Your AI that does things while you sleep. Securely.
A 24/7 personal AI assistant with 1000+ tools via OAuth and sandboxed execution. Built on the ideas behind OpenClaw, rebuilt from scratch for security. Talks to you on the web or Telegram, remembers what matters, and handles recurring work on autopilot.
π Self-host on Vercel - one command, ~2 minutes. See below.
Demo Video Open Source Launch Video
Click here to use the Vercel Template:
npx @composio/trustclaw deployThat's it. The CLI handles the entire flow.
Prerequisites:
- A Vercel account (
npx vercel loginonce) - A GitHub account (
gh auth loginonce) - A free Composio API key (install the cli
curl -fsSL https://composio.dev/install | bash)
LLM and embedding calls route through Vercel AI Gateway - no Anthropic or OpenAI API keys required.
| π OAuth Only | Connects through OAuth. No passwords stored or shared. |
| β‘ Zero Setup | Sign up, chat, done. No API keys or config files. |
| π€ Works While You Sleep | Schedule tasks and let your agent handle them on autopilot. |
| βοΈ Sandboxed Execution | Every action runs in an isolated cloud environment that's gone when the task is done. |
- Chat with Claude in a Next.js dashboard or via a Telegram bot
- Long-term memory backed by Postgres + pgvector
- 3-layer context management (pruning, memory flush, summarization compaction) so conversations can run indefinitely
- 1000+ Composio tool integrations (Gmail, GitHub, Slack, Notion, Linear, Calendar, Drive, Stripe, HubSpot, β¦) gated by the user's connected accounts
- Cron-scheduled agent runs for recurring tasks
- Username/password login via Better Auth
TrustClaw is a deliberate response to the security problems with running AI agents locally:
| TrustClaw | Vanilla local agents | |
|---|---|---|
| Setup | Seconds | Hours of config |
| Credentials | Encrypted, managed by Composio | Plaintext in local config |
| Code Execution | Remote sandbox | On your local machine |
| Integrations | OAuth, 1000+ apps | Manual API key setup per app |
| Skill Security | Managed tool surface | Unvetted public registry |
| Audit Trails | Full action log | None |
| Revocation | One click | Find and delete config files |
The design choices:
- No raw API keys handed to the agent - Composio brokers OAuth for every tool
- No code runs on your machine - every tool call executes in an isolated remote environment
- No long-lived shell access - destructive prompt injection from a scraped email can't
rm -rfyour laptop because the agent doesn't have a shell on your laptop
ββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββββββ
β Web (Next) βββββΆβ Next.js App β
β Telegram βββββΆβ ββββββββββββββββββββββββββββββββββββββ β
β Cron βββββΆβ β tRPC API + agent runtime β β
ββββββββββββββββ β β (prepareAgentRun β ToolLoopAgent) β β
β βββββββββββ¬βββββββββββββββββββββββββββ β
β β β
β ββββββββββΌββββββββββ¬βββββββββββ β
β βΌ βΌ βΌ βΌ β
β Postgres Redis AI Gateway Composio β
β (pgvector) (LLM + emb.) β
ββββββββββββββββββββββββββββββββββββββββββββ
- Next.js 15 (App Router) + React 19
- tRPC for all backend logic
- Better Auth (username/password)
- Prisma + Postgres + pgvector
- Vercel AI SDK + AI Gateway (LLM + embeddings)
- Composio SDK for tool integrations
- Tailwind CSS + shadcn/ui
- Redis (resumable streams, optional)
TrustClaw runs fine on the free Hobby plan, but Vercel applies two limits that affect the agent:
- Cron jobs can only run once per day, and even then they fire anywhere within a 60-minute window of the scheduled hour. Any cron expression more frequent than daily (e.g. hourly, every-30-min) fails at deploy time on Hobby. The CLI auto-adjusts
vercel.jsonto a daily schedule when it detects you're on Hobby. - Functions are capped at 300s (5 min) β long-running agent turns may time out.
To get per-minute cron precision and up to 800s (~13 min) per function, upgrade to Vercel Pro and re-run the CLI (or manually flip vercel.json back to * * * * * + bump maxDuration).
TrustClaw ships without rate limiting, per-user usage caps, or billing logic. If you put a TrustClaw instance on the public internet for strangers to sign up to, any user can drain your Composio + AI Gateway credits indefinitely. Before opening signups to anyone but yourself / a trusted handful of people, add at least:
- A rate limiter on the chat + cron endpoints (e.g. Upstash Rate Limit, Vercel WAF Rate Limiting)
- A monthly per-user message / tool-call cap enforced server-side
- Billing or invite-only signup if you want to recoup costs
If you'd rather skip the deploy CLI and run TrustClaw locally:
pnpm install
cp .env.example .env # fill in DATABASE_URL, BETTER_AUTH_SECRET, COMPOSIO_API_KEY
pnpm prisma db push # apply schema (Postgres + pgvector required)
pnpm dev # http://localhost:3000For local AI Gateway access, run vercel link && vercel env pull to get a short-lived OIDC token, or set AI_GATEWAY_API_KEY manually.
For Telegram, point your bot's webhook at <NEXT_PUBLIC_APP_URL>/api/telegram-webhook with TELEGRAM_WEBHOOK_SECRET as the secret token.
| Variable | Purpose |
|---|---|
DATABASE_URL |
Postgres + pgvector connection string |
BETTER_AUTH_SECRET |
Session signing key (32+ random bytes) |
COMPOSIO_API_KEY |
Composio tool integrations |
CRON_SECRET |
Auth for /api/cron/* routes (auto-injected on Vercel) |
REDIS_URL (optional) |
Resumable streams + abort flags |
TELEGRAM_BOT_TOKEN (optional) |
Telegram bot |
TELEGRAM_BOT_USERNAME (optional) |
Telegram bot |
TELEGRAM_WEBHOOK_SECRET (optional) |
Telegram webhook auth |
See .env.example for the full template.
Bug reports, feature ideas, and PRs all welcome. See CONTRIBUTING.md for setup, project layout, coding conventions, and the PR checklist.
For security issues, email sarah@composio.dev directly - please don't open a public issue.
MIT - see LICENSE.
Built on top of Composio. Inspired by OpenClaw, rebuilt for security.