JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 394
  • Score
    100M100P100Q92575F
  • License MIT

iCloud for AI Agents — cross-agent sessions, skills, memory, and vault.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (clawdi) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Clawdi

    The best home for all your AI agents — Projects, sessions, memory, skills, cron jobs, and app connections.

    npm version CI status GitHub stars MIT License

    Website · GitHub · Docs · npm · Architecture · Quickstart · CLI Reference · Troubleshooting

    Clawdi dashboard

    Think of Clawdi as iCloud for AI agents — install once on any device, and your Claude Code, Codex, Hermes, and OpenClaw agents share the same memory, secrets, skills, sessions, and app connections. Switch frameworks or machines; nothing gets lost.

    The fastest way to try it is hosted Clawdi Cloud. The whole stack is also here: MIT-licensed CLI, FastAPI backend, Next.js dashboard, database schema, migrations, and docs. Use the hosted service, self-host it, fork it, or build your own agent sync layer from the pieces.

    Quickstart

    npm i -g clawdi

clawdi auth login
clawdi setup
clawdi doctor

    That gets you:

    • Browser-based login to Clawdi Cloud
    • Agent auto-detection for Claude Code, Codex, Hermes, and OpenClaw
    • MCP registration so your agent can call Clawdi tools
    • The bundled clawdi skill installed into each detected agent
    • Background sync daemons installed and started for every registered agent
    • A health check that verifies auth, agent paths, vault access, and MCP config

    By default the CLI talks to hosted Clawdi Cloud. Want to run your own backend? See Own the Stack.

    Requires Node ≥ 22.5 (the CLI uses the built-in node:sqlite module).

    You can also try without installing:

    npx clawdi --help

    Headless environment? Use the manual flow:

    clawdi auth login --manual

    Why Clawdi

    AI agents are still treated like isolated apps. Claude Code has one set of sessions and instructions. Codex has another. Secrets sit in shell profiles and .env files. Useful memories get trapped in whichever agent happened to learn them. App integrations get rebuilt from scratch every time you switch tools.

    Clawdi is the shared layer underneath:

    • Cross-agent memory — Store durable preferences, decisions, facts, and project context once. Search them from any connected agent.
    • Portable skills — Upload or install agent instructions once, then sync them into every registered agent.
    • Project sharing — Share read-only Project access from the dashboard or CLI, accept it from a share page or CLI inbox, and explicitly attach accepted Projects to Agents when they should be used at runtime.
    • Session sync — Push local session history to the dashboard for review and recall.
    • Vault secrets — Store secrets server-side, commit only clawdi:// references, and resolve them at runtime.
    • AI Providers — Define model providers once, keep keys in env/Vault/auth profiles, and apply verified Codex, Hermes, or OpenClaw agent config without proxying BYOK model traffic.
    • App connections — Hook agents into Notion, Gmail, Drive, Calendar, Linear, GitHub, and more from the dashboard. Tools show up inside every connected agent automatically over MCP.
    • MCP tools — Memory, vault, and connector tools served through the Model Context Protocol so any MCP-aware agent can use them.

    In practice — teach one agent something:

    remember that this repo uses Bun for TypeScript and PDM for backend scripts

    Later, in a different agent or a fresh session, ask "what package manager should I use here?" — it can call Clawdi memory search and answer from your actual context instead of guessing.

    Run a fullstack dev command with vault references without putting plaintext secrets on disk:

    clawdi vault set OPENAI_API_KEY --prompt
printf '%s\n' "$OPENAI_API_KEY" | clawdi vault set api-service/env/OPENAI_API_KEY --stdin
clawdi vault import --vault api-service --section stripe --project personal --yes .env.stripe
echo "OPENAI_API_KEY=clawdi://project/<project-id>/vault/default/field/OPENAI_API_KEY" > .env.clawdi
clawdi run --dry-run --env-file .env.clawdi -- npm run dev
clawdi run --env-file .env.clawdi -- npm run dev
clawdi read clawdi://project/<project-id>/vault/default/field/OPENAI_API_KEY
clawdi inject --dry-run --in .env.clawdi --out .env.local
clawdi inject --force --in .env.clawdi --out .env.local

