{"id":50333044,"url":"https://github.com/albertdobmeyer/opentrapp","last_synced_at":"2026-05-29T11:01:27.080Z","repository":{"id":351161659,"uuid":"1170996065","full_name":"albertdobmeyer/opentrapp","owner":"albertdobmeyer","description":"Desktop GUI for running AI agents with container isolation and skill scanning","archived":false,"fork":false,"pushed_at":"2026-05-18T05:02:30.000Z","size":15928,"stargazers_count":1,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-18T07:21:25.247Z","etag":null,"topics":["ai-agents","desktop-app","manifest-driven","openclaw","react","rust","security","tauri"],"latest_commit_sha":null,"homepage":"https://github.com/gitgoodordietrying/lobster-trapp#readme","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/albertdobmeyer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/roadmap-post-launch.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-02T18:59:09.000Z","updated_at":"2026-05-18T05:02:32.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/albertdobmeyer/opentrapp","commit_stats":null,"previous_names":["albertdobmeyer/lobster-trapp","albertdobmeyer/opentrapp"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/albertdobmeyer/opentrapp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopentrapp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopentrapp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopentrapp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopentrapp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/albertdobmeyer","download_url":"https://codeload.github.com/albertdobmeyer/opentrapp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopentrapp/sbom","scorecard":{"id":1247042,"data":{"date":"2026-05-06T18:04:42Z","repo":{"name":"github.com/albertdobmeyer/lobster-trapp","commit":"f0138034c9e50215951f68ec5abecf22d14cb6d0"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":6.4,"checks":[{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: tests/dogfood/__pycache__/test_full_arc.cpython-312.pyc:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disable on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: branch 'main' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disable on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 0/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: akd brewing contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: RustCargoFuzzer integration found: app/src-tauri/fuzz/fuzz_targets/manifest_parse.rs:19","Info: RustCargoFuzzer integration found: app/src-tauri/fuzz/fuzz_targets/redact_secrets.rs:19","Info: RustCargoFuzzer integration found: app/src-tauri/fuzz/fuzz_targets/runner_interpolate.rs:19"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"project was created in last 90 days. please review its contents carefully","details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info: Possibly incomplete results: error parsing shell code: word list can only contain words: tests/e2e-telegram/direct_probing/probe.sh:173","Info:  25 out of  25 GitHub-owned GitHubAction dependencies pinned","Info:  16 out of  16 third-party GitHubAction dependencies pinned","Info:   5 out of   5 npmCommand dependencies pinned","Info:   2 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":4,"reason":"1 out of the last 2 releases have a total of 1 signed artifacts.","details":["Info: signed release artifact: Lobster-TrApp-0.3.2-1.x86_64.rpm.sig: https://api.github.com/repos/albertdobmeyer/lobster-trapp/releases/assets/412853021","Warn: release artifact v0.3.0 not signed: https://api.github.com/repos/albertdobmeyer/lobster-trapp/releases/316791457","Warn: release artifact v0.3.2 does not have provenance: https://api.github.com/repos/albertdobmeyer/lobster-trapp/releases/317960953","Warn: release artifact v0.3.0 does not have provenance: https://api.github.com/repos/albertdobmeyer/lobster-trapp/releases/316791457"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:142","Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:27","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:30","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:31","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/fuzz.yml:30","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/supply-chain.yml:29"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":0,"reason":"22 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0413","Warn: Project is vulnerable to: RUSTSEC-2024-0416","Warn: Project is vulnerable to: RUSTSEC-2025-0057","Warn: Project is vulnerable to: RUSTSEC-2024-0412","Warn: Project is vulnerable to: RUSTSEC-2024-0418","Warn: Project is vulnerable to: RUSTSEC-2024-0411","Warn: Project is vulnerable to: RUSTSEC-2024-0417","Warn: Project is vulnerable to: RUSTSEC-2024-0414","Warn: Project is vulnerable to: GHSA-wrw7-89jp-8q8g / RUSTSEC-2024-0429","Warn: Project is vulnerable to: RUSTSEC-2024-0415","Warn: Project is vulnerable to: RUSTSEC-2024-0420","Warn: Project is vulnerable to: RUSTSEC-2024-0419","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: GHSA-cq8v-f236-94qc / RUSTSEC-2026-0097","Warn: Project is vulnerable to: GHSA-7gmj-67g7-phm9","Warn: Project is vulnerable to: RUSTSEC-2025-0081","Warn: Project is vulnerable to: RUSTSEC-2025-0075","Warn: Project is vulnerable to: RUSTSEC-2025-0080","Warn: Project is vulnerable to: RUSTSEC-2025-0100","Warn: Project is vulnerable to: RUSTSEC-2025-0098","Warn: Project is vulnerable to: GHSA-6w46-j5rx-g56g","Warn: Project is vulnerable to: GHSA-mf9w-mj56-hr94"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-05-06T19:38:59.224Z","repository_id":351161659,"created_at":"2026-05-06T19:38:59.225Z","updated_at":"2026-05-06T19:38:59.225Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33648534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","desktop-app","manifest-driven","openclaw","react","rust","security","tauri"],"created_at":"2026-05-29T11:01:26.196Z","updated_at":"2026-05-29T11:01:27.051Z","avatar_url":"https://github.com/albertdobmeyer.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"app/public/logo-banner.png\" alt=\"OpenTrApp\" width=\"600\"/\u003e\n\u003c/p\u003e\n\n# OpenTrApp\n\n[![CI](https://github.com/albertdobmeyer/opentrapp/actions/workflows/ci.yml/badge.svg)](https://github.com/albertdobmeyer/opentrapp/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/albertdobmeyer/opentrapp/actions/workflows/codeql.yml/badge.svg)](https://github.com/albertdobmeyer/opentrapp/actions/workflows/codeql.yml)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/albertdobmeyer/opentrapp/badge)](https://scorecard.dev/viewer/?uri=github.com/albertdobmeyer/opentrapp)\n[![License: MIT](https://img.shields.io/badge/License-MIT-009966.svg)](LICENSE)\n\nA desktop application that runs an autonomous CLI agent inside a five-container security perimeter on the user's own computer, with a Telegram interface for chat. Open-source under MIT. Ships pre-wired for [OpenClaw](https://www.getopenclaw.ai); the perimeter is designed to extend to other CLI agents.\n\nThe architecture, threat model, and per-component capabilities are described in [`docs/trifecta.md`](docs/trifecta.md).\n\n**Author:** [@albertdobmeyer](https://github.com/albertdobmeyer) · **Public landing page:** [opentrapp.com](https://opentrapp.com)\n\n---\n\n## Purpose\n\nAutonomous CLI agents — [OpenClaw](https://www.getopenclaw.ai) is one prominent example — execute shell commands, read files, and load skills from third-party registries. Run with default settings, the agent has the same operating-system privileges as the user. The ClawHavoc study (2026-Q1) of one such registry classified 11.9 % of published skills as malicious (341 of 2,857). OpenTrApp wraps any such agent in a defense-in-depth perimeter to reduce the impact of agent compromise, malicious skills, and prompt-injection attacks. The shipped integration is OpenClaw; the perimeter is designed to extend to other CLI agents.\n\nReasoning is delegated to the agent's vendor API (Anthropic's, for OpenClaw); only the agent's execution layer (file work, tool calls, skill invocations) is local.\n\n## Values\n\nThese are the principles that shape every design and product decision in this project. They are written down because the alternative — leaving them implicit — is how projects drift.\n\n- **Safety-first, safety-always.** The perimeter exists because autonomous agents are powerful and powerful tools fail in expensive ways. Every architectural choice is evaluated against its containment effect first; convenience second. Defaults err on the restrictive side and are documented when they do.\n- **Honest about residual risk.** The application can never claim to make running an autonomous agent absolutely safe. It raises the cost of compromise via defense-in-depth and is open about the gaps that remain. The [threat model](docs/threat-model.md) names them; the [whitepaper](docs/whitepaper.md) explains them.\n- **Agent-agnostic, community-driven.** The perimeter is not coupled to any single CLI agent. The reference deployment is OpenClaw because OpenClaw exists today; the architecture is designed to extend to others. Contributions that broaden compatibility are welcomed.\n- **Transparency over marketing.** No tracking, no telemetry, no proprietary blobs. Every dependency, every container layer, every external request is documentable from the source tree. Reproducibility steps are in [`docs/reproduce.md`](docs/reproduce.md).\n- **Shared for the safety of the commons.