Imported from bare git on Zurich

Go to file

Nyk ebdc8de8b9 fix: resolve reconnect storm and improve Ubuntu deployment Fix WebSocket reconnect storm (issue #53) caused by stale closure reading connection.reconnectAttempts from Zustand state. Use a ref to track attempts, avoiding the closure capture problem entirely. Improve Dockerfile: create .data directory with correct ownership for SQLite, set PORT/HOSTNAME env vars explicitly. Add deployment guide documenting Ubuntu prerequisites (python3, make, g++ for better-sqlite3 native compilation) and platform-specific build constraints.		2026-03-02 12:15:19 +07:00
.github	fix: CI workflow and release readiness bugs	2026-02-27 18:52:13 +07:00
docs	fix: resolve reconnect storm and improve Ubuntu deployment	2026-03-02 12:15:19 +07:00
ops	feat: initial open-source release	2026-02-23 02:00:44 +07:00
scripts	fix: scrub deployment-specific data from public repo	2026-03-01 15:37:55 +07:00
src	fix: resolve reconnect storm and improve Ubuntu deployment	2026-03-02 12:15:19 +07:00
tests	feat: add direct CLI integration for gateway-free tool connections	2026-03-02 11:45:12 +07:00
.dockerignore	feat: add Docker support, session controls, model catalog, API rate limiting	2026-02-27 20:56:02 +07:00
.env.example	docs: clarify OPENCLAW_MEMORY_DIR for memory browser	2026-03-01 14:46:54 -08:00
.env.test	test: add 52 Playwright E2E tests covering all critical fixes	2026-02-27 15:38:49 +07:00
.gitignore	fix: CI workflow and release readiness bugs	2026-02-27 18:52:13 +07:00
.npmrc	feat: initial open-source release	2026-02-23 02:00:44 +07:00
CHANGELOG.md	feat: v1.2.0 — validation hardening, unit tests, quality improvements	2026-03-02 00:22:59 +07:00
CODE_OF_CONDUCT.md	chore: CODE_OF_CONDUCT, issue templates, DELETE patterns, limit caps, CSRF origin check	2026-02-27 14:04:09 +07:00
CONTRIBUTING.md	feat: initial open-source release	2026-02-23 02:00:44 +07:00
Dockerfile	fix: resolve reconnect storm and improve Ubuntu deployment	2026-03-02 12:15:19 +07:00
LICENSE	feat: initial open-source release	2026-02-23 02:00:44 +07:00
README.md	docs: clarify OPENCLAW_MEMORY_DIR for memory browser	2026-03-01 14:46:54 -08:00
SECURITY.md	feat: initial open-source release	2026-02-23 02:00:44 +07:00
docker-compose.yml	feat: add Docker support, session controls, model catalog, API rate limiting	2026-02-27 20:56:02 +07:00
eslint.config.mjs	feat: initial open-source release	2026-02-23 02:00:44 +07:00
next.config.js	feat: add Docker support, session controls, model catalog, API rate limiting	2026-02-27 20:56:02 +07:00
openapi.json	feat: add direct CLI integration for gateway-free tool connections	2026-03-02 11:45:12 +07:00
package.json	feat: add OpenAPI 3.1 documentation with Scalar UI	2026-03-02 11:03:16 +07:00
playwright.config.ts	test: add 94 E2E tests covering all CRUD routes + fix middleware location	2026-03-02 02:21:10 +07:00
pnpm-lock.yaml	feat: add OpenAPI 3.1 documentation with Scalar UI	2026-03-02 11:03:16 +07:00
postcss.config.js	feat: initial open-source release	2026-02-23 02:00:44 +07:00
tailwind.config.js	feat: initial open-source release	2026-02-23 02:00:44 +07:00
tsconfig.json	fix: strict mode, test stubs, pagination counts, N+1 queries, CSP hardening	2026-02-27 14:02:52 +07:00
vitest.config.ts	feat: initial open-source release	2026-02-23 02:00:44 +07:00

README.md

Mission Control

The open-source dashboard for AI agent orchestration.

