{"id":50138678,"url":"https://github.com/openclaw/crabyard","last_synced_at":"2026-05-24T00:01:21.295Z","repository":{"id":358394515,"uuid":"1241076174","full_name":"openclaw/crabyard","owner":"openclaw","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-17T08:01:45.000Z","size":164,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-17T08:22:04.419Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://docs.crabyard.ai/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openclaw.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["moltbot"]}},"created_at":"2026-05-16T23:41:20.000Z","updated_at":"2026-05-17T08:01:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/openclaw/crabyard","commit_stats":null,"previous_names":["openclaw/crabyard"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/openclaw/crabyard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openclaw%2Fcrabyard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openclaw%2Fcrabyard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openclaw%2Fcrabyard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openclaw%2Fcrabyard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openclaw","download_url":"https://codeload.github.com/openclaw/crabyard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openclaw%2Fcrabyard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33416315,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T22:14:44.296Z","status":"ssl_error","status_checked_at":"2026-05-23T22:14:43.778Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-24T00:00:50.538Z","updated_at":"2026-05-24T00:01:21.289Z","avatar_url":"https://github.com/openclaw.png","language":"HTML","funding_links":["https://github.com/sponsors/moltbot"],"categories":[],"sub_categories":[],"readme":"# 🕹️ [Crabyard](https://github.com/openclaw/crabyard)\n\n**Mission control for Agent runs.**\n\nCrabyard gives OpenClaw maintainers a Linear-like board where each card represents a coding task, live Codex session, and durable execution history.\n\n## What It Does\n\n- **Board-based workflow.** Create cards from prompts, GitHub issues, or PRs. Track them through Todo, Running, Human Review, and Done lanes.\n- **Issue/PR lookup.** Type `#123` in search to preview matching GitHub issues or PRs across enabled OpenClaw repos and create a card from the match.\n- **Codex run control.** Start durable run attempts, track heartbeats, watch the Ghostty WASM session grid, and take over only when the selected runtime advertises that capability.\n- **Interactive CLI sessions.** Start a standalone Codex CLI workspace for manual cloud work and attach it in the same fullscreen Ghostty grid.\n- **Diff previews.** Card tiles show changed files and totals; the run drawer shows a compact Codiff-style patch view.\n- **Multi-runtime policy.** Auto-select between the Container and Crabbox adapter surfaces based on card overrides, repo workflow defaults, and task requirements.\n- **Allowlist controls.** Restrict access to OpenClaw org members and specific repos through admin-managed allowlists.\n- **Session logs.** D1-backed card/run event history with a 30-day product retention setting.\n- **Repo workflow config.** Owners can evaluate `CRABYARD.md` per repo and use it for runtime and merge defaults.\n\n## Architecture\n\n- **Cloudflare Workers** for the app, API, auth, GitHub lookup, and docs routes.\n- **D1 + Kysely** for typed persistence: users, sessions, allowlists, repos, cards, events, run attempts, interactive sessions, diffs, and repo workflow evaluations.\n- **Ghostty WebAssembly** for the fullscreen attach grid and run log replay.