ShibaClaw

<p align="center">
  <img src="assets/shibaclaw_logo_readme.jpg" width="800" alt="...">
</p>

# Smart. Loyal. Powerful. 🐕

<p align="center">
  <a href="https://github.com/RikyZ90/ShibaClaw/releases"><img src="https://img.shields.io/badge/version-v0.0.7-orange?style=flat-square" alt="version"></a>
  <img src="https://img.shields.io/badge/python-≥3.11-blue?style=flat-square&logo=python&logoColor=white" alt="python">
  <a href="https://github.com/RikyZ90/ShibaClaw/blob/main/LICENSE"><img src="https://img.shields.io/github/license/RikyZ90/ShibaClaw?style=flat-square" alt="license"></a>
</p>

ShibaClaw is a **loyal, intelligent, and lightweight** personal AI assistant framework — built to serve and protect your digital workspace.

The **only** AI agent framework combining **extreme multi-layer security** (Structural Tool Output Wrapping against Prompt Injection + Smart Install Guard with live CVE scanning before every package install) with **minimal token consumption**, keeping your costs low without sacrificing power.

---

## 📢 News

> [!IMPORTANT]
> **v0.0.7** is out! Massive core modernization: complete removal of `litellm` dependency for faster and strictly-controlled native LLM API integration.<br>
> Smart Install Guard — Package installations are no longer blindly blocked. Instead they are **intercepted and audited for CVEs** using `pip-audit` and `npm audit` before execution.

- **2026-04-01** 📂 **Integrated File Browser (WebUI)** — A fully integrated file explorer is now available directly from the WebUI sidebar. Browse the agent workspace, open and view files with syntax-preserving layout, edit them in a click-to-enable edit mode (pencil button), and save changes back to the server — or download them locally. Path-traversal protected and workspace-sandboxed.
- **2026-04-01** 📎 **File Attachments & Images in WebUI** — Drag-and-drop or paste files and images directly into the chat. Images are previewed inline; other files are attached as downloadable links. All uploads are stored in `workspace/uploads/` and streamed to the agent as context.
- **2026-04-01** 🧹 **Codebase Cleanup & Security Hardening** — Full production audit completed. All source files restructured, deduplicated and cleaned. 14 bugs fixed across CRITICAL/HIGH/MEDIUM/LOW severity classes: per-session asyncio locking, file I/O race conditions, agent double-init race, path traversal in file routes, CORS misconfiguration, unicode injection via codecs, pip-audit severity parsing, and TCP resource leaks.
- **2026-04-01** 🧠 **Proactive Learning (Scent Mining)** — ShibaClaw now automatically reflects on your conversations in the background. It extracts key facts and preferences to update your long-term memory (`MEMORY.md`) without waiting for the context window to fill or the session to end.
- **2026-03-31** 🔍 **Smart Install Guard** — Package installations (`pip install`, `npm install`, `apt install`, ...) are no longer blindly blocked. Instead they are **intercepted and audited for CVEs** using `pip-audit` and `npm audit` before execution. Only packages with critical/high severity vulnerabilities are blocked; clean packages install freely. Destructive operations (`uninstall`, `remove`, `purge`) remain blocked.
- **2026-03-29** 🛡️ Security Hardening — Enhanced Indirect Prompt Injection protection via **Randomized Tool Output Wrapping** (using dynamic nonces per-session) to prevent instructions from untrusted data hijacking the agent.
- **2026-03-29** 🐾 LiteLLM Dependency Removed — Architecture modernized to utilize native SDKs (`openai`, `anthropic`), dramatically reducing docker image sizes, startup times, and opaque dependency risks.
- **2026-03-29** 🔐 GitHub Copilot OAuth rewritten using raw asynchronous device flow for highly stable background token refresh without proxy dependencies.
- **2026-03-29** 💬 Session UI Refactor — Removed nested channels grouping. Conversations are now displayed in a sleek chronological feed with a "Show more" history pane.
- **2026-03-29** 🎨 UI/UX Polish — Native browser popups (`alert`, `confirm`, `prompt`) entirely replaced with custom CSS modal dialogs (`shibaDialog`).
- **2026-03-29** 🛡️ WebUI Settings Fix — Solved a critical bug causing Config `_deep_merge` to overwrite legitimate API keys with `****` redacted strings under the hood.
- **2026-03-29** 🔐 Gateway restart hardening — blocked unauthorized `/restart` via health endpoint and enforced token-based auth for web UI/gateway restart.
- **2026-03-29** 🛡️ Shell tool security — expanded `ExecTool.deny_patterns` to include `$()`, backticks, shell pipes, curl/wget piped shell, and `<()>` process substitution.
- **2026-03-29** ⚡ WebSockets & Gateway Stability — Annihilated "Scrollbar Jittering" and implemented a cache-busting `Gateway health` polling mechanism
- **2026-03-26** 🧠 Dynamic System Prompt — runtime context (timestamp, channel, iteration) refreshed on every LLM call for a more "alive" agent
- **2026-03-26** 🐾 SOUL.md template refined — clean formatting and richer personality definition
- **2026-03-24** 🖥️ WebUI token authentication (Jupyter-style) — secure access with auto-generated tokens
- **2026-03-24** 🔐 OAuth login from UI — authenticate GitHub Copilot & OpenAI Codex directly from Settings
- **2026-03-24** 💬 Chat history rendering fixes and wider message layout
- **2026-03-22** 🧩 Settings modal with tabs — Agent, Provider, Tools, Gateway, Channels, OAuth
- **2026-03-21** ⚡ Real-time WebUI — Socket.IO streaming, process groups, typing indicator
- **2026-03-20** 🐾 Interactive onboard wizard — pick your provider, model autocomplete, and go
- **2026-03-19** 🛡️ Indirect Prompt Injection protection via Tool Output Wrapping

