{"id":45211622,"url":"https://github.com/nyldn/openclaw-config","last_synced_at":"2026-02-20T16:33:51.088Z","repository":{"id":335940830,"uuid":"1147563427","full_name":"nyldn/openclaw-config","owner":"nyldn","description":"Automated configuration and deployment system for OpenClaw VMs with AI tools, deployment platforms, and file sharing","archived":false,"fork":false,"pushed_at":"2026-02-02T05:09:50.000Z","size":263,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-02T08:59:39.531Z","etag":null,"topics":["ai-tools","automation","bootstrap","claude","deployment","mcp","netlify","openclaw","shell-scripts","supabase","vercel","vm-configuration"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nyldn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-01T23:38:59.000Z","updated_at":"2026-02-02T05:09:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nyldn/openclaw-config","commit_stats":null,"previous_names":["nyldn/openclawd-config"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/nyldn/openclaw-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyldn%2Fopenclaw-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyldn%2Fopenclaw-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyldn%2Fopenclaw-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyldn%2Fopenclaw-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nyldn","download_url":"https://codeload.github.com/nyldn/openclaw-config/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyldn%2Fopenclaw-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29656996,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T16:33:43.953Z","status":"ssl_error","status_checked_at":"2026-02-20T16:33:43.598Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-tools","automation","bootstrap","claude","deployment","mcp","netlify","openclaw","shell-scripts","supabase","vercel","vm-configuration"],"created_at":"2026-02-20T16:33:50.256Z","updated_at":"2026-02-20T16:33:51.081Z","avatar_url":"https://github.com/nyldn.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenClaw VM Configuration v2.0\n\nAutomated configuration and deployment system for OpenClaw VMs with comprehensive tooling for AI development, cloud deployment, file sharing, and personal productivity.\n\n**What's New in v2.0:**\n- 🎯 Interactive installation with preset selection\n- 🔒 Comprehensive security hardening (20+ vulnerabilities fixed)\n- 📅 Personal productivity integrations (Calendar, Email, Tasks, Slack)\n- 🔐 Credential encryption at rest\n- 🛡️ Pre-commit secret detection\n- ⚡ Smart dependency resolution\n\n## 🚀 Quick Start\n\n### Installation\n\n**Recommended Method (Secure):**\n\n```bash\n# One-line install (clone + run)\ngit clone https://github.com/nyldn/openclaw-config.git \u0026\u0026 cd openclaw-config/bootstrap \u0026\u0026 ./bootstrap.sh\n```\n\n**Alternative One-Line (Download + Run):**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/nyldn/openclaw-config/main/bootstrap/install.sh -o /tmp/openclaw-install.sh \u0026\u0026 bash /tmp/openclaw-install.sh\n```\n\nThe installer will:\n- ✅ Verify prerequisites (git, curl, bash)\n- ✅ Show an interactive module selection menu\n- ✅ Install only the components you choose\n- ✅ Complete in ~5-15 minutes depending on selections\n- ✅ Automatically run post-install setup and auth wizards\n\n**Non-Interactive Mode:**\n\nFor automated installations (CI/CD, scripts):\n\n```bash\n# Install all modules without prompts\n./bootstrap.sh --non-interactive\n\n# Install specific modules only\n./bootstrap.sh --only system-deps,nodejs,python\n\n# Skip the post-install wizard\n./bootstrap.sh --skip-setup\n```\n\nSee [docs/INSTALLATION.md](docs/INSTALLATION.md) for detailed installation options and customization.