTRIBUTING.md) | Development setup, code style, PR guidelines | +| [MIGRATION.md](../MIGRATION.md) | Migrating from OpenClaw, LangChain, or AutoGPT | +| [SECURITY.md](../SECURITY.md) | Security policy and vulnerability reporting | +| [CHANGELOG.md](../CHANGELOG.md) | Release notes and version history | + +--- + +## Quick Reference + +### Start in 30 Seconds + +```bash +export GROQ_API_KEY="your-key" +openfang init && openfang start +# Open http://127.0.0.1:4200 +``` + +### Key Numbers + +| Metric | Count | +|--------|-------| +| Crates | 14 | +| Agent templates | 30 | +| Messaging channels | 40 | +| Bundled skills | 60 | +| Built-in tools | 38 | +| LLM providers | 20 | +| Models in catalog | 51 | +| Model aliases | 23 | +| API endpoints | 76 | +| Security systems | 16 | +| Tests | 967 | + +### Important Paths + +| Path | Description | +|------|-------------| +| `~/.openfang/config.toml` | Main configuration file | +| `~/.openfang/data/openfang.db` | SQLite database | +| `~/.openfang/skills/` | Installed skills | +| `~/.openfang/daemon.json` | Daemon PID and port info | +| `agents/` | Agent template manifests | + +### Key Environment Variables + +| Variable | Provider | +|----------|----------| +| `ANTHROPIC_API_KEY` | Anthropic (Claude) | +| `OPENAI_API_KEY` | OpenAI (GPT-4o) | +| `GEMINI_API_KEY` | Google Gemini | +| `GROQ_API_KEY` | Groq (fast Llama/Mixtral) | +| `DEEPSEEK_API_KEY` | DeepSeek | +| `XAI_API_KEY` | xAI (Grok) | + +Only one provider key is needed to get started. Groq offers a free tier. + +hook: PostToolUse +exec +/bin/zsh -lc 'rg -n "install|Installation|Homebrew|brew|release|tarball|openfang" README.md docs .github/workflows/release.yml' in /Users/mvanhorn/.osc/workspaces/RightNow-AI-openfang-889-fresh + succeeded in 0ms: +.github/workflows/release.yml:58: sudo apt-get install -y \ +.github/workflows/release.yml:107: releaseName: "OpenFang ${{ github.ref_name }}" +.github/workflows/release.yml:108: releaseBody: | +.github/workflows/release.yml:111: See the [CHANGELOG](https://github.com/RightNow-AI/openfang/blob/main/CHANGELOG.md) for full details. +.github/workflows/release.yml:113: ## Installation +.github/workflows/release.yml:115: **Desktop App** — Download the installer for your platform below. +.github/workflows/release.yml:119: curl -sSf https://openfang.sh | sh +.github/workflows/release.yml:124: docker pull ghcr.io/rightnow-ai/openfang:latest +.github/workflows/release.yml:129: openfang migrate --from openclaw +.github/workflows/release.yml:131: releaseDraft: false +.github/workflows/release.yml:132: prerelease: false +.github/workflows/release.yml:134: projectPath: crates/openfang-desktop +.github/workflows/release.yml:174: run: sudo apt-get update && sudo apt-get install -y pkg-config libssl-dev +.github/workflows/release.yml:177: run: cargo install cross --locked +.github/workflows/release.yml:183: run: cross build --release --target ${{ matrix.target }} --bin openfang +.github/workflows/release.yml:186: run: cargo build --release --target ${{ matrix.target }} --bin openfang +.github/workflows/release.yml:190: xattr -cr target/${{ matrix.target }}/release/openfang || true +.github/workflows/release.yml:191: codesign --force --sign - target/${{ matrix.target }}/release/openfang +.github/workflows/release.yml:195: cd target/${{ matrix.target }}/release +.github/workflows/release.yml:196: tar czf ../../../openfang-${{ matrix.target }}.tar.gz openfang +.github/workflows/release.yml:198: sha256sum openfang-${{ matrix.target }}.tar.gz > openfang-${{ matrix.target }}.tar.gz.sha256 +.github/workflows/release.yml:203: Compress-Archive -Path "target/${{ matrix.target }}/release/openfang.exe" -DestinationPath "openfang-${{ matrix.target }}.zip" +.github/workflows/release.yml:204: $hash = (Get-FileHash "openfang-${{ matrix.target }}.zip" -Algorithm SHA256).Hash.ToLower() +.github/workflows/release.yml:205: "$hash openfang-${{ matrix.target }}.zip" | Out-File -Encoding ASCII "openfang-${{ matrix.target }}.zip.sha256" +.github/workflows/release.yml:207: uses: softprops/action-gh-release@v3 +.github/workflows/release.yml:209: files: openfang-${{ matrix.target }}.