vercel · sarahsimionescu · May 7, 2026 · May 7, 2026 · May 7, 2026 · May 7, 2026
@@ -0,0 +1,38 @@
+# --- App ---
+# Public URL of the deployed app. In dev, leave blank - it's derived from PORT.
+NEXT_PUBLIC_APP_URL=
+
+# --- Database (required) ---
+# Postgres with the pgvector extension enabled. Neon's free tier works.
+DATABASE_URL=
+
+# --- Auth (required) ---
+# Random 32+ char string. Generate with: openssl rand -base64 32
+BETTER_AUTH_SECRET=
+
+# --- Composio (required) ---
+# Global API key for the Composio SDK. Get one free at https://dashboard.composio.dev/login?flow=developer
+COMPOSIO_API_KEY=
+
+# --- Cron auth (required) ---
+# Random 32+ char string. Used to authenticate /api/cron/* endpoints.
+# On Vercel, this is auto-injected when crons are declared in vercel.json.
+# Generate with: openssl rand -base64 32
+CRON_SECRET=
+
+# --- AI Gateway (only needed for local dev) ---
+# On Vercel deployments, AI Gateway authenticates automatically via VERCEL_OIDC_TOKEN.
+# For local dev, run `vercel link && vercel env pull` to get a short-lived OIDC token,
+# OR set this manually:
+# AI_GATEWAY_API_KEY=
+
+# --- Telegram bot (optional - Telegram features disabled when these are blank) ---
+# Create a bot via @BotFather to get the token + username
+TELEGRAM_BOT_TOKEN=
+TELEGRAM_BOT_USERNAME=
+# Random secret used to verify incoming Telegram webhook calls
+TELEGRAM_WEBHOOK_SECRET=
+
+# --- Redis (optional - resumable streams disabled when blank, basic streaming still works) ---
+# Used for resumable streams, streaming state, and abort flags. Upstash works.
+REDIS_URL=
@@ -0,0 +1,78 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# database
+/prisma/db.sqlite
+/prisma/db.sqlite-journal
+db.sqlite
+
+# next.js
+/.next/
+/out/
+next-env.d.ts
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# local env files
+# do not commit any .env files to git, except for the .env.example file. https://create.t3.gg/en/usage/env-variables#using-environment-variables
+.env
+.env*.local
+
+# vercel
+.vercel
+
+# trustclaw deploy CLI cache
+.trustclaw-deploy.json
+
+# typescript
+*.tsbuildinfo
+
+# idea files
+.idea
+
+# Generated SDK (keep .gitkeep)
+src/generated/*
+!src/generated/.gitignore
+!src/generated/.gitkeep
+
+# claude batch automation
+ralph/tasks.json
+ralph/tasks/*
+ralph/state/*
+ralph/results.log
+.claude/ralph.local.md
+
+docs/plans/*
+docs/state/*
+.claude/state/*
+
+# worktrees
+.worktrees/
+.ralph-worktrees/
+
+# playwright mcp
+.playwright-mcp/
+/*.png
+# Sentry Config File
+.env.sentry-build-plugin
+
+# CLI build output
+cli/dist/
@@ -0,0 +1,2 @@
+public-hoist-pattern[]=*eslint*
+public-hoist-pattern[]=*prettier*
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Sarah Simionescu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,157 @@
+---
+name: TrustClaw
+slug: trustclaw
+publisher: Composio
+description: 24/7 AI assistant with 1000+ tools via OAuth + sandboxed execution. OpenClaw's ideas, rebuilt from scratch for security.