** This project is MIT-licensed and developed in the open. Security research findings, hardening recipes, and threat-model deltas land in the repo where everyone running an autonomous CLI agent can benefit, not in private channels.\n\n## Capabilities (default Split Shell)\n\n- Telegram bot interface — message the agent from a paired phone\n- File read/write within a sandboxed workspace; the host filesystem is not exposed to the container\n- Image processing on Telegram-supplied content\n- Skill loading from ClawHub gated by a 87-pattern scanner with MITRE-ATT\u0026CK mapping and Content Disarm \u0026 Reconstruction\n- 24-point startup verification of the perimeter topology\n- API keys held by `vault-proxy` and injected per request; the agent container never reads the literal key\n\nWeb browsing, web fetch, and the broader OpenClaw tool surface are not enabled by default. They are available at \"Soft Shell\" via CLI configuration in v0.3.0; see [`components/opencli-container/`](components/opencli-container/).\n\n## Limitations\n\n- This is experimental software. It is provided as-is, without warranty of any kind. The authors accept no responsibility for damage resulting from its use.\n- Autonomous AI agent containment is an open research problem. The perimeter raises the cost of a successful compromise; it does not eliminate the possibility. The full attacker-capability matrix and residual-risk enumeration are in [`docs/threat-model.md`](docs/threat-model.md); the differential against alternative containment strategies (Firejail, gVisor, VM-only isolation, scanner-only, etc.) is in [`docs/why-not-x.md`](docs/why-not-x.md).\n- The agent's reasoning is not local. Operating OpenTrApp without internet access to Anthropic's API is not supported.\n- Installer binaries are signed with the Tauri auto-updater key, not with OS-level code-signing certificates. macOS Gatekeeper and Windows SmartScreen will display a first-launch warning.\n- One of the three originally-planned modules (`openagent-social`) is **parked since 2026-05-03**. The target API has been intermittent since 2026-04-05 following Meta's acquisition of Moltbook. The container is still defined in `compose.yml`; the code is preserved at [`components/openagent-social/`](components/openagent-social/).\n\n## Requirements\n\n- 64-bit Linux, macOS (Apple Silicon or Intel), or Windows\n- [Podman](https://podman.io/) or [Docker](https://www.docker.com/) installed and runnable by the current user\n- Approximately 4 GB free disk space for the five container images\n- An [Anthropic API key](https://console.anthropic.com/) and a Telegram bot token (the in-app setup wizard explains how to obtain both)\n\n## Installation\n\nPre-built installers for all three platforms are attached to each [GitHub release](https://github.com/albertdobmeyer/opentrapp/releases/latest):\n\n| Platform | Format |\n|----------|--------|\n| Linux    | `.deb`, `.rpm`, `.AppImage` |\n| macOS    | `.dmg` (Apple Silicon and Intel) |\n| Windows  | `.msi`, `.exe` |\n\nThe setup wizard verifies that Podman or Docker is installed and walks the user through API-key entry and Telegram pairing. No terminal interaction is required after install.\n\nFor unsupported platforms or to audit the build pipeline, see *Building from source* below.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eArchitecture summary\u003c/strong\u003e\u003c/summary\u003e\n\nThe runtime perimeter consists of five containers connected by per-service internal compose networks. The L7 (application-layer) policy and the L3 (network-layer) policy live in separate containers — see [ADR-0009](docs/adr/0009-five-container-perimeter.md) for the rationale.\n\n| Container | Role | Description |\n|-----------|------|-------------|\n| `vault-agent`   | Runtime containment | Read-only root filesystem, all Linux capabilities dropped, custom syscall profile, workspace mount only |\n| `vault-forge`   | Supply-chain defense | 87-pattern skill scanner, zero-trust line verifier, Content Disarm \u0026 Reconstruction pipeline |\n| `vault-proxy`   | **L7 egress policy** | Domain allowlist, API-key injection, request logging, post-resolve destination-IP check. Holds API keys; **no internet attachment** (chains to `vault-egress`). |\n| `vault-pioneer` | Social-content analysis | **Parked** — see *Limitations* |\n| `vault-egress`  | **L3 egress policy** | Kernel-level RFC1918 drop; pinned DoT resolver (Quad9 + Cloudflare); the *only* container with internet attachment. Holds `NET_ADMIN` but **no secrets**. |\n\n`vault-proxy` is the bridge between the internal containers. `vault-egress` is the bridge to the public internet. Neither container holds both API credentials *and* elevated network capabilities — that separation is the load-bearing security property the five-container topology exists for.