* +.github/workflows/release.yml:239: ghcr.io/rightnow-ai/openfang:latest +.github/workflows/release.yml:240: ghcr.io/rightnow-ai/openfang:${{ steps.version.outputs.version }} +.github/workflows/release.yml:242: org.opencontainers.image.source=https://github.com/RightNow-AI/openfang +.github/workflows/release.yml:253: https://api.github.com/orgs/RightNow-AI/packages/container/openfang \ +README.md:2: OpenFang Logo +README.md:14: Documentation • +README.md:15: Quick Start • +README.md:16: Twitter / X +README.md:25: Buy Me A Coffee +README.md:32:> OpenFang is feature complete but still pre-1.0. Expect rough edges and breaking changes between minor versions. We ship fast and fix fast. Pin to a specific commit for production use until v1.0. [Report issues here.](https://github.com/RightNow-AI/openfang/issues) +README.md:42:The entire system compiles to a **single ~32MB binary**. One install, one command, your agents are live. +README.md:45:curl -fsSL https://openfang.sh/install | sh +README.md:46:openfang init +README.md:47:openfang start +README.md:55:irm https://openfang.sh/install.ps1 | iex +README.md:56:openfang init +README.md:57:openfang start +README.md:76:All compiled into the binary. No downloading, no pip install, no Docker pull. +README.md:92:openfang hand activate researcher +README.md:95:openfang hand status researcher +README.md:98:openfang hand activate lead +README.md:101:openfang hand pause lead +README.md:104:openfang hand list +README.md:114: OpenFang vs OpenClaw vs ZeroClaw +README.md:236:openfang-kernel Orchestration, workflows, metering, RBAC, scheduler, budget tracking +README.md:237:openfang-runtime Agent loop, 3 LLM drivers, 53 tools, WASM sandbox, MCP, A2A +README.md:238:openfang-api 140+ REST/WS/SSE endpoints, OpenAI-compatible API, dashboard +README.md:239:openfang-channels 40 messaging adapters with rate limiting, DM/group policies +README.md:240:openfang-memory SQLite persistence, vector embeddings, canonical sessions, compaction +README.md:241:openfang-types Core types, taint tracking, Ed25519 manifest signing, model catalog +README.md:242:openfang-skills 60 bundled skills, SKILL.md parser, FangHub marketplace +README.md:243:openfang-hands 7 autonomous Hands, HAND.toml parser, lifecycle management +README.md:244:openfang-extensions 25 MCP templates, AES-256-GCM credential vault, OAuth2 PKCE +README.md:245:openfang-wire OFP P2P protocol with HMAC-SHA256 mutual authentication +README.md:246:openfang-cli CLI with daemon management, TUI dashboard, MCP server mode +README.md:247:openfang-desktop Tauri 2.0 native app (system tray, notifications, global shortcuts) +README.md:248:openfang-migrate OpenClaw, LangChain, AutoGPT migration engine +README.md:275:- **Node.js >= 18** installed ([download](https://nodejs.org/)) +README.md:276:- OpenFang installed and initialized +README.md:284:npm install +README.md:322:openfang start +README.md:354:For production workloads, use the [WhatsApp Cloud API](https://developers.facebook.com/docs/whatsapp/cloud-api) with a Meta Business account. See the [Cloud API configuration