|
|
|
|
@@ -1,5 +1,18 @@
|
|
|
|
|
# The package catalog is deployed as a ConfigMap in the operator namespace.
|
|
|
|
|
# To update packages, edit the catalog data below and upgrade the Helm release.
|
|
|
|
|
#
|
|
|
|
|
# Categories:
|
|
|
|
|
# - core — toggles platform-level OpenClaw behaviour (heartbeat, cron,
|
|
|
|
|
# active-memory, voice) via config_patch. No channel bindings,
|
|
|
|
|
# no skills.
|
|
|
|
|
# - channel — adds a messaging channel (Telegram, Discord, …).
|
|
|
|
|
# - skill — adds a ClawHub or pack: skill ref to the OpenClawInstance.
|
|
|
|
|
#
|
|
|
|
|
# Quiet hours are not exposed as a separate package — in OpenClaw they live
|
|
|
|
|
# under the heartbeat config (via the active-window setting and via
|
|
|
|
|
# HEARTBEAT.md content rules). When we expose a tenant-tunable time range
|
|
|
|
|
# in the portal, it will become additional fields on core-heartbeat rather
|
|
|
|
|
# than its own package.
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: ConfigMap
|
|
|
|
|
metadata:
|
|
|
|
|
@@ -10,6 +23,130 @@ metadata:
|
|
|
|
|
data:
|
|
|
|
|
catalog.yaml: |
|
|
|
|
|
packages:
|
|
|
|
|
|
|
|
|
|
# =====================================================================
|
|
|
|
|
# CORE — platform behaviour toggles. Patched into OCI config.raw via
|
|
|
|
|
# config_patch (deep-merged on top of the operator's safe defaults).
|
|
|
|
|
# =====================================================================
|
|
|
|
|
|
|
|
|
|
core-heartbeat:
|
|
|
|
|
name: Heartbeat (Proactive Checks)
|
|
|
|
|
category: core
|
|
|
|
|
description: >
|
|
|
|
|
Periodic agent run (default every 30 min) that lets the assistant
|
|
|
|
|
check inbox, calendar, and other configured sources and message
|
|
|
|
|
you proactively when something needs attention. Without this, the
|
|
|
|
|
assistant only responds when you message it first.
|
|
|
|
|
# OpenClaw 2026.x ships heartbeat ON by default (30m, or 1h on
|
|
|
|
|
# Anthropic OAuth) when agents.defaults.heartbeat is absent —
|
|
|
|
|
# see issues openclaw/openclaw#64293, #19445, #8123. The builder
|
|
|
|
|
# accordingly writes `every: "0m"` (the known off-switch) into
|
|
|
|
|
# the baseline configRaw. core-heartbeat's config_patch below
|
|
|
|
|
# overlays the 30m cadence on top of that. The actual checklist
|
|
|
|
|
# the heartbeat reads lives in workspace HEARTBEAT.md (seeded
|
|
|
|
|
# separately via spec.workspaceFiles); without a HEARTBEAT.md
|
|
|
|
|
# the heartbeat fires harmlessly and replies HEARTBEAT_OK.
|
|
|
|
|
#
|
|
|
|
|
# Quiet hours: OpenClaw supports both a config-level activeHours
|
|
|
|
|
# window under agents.defaults.heartbeat (skipped outside the
|
|
|
|
|
# window) and in-content rules inside HEARTBEAT.md. Neither is
|
|
|
|
|
# exposed in the portal yet — when added, they become extra
|
|
|
|
|
# fields on this package, not a separate core-quiet-hours
|
|
|
|
|
# package.
|
|
|
|
|
config_patch:
|
|
|
|
|
agents:
|
|
|
|
|
defaults:
|
|
|
|
|
heartbeat:
|
|
|
|
|
every: "30m"
|
|
|
|
|
|
|
|
|
|
core-cron:
|
|
|
|
|
name: Scheduled Tasks (Cron)
|
|
|
|
|
category: core
|
|
|
|
|
description: >
|
|
|
|
|
Allow the assistant to run scheduled tasks (daily briefings,
|
|
|
|
|
recurring reminders, periodic reports). Off by default. When
|
|
|
|
|
off, the agent's cron tool stays available but no scheduled
|
|
|
|
|
job ever fires.