Manage agent fleets, track tasks, monitor costs, and orchestrate workflows — all from a single pane of glass.

Alpha Software — Mission Control is under active development. APIs, database schemas, and configuration formats may change between releases. Review the known limitations and security considerations before deploying to production.

Why Mission Control?

Running AI agents at scale means juggling sessions, tasks, costs, and reliability across multiple models and channels. Mission Control gives you:

26 panels — Tasks, agents, logs, tokens, memory, cron, alerts, webhooks, pipelines, and more
Real-time everything — WebSocket + SSE push updates, smart polling that pauses when you're away
Zero external dependencies — SQLite database, single pnpm start to run, no Redis/Postgres/Docker required
Role-based access — Viewer, operator, and admin roles with session + API key auth
Quality gates — Built-in review system that blocks task completion without sign-off
Multi-gateway — Connect to multiple agent gateways simultaneously (OpenClaw, and more coming soon)

Quick Start

git clone https://github.com/builderz-labs/mission-control.git
cd mission-control
pnpm install
cp .env.example .env    # edit with your values
pnpm dev                # http://localhost:3000

Initial login is seeded from AUTH_USER / AUTH_PASS on first run.

Project Status

What Works

Agent management with full lifecycle (register, heartbeat, wake, retire)
Kanban task board with drag-and-drop, priorities, assignments, and comments
Real-time monitoring via WebSocket + SSE with smart polling
Token usage and cost tracking with per-model breakdowns
Multi-gateway connection management
Role-based access control (viewer, operator, admin)
Background scheduler for automated tasks
Outbound webhooks with delivery history and retry
Quality review gates for task sign-off
Pipeline orchestration with workflow templates

Known Limitations

CSP still includes unsafe-inline — unsafe-eval has been removed, but inline styles remain for framework compatibility
Vitest stubs need real assertions — unit test files exist but most are placeholder stubs

Security Considerations

Change all default credentials (AUTH_USER, AUTH_PASS, API_KEY) before deploying
Deploy behind a reverse proxy with TLS (e.g., Caddy, nginx) for any network-accessible deployment
Review SECURITY.md for the vulnerability reporting process
Do not expose the dashboard to the public internet without configuring MC_ALLOWED_HOSTS and TLS

Features

Agent Management

Monitor agent status, spawn new sessions, view heartbeats, and manage the full agent lifecycle from registration to retirement.

Task Board

Kanban board with six columns (inbox → backlog → todo → in-progress → review → done), drag-and-drop, priority levels, assignments, and threaded comments.

Real-time Monitoring

Live activity feed, session inspector, and log viewer with filtering. WebSocket connection to OpenClaw gateway for instant event delivery.

Cost Tracking

Token usage dashboard with per-model breakdowns, trend charts, and cost analysis powered by Recharts.

Background Automation

Scheduled tasks for database backups, stale record cleanup, and agent heartbeat monitoring. Configurable via UI or API.

Integrations

Outbound webhooks with delivery history, configurable alert rules with cooldowns, and multi-gateway connection management. Optional 1Password CLI integration for secret management.

Architecture

mission-control/
├── src/
│   ├── middleware.ts          # Auth gate + CSRF + network access control
│   ├── app/
│   │   ├── page.tsx           # SPA shell — routes all panels
│   │   ├── login/page.tsx     # Login page
│   │   └── api/               # 30+ REST API routes
│   ├── components/
│   │   ├── layout/            # NavRail, HeaderBar, LiveFeed
│   │   ├── dashboard/         # Overview dashboard
│   │   ├── panels/            # 26 feature panels
│   │   └── chat/              # Agent chat UI
│   ├── lib/
│   │   ├── auth.ts            # Session + API key auth, RBAC
│   │   ├── db.ts              # SQLite (better-sqlite3, WAL mode)
│   │   ├── migrations.ts      # 15 schema migrations
│   │   ├── scheduler.ts       # Background task scheduler
│   │   ├── webhooks.ts        # Outbound webhook delivery
│   │   └── websocket.ts       # Gateway WebSocket client
│   └── store/index.ts         # Zustand state management
└── .data/                     # Runtime data (SQLite DB, token logs)

