{"id":44785631,"url":"https://github.com/puremachinery/carapace","last_synced_at":"2026-04-06T21:00:54.255Z","repository":{"id":334867727,"uuid":"1143047754","full_name":"puremachinery/carapace","owner":"puremachinery","description":"A secure, stable Rust alternative to openclaw/moltbot/clawdbot","archived":false,"fork":false,"pushed_at":"2026-03-31T15:23:31.000Z","size":4026,"stargazers_count":42,"open_issues_count":28,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-03-31T15:31:26.023Z","etag":null,"topics":["ai-assistant","anthropic","chatbot","discord-bot","gemini","llm","llm-agent","local-first","ollama","openai","privacy","security","self-hosted","signal","slack-bot","telegram-bot","venice-ai","vertex-ai","wasm","wasm-plugin"],"latest_commit_sha":null,"homepage":"https://getcara.io/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/puremachinery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"puremachinery"}},"created_at":"2026-01-27T05:46:18.000Z","updated_at":"2026-03-31T15:23:56.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/puremachinery/carapace","commit_stats":null,"previous_names":["puremachinery/rusty-clawd","puremachinery/carapace"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/puremachinery/carapace","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puremachinery%2Fcarapace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puremachinery%2Fcarapace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puremachinery%2Fcarapace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puremachinery%2Fcarapace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/puremachinery","download_url":"https://codeload.github.com/puremachinery/carapace/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puremachinery%2Fcarapace/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31489427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T17:22:55.647Z","status":"ssl_error","status_checked_at":"2026-04-06T17:22:54.741Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-assistant","anthropic","chatbot","discord-bot","gemini","llm","llm-agent","local-first","ollama","openai","privacy","security","self-hosted","signal","slack-bot","telegram-bot","venice-ai","vertex-ai","wasm","wasm-plugin"],"created_at":"2026-02-16T09:27:55.080Z","updated_at":"2026-04-06T21:00:54.250Z","avatar_url":"https://github.com/puremachinery.png","language":"Rust","funding_links":["https://github.com/sponsors/puremachinery"],"categories":["Alternative Architekturen"],"sub_categories":[],"readme":"# carapace\n\n\u003e **Stable release available.** Carapace is ready for real use on its verified stable paths; partial and in-progress areas are called out explicitly in the docs.\n\nA security-focused, open-source personal AI assistant. Runs on your machine. Works through Signal, Telegram, Discord, Slack, webhooks, and console. Supports Anthropic, OpenAI, Codex, Ollama, Gemini, Vertex AI, Bedrock, and Venice AI. Extensible via WASM plugins and guarded filesystem tools. Written in Rust.\n\nA hardened alternative to openclaw / clawdbot — for when your assistant needs a hard shell.\n\n## Features\n\n- **Multi-provider LLM engine** — Anthropic, OpenAI API key, Codex subscription login, Ollama, Google Gemini, Vertex AI, AWS Bedrock, and Venice AI with streaming, tool dispatch, and cancellation\n- **Multi-channel messaging** — Signal, Telegram, Discord, Slack, console, and webhooks\n- **Channel activity framework** — per-channel typing indicators and after-response read receipts, with Signal as the first activity-enabled built-in channel\n- **Tooling and local workspace access** — built-in agent tools, guarded filesystem tools for explicit roots, and channel-specific tool schemas\n- **Signed plugin runtime** — plugins are signature-verified and run with strict permissions and resource limits\n- **Secure defaults** — local-first binding, locked-down auth behavior, encrypted secret storage, guarded tool execution, root-scoped filesystem access, and OS-level subprocess sandboxing for protected paths\n- **Infrastructure** — TLS, mTLS, mDNS discovery, config hot-reload, Tailscale integration, Prometheus metrics, audit logging. Multi-node clustering is partially implemented\n\n## Expectations vs OpenClaw\n\nCarapace focuses on a hardened core first. If you're coming from openclaw, the\nfollowing are **planned** but not yet on par:\n\n- Broader channel coverage (e.g., WhatsApp/iMessage/Teams/Matrix/WebChat)\n- Companion apps / nodes (macOS + iOS/Android clients)\n- Browser control and live canvas/A2UI experiences\n- Skills/onboarding UX and multi-agent routing\n- Automatic model/provider failover\n\n## Security\n\nCarapace is designed to address the major vulnerability classes reported in the January 2026 openclaw security disclosures:\n\n| Threat | Carapace defense |\n|---|---|\n| Unauthenticated access | Denied by default when credentials configured; CSRF-protected control endpoints |\n| Exposed network ports | Localhost-only binding (127.0.0.1) |\n| Plaintext secret storage | OS credential store (Keychain / Keyutils / Credential Manager) with AES-256-GCM fallback |\n| Skills supply chain | Ed25519 signatures + WASM capability sandbox + resource limits |\n| Prompt injection | Prompt guard + inbound classifier + exec approval flow + tool policies |\n| No process sandboxing | OS-level subprocess sandboxing on macOS/Linux/Windows for sandbox-required paths; unsupported paths fail closed |\n| SSRF / DNS rebinding | Private IP blocking + post-resolution validation |\n\nSee [docs/security.md](docs/security.md) for the full security model.