|
|
|
|
|
# Flips the cron scheduler on. Default base configRaw sets
|
|
|
|
|
# cron.enabled=false (see builder.go), so this overlay only
|
|
|
|
|
# writes true when the package is enabled. Job storage lives on
|
|
|
|
|
# the tenant PVC at ~/.openclaw/cron/jobs.json by default.
|
|
|
|
|
config_patch:
|
|
|
|
|
cron:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
core-active-memory:
|
|
|
|
|
name: Active Memory
|
|
|
|
|
category: core
|
|
|
|
|
description: >
|
|
|
|
|
Lets the assistant recall stable preferences, recurring habits,
|
|
|
|
|
and long-term context from past conversations during a chat.
|
|
|
|
|
Uses an extra sub-agent turn per inbound message to query the
|
|
|
|
|
memory store. Direct-message sessions only — group and channel
|
|
|
|
|
sessions stay deterministic. Trades a small amount of token
|
|
|
|
|
cost for continuity and personalisation.
|
|
|
|
|
# OpenClaw 2026.5.x ships Active Memory as a plugin under
|
|
|
|
|
# plugins.entries.active-memory with a two-gate activation model:
|
|
|
|
|
# (1) the plugin must be enabled, (2) the request must be an
|
|
|
|
|
# eligible direct-chat session. Scoped to "main" agent and
|
|
|
|
|
# "direct" chat types for safe-default behaviour. The recall
|
|
|
|
|
# model inherits the session's chat model when available; the
|
|
|
|
|
# modelFallback is used only when nothing else resolves and
|
|
|
|
|
# should be present in LiteLLM. Adjust as needed for the
|
|
|
|
|
# platform's default cheap model.
|
|
|
|
|
config_patch:
|
|
|
|
|
plugins:
|
|
|
|
|
entries:
|
|
|
|
|
active-memory:
|
|
|
|
|
enabled: true
|
|
|
|
|
config:
|
|
|
|
|
enabled: true
|
|
|
|
|
agents: ["main"]
|
|
|
|
|
allowedChatTypes: ["direct"]
|
|
|
|
|
modelFallback: "pieced-mini"
|
|
|
|
|
queryMode: "recent"
|
|
|
|
|
promptStyle: "balanced"
|
|
|
|
|
timeoutMs: 15000
|
|
|
|
|
maxSummaryChars: 220
|
|
|
|
|
persistTranscripts: false
|
|
|
|
|
logging: false
|
|
|
|
|
|
|
|
|
|
core-voice:
|
|
|
|
|
name: Voice Interaction
|
|
|
|
|
category: core
|
|
|
|
|
description: >
|
|
|
|
|
Speech-to-text on incoming voice notes and text-to-speech on
|
|
|
|
|
replies. Routed through PieCed's LiteLLM gateway so audio cost
|
|
|
|
|
is tracked per-tenant alongside chat.