+framework: Next.js
+type:
+  - Multi tenant-apps
+  - Cron
+css: Tailwind
+githubUrl: https://github.com/vercel/examples/tree/main/solutions/trustclaw
+demoUrl: https://trustclaw.vercel.app
+deployUrl: https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fvercel%2Fexamples%2Ftree%2Fmain%2Fsolutions%2Ftrustclaw&project-name=trustclaw&repository-name=trustclaw&env=BETTER_AUTH_SECRET,COMPOSIO_API_KEY,CRON_SECRET&envDescription=Generate%20BETTER_AUTH_SECRET%20and%20CRON_SECRET%20with%3A%20openssl%20rand%20-base64%2032.%20Get%20a%20free%20COMPOSIO_API_KEY%20at%20https%3A%2F%2Fdashboard.composio.dev%2Flogin%3Fflow%3Ddeveloper&envLink=https%3A%2F%2Fgithub.com%2Fvercel%2Fexamples%2Ftree%2Fmain%2Fsolutions%2Ftrustclaw%23environment-variables&products=%5B%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22neon%22%2C%22productSlug%22%3A%22neon%22%2C%22protocol%22%3A%22storage%22%7D%2C%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22upstash%22%2C%22productSlug%22%3A%22upstash-kv%22%2C%22protocol%22%3A%22storage%22%7D%5D&skippable-integrations=1
+relatedTemplates:
+  - slackbot
+  - cron
+  - ai-chatgpt
+---
+
+# TrustClaw
+
+**Your AI that does things while you sleep. _Securely._**
+
+A 24/7 personal AI assistant with 1000+ tools via **OAuth** and **sandboxed execution**. Built on the ideas behind OpenClaw, rebuilt from scratch for security. Talks to you on the web or Telegram, remembers what matters, and handles recurring work on autopilot.
+
+## Demo
+
+https://trustclaw.vercel.app
+
+## How to Use
+
+### Option 1: Smart CLI (recommended)
+
+```bash
+npx @composio/trustclaw deploy
+```
+
+Handles the entire deploy:
+
+- Forks (or publishes) the repo to your GitHub
+- Creates a Vercel project linked to it
+- Provisions Postgres + pgvector via Vercel Marketplace (and optionally Upstash Redis)
+- Auto-generates `BETTER_AUTH_SECRET` and `CRON_SECRET`
+- Prompts you for a free [Composio API key](https://dashboard.composio.dev/login?flow=developer)
+- Runs the Prisma schema sync against your fresh database
+- Triggers the production deploy and opens the URL in your browser
+- Optionally walks you through Telegram bot setup
+- Tunes config (cron schedule, function timeouts) for your Vercel plan
+
+**Prerequisites:** [Vercel](https://vercel.com) + [GitHub](https://github.com) accounts, plus a free [Composio API key](https://dashboard.composio.dev/login?flow=developer).
+
+### Option 2: One-Click Deploy
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fvercel%2Fexamples%2Ftree%2Fmain%2Fsolutions%2Ftrustclaw&project-name=trustclaw&repository-name=trustclaw&env=BETTER_AUTH_SECRET,COMPOSIO_API_KEY,CRON_SECRET&envDescription=Generate%20BETTER_AUTH_SECRET%20and%20CRON_SECRET%20with%3A%20openssl%20rand%20-base64%2032.%20Get%20a%20free%20COMPOSIO_API_KEY%20at%20https%3A%2F%2Fdashboard.composio.dev%2Flogin%3Fflow%3Ddeveloper&envLink=https%3A%2F%2Fgithub.com%2Fvercel%2Fexamples%2Ftree%2Fmain%2Fsolutions%2Ftrustclaw%23environment-variables&products=%5B%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22neon%22%2C%22productSlug%22%3A%22neon%22%2C%22protocol%22%3A%22storage%22%7D%2C%7B%22type%22%3A%22integration%22%2C%22integrationSlug%22%3A%22upstash%22%2C%22productSlug%22%3A%22upstash-kv%22%2C%22protocol%22%3A%22storage%22%7D%5D&skippable-integrations=1)
+
+The Vercel deploy flow will:
+
+1. Prompt you to install **Neon Postgres** (required) and **Upstash Redis** (optional - skippable). Both auto-inject their connection strings (`DATABASE_URL`, `REDIS_URL`) into your project on install.
+2. Prompt you for the three secrets: `BETTER_AUTH_SECRET`, `COMPOSIO_API_KEY`, `CRON_SECRET`.