---

## 🐾 Key Features
- **Fast & Faithful**: Minimal startup time and dependencies.
- **Multi-channel**: Support for Telegram, Discord, Slack, WhatsApp, and more.
- **Always Alert**: Built-in cron and heartbeat task scheduler.
- 🧩 **Skills Registry**: Modular and extensible skill system with native ClawHub marketplace support
- ⚡ **Parallel Multi-Agent Execution**: A built-in fan-out orchestration model that spawns and coordinates specialized sub-agents concurrently for faster, scalable task resolution
- **Advanced Thinking**: Support for OpenAI, Azure, and deep-reasoning thinkers.
- **🛡️ Built-in Security**: Protected against Indirect Prompt Injection via **Structural Randomized Wrapping** and strict per-session security policies.
- **🔍 Smart Install Guard**: Package installs are audited for CVEs before execution — safe packages install freely, vulnerable ones are blocked with a full CVE report.
- **🧠 Proactive Learning (Scent Mining)**: Periodic background analysis of the active conversation to extract and persist key facts into long-term memory, ensuring no "scent" is lost even in long sessions.
- **📂 Integrated File Browser**: Browse, view, edit and save workspace files directly from the WebUI — no terminal needed.
- **📎 File Attachments & Images**: Drag-and-drop or paste files and images directly into the chat for the agent to use as context.

## 🔒 Loyal Only to You
Like the most devoted guard dog, ShibaClaw is trained to obey only its master. Thanks to its advanced **Tool Output Wrapping** system, the framework is hardened against *Indirect Prompt Injection* attacks. It treats external data from websites, files, or tools as literal information—never as new instructions. Your orders are final; to ShibaClaw, external noise is just a squirrel 🐿️.

## 🔍 Smart Install Guard

When the agent attempts to run a package installation command, ShibaClaw no longer blindly blocks it. Instead, it **intercepts the command, audits the packages for known vulnerabilities (CVEs), and only proceeds if the risk is acceptable**.

### How It Works

1. **Detect** — The `ExecTool` recognizes install commands for `pip`, `npm`, `yarn`, `pnpm`, `apt`, `dnf`/`yum`, and `brew`.
2. **Audit** — Before execution, the packages are scanned:
   - **Python (`pip instal

[truncated…]