    Vaults are account-level key bundles. Projects attach to a Vault to use the same shared key set. clawdi vault set, clawdi vault import, clawdi vault rm, and clawdi vault list print the concrete Project target or exact references that include the Project ID. vault set supports --prompt for secure one-off entry, --stdin for scripts, and --value when shell history exposure is acceptable; empty stdin is rejected unless --allow-empty is passed intentionally. vault import supports --vault, --section, --project, and warns about skipped invalid dotenv identifiers. Use clawdi vault attach <vault> --project <project> to make an existing Vault available in another Project, and clawdi vault detach <vault> --project <project> to remove one Project's access without deleting keys. vault rm deletes a key from the shared Vault; when a Vault is attached to multiple Projects, it requires --global. Prefer service-specific vault slugs such as api-service over broad environment slugs such as prod. Project-relative references such as clawdi://default/OPENAI_API_KEY still work for portable templates, but exact references are the default copy/read UX.

    Agents should prefer clawdi run --env-file .env.clawdi -- <command> when they can launch the tool themselves. Use clawdi inject only for tools that must read a physical .env.local; generated files are written owner-only and should stay gitignored.

    Use --dry-run on clawdi read, clawdi inject, clawdi run, and clawdi vault resolve to verify provenance without requesting plaintext values. clawdi doctor checks vault metadata only; it does not resolve stored secrets.

    Sync a local CLI credential profile to another machine. For Codex model-provider auth, prefer the AI Provider commands in the next section; the lower-level agent credentials commands remain available for compatibility and for non-provider CLI credentials such as Claude Code and GitHub CLI.

    clawdi agent credentials import claude-code
clawdi agent credentials import gh
clawdi agent credentials materialize claude-code
clawdi agent credentials materialize gh

    Credential profile sync is separate from clawdi run: it stores and restores a supported tool's local auth file, while run injects explicit clawdi:// references into one child process. Profiles default to your stable Personal Project so import on one machine and materialize on another resolve the same namespace. They are personal backup/restore artifacts: shared Project viewers and env-bound Agent keys cannot materialize them. macOS Keychain imports are guarded behind --source keychain and require explicit --keychain-service plus --keychain-account; Clawdi does not guess or silently scrape credential-store items, and Keychain reads cannot use --yes.

    Manage model providers without turning Clawdi into a model proxy:

    clawdi ai-provider add openai-main \
  --type openai \
  --default-model gpt-5.2 \
  --auth env:OPENAI_API_KEY \
  --capability chat \
  --capability responses \
  --capability tools

clawdi ai-provider validate openai-main
clawdi ai-provider test openai-main        # config + auth availability
clawdi ai-provider test openai-main --live # optional direct provider probe

    AI Provider metadata lives in ~/.clawdi/ai-providers/catalog.json; API keys do not. Use env:... refs, clawdi://... Vault refs, none for local unauthenticated endpoints, or a verified auth profile such as agent:codex/default. BYOK model requests still go directly from the agent runtime to OpenAI, Anthropic, OpenRouter, Gemini, Mistral, or your compatible endpoint.

    Apply provider config explicitly, with a dry run first:

    clawdi ai-provider apply openai-main --dry-run
clawdi ai-provider apply openai-main
codex --profile clawdi-ai-provider

clawdi ai-provider apply openai-main --target hermes --dry-run
clawdi ai-provider apply openai-main --target openclaw --dry-run

    Codex OAuth is managed through the AI Provider surface:

    clawdi ai-provider add openai-codex \
  --type openai \
  --default-model gpt-5-codex \
  --auth agent:codex/default
clawdi ai-provider connect openai-codex --tool codex
clawdi ai-provider apply openai-codex

    apply openai-codex writes compatible target config and materializes the Codex OAuth profile into each selected target's native auth store. For the default target set, that means $CODEX_HOME/auth.json, $HERMES_HOME/auth.json, and OpenClaw's agents/<agentId>/agent/auth-profiles.json. Those projections do not write API key refs for OAuth-backed providers.

    Use clawdi ai-provider connect ... --callback manual in headless environments. Export/import is metadata-only by default; --include-secrets requires passphrase-encrypted secret export.

    Current vault storage is server-managed encryption. Clawdi avoids plaintext secrets in repo files and local templates, but the backend can decrypt stored vault values and credential profiles today. Do not treat this release as zero-knowledge.