+
+After the first deploy, you'll need to run the Prisma schema sync once against your new Neon database. The smart CLI in Option 1 handles this automatically; for the deploy button path, see [Environment variables](#environment-variables) and [Option 3](#option-3-clone-and-deploy) for the migration step.
+
+### Option 3: Clone and Deploy
+
+```bash
+git clone https://github.com/vercel/examples.git
+cd examples/solutions/trustclaw
+pnpm install
+cp .env.example .env       # fill in DATABASE_URL, BETTER_AUTH_SECRET, COMPOSIO_API_KEY, CRON_SECRET
+pnpm prisma db push        # apply schema (Postgres + pgvector required)
+pnpm dev                   # http://localhost:3000
+```
+
+## Features
+
+|                              |                                                                                       |
+| ---------------------------- | ------------------------------------------------------------------------------------- |
+| 🔐 **OAuth Only**            | Connects through OAuth. No passwords stored or shared.                                |
+| ⚡ **Zero Setup**            | Sign up, chat, done. No API keys or config files.                                     |
+| 💤 **Works While You Sleep** | Schedule tasks and let your agent handle them on autopilot.                           |
+| ☁️ **Sandboxed Execution**   | Every action runs in an isolated cloud environment that's gone when the task is done. |
+
+### What it can do
+
+- Chat with Claude in a Next.js dashboard or via a Telegram bot
+- Long-term memory backed by Postgres + pgvector
+- 3-layer context management (pruning, memory flush, summarization compaction) so conversations can run indefinitely
+- 1000+ Composio tool integrations (Gmail, GitHub, Slack, Notion, Linear, Calendar, Drive, Stripe, HubSpot, …)
+- Cron-scheduled agent runs for recurring tasks
+- Username/password login via Better Auth
+
+## Security model
+
+|                    | TrustClaw                      | Vanilla local agents         |
+| ------------------ | ------------------------------ | ---------------------------- |
+| **Setup**          | Seconds                        | Hours of config              |
+| **Credentials**    | Encrypted, managed by Composio | Plaintext in local config    |
+| **Code Execution** | Remote sandbox                 | On your local machine        |
+| **Integrations**   | OAuth, 1000+ apps              | Manual API key setup per app |
+| **Skill Security** | Managed tool surface           | Unvetted public registry     |
+| **Audit Trails**   | Full action log                | None                         |
+| **Revocation**     | One click                      | Find and delete config files |
+
+The design choices:
+
+- **No raw API keys handed to the agent** - Composio brokers OAuth for every tool
+- **No code runs on your machine** - every tool call executes in an isolated remote environment
+- **No long-lived shell access** - destructive prompt injection from a scraped email can't `rm -rf` your laptop because the agent doesn't have a shell on your laptop
+
+## Architecture
+
+```
+┌──────────────┐    ┌──────────────────────────────────────────┐
+│  Web (Next)  │───▶│             Next.js App                  │
+│   Telegram   │───▶│  ┌────────────────────────────────────┐  │
+│     Cron     │───▶│  │  tRPC API + agent runtime          │  │
+└──────────────┘    │  │  (prepareAgentRun → ToolLoopAgent) │  │
+                    │  └─────────┬──────────────────────────┘  │
+                    │            │                              │
+                    │   ┌────────┼─────────┬──────────┐        │
+                    │   ▼        ▼         ▼          ▼        │
+                    │ Postgres  Redis  AI Gateway  Composio    │
+                    │ (pgvector)      (LLM + emb.)             │
+                    └──────────────────────────────────────────┘
+```
+
+### Tech stack
+
+- [Next.js 15](https://nextjs.org) (App Router) + React 19
+- [tRPC](https://trpc.io) for all backend logic