docs](https://openfang.sh/docs/channels/whatsapp). +README.md:376:openfang migrate --from openclaw +README.md:379:openfang migrate --from openclaw --path ~/.openclaw +README.md:382:openfang migrate --from openclaw --dry-run +README.md:411:curl -fsSL https://openfang.sh/install | sh +README.md:414:openfang init +README.md:417:openfang start +README.md:422:openfang hand activate researcher +README.md:425:openfang chat researcher +README.md:429:openfang agent spawn coder +README.md:436:irm https://openfang.sh/install.ps1 | iex +README.md:437:openfang init +README.md:438:openfang start +README.md:469:- **Edge cases** exist. If you find one, [open an issue](https://github.com/RightNow-AI/openfang/issues). +README.md:490:- [Website & Documentation](https://openfang.sh) +README.md:491:- [Quick Start Guide](https://openfang.sh/docs/getting-started) +README.md:492:- [GitHub](https://github.com/RightNow-AI/openfang) +README.md:494:- [Twitter / X](https://x.com/openfangg) +README.md:513: Buy Me A Coffee +docs/security.md:44:| 1 | Capability-Based Security | `openfang-types` | Unauthorized actions by agents | +docs/security.md:45:| 2 | WASM Dual Metering | `openfang-runtime` | Infinite loops, CPU DoS | +docs/security.md:46:| 3 | Merkle Audit Trail | `openfang-runtime` | Tampered audit logs | +docs/security.md:47:| 4 | Taint Tracking | `openfang-types` | Prompt injection, data exfiltration | +docs/security.md:48:| 5 | Ed25519 Manifest Signing | `openfang-types` | Supply chain attacks | +docs/security.md:49:| 6 | SSRF Protection | `openfang-runtime` | Server-Side Request Forgery | +docs/security.md:50:| 7 | Secret Zeroization | `openfang-runtime`, `openfang-channels` | Memory forensics, key leakage | +docs/security.md:51:| 8 | OFP Mutual Auth | `openfang-wire` | Unauthorized peer connections | +docs/security.md:52:| 9 | Security Headers | `openfang-api` | XSS, clickjacking, MIME sniffing | +docs/security.md:53:| 10 | GCRA Rate Limiter | `openfang-api` | API abuse, denial of service | +docs/security.md:54:| 11 | Path Traversal Prevention | `openfang-runtime` | Directory traversal attacks | +docs/security.md:55:| 12 | Subprocess Sandbox | `openfang-runtime` | Secret leakage via child processes | +docs/security.md:56:| 13 | Prompt Injection Scanner | `openfang-skills` | Malicious skill prompts | +docs/security.md:57:| 14 | Loop Guard | `openfang-runtime` | Stuck agent tool loops | +docs/security.md:58:| 15 | Session Repair | `openfang-runtime` | Corrupted LLM conversation history | +docs/security.md:59:| 16 | Health Endpoint Redaction | `openfang-api` | Information leakage | +docs/security.md:65:**Source:** `openfang-types/src/capability.rs` +docs/security.md:188:**Source:** `openfang-runtime/src/sandbox.rs` +docs/security.md:271:**Source:** `openfang-runtime/src/audit.rs` +docs/security.md:386:**Source:** `openfang-types/src/taint.rs` +docs/security.md:477:**Source:** `openfang-types/src/manifest_signing.rs` +docs/security.md:556:**Source:** `openfang-runtime/src/host_functions.rs` +docs/security.md:671:**LLM Drivers** (`openfang-runtime/src/drivers/`): +docs/security.md:679:**Channel Adapters** (`openfang-channels/src/`): +docs/security.md:692:**Web Search** (`openfang-runtime/src/web_search.rs`): +docs/security.md:700:**Embedding** (`openfang-runtime/src/embedding.rs`): +docs/security.md:717:**Source:** `openfang-wire/src/peer.rs` +docs/security.md:795:**Source:** `openfang-api/src/middleware.rs` +docs/security.md:840:**Source:** `openfang-api/src/rate_limiter.rs` +docs/security.md:880: ("POST", "/api/skills/install") => 50, +docs/security.md:881: ("POST", "/api/skills/uninstall") => 10, +docs/security.md:929:**Source:** `openfang-runtime/src/host_functions.rs` +docs/security.md:998:**Source:** `openfang-runtime/src/subprocess_sandbox.rs` +docs/security.md:1079:**Source:** `openfang-skills/src/verify.rs` +docs/security.md:1141:Skills installed from ClawHub have their content verified against a known +docs/security.md:1157:**Source:** `openfang-runtime/src/loop_guard.rs` +docs/security.md:1237:**Source:** `openfang-runtime/src/session_repair.rs` +docs/security.md:1293:**Source:** `openfang-api/src/routes.rs` +docs/api-reference.md:44:Add to `~/.openfang/config.toml`: +docs/api-reference.md:582: "path": "/home/user/.openfang/agents/hello-world/agent.toml" +docs/api-reference.md:587: "path": "/home/user/.openfang/agents/coder/agent.toml" +docs/api-reference.md:670: "data_dir": "/home/user/.openfang/data", +docs/api-reference.md:695: "name": "openfang", +docs/api-reference.md:771: "data_dir": "/home/user/.openfang/data", +docs/api-reference.md:1036:Manage the skill registry. Skills extend agent capabilities with Python, Node.js, WASM, or prompt-only modules. All skill installations go through SHA256 verification and prompt injection scanning. +docs/api-reference.md:1040:List all installed skills. +docs/api-reference.md:1066:### POST /api/skills/install +docs/api-reference.md:1068:Install a skill from a local path or URL. The skill manifest is verified (SHA256 checksum) and scanned for prompt injection before installation. +docs/api-reference.md:1083: "status": "installed", +docs/api-reference.md:1089:### POST /api/skills/uninstall +docs/api-reference.md:1091:Remove an installed skill. Bundled skills cannot be uninstalled. +docs/api-reference.md:1105: "status": "uninstalled", +docs/api-reference.md:1130: "path": "/home/user/.openfang/skills/my-skill" +docs/api-reference.md:1164:Browse and install skills from ClawHub (OpenClaw ecosystem compatibility). All installations go through the full security pipeline: SHA256 verification, SKILL.md security scanning, and trust boundary enforcement. +docs/api-reference.md:1234:### POST /api/clawhub/install +docs/api-reference.md:1250: "status": "installed", +docs/api-reference.md:1617:Auto-detect migration sources on the system. Scans common locations for OpenClaw installations, config files, and agent data. +docs/api-reference.md:2121: "model": "openfang:coder", +docs/api-reference.md:2136:| `openfang:` | `openfang:coder` | Find agent by name | +docs/api-reference.md:2145: "model": "openfang:analyst", +docs/api-reference.md:2207: "id": "openfang:coder", +docs/api-reference.md:2210: "owned_by": "openfang" +docs/api-reference.md:2213: "id": "openfang:researcher", +docs/api-reference.md:2216: "owned_by": "openfang" +docs/api-reference.md:2239:| `201` | Created (spawn agent, create workflow, create trigger, install skill) | +docs/api-reference.md:2348:| GET | `/api/skills` | List installed skills (60 bundled) | +docs/api-reference.md:2349:| POST | `/api/skills/install` | Install skill | +docs/api-reference.md:2350:| POST | `/api/skills/uninstall` | Uninstall skill | +docs/api-reference.md:2357:| POST | `/api/clawhub/install` | Install from ClawHub | +docs/cli-reference.md:3:Complete command-line reference for `openfang`, the CLI tool for the OpenFang Agent OS. +docs/cli-reference.md:7:The `openfang` binary is the primary interface for managing the OpenFang Agent OS. It supports two modes of operation: +docs/cli-reference.md:9:- **Daemon mode** -- When a daemon is running (`openfang start`), CLI commands communicate with it over HTTP. This is the recommended mode for production