Tech Stack

Layer	Technology
Framework	Next.js 16 (App Router)
UI	React 19, Tailwind CSS 3.4
Language	TypeScript 5.7
Database	SQLite via better-sqlite3 (WAL mode)
State	Zustand 5
Charts	Recharts 3
Real-time	WebSocket + Server-Sent Events
Auth	scrypt hashing, session tokens, RBAC
Testing	Vitest + Playwright (146 E2E tests)

Authentication

Three auth methods, three roles:

Method	Details
Session cookie	`POST /api/auth/login` sets `mc-session` (7-day expiry)
API key	`x-api-key` header matches `API_KEY` env var
Google Sign-In	OAuth with admin approval workflow

Role	Access
`viewer`	Read-only
`operator`	Read + write (tasks, agents, chat)
`admin`	Full access (users, settings, system ops)

API Reference

All endpoints require authentication unless noted. Full reference below.

Auth

Method	Path	Description
`POST`	`/api/auth/login`	Login with username/password
`POST`	`/api/auth/google`	Google Sign-In
`POST`	`/api/auth/logout`	Destroy session
`GET`	`/api/auth/me`	Current user info
`GET`	`/api/auth/access-requests`	List pending access requests (admin)
`POST`	`/api/auth/access-requests`	Approve/reject requests (admin)

Core Resources

Method	Path	Role	Description
`GET`	`/api/agents`	viewer	List agents with task stats
`POST`	`/api/agents`	operator	Register/update agent
`GET`	`/api/tasks`	viewer	List tasks (filter: `?status=`, `?assigned_to=`, `?priority=`)
`POST`	`/api/tasks`	operator	Create task
`GET`	`/api/tasks/[id]`	viewer	Task details
`PUT`	`/api/tasks/[id]`	operator	Update task
`DELETE`	`/api/tasks/[id]`	admin	Delete task
`GET`	`/api/tasks/[id]/comments`	viewer	Task comments
`POST`	`/api/tasks/[id]/comments`	operator	Add comment
`POST`	`/api/tasks/[id]/broadcast`	operator	Broadcast task to agents

Monitoring

Method	Path	Role	Description
`GET`	`/api/status`	viewer	System status (uptime, memory, disk)
`GET`	`/api/activities`	viewer	Activity feed
`GET`	`/api/notifications`	viewer	Notifications for recipient
`GET`	`/api/sessions`	viewer	Active gateway sessions
`GET`	`/api/tokens`	viewer	Token usage and cost data
`GET`	`/api/standup`	viewer	Standup report history
`POST`	`/api/standup`	operator	Generate standup

Configuration

Method	Path	Role	Description
`GET/PUT`	`/api/settings`	admin	App settings
`GET/PUT`	`/api/gateway-config`	admin	OpenClaw gateway config
`GET/POST`	`/api/cron`	admin	Cron management

Operations

Method	Path	Role	Description
`GET/POST`	`/api/scheduler`	admin	Background task scheduler
`GET`	`/api/audit`	admin	Audit log
`GET`	`/api/logs`	viewer	Agent log browser
`GET`	`/api/memory`	viewer	Memory file browser/search
`GET`	`/api/search`	viewer	Global search
`GET`	`/api/export`	admin	CSV export

Integrations

Method	Path	Role	Description
`GET/POST/PUT/DELETE`	`/api/webhooks`	admin	Webhook CRUD
`POST`	`/api/webhooks/test`	admin	Test delivery
`GET`	`/api/webhooks/deliveries`	admin	Delivery history
`GET/POST/PUT/DELETE`	`/api/alerts`	admin	Alert rules
`GET/POST/PUT/DELETE`	`/api/gateways`	admin	Gateway connections
`GET/PUT/DELETE/POST`	`/api/integrations`	admin	Integration management

