builderz-labs / mission-control

Mission Control **The open-source dashboard for AI agent orchestration.** Manage agent fleets, track tasks, monitor costs, and orchestrate workflows — all from a single pane of glass. --- > **Alpha Software** — Mission Control is under active development. APIs, database schemas, and configuration formats may change between releases. Review the known limitations and security considerations before deploying to production. Why Mission Control? Running AI agents at scale means juggling sessions, tasks, costs, and reliability across multiple models and channels. Mission Control gives you: • **32 panels** — Tasks, agents, skills, logs, tokens, memory, security, cron, alerts, webhooks, pipelines, and more • **Real-time everything** — WebSocket + SSE push updates, smart polling that pauses when you're away • **Zero external dependencies** — SQLite database, single to run, no Redis/Postgres/Docker required • **Role-based access** — Viewer, operator, and admin roles with session + API key auth • **Quality gates** — Built-in Aegis review system that blocks task completion without sign-off • **Recurring tasks** — Natural language scheduling ("every morning at 9am") with cron-based template spawning • **Claude Code bridge** — Read-only integration surfaces Claude Code team tasks and configs on the dashboard • **Skills Hub** — Browse, install, and security-scan agent skills from ClawdHub and skills.sh registries • **Multi-gateway** — Connect to multiple agent gateways simultaneously (OpenClaw, and more coming soon) Quick Start One-Command Install (Docker) The installer auto-generates secure credentials, starts the container, and runs an OpenClaw fleet health check. Open to create your admin account. One-Command Install (Local) Requires Node.js 22.x (LTS, recommended) or 24.x, and pnpm (auto-installed via corepack if missing). Manual Setup > **Requires pnpm** and **Node.js 22.x (LTS, recommended) or 24.x**. > Mission Control is validated on Node 22 (primary CI/LTS) and supports Node 24 for local dev and deploys. Use (or ) before installing or starting the app. On first run, visit to create your admin account. Secrets ( , ) are auto-generated and persisted to . For CI/automation, set and env vars to seed the admin from environment instead. Gateway Optional Mode (Standalone Deployment) Mission Control can run in standalone mode without a gateway connection. This is useful when: • Deploying on a VPS with firewall rules blocking non-standard WebSocket ports (18789/18790) • Testing UI/core workflows without a running gateway • Running Mission Control primarily for project/task operations Enable with: When enabled, the HUD status shows instead of . Works without gateway: • Task board, projects, agents, sessions, scheduler, webhooks, alerts, activity/audit, cost tracking Requires active gateway: • Real-time session updates • Agent-to-agent messaging • Gateway log streaming For production VPS setups, you can also proxy gateway WebSockets over 443. See . Docker Zero-Config No file needed. The container auto-generates and on first boot and persists them across restarts. Visit to create your admin account. Docker Hardening (Production) For production deployments, use the hardened compose overlay: This adds read-only filesystem, capability dropping, log rotation, HSTS, and network isolation. See Security Hardening for the full checklist. Station Doctor Run diagnostics on your installation: Project Status What Works • Agent management with full lifecycle (register, heartbeat, wake, retire) • Kanban task board with drag-and-drop, priorities, assignments, and comments • Real-time monitoring via WebSocket + SSE with smart polling • Token usage and cost tracking with per-model breakdowns • Multi-gateway connection management • Role-based access control (viewer, operator, admin) • Background scheduler for automated tasks • Outbound webhooks with delivery history, retry with exponential backoff, and circuit breaker • Webhook signature verification (HMAC-SHA256 with constant-time comparison) • Local Claude Code session tracking (auto-discovers from ) • Quality review gates for task sign-off • Pipeline orchestration with workflow templates • Ed25519 device identity for secure gateway handshake • Agent SOUL system with workspace file sync and templates • Agent inter-agent messaging and comms • Skills Hub with ClawdHub and skills.sh registry integration (search, install, security scan) • Bidirectional skill sync — disk ↔ DB with SHA-256 change detection • Local agent discovery from , , • Natural language recurring tasks — schedule parser converts "every 2 hours" to cron, spawns dated child tasks • Claude Code task bridge — read-only scanner surfaces team tasks and configs from and • Skill security scanner (prompt injection, credential leaks, data exfiltration, obfuscated content) • Update available banner with GitHub release check and one-click self-update • Framework adapter layer for multi-agent registration (OpenClaw, CrewAI, LangGraph, AutoGen, Claude SDK, generic) • Multi-project task organization with per-project ticket prefixes • Per-agent rate limiting with identity-based quotas • Agent self-registration endpoint for autonomous agent onboarding • Security audit panel with posture scoring, secret detection, trust scoring, and MCP call auditing • Four-layer agent eval framework (output, trace, component, drift detection) • Agent optimization endpoint with token efficiency, tool patterns, and fleet benchmarks • Hook profiles (minimal/standard/strict) for tunable security strictness • Guided onboarding wizard with credential setup, agent discovery, and security scan Known Limitations • No major security limitations currently tracked here for CSP; policy now uses per-request nonces (no / ). Security Considerations • **Change all default credentials** ( , , ) before deploying • **Deploy behind a reverse proxy with TLS** (e.g., Caddy, nginx) for any network-accessible deployment • **Review S…