    Install a shared skill into every registered agent at once:

    clawdi skill install anthropics/skills/artifacts-builder

    Roadmap

    Today Clawdi gives individuals and read-only Project collaborators a shared layer across their agents. Two bigger bets come next.

    The first is autonomy. Agents should work without you at the keyboard.

    • Cron jobs for recurring agent runs.
    • Remote control for agents on any of your machines.
    • Automatic memory built from session history.

    The second is deepening multi-player workflows beyond read-only Project sharing.

    • Richer team roles and broader access controls.
    • Shared memory, skills, and connections.
    • An agent-to-agent channel for handoff and ask-for-help.
    • Task tracking that every connected agent can use.

    We'll also keep adding adapters. Cursor, OpenCode, Amp, Pi, and others. The same memory, skills, and connections follow you everywhere.

    Want any of this sooner? Open an issue. What's loud is what we build first.

    Hosted or Self-Hosted

    Clawdi has two intended paths.

    Use Clawdi Cloud

    Best for trying it in minutes.

    npm i -g clawdi
clawdi auth login
clawdi setup

    The published CLI defaults to the hosted API. You get the least setup friction and can focus on wiring agents, memories, skills, and vault secrets.

    Own the Stack

    Best when you want to inspect, modify, self-host, or build on Clawdi.

    git clone https://github.com/Clawdi-AI/clawdi.git
cd clawdi
bun install
docker compose up -d postgres

    Then run the backend and dashboard locally:

    cd backend
cp .env.example .env
pdm install
pdm migrate
pdm dev
    cd ../apps/web
cp .env.example .env.local
bun run dev

    Point your CLI at your local backend:

    clawdi config set apiUrl http://localhost:8000

    Local self-hosting currently expects:

    • Node.js 22.5+ and Bun 1.3+
    • Python 3.12 with PDM
    • PostgreSQL 16 with pg_trgm and pgvector
    • Clerk keys for dashboard auth
    • Two generated encryption keys for vault data and MCP bridge JWTs

    See backend/.env.example and apps/web/.env.example for the exact environment variables.

    What Is In This Repo

    apps/web/          Next.js 16 dashboard with Clerk auth, shadcn/ui, Tailwind v4
packages/cli/      Published `clawdi` CLI, agent adapters, and MCP server
packages/shared/   Shared API types, schemas, and constants
backend/           FastAPI backend, SQLAlchemy models, Alembic migrations
docs/              Architecture notes, scenarios, and development guides

    The system is deliberately boring where it should be:

    • FastAPI API server
    • PostgreSQL for structured data and memory search
    • File storage for session and skill bodies
    • Local CLI state under ~/.clawdi
    • MCP stdio server spawned by each agent
    • No Redis, Celery, or hidden worker fleet required for the core local stack

    For the deeper map, read docs/architecture.md.

    Supported Agents

    Agent Sessions Skills MCP setup
    Claude Code Yes Yes Automatic
    Codex Yes Yes Automatic
    Hermes Yes Yes Automatic
    OpenClaw Yes Yes Manual MCP hint where required

    Each agent has a dedicated adapter in packages/cli/src/adapters. Adding another agent means implementing the same adapter shape: detect it, read sessions, read/write skills, and define how commands run with injected env.