\n\n```mermaid\nflowchart LR\n    USER[User] --\u003e GUI[\"OpenTrApp GUI\"]\n    GUI --\u003e PERIMETER\n\n    subgraph PERIMETER[\"Perimeter\"]\n        AGENT[vault-agent]\n        FORGE[vault-forge]\n        PIONEER[\"vault-pioneer\u003cbr/\u003e(parked)\"]\n        PROXY[\"vault-proxy\u003cbr/\u003e(L7 policy)\"]\n        EGRESS[\"vault-egress\u003cbr/\u003e(L3 policy + DoT)\"]\n    end\n\n    AGENT --\u003e PROXY\n    FORGE --\u003e PROXY\n    AGENT \u003c-.-\u003e|\"write-only volume\"| FORGE\n    PROXY --\u003e EGRESS\n    EGRESS --\u003e ANTHROPIC[Anthropic API]\n    EGRESS --\u003e TELEGRAM[Telegram]\n    EGRESS --\u003e CLAWHUB[ClawHub]\n\n    classDef parked stroke-dasharray: 5 5,color:#777\n    class PIONEER parked\n```\n\nFive Mermaid drawings (topology, trust tiers, network-isolation matrix, the skill-loading flow, the assistant-state machine) are in [`docs/diagrams.md`](docs/diagrams.md). The full architecture, attacker-capability matrix, defense-in-depth tables, and ownership matrix are in [`docs/trifecta.md`](docs/trifecta.md) and [`docs/threat-model.md`](docs/threat-model.md).\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eBuilding from source\u003c/strong\u003e\u003c/summary\u003e\n\nAll three submodules are public; no special access is required.\n\n```bash\ngit clone --recurse-submodules https://github.com/albertdobmeyer/opentrapp.git\ncd opentrapp/app\nnpm install\nnpm run dev                              # frontend dev server\ncd src-tauri \u0026\u0026 cargo build              # Rust backend\n```\n\nFor a release-style desktop build, install Tauri's prerequisites for the target platform and run `cd app \u0026\u0026 npm run tauri build`.\n\n### Test suite\n\n```bash\ncd app/src-tauri \u0026\u0026 cargo test --lib     # Rust unit tests (56 at v0.3.0)\ncd app \u0026\u0026 npm test -- --run              # Vitest (74 at v0.3.0)\ncd app \u0026\u0026 npx tsc --noEmit               # TypeScript strict\ncd app \u0026\u0026 npx playwright test            # End-to-end (25)\nbash tests/orchestrator-check.sh         # Manifest validation (42 checks)\npodman compose up -d \u0026\u0026 podman compose down  # Perimeter smoke test\n```\n\nContinuous integration runs all of the above on every push to `main` and every release tag; see [`.github/workflows/ci.yml`](.github/workflows/ci.yml). For an end-to-end script that re-derives every numerical claim in this README from a fresh clone, see [`docs/reproduce.md`](docs/reproduce.md) and run [`bash docs/reproduce.sh`](docs/reproduce.sh).\n\nRelease artefacts are accompanied by a CycloneDX SBOM, a cosign keyless signature (sigstore), and a SLSA Build Level 2 build-provenance attestation. Verification:\n\n```bash\n# CycloneDX SBOM\nsyft scan packages:artefact.deb -o cyclonedx-json | diff - sbom.cyclonedx.json\n\n# cosign signature (keyless / sigstore)\ncosign verify-blob \\\n  --certificate sbom.cyclonedx.json.pem \\\n  --signature sbom.cyclonedx.json.sig \\\n  --certificate-identity \"https://github.com/albertdobmeyer/opentrapp/.github/workflows/ci.yml@refs/tags/vX.Y.Z\" \\\n  --certificate-oidc-issuer \"https://token.actions.githubusercontent.com\" \\\n  sbom.cyclonedx.json\n\n# SLSA build provenance — see the `intoto.jsonl` asset on each release\ncosign verify-attestation --type slsaprovenance ...\n```\n\n### Repository layout\n\n```\nopentrapp/                       (this repository — desktop GUI + perimeter orchestrator)\n├── components/\n│   ├── opencli-container/              runtime containment (vault-agent + vault-proxy)\n│   ├── openskill-forge/               supply-chain defense (vault-forge)\n│   └── openagent-social/            social-content analysis (vault-pioneer) — parked\n├── app/                             Tauri 2 + React 18 desktop application\n├── compose.yml                      4-service perimeter with network isolation\n├── schemas/component.schema.json    component manifest contract\n└── config/orchestrator-workflows.yml  cross-component workflow definitions\n```\n\nSee [`CLAUDE.md`](CLAUDE.md) for the full architecture specification and contribution rules.\n\n\u003c/details\u003e\n\n---\n\n## License\n\nReleased under the [MIT License](LICENSE). The license permits use, modification, redistribution, and inclusion in derivative works subject only to the attribution requirement (preservation of the copyright notice). No warranty is provided.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertdobmeyer%2Fopentrapp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falbertdobmeyer%2Fopentrapp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertdobmeyer%2Fopentrapp/lists"}