\n\n**Security Note:** We no longer support `curl | bash` installation methods as they pose security risks. Always clone the repository first to review the code before execution.\n\n## 📦 What's Included\n\n### Core AI Tools\n- **Claude Code CLI** - Anthropic's Claude assistant\n- **OpenAI CLI** - GPT-4 and GPT-3.5 access\n- **Gemini CLI** - Run via `npx @google/gemini-cli` (see https://github.com/google-gemini/gemini-cli)\n- **Claude Octopus** - Multi-AI orchestration system\n\n**Claude Code CLI install notes:**\n- macOS: `brew install --cask claude-code`\n- Linux: `curl -fsSL https://claude.ai/install.sh -o /tmp/claude-install.sh \u0026\u0026 bash /tmp/claude-install.sh`\n- Node.js 18+ only required for deprecated npm install flows\n- `ripgrep` is usually included; if `claude` search fails, see Claude search troubleshooting\nClaude Octopus requires the Claude CLI; if it isn't installed yet, rerun later with:\n`./bootstrap.sh --only claude-cli,claude-octopus`\n\n### Deployment Platforms\n- **Vercel CLI** - Serverless and edge deployments\n- **Netlify CLI** - Static sites and functions\n- **Supabase CLI** - Backend-as-a-Service\n\n### File Sharing \u0026 Storage\n- **Google Drive MCP** - Drive integration via MCP\n- **Dropbox MCP** - Dropbox API access\n- **rclone** - 50+ cloud storage backends\n- **GitHub MCP** - Repository operations\n\n### Development Environment\n- **Python 3.9+** with virtual environment\n- **Node.js 20+** with npm\n- **System utilities** - git, curl, jq, etc.\n- **Memory system** - SQLite-based persistence\n- **Auto-updates** - Daily automated updates for all components\n\n### MCP Servers (10+ Total)\n**Core Servers:**\n- Google Drive - File operations and sharing\n- Dropbox - Cloud storage access\n- GitHub - Repository management\n- Filesystem - Local file operations\n- PostgreSQL - Database access (Supabase)\n- Brave Search - Web search capabilities\n\n**Productivity Servers (NEW in v2.0):**\n- Google Calendar - Event management and scheduling\n- Email - IMAP/SMTP for reading and sending emails\n- Todoist - Task and project management\n- Slack - Team messaging and collaboration\n\n### Security Features (NEW in v2.0)\n- **Download Verification** - SHA256 checksums for all external downloads\n- **Secret Sanitization** - Automatic redaction of API keys, tokens, passwords in logs\n- **Credential Encryption** - AES-256-CBC encryption for sensitive config files\n- **Pre-commit Hook** - Prevents accidental commits of secrets\n- **Input Validation** - Strict validation of module names, URLs, file paths\n- **Secure Temp Files** - Uses `mktemp` instead of predictable paths\n- **Restrictive Permissions** - 0600/0700 for sensitive directories and files\n\n### Shell Aliases (42+ Total)\n- Deployment shortcuts (deploy-vercel, deploy-netlify, etc.)\n- File sharing (share-dropbox, share-gdrive)\n- Cloud sync (sync-dropbox, sync-gdrive, sync-s3)\n- MCP management (mcp-list, mcp-reload, mcp-logs)\n- Productivity helpers (productivity-setup, calendar-auth)\n\n## 📁 Repository Structure\n\n```\nopenclaw-config/\n├── README.md                    # This file\n├── docs/INSTALLATION.md        # Detailed installation guide\n├── docs/guides/MIGRATION.md    # Migration guide for v1.x → v2.0\n├── docs/guides/SECURITY.md     # Security policy and practices\n├── bootstrap/                   # Bootstrap system\n│   ├── bootstrap.sh            # Main installer (with interactive mode)\n│   ├── install.sh              # Secure installation script\n│   ├── manifest.yaml           # Module metadata (v2.0)\n│   ├── checksums.yaml          # Download verification checksums\n│   ├── modules/                # Installation modules (16 total)\n│   │   ├── 01-system-deps.sh\n│   │   ├── 02-python.sh\n│   │   ├── 03-nodejs.sh\n│   │   ├── 04-claude-cli.sh\n│   │   ├── ...