    CLI Reference

    Command What it does
    clawdi auth login / logout Authenticate this machine
    clawdi auth status [--json] Show credential source without printing secrets
    clawdi status [--json] Show auth and sync state
    clawdi config list/get/set/unset/paths Read/write CLI configuration and inspect local/runtime paths
    clawdi setup [--agent <type>] [--no-daemon] Register local agents, install MCP, install the bundled skill, and install/start the singleton daemon by default
    clawdi teardown [--agent <type>] Remove Clawdi's local agent wiring
    clawdi daemon run/install/status/logs/doctor/restart/uninstall/ping/rotate-token Run, inspect, and control the singleton background sync daemon (serve remains a legacy alias)
    clawdi push Upload sessions and skills
    clawdi pull Download cloud skills into registered agents
    clawdi session list/extract Inspect local agent sessions
    clawdi memory list/search/add/rm Manage cross-agent long-term memory
    clawdi skill list/add/install/rm/init Manage portable skills
    clawdi project create/list/show/share/share-links/invite/invites/members/leave/unshare Manage Projects and read-only sharing
    clawdi inbox [accept/decline/forget] Accept invitations and share links
    clawdi agent projects list/attach/detach/move View the fixed Agent Project and manage attached Projects
    clawdi agent credentials import/materialize Compatibility backup/restore for local CLI credential profiles; use ai-provider import-auth/connect/materialize-auth for Codex provider auth
    clawdi ai-provider list/add/edit/remove/validate/test/connect/import-auth/materialize-auth/apply/status/export/import Manage reusable AI Providers, provider auth, and verified agent config application
    clawdi project folder link/status/unlink Link a local folder to a Project for vault reference selection
    clawdi vault set/list/import/attach/detach/rm Manage encrypted secrets, Project access, and copy exact references
    clawdi read <clawdi://...> Explicitly print one vault reference value
    clawdi inject --in <file> --out <file> Render clawdi:// references into templates
    clawdi run --env-file <file> -- <cmd> Run a command with explicit vault references resolved
    clawdi doctor Diagnose auth, agent paths, vault, and MCP config
    clawdi update Install the latest CLI version (--check only reports)
    clawdi mcp Start the MCP stdio server used by agents

    Auto-update is enabled by default for all newer releases, including majors. Human CLI invocations update the global CLI in the background; installed daemons check on their own cadence, install silently, then let launchd/systemd restart them onto the new code. Disable both with CLAWDI_NO_AUTO_UPDATE=1 or clawdi config set autoUpdate false.

    Every command supports --help.

    Advanced Runtime Operators

    These commands are for controlled hosted or self-hosted runtime envelopes. They are not part of normal laptop onboarding.

    Command What it does
    clawdi capabilities [--json] Show CLI feature surface, runtime mode, and hosted policy restrictions
    clawdi runtime init --non-interactive [--json] Run one cloud-init-style hosted runtime convergence pass
    clawdi runtime status [--json] Read the last runtime boot result from service-state files
    clawdi runtime doctor [--json] Diagnose hosted policy, service state, HOME, tmpfs runtime state, and last boot status

    Hosted runtime mode is detected from host policy or runtime credentials. In hosted mode, /etc/clawdi/host-policy.json can deny local-user commands such as setup, teardown, update, config set, and auth login, while keeping agent-facing commands such as mcp, daemon run, read, inject, and run available. Local self-update is skipped in hosted mode; hosted CLI updates are expected to be system-managed through the standard npm package installation. The target hosted shape is a read-only /usr/local/bin/clawdi launcher shim that installs/execs the npm-managed entrypoint at /var/lib/clawdi/bin/clawdi from the root-owned prefix /var/lib/clawdi/npm. The ordinary runtime user can execute the CLI but cannot modify the managed install or config.

    For the hosted runtime design, profile matrix, and runtime image contract, see docs/hosted-runtime.md.

    App connections are configured in the Clawdi Cloud dashboard and surface inside agents automatically over MCP — there is no CLI command to manage them.

    Development

    Install dependencies:

    bun install

    Run the web app and workspace dev tasks:

    bun run dev

    Run the backend:

    cd backend
pdm dev

    Run checks:

    bun run check
bun run typecheck

cd backend
pdm lint
pdm test

    Run the CLI from source:

    bun run packages/cli/src/index.ts --help

    Build and link the CLI locally:

    cd packages/cli
bun run build
bun link
clawdi --version

    Troubleshooting

    Run the diagnostic first:

    clawdi doctor

    Common issues:

    • clawdi auth login fails - Re-run login, or use clawdi auth login --manual in headless environments.
    • No supported agent detected - Install a supported agent or pass --agent claude_code, --agent codex, --agent hermes, or --agent openclaw.
    • Memory search is empty - Add a memory first with clawdi memory add "...", then verify with clawdi memory search "...".
    • Local backend cannot start because vector is missing - Install pgvector for your PostgreSQL 16 instance, or use the included Docker Compose database.
    • Agent MCP tools look stale - Run clawdi setup --agent <type> again, then clawdi daemon restart.

    License

    MIT. See LICENSE.