\n- **Cloudflare Sandbox containers** for standalone interactive Codex CLI workspaces with live PTY attach.\n- **Runtime adapter descriptors** for Container and Crabbox selection, capability display, interactive provision handoff, and guarded takeover.\n- **Provision endpoint** at `/api/provision/interactive` that can use the built-in Sandbox backend or delegate to a generic runtime adapter or ClawFleet.\n- **GitHub API** for OAuth, org/team membership, and issue/PR previews across enabled repos.\n\nAutonomous card execution, Crabbox VNC transport, R2 archival, Durable Object fanout, and merge automation are adapter targets, not faked in the current Worker.\n\n## Quick Start\n\n### 1. Bootstrap Admin Login\n\nGet the bootstrap token from your deployment secrets and use it to log in:\n\n```bash\n# Visit https://crabyard.openclaw.ai/app/\n# Use bootstrap token for initial admin setup\n# If GitHub auto-login is active, use https://crabyard.openclaw.ai/app?auth=token\n```\n\n### 2. Configure Access\n\nAdd users/teams to the allowlist and enable repos:\n\n- Navigate to Admin panel\n- Add GitHub users (`@login`) or teams (`@org/team`)\n- Assign roles: owner, maintainer, or viewer\n- Add allowed repos (`owner/repo`)\n\n### 3. Create Cards\n\n- **From prompt:** New card → enter prompt, select repo; title is optional\n- **From issue:** Search GitHub issues → create card\n- **From PR:** Search GitHub PRs → create card for review/fix\n\n### 4. Watch Runs\n\n- Running cards show D1 event logs and heartbeat state\n- Click \"Attach\" to open the fullscreen Ghostty WASM session grid\n- Click \"Take over\" only when the active run advertises takeover support\n- Click \"Watch\" for read-only stream\n\n### 5. Start Interactive CLI\n\n- Click \"New session\" to request a standalone Codex CLI workspace\n- Default runtime is Crabbox so VNC can be attached when the provision adapter returns a URL\n- Without `CRABYARD_INTERACTIVE_PROVISION_URL`, sessions are stored as `pending_adapter` and still visible in the grid\n\n## Features\n\n### Board Management\n\n- Kanban-style lanes: Todo, Running, Human Review, Done\n- Card filtering: all, mine, live\n- Search cards by title, repo, or ID\n- Real-time updates via WebSockets\n\n### Card Policies\n\n- **Runtime:** `auto`, `container`, `crabbox`\n- **Merge policy:** repo default, `open_pr`, `merge_when_green`, `fix_until_green_and_merge`\n- **Source types:** Prompt, Issue, PR\n\nRepo defaults can come from a `CRABYARD.md` file:\n\n```yaml\n---\nruntime:\n  default: auto\nmerge:\n  default_policy: open_pr\n---\n```\n\n`stall_ms`, `cap`, `prompt_prefix`, and the Markdown body are parsed/stored for future policy work, but only runtime and merge defaults are effective today.\n\n### Admin Controls\n\n- User and team allowlists with role-based access\n- Repo allowlists\n- Manual `CRABYARD.md` evaluation with status/error visibility\n- Concurrent run caps (default: 20)\n- Log retention (14, 30, 60 days)\n- Direct merge permissions (guarded, maintainers, disabled)\n\n### Auth\n\n- GitHub OAuth for org members\n- Bootstrap token for admin setup and recovery\n- Short-lived sessions with automatic refresh\n- Role-based access control (owner, maintainer, viewer)\n\n## Deployment\n\n### Prerequisites\n\n- Cloudflare account\n- `crabyard.openclaw.ai` route in Cloudflare\n- GitHub OAuth app (optional but recommended)\n- Bootstrap token secret\n\n### Deploy\n\nPushes to `main` run `.github/workflows/deploy-worker.yml`, which checks, tests, builds,\napplies remote D1 migrations, and deploys the Worker. Configure the repository secret\n`CLOUDFLARE_API_TOKEN` with permissions for Workers deploys and D1 migrations.