use. +docs/cli-reference.md:12:Running `openfang` with no subcommand launches the interactive TUI (terminal user interface) built with ratatui, which provides a full dashboard experience in the terminal. +docs/cli-reference.md:14:## Installation +docs/cli-reference.md:19:cargo install --path crates/openfang-cli +docs/cli-reference.md:25:cargo build --release -p openfang-cli +docs/cli-reference.md:26:# Binary: target/release/openfang (or openfang.exe on Windows) +docs/cli-reference.md:32:docker run -it openfang/openfang:latest +docs/cli-reference.md:35:### Shell installer +docs/cli-reference.md:38:curl -fsSL https://get.openfang.ai | sh +docs/cli-reference.md:47:| `--config ` | Path to a custom config file. Overrides the default `~/.openfang/config.toml`. | +docs/cli-reference.md:49:| `--version` | Print the version of the `openfang` binary. | +docs/cli-reference.md:55:| `RUST_LOG` | Controls log verbosity (e.g. `info`, `debug`, `openfang_kernel=trace`). | +docs/cli-reference.md:57:| `EDITOR` / `VISUAL` | Editor used by `openfang config edit`. Falls back to `notepad` (Windows) or `vi` (Unix). | +docs/cli-reference.md:63:### openfang (no subcommand) +docs/cli-reference.md:68:openfang [--config ] +docs/cli-reference.md:71:The TUI provides a full-screen terminal interface with panels for agents, chat, workflows, channels, skills, settings, and more. Tracing output is redirected to `~/.openfang/tui.log` to avoid corrupting the terminal display. +docs/cli-reference.md:77:### openfang init +docs/cli-reference.md:79:Initialize the OpenFang workspace. Creates `~/.openfang/` with subdirectories (`data/`, `agents/`) and a default `config.toml`. +docs/cli-reference.md:82:openfang init [--quick] +docs/cli-reference.md:101:openfang init +docs/cli-reference.md:105:openfang init --quick +docs/cli-reference.md:110:### openfang start +docs/cli-reference.md:115:openfang start [--config ] +docs/cli-reference.md:123:- Writes `daemon.json` to `~/.openfang/` so other CLI commands can discover the running daemon. +docs/cli-reference.md:142: hint: Open the dashboard in your browser, or run `openfang chat` +docs/cli-reference.md:150:openfang start +docs/cli-reference.md:153:openfang start --config /path/to/config.toml +docs/cli-reference.md:158:### openfang status +docs/cli-reference.md:163:openfang status [--json] +docs/cli-reference.md:180:openfang status +docs/cli-reference.md:182:openfang status --json | jq '.agent_count' +docs/cli-reference.md:187:### openfang doctor +docs/cli-reference.md:189:Run diagnostic checks on the OpenFang installation. +docs/cli-reference.md:192:openfang doctor [--json] [--repair] +docs/cli-reference.md:204:1. **OpenFang directory** -- `~/.openfang/` exists +docs/cli-reference.md:212:9. **Agent manifests** -- validates all `.toml` files in `~/.openfang/agents/` +docs/cli-reference.md:221:openfang doctor +docs/cli-reference.md:223:openfang doctor --repair +docs/cli-reference.md:225:openfang doctor --json +docs/cli-reference.md:230:### openfang dashboard +docs/cli-reference.md:235:openfang dashboard +docs/cli-reference.md:247:openfang dashboard +docs/cli-reference.md:252:### openfang completion +docs/cli-reference.md:257:openfang completion +docs/cli-reference.md:270:openfang completion bash > ~/.bash_completion.d/openfang +docs/cli-reference.md:273:openfang completion zsh > ~/.zfunc/_openfang +docs/cli-reference.md:276:openfang completion fish > ~/.config/fish/completions/openfang.fish +docs/cli-reference.md:279:openfang completion powershell > openfang.ps1 +docs/cli-reference.md:286:### openfang agent new +docs/cli-reference.md:291:openfang agent new [