\n│   │   ├── 14-security.sh\n│   │   └── 15-productivity-tools.sh  # NEW in v2.0\n│   └── lib/                    # Shared utilities\n│       ├── logger.sh           # With secret sanitization\n│       ├── validation.sh       # Enhanced input validation\n│       ├── network.sh\n│       ├── interactive.sh      # NEW: Interactive menus\n│       ├── dependency-resolver.sh  # NEW: Dependency resolution\n│       ├── secure-download.sh  # NEW: Download verification\n│       └── crypto.sh           # NEW: Credential encryption\n├── deployment-tools/           # Deployment configuration\n│   ├── mcp/\n│   │   ├── mcp-servers-extended.json\n│   │   ├── mcp-servers-full-stack.json\n│   │   └── implementations/    # NEW: Custom MCP servers\n│   │       ├── google-calendar-mcp.js\n│   │       ├── email-mcp.js\n│   │       ├── todoist-mcp.js\n│   │       └── slack-mcp.js\n│   ├── config/\n│   │   └── productivity-credentials.template.env\n│   └── docs/\n│       └── PRODUCTIVITY_INTEGRATIONS.md  # NEW: 40-page guide\n│       ├── QUICK-START.md\n│       ├── openclaw-setup-plan.md\n│       └── EMBRACE-WORKFLOW-RESULTS.md\n└── reports/                    # Project documentation\n    └── FEASIBILITY_REPORT.md\n```\n\n## 🎯 Features\n\n### Modular Architecture\n- Individual modules for each component\n- Incremental updates (only install what's changed)\n- Dependency management between modules\n- Rollback support for failed installations\n\n### Automated Maintenance\n- **Daily auto-updates** for all components\n- System packages, Python packages, Node.js packages\n- CLI tools (Vercel, Netlify, Supabase)\n- MCP servers and repository updates\n- Automatic cleanup of unused packages\n- Daily update reports and logs\n\n### Comprehensive Validation\n- Post-installation health checks\n- Module-specific validation\n- System diagnostics (--doctor flag)\n- Automated testing\n\n### Enterprise-Ready\n- State tracking and version management\n- Remote manifest for updates\n- Non-interactive installation mode\n- Logging and error reporting\n\n### Security First\n- No credentials in repository\n- Docker secrets support\n- Token-based authentication\n- Minimal privilege requirements\n\n## 🔧 Usage\n\n### Installation Options\n\n```bash\n# Full installation (all modules)\n./bootstrap.sh\n\n# Verbose output\n./bootstrap.sh --verbose\n\n# Install specific modules\n./bootstrap.sh --only deployment-tools\n\n# Skip optional modules\n./bootstrap.sh --skip gemini-cli\n\n# Preview changes (dry run)\n./bootstrap.sh --dry-run\n\n# Non-interactive mode\n./bootstrap.sh --non-interactive\n```\n\n### Post-Installation\n\nThe installer launches a post-install wizard by default. If you skip it, run:\n\n```bash\nbash ~/openclaw-config/bootstrap/scripts/openclaw-setup.sh\nbash ~/openclaw-config/bootstrap/scripts/openclaw-auth.sh --all\n```\n\n1. **Configure API Keys**\n   ```bash\n   nano ~/openclaw-workspace/.env\n   ```\n\n   Add your keys:\n   ```env\n   ANTHROPIC_API_KEY=sk-ant-xxx\n   OPENAI_API_KEY=sk-proj-xxx\n   GOOGLE_API_KEY=xxx\n   GITHUB_PAT=ghp_xxx\n   SUPABASE_DB_URL=postgresql://xxx\n   ```\n\n2. **Authenticate Services**\n   ```bash\n   claude login\n   vercel login\n   netlify login\n   supabase login\n   ```\n\n3. **Reload Shell**\n   ```bash\n   source ~/.zshrc\n   ```\n\n4. **Test Installation**\n   ```bash\n   ./bootstrap.sh --validate\n   ```\n\n5. **Auto-Updates** (Configured Automatically)\n\n   Daily updates are configured to run at 3:00 AM:\n   ```bash\n   # Check update timer status\n   systemctl --user status openclaw-auto-update.timer\n\n   # View last update\n   journalctl --user -u openclaw-auto-update.service\n\n   # View today's update report\n   cat /var/log/openclaw/update-report-$(date +%Y%m%d).txt\n\n   # Run update manually now\n   systemctl --user start openclaw-auto-update.service\n   ```\n\n   See [AUTO_UPDATE_GUIDE.md](bootstrap/AUTO_UPDATE_GUIDE.md) for full documentation.\n\n## 📚 Documentation\n\n- **Bootstrap System**: [bootstrap/README.md](bootstrap/README.md)\n- **Auto-Update Guide**: [bootstrap/AUTO_UPDATE_GUIDE.md](bootstrap/AUTO_UPDATE_GUIDE.md)\n- **Quick Start Guide**: [deployment-tools/docs/QUICK-START.md](deployment-tools/docs/QUICK-START.md)\n- **Setup Plan**: [deployment-tools/docs/openclaw-setup-plan.md](deployment-tools/docs/openclaw-setup-plan.md)\n- **Workflow Results**: [deployment-tools/docs/EMBRACE-WORKFLOW-RESULTS.md](deployment-tools/docs/EMBRACE-WORKFLOW-RESULTS.md)\n\n## 🚢 Deployment\n\n### Single VM\n```bash\nssh user@vm-host 'curl -fsSL https://raw.githubusercontent.com/nyldn/openclaw-config/main/bootstrap/install.sh | bash'\n```\n\n### Multiple VMs\n```bash\nfor host in vm1 vm2 vm3; do\n    ssh user@$host 'curl -fsSL https://raw.githubusercontent.com/nyldn/openclaw-config/main/bootstrap/install.sh | bash'\ndone\n```\n\n### Custom Configuration\n```bash\n./bootstrap.sh --config config/custom.yaml\n./bootstrap.sh --manifest-url https://internal.company.com/manifest.yaml\n```\n\n## 🛠️ Available Commands\n\nAfter installation, you'll have access to 42+ shell aliases:\n\n### Deployment\n```bash\ndeploy-vercel              # Deploy to Vercel\ndeploy-netlify             # Deploy to Netlify\ndeploy-supabase            # Deploy to Supabase\ndeploy                     # Auto-detect platform\n```\n\n### File Sharing\n```bash\nshare                      # Create shareable link\nshare-dropbox              # Upload to Dropbox\nshare-gdrive               # Upload to Google Drive\n```\n\n### Cloud Sync\n```bash\nsync-dropbox               # Sync to Dropbox\nsync-gdrive                # Sync to Google Drive\nsync-s3                    # Sync to S3\n```\n\n### MCP Management\n```bash\nmcp-list                   # List MCP servers\nmcp-reload                 # Reload configuration\nmcp-logs                   # View MCP logs\nmcp-test                   # Test connections\n```\n\n### Project Workflows\n```bash\nproject-init               # Initialize new project\nproject-deploy             # Deploy current project\nproject-share              # Share project files\n```\n\n## 🔍 Requirements\n\n- **OS**: Debian 10+ or Ubuntu 20.04+\n- **User**: Non-root with sudo privileges\n- **Disk**: 2GB+ free space\n- **Network**: Internet connection\n- **Memory**: 1GB+ RAM recommended\n\n## 🤝 Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Add/modify modules in `bootstrap/modules/`\n4. Test with `./bootstrap.sh --module your-module`\n5. Submit a pull request\n\n## 🎉 Success Metrics\n\n- **Setup Time**: ~5 minutes\n- **Components**: 10 modules\n- **MCP Servers**: 6 configured\n- **Shell Aliases**: 42 available\n- **Validation**: 100% coverage\n\n## 🔒 Security\n\n**Enhanced in v2.0:**\n- ✅ No `curl | bash` installation (security vulnerability eliminated)\n- ✅ SHA256 checksum verification for all downloads\n- ✅ Automatic secret sanitization in logs (15+ patterns)\n- ✅ AES-256-CBC credential encryption at rest\n- ✅ Pre-commit hook prevents accidental secret commits\n- ✅ Comprehensive input validation (injection prevention)\n- ✅ Restrictive file permissions (0600/0700 for sensitive files)\n- ✅ Secure temporary file handling with `mktemp`\n\n**Best Practices:**\n- API tokens via environment variables\n- App-specific passwords for email\n- 90-day token rotation recommended\n- Minimum privilege scopes enforced\n- See [docs/guides/SECURITY.md](docs/guides/SECURITY.md) for full security policy\n\n## 📝 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🆘 Support\n\n- **Issues**: https://github.com/nyldn/openclaw-config/issues\n- **Documentation**: https://github.com/nyldn/openclaw-config/wiki\n- **Bootstrap Docs**: [bootstrap/README.md](bootstrap/README.md)\n\n## 📅 Changelog\n\n### v2.0.0 (2026-02-01)\n\n**🎯 Major Features:**\n- **Interactive Installation** - Beautiful TUI with preset selection (Minimal, Developer, Full, Custom)\n- **Productivity Integrations** - 4 new MCP servers: Google Calendar, Email, Todoist, Slack (30 tools total)\n- **Smart Dependencies** - Automatic dependency resolution with topological sort\n- **OpenClaw Optional** - No longer required; choose only what you need\n\n**🔒 Security Enhancements (20+ Fixes):**\n- Fixed all `curl | bash` vulnerabilities\n- SHA256 checksum verification for downloads\n- Secret sanitization in logs (API keys, tokens, passwords)\n- AES-256-CBC credential encryption\n- Pre-commit hook for secret detection\n- Comprehensive input validation\n- Secure temp directory handling\n\n**📦 New Components:**\n- `15-productivity-tools.sh` module\n- `lib/interactive.sh` - Interactive menu system\n- `lib/dependency-resolver.sh` - Graph-based dependency resolution\n- `lib/secure-download.sh` - Download verification\n- `lib/crypto.sh` - Credential encryption\n- 4 MCP server implementations\n- Comprehensive 40-page productivity guide\n\n**📝 Documentation:**\n- Updated installation instructions (no more `curl | bash`)\n- PRODUCTIVITY_INTEGRATIONS.md - Complete setup guide\n- Enhanced manifest.yaml with categories and sizes\n- docs/guides/MIGRATION.md for v1.x users\n- docs/guides/SECURITY.md policy document\n\n**⚠️ Breaking Changes:**\n- Default installation is now interactive (use `--non-interactive` for scripts)\n- OpenClaw no longer installed by default\n- Removed insecure `curl | bash` installation method\n- See [docs/guides/MIGRATION.md](docs/guides/MIGRATION.md) for upgrade instructions\n\n### v1.2.0 (2026-02-01)\n- Added auto-update system (module 11)\n- Daily automated updates for all components\n- Systemd timer for scheduled updates\n- Update reports and comprehensive logging\n- Repository auto-update from GitHub\n- Package cleanup and maintenance\n\n### v1.1.0 (2026-02-01)\n- Added deployment tools module\n- Extended MCP server configuration (6 servers)\n- 28+ new shell aliases\n- Comprehensive deployment documentation\n- GitHub, Filesystem, PostgreSQL, Brave Search MCP servers\n\n### v1.0.0 (2026-02-01)\n- Initial release\n- Core modules: system-deps, python, nodejs\n- LLM CLI tools: Claude, OpenAI, Gemini\n- GOTCHA framework structure\n- Memory system initialization\n- Update mechanism\n- Validation and diagnostics\n\n---\n\n**Built with ❤️ for the OpenClaw ecosystem**\n\n**Powered by Claude Octopus 🐙 - Full Double Diamond Workflow**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyldn%2Fopenclaw-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnyldn%2Fopenclaw-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyldn%2Fopenclaw-config/lists"}