\n\nManual deploy is still available:\n\n```bash\n# Build assets\npnpm build\n\n# Apply migrations\nwrangler d1 migrations apply crabyard-ai --remote\n\n# Deploy to Cloudflare\nwrangler deploy\n```\n\n### Environment Variables\n\nConfigure these in Cloudflare Workers dashboard:\n\n- `CRABYARD_BOOTSTRAP_TOKEN` – Admin bootstrap token (required)\n- `GITHUB_CLIENT_ID` – GitHub OAuth app client ID (optional)\n- `GITHUB_CLIENT_SECRET` – GitHub OAuth app secret (optional)\n- `GITHUB_ORG` – GitHub org for membership check (default: `openclaw`)\n- `GITHUB_TOKEN` – GitHub token for all enabled repo issue/PR previews and private repo `CRABYARD.md` refreshes (optional; public/default repo paths work without it)\n- `CRABYARD_TOKEN_ENCRYPTION_KEY` – Optional encryption key for per-session GitHub OAuth tokens; defaults to `GITHUB_CLIENT_SECRET`\n- `CRABYARD_INTERACTIVE_PROVISION_URL` – Optional adapter endpoint for standalone Codex CLI workspaces\n- `CRABYARD_INTERACTIVE_PROVISION_TOKEN` – Optional bearer token sent to the interactive provision endpoint; required when backend URLs below are configured\n- `CRABYARD_RUNTIME_PROVISION_URL` – Optional generic backend URL used by `/api/provision/interactive`\n- `CRABYARD_RUNTIME_PROVISION_TOKEN` – Optional bearer token sent to the generic runtime backend\n- `CRABYARD_CLOUDFLARE_RUNNER_URL` – Optional Crabbox Cloudflare container runner URL used by `/api/provision/interactive`\n- `CRABYARD_CLOUDFLARE_RUNNER_TOKEN` – Optional bearer token sent to the Cloudflare runner\n- `CRABYARD_CLOUDFLARE_RUNNER_INSTANCE_TYPE` – Optional runner instance type, default `standard-4`\n- `CRABYARD_CLOUDFLARE_RUNNER_WORKDIR` – Optional base workdir for provisioned sandboxes, default `/workspace/crabyard`\n- `CRABYARD_CLOUDFLARE_RUNNER_TTL_SECONDS` – Optional sandbox TTL, default `14400`\n- `CRABYARD_CLOUDFLARE_RUNNER_IDLE_SECONDS` – Optional idle timeout, default `1800`\n- `CRABYARD_PTY_BRIDGE_URL` – Optional WebSocket PTY bridge URL/template for live Ghostty attach; supports `{id}`, `{leaseId}`, `{repo}`, `{branch}`, and `{runtime}`\n- `CRABYARD_PTY_BRIDGE_TOKEN` – Optional bearer token sent from Crabyard to the PTY bridge\n- `CRABYARD_CLAWFLEET_URL` – Optional ClawFleet dashboard/API URL used by `/api/provision/interactive` for `crabbox` sessions\n- `CRABYARD_CLAWFLEET_TOKEN` – Optional bearer token sent to ClawFleet\n- `CRABYARD_CLAWFLEET_PUBLIC_URL` – Optional public ClawFleet URL used when building attach/VNC links\n- `CRABYARD_SSH_GATEWAY_TOKEN` – Shared bearer token for the Go SSH gateway internal API\n- `OPENAI_API_KEY` – Required for built-in Cloudflare Sandbox Codex CLI sessions; passed only into the sandbox session environment\n\n### Verify Deployment\n\n```bash\ncurl -I https://crabyard.openclaw.ai/healthz\n# Should return: 200 OK\n\ncurl https://crabyard.openclaw.ai/docs/spec\n# Should return: HTML spec document\n```\n\n## Development\n\n### Setup\n\n```bash\n# Install dependencies\npnpm install\n\n# Build assets\npnpm build\n\n# Run type checks\npnpm check\n\n# Run linter\npnpm lint\n\n# Format code\npnpm format\n```\n\n### Test Stack\n\n- `tsgo --noEmit` through `pnpm build`\n- `oxlint` for linting\n- `oxfmt --check` for formatting\n- SQLite migration smoke checks for D1 schema compatibility\n- `codex-review` before feature commits\n- Browser/live smoke checks after deploy\n\n### Local Development\n\n```bash\n# Start local dev server with D1\nwrangler dev\n\n# Apply migrations locally\nwrangler d1 migrations apply crabyard-ai --local\n```\n\n### SSH Gateway\n\nThe Worker exposes an internal SSH onboarding API guarded by `CRABYARD_SSH_GATEWAY_TOKEN`.