+- [Better Auth](https://www.better-auth.com/) (username/password)
+- [Prisma](https://prisma.io) + Postgres + [pgvector](https://github.com/pgvector/pgvector)
+- [Vercel AI SDK](https://sdk.vercel.ai) + AI Gateway (LLM + embeddings)
+- [Composio SDK](https://composio.dev) for tool integrations
+- [Tailwind CSS](https://tailwindcss.com) + [shadcn/ui](https://ui.shadcn.com)
+- Redis (resumable streams, optional)
+
+## Environment variables
+
+| Variable                               | Purpose                                | How it's set                             |
+| -------------------------------------- | -------------------------------------- | ---------------------------------------- |
+| `DATABASE_URL`                         | Postgres + pgvector connection string  | Auto-injected by the Neon integration    |
+| `REDIS_URL` _(optional)_               | Resumable streams + abort flags        | Auto-injected by the Upstash integration |
+| `BETTER_AUTH_SECRET`                   | Session signing key (32+ random bytes) | You provide during deploy                |
+| `COMPOSIO_API_KEY`                     | Composio tool integrations             | You provide during deploy                |
+| `CRON_SECRET`                          | Auth for `/api/cron/*` routes          | You provide during deploy                |
+| `TELEGRAM_BOT_TOKEN` _(optional)_      | Telegram bot                           | Add later via Vercel project settings    |
+| `TELEGRAM_BOT_USERNAME` _(optional)_   | Telegram bot                           | Add later via Vercel project settings    |
+| `TELEGRAM_WEBHOOK_SECRET` _(optional)_ | Telegram webhook auth                  | Add later via Vercel project settings    |
+
+LLM and embedding calls route through Vercel AI Gateway - **no Anthropic or OpenAI API keys required.**
+
+## License
+
+MIT
+
+Built on top of [Composio](https://composio.dev). Inspired by [OpenClaw](https://github.com/openclaw/openclaw), rebuilt for security. Canonical source: [ComposioHQ/trustclaw](https://github.com/ComposioHQ/trustclaw).
@@ -0,0 +1,23 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "new-york",
+  "rsc": true,
+  "tsx": true,
+  "tailwind": {
+    "config": "",
+    "css": "src/styles/globals.css",
+    "baseColor": "neutral",
+    "cssVariables": true,
+    "prefix": ""
+  },
+  "iconLibrary": "lucide",
+  "rtl": false,
+  "aliases": {
+    "components": "~/components",
+    "utils": "~/lib/utils",
+    "ui": "~/components/ui",
+    "lib": "~/lib",
+    "hooks": "~/hooks"
+  },
+  "registries": {}
+}
@@ -0,0 +1,49 @@
+import { FlatCompat } from "@eslint/eslintrc";
+import tseslint from "typescript-eslint";
+
+const compat = new FlatCompat({
+  baseDirectory: import.meta.dirname,
+});
+
+export default tseslint.config(
+  {
+    ignores: [".next", "src/generated"],
+  },
+  ...compat.extends("next/core-web-vitals"),
+  {
+    files: ["**/*.ts", "**/*.tsx"],
+    extends: [
+      ...tseslint.configs.recommended,
+      ...tseslint.configs.recommendedTypeChecked,
+      ...tseslint.configs.stylisticTypeChecked,
+    ],
+    rules: {
+      "@typescript-eslint/array-type": "off",
+      "@typescript-eslint/consistent-type-definitions": "off",
+      "@typescript-eslint/consistent-type-imports": [
+        "warn",
+        { prefer: "type-imports", fixStyle: "inline-type-imports" },
+      ],
+      "@typescript-eslint/no-unused-vars": [
+        "warn",
+        { argsIgnorePattern: "^_" },
+      ],
+      "@typescript-eslint/require-await": "off",
+      "@typescript-eslint/no-misused-promises": [
+        "error",
+        { checksVoidReturn: { attributes: false } },
+      ],
+      "no-console": ["error", { allow: ["warn", "error"] }],
+    },
+  },
+  {
+    linterOptions: {
+      reportUnusedDisableDirectives: true,
+    },
+    languageOptions: {
+      parserOptions: {
+        projectService: true,
+      },
+    },
+  },
+);
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		public-hoist-pattern[]=eslint
		public-hoist-pattern[]=prettier