\nSee [docs/security-comparison.md](docs/security-comparison.md) for a threat-by-threat comparison with OpenClaw.\nSee [docs/feature-status.yaml](docs/feature-status.yaml) and [docs/feature-evidence.yaml](docs/feature-evidence.yaml) for verified-vs-partial implementation status.\n\n## Quick Start\n\n1. Install `cara` from the latest release (Linux/macOS/Windows):\n   - \u003chttps://getcara.io/install\u003e\n   - [docs/site/install.md](docs/site/install.md)\n2. Run guided setup:\n   ```bash\n   cara setup\n   ```\n3. Start the assistant:\n   ```bash\n   cara\n   ```\n4. Verify first-run outcome:\n   ```bash\n   cara verify --outcome auto --port 18789\n   ```\n5. Start local interactive chat:\n   ```bash\n   cara chat\n   ```\n\nUse `/help` in chat for REPL commands (`/new`, `/exit`, `/quit`).\n\nIf you use cloud models, finish one provider onboarding path before launching:\nset one provider key (for example `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`,\n`GOOGLE_API_KEY`, or `VENICE_API_KEY`), use Codex sign-in through\n`cara setup --provider codex` or the Control UI, or use Gemini Google sign-in\nthrough `cara setup --provider gemini --auth-mode oauth` or the Control UI.\nCodex and Gemini Google sign-in both require `CARAPACE_CONFIG_PASSWORD` so the\nstored auth profile stays encrypted at rest.\nIf you are not sure where to start, choose `local-chat` as your first outcome,\nstart with one provider, and add channels only after `cara verify --outcome auto`\npasses.\nIf you want Cara to inspect one local project directory, enable the\n`filesystem` block for a single workspace root and start with the\n[guarded local project assistant recipe](docs/cookbook/guarded-local-project-assistant.md).\n\n## Status\n\nCarapace ships a stable release line. Core paths are tested and verified for\nroutine use, while partial and in-progress areas remain explicitly documented.\n\n- Working now: setup wizard, local chat (`cara chat`), token auth enforcement,\n  health/control endpoints (including durable task controls), control UI\n  frontend foundation (status/channels/redacted config editor), Codex\n  subscription onboarding, per-channel activity config with Signal\n  typing/read-receipt flows, and OpenAI-compatible HTTP endpoints.\n- In progress: advanced Control UI flows (pairing/workflow UX), broader\n  channel smoke evidence, and hardened internet-facing deployment guidance.\n\nSee [docs/feature-status.yaml](docs/feature-status.yaml) and\n[docs/feature-evidence.yaml](docs/feature-evidence.yaml) for the current source\nof truth.\n\n## Roadmap\n\n- [Roadmap](docs/roadmap.md) — what we're building now, next, and later\n- Up next: Anthropic subscription onboarding, guided Bedrock/Vertex onboarding,\n  provider migration/import paths, and advanced Control UI flows\n- Recently shipped: first stable release, long-running assistant MVP (durable\n  queue + autonomy verify), cross-platform subprocess sandboxing, guided setup\n  (`cara setup`), first-run verifier (`cara verify`), Gemini onboarding\n  (Google sign-in or API key via CLI and Control UI), Codex onboarding\n  (OpenAI subscription login via CLI and Control UI), Vertex AI provider\n  support, per-channel activity features with Signal typing indicators and\n  after-response read receipts, and guarded filesystem tools for explicit\n  workspace roots\n\n## Docs\n\n- [Website](https://getcara.io) — install, first run, security, ops, cookbook, troubleshooting\n- [Getting started](docs/getting-started.md) — full setup and operations\n- [Install](docs/site/install.md) — release binaries, signatures, and install commands\n- [First run](docs/site/first-run.md) — secure local startup and smoke checks\n- [Help](docs/site/help.md) — setup help, team evaluation, and cookbook request paths\n- [Security model](docs/security.md) — architecture and trust boundaries\n- [Security comparison](docs/security-comparison.md) — threat-by-threat view\n- [Channel setup](docs/channels.md) — Signal, Telegram, Discord, Slack, webhooks\n- [Channel smoke validation](docs/channel-smoke.md) — live checks and evidence capture\n- [Cookbook](docs/cookbook/README.md) — outcome-first walkthroughs\n- [Roadmap](docs/roadmap.md) — near-term and longer-term priorities\n- [Release \u0026 upgrade policy](docs/release.md) — compatibility, migration, rollback, release checklist\n- [CLI guide](docs/cli.md) — subcommands, flags, and device identity\n- [Documentation index](docs/README.md) — architecture/protocol/security references\n- [Security reporting policy](SECURITY.md) — private vulnerability reporting and response expectations\n- [Report feedback or bugs](https://github.com/puremachinery/carapace/issues/new/choose)\n\n## Contributing\n\nIf you want to build from source or contribute, start here:\n\n- [CONTRIBUTING.md](CONTRIBUTING.md)\n- [docs/README.md](docs/README.md)\n\n## License\n\nApache-2.0 — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuremachinery%2Fcarapace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpuremachinery%2Fcarapace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuremachinery%2Fcarapace/lists"}