\nRun the Go gateway next to a host that can accept raw SSH:\n\n```bash\nCRABYARD_API_URL=https://crabyard.openclaw.ai \\\nCRABYARD_SSH_GATEWAY_TOKEN=... \\\nCRABYARD_SSH_HOST_KEY=/var/lib/crabyard/ssh_host_ed25519_key \\\nCRABYARD_SSH_ADDR=:2222 \\\ngo run ./cmd/crabyard-ssh-gateway\n```\n\nUnknown public keys get a short GitHub OAuth link through `ssh link@host`. Linked keys can\nrun `whoami`, `list`, `new`, and `attach SESSION_ID`; `new` creates an interactive Codex\nsession and attaches.\n\nProduction currently exposes the gateway at `ssh.crabyard.ai` as a DNS-only `A` record.\nUse `ssh link@ssh.crabyard.ai` once to connect a GitHub-backed SSH key, then run\n`ssh ssh.crabyard.ai whoami` or `ssh ssh.crabyard.ai list`.\n\n### Project Structure\n\n```\ncrabyard/\n├── src/\n│   ├── index.ts          # Worker entry point, API routes, auth handlers\n│   ├── app.html          # Single-page app shell and styles\n│   ├── app/              # Preact app modules\n│   ├── generated.ts      # Build-time generated assets\n├── migrations/           # D1 database migrations\n├── scripts/              # Build scripts\n│   └── generate-assets.mjs\n├── vite.config.mjs       # Preact/Vite app bundle config\n├── docs/                 # Documentation (GitHub Pages)\n│   ├── CNAME             # docs.crabyard.ai custom domain\n│   └── spec.md           # Product spec\n└── wrangler.jsonc       # Cloudflare Worker config\n```\n\n## Documentation\n\nFull documentation available at [docs.crabyard.ai](https://docs.crabyard.ai):\n\n- [Quickstart](https://docs.crabyard.ai/quickstart) – Get started in 5 minutes\n- [Architecture](https://docs.crabyard.ai/architecture) – System design and data model\n- [Cards](https://docs.crabyard.ai/cards) – Card lifecycle and policies\n- [Runs](https://docs.crabyard.ai/runs) – Runtime selection and execution\n- [Admin](https://docs.crabyard.ai/admin) – Access control and policies\n- [API](https://docs.crabyard.ai/api) – REST and WebSocket APIs\n- [Spec](https://docs.crabyard.ai/spec) – Complete product specification\n\n## Security\n\n- All state-changing operations require authentication\n- Repo operations require allowlist membership\n- Direct merge requires maintainer role and policy approval\n- Runtime tokens are scoped and short-lived\n- Secrets never logged or stored in D1/R2\n- Audit events for all admin and merge operations\n\n## Status\n\nActive development. See [CHANGELOG.md](CHANGELOG.md) for recent updates.\n\nCurrent phase: MVP deployed with auth, board UI, admin controls, card management, Kysely-backed D1 persistence, durable run attempts, repo workflow evaluation, card diffs, Ghostty WASM terminal grid, authenticated PTY WebSocket proxying, and first-party Cloudflare Sandbox Codex CLI sessions.\n\nNext: bind autonomous card execution and merge automation to the same runtime layer.\n\n## License\n\nMIT License. See [LICENSE](LICENSE) for details.\n\n## Not Affiliated\n\nCrabyard is an OpenClaw project, not affiliated with Cloudflare, GitHub, or Anthropic.\n\n## Contributing\n\nThis is currently an internal OpenClaw tool. External contributions are not accepted at this time.\n\n## Support\n\nFor OpenClaw org members: use #crabyard in Discord or open an issue in the private repo.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenclaw%2Fcrabyard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenclaw%2Fcrabyard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenclaw%2Fcrabyard/lists"}