Chat & Real-time

Method	Path	Description
`GET`	`/api/events`	SSE stream of DB changes
`GET/POST`	`/api/chat/conversations`	Conversation CRUD
`GET/POST`	`/api/chat/messages`	Message CRUD

Agent Lifecycle

Method	Path	Role	Description
`POST`	`/api/spawn`	operator	Spawn agent session
`POST`	`/api/agents/[id]/heartbeat`	operator	Agent heartbeat
`POST`	`/api/agents/[id]/wake`	operator	Wake sleeping agent
`POST`	`/api/quality-review`	operator	Submit quality review

Pipelines

Method	Path	Role	Description
`GET`	`/api/pipelines`	viewer	List pipeline runs
`POST`	`/api/pipelines/run`	operator	Start pipeline
`GET/POST`	`/api/workflows`	viewer/admin	Workflow templates

Environment Variables

See .env.example for the complete list. Key variables:

Variable	Required	Description
`AUTH_USER`	No	Initial admin username (default: `admin`)
`AUTH_PASS`	No	Initial admin password
`API_KEY`	No	API key for headless access
`OPENCLAW_HOME`	Yes*	Path to `.openclaw` directory
`OPENCLAW_GATEWAY_HOST`	No	Gateway host (default: `127.0.0.1`)
`OPENCLAW_GATEWAY_PORT`	No	Gateway WebSocket port (default: `18789`)
`OPENCLAW_MEMORY_DIR`	No	Memory browser root (see note below)
`MC_ALLOWED_HOSTS`	No	Host allowlist for production

*Memory browser, log viewer, and gateway config require OPENCLAW_HOME.

Memory Browser note: OpenClaw does not store agent memory markdown files under $OPENCLAW_HOME/memory/ — that directory does not exist by default. Agent memory lives in each agent's workspace (e.g. ~/clawd-agents/{agent}/memory/). Set OPENCLAW_MEMORY_DIR to your agents root directory to make the Memory Browser show daily logs, MEMORY.md, and other markdown files:
OPENCLAW_MEMORY_DIR=/home/you/clawd-agents

Deployment

# Build
pnpm install --frozen-lockfile
pnpm build

# Run
OPENCLAW_HOME=/path/to/.openclaw pnpm start

Network access is restricted by default in production. Set MC_ALLOWED_HOSTS (comma-separated) or MC_ALLOW_ANY_HOST=1 to control access.

Development

pnpm dev              # Dev server
pnpm build            # Production build
pnpm typecheck        # TypeScript check
pnpm lint             # ESLint
pnpm test             # Vitest unit tests
pnpm test:e2e         # Playwright E2E
pnpm quality:gate     # All checks

Roadmap

See open issues for planned work and the v1.0.0 release notes for what shipped.

Completed:

Dockerfile and docker-compose.yml (#34)
Implement session control actions — monitor/pause/terminate are stub buttons (#35)
Dynamic model catalog — replace hardcoded pricing across 3 files (#36)
API-wide rate limiting (#37)
React error boundaries around panels (#38)
Structured logging with pino (#39)
Accessibility improvements — WCAG 2.1 AA (#40)
HSTS header for TLS deployments (#41)
Input validation with zod schemas (#42)
Export endpoint row limits (#43)
Fill in Vitest unit test stubs with real assertions

Up next:

Agent-agnostic gateway support — connect any orchestration framework (OpenClaw, ZeroClaw, OpenFang, NeoBot, IronClaw, etc.), not just OpenClaw
Direct CLI integration — connect tools like Codex, Claude Code, or custom CLIs directly without requiring a gateway
Native macOS app (Electron or Tauri)
First-class per-agent cost breakdowns — dedicated panel with per-agent token usage and spend (currently derivable from per-session data)
OpenAPI / Swagger documentation
Webhook retry with exponential backoff
OAuth approval UI improvements
API token rotation UI
Webhook signature verification

Contributing

Contributions are welcome. See CONTRIBUTING.md for setup instructions and guidelines.

Security

To report a vulnerability, see SECURITY.md.