|
|
|
|
|
# PHASE A: catalog entry only. No config_patch yet — toggling
|
|
|
|
|
# this package stores customer intent but does not change the
|
|
|
|
|
# OCI config. PHASE B (next iteration) wires in chatterbox-tts
|
|
|
|
|
# and a whisper adapter (or speaches-server) behind LiteLLM and
|
|
|
|
|
# adds the config_patch below, roughly:
|
|
|
|
|
#
|
|
|
|
|
# config_patch:
|
|
|
|
|
# tools:
|
|
|
|
|
# media:
|
|
|
|
|
# audio:
|
|
|
|
|
# enabled: true
|
|
|
|
|
# models:
|
|
|
|
|
# - provider: openai
|
|
|
|
|
# model: pieced-whisper
|
|
|
|
|
# apiBase: http://litellm.inference.svc:4000/v1
|
|
|
|
|
# messages:
|
|
|
|
|
# tts:
|
|
|
|
|
# auto: inbound
|
|
|
|
|
# provider: openai
|
|
|
|
|
# openai:
|
|
|
|
|
# model: pieced-tts
|
|
|
|
|
# voice: nova
|
|
|
|
|
|
|
|
|
|
# =====================================================================
|
|
|
|
|
# CHANNELS — messaging integrations. Each ships a Channels map that
|
|
|
|
|
# the builder copies into config.channels, env_vars for credentials,
|
|
|
|
|
# and bindings so messages route to the default agent.
|
|
|
|
|
# =====================================================================
|
|
|
|
|
|
|
|
|
|
telegram:
|
|
|
|
|
name: Telegram
|
|
|
|
|
category: channel
|
|
|
|
|
@@ -62,51 +199,218 @@ data:
|
|
|
|
|
2. Create app, add bot, copy token and app ID
|
|
|
|
|
3. Invite bot to server with messages scope
|
|
|
|
|
|
|
|
|
|
email:
|
|
|
|
|
name: Email (Gmail)
|
|
|
|
|
category: channel
|
|
|
|
|
description: Email integration via Gmail IMAP/SMTP
|
|
|
|
|
channels:
|
|
|
|
|
email:
|
|
|
|
|
enabled: true
|
|
|
|
|
settings:
|
|
|
|
|
provider: gmail
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: EMAIL_ADDRESS
|
|
|
|
|
secret_key: address
|
|
|
|
|
vault_path_suffix: email
|
|
|
|
|
- name: EMAIL_APP_PASSWORD
|
|
|
|
|
secret_key: app-password
|
|
|
|
|
vault_path_suffix: email
|
|
|
|
|
bindings:
|
|
|
|
|
- match:
|
|
|
|
|
channel: email
|
|
|
|
|
egress_rules:
|
|
|
|
|
- host: imap.gmail.com
|
|
|
|
|
port: 993
|
|
|
|
|
- host: smtp.gmail.com
|
|
|
|
|
port: 465
|
|
|
|
|
# =====================================================================
|
|
|
|
|
# SKILLS — ClawHub skill installs. Operator passes each entry through
|
|
|
|
|
# to OpenClawInstance.spec.skills, where the OpenClaw operator's init
|
|
|
|
|
# container fetches it before the agent starts. Bare "<owner>/<slug>"
|
|
|
|
|
# resolves through ClawHub by default.
|
|
|
|
|
# =====================================================================
|
|
|
|
|
|
|
|
|
|
web-search:
|
|
|
|
|
name: Web Search
|
|
|
|
|
git-cli:
|
|
|
|
|
name: Git CLI
|
|
|
|
|
category: skill
|
|
|
|
|
description: Web search via internal SearXNG
|
|
|
|
|
description: >
|
|
|
|
|
Standalone git command-line operations (clone, commit, branch,
|
|
|
|
|
diff, log, status). For private repositories, configure
|
|
|
|
|
credentials in your workspace.
|
|
|
|
|
skills:
|
|
|
|
|
- "pack:openclaw/skills/web-search@latest"
|
|
|
|
|
- "openlang-cn/git-cli"
|
|
|
|
|
egress_rules:
|
|
|
|
|
- host: github.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: gitlab.com
|
|
|
|
|
port: 443
|
|
|
|
|
|
|
|
|
|
github:
|
|
|
|
|
name: GitHub (gh CLI)
|
|
|
|
|
category: skill
|
|
|
|
|
description: >
|
|
|
|
|
Interact with GitHub repositories via the gh CLI — issues, PRs,
|
|
|
|
|
CI runs, releases, gists. Requires a personal access token.
|
|
|
|
|
skills:
|
|
|
|
|
- "steipete/github"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: GH_TOKEN
|
|
|
|
|
secret_key: token
|
|
|
|
|
vault_path_suffix: github
|
|
|
|
|
required: true
|
|
|
|
|
egress_rules:
|
|
|
|
|
- host: api.github.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: github.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: codeload.github.com
|
|
|
|
|
port: 443
|
|
|
|
|
customer_instructions: |
|
|
|
|
|
1. Open https://github.com/settings/tokens
|
|
|
|
|
2. Generate a fine-grained personal access token with the
|
|
|
|
|
repo scopes you want the assistant to use.
|
|
|
|
|
3. Copy the token (it is shown only once).
|
|
|
|
|
|
|
|
|
|
gitea:
|
|
|
|
|
name: Gitea
|
|
|
|
|
category: skill
|
|
|
|
|
description: >
|
|
|
|
|
Interact with a Gitea instance — repositories, issues, PRs,
|
|
|
|
|
releases. Defaults to the PieCed-platform Gitea at
|
|
|
|
|
git.c5ai.ch; supply your own GITEA_URL if you host elsewhere.
|
|
|
|
|
skills:
|
|
|
|
|
- "ericxliu1990/gitea"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: GITEA_URL
|
|
|
|
|
default: "https://git.c5ai.ch"
|
|
|
|
|
- name: GITEA_TOKEN
|
|
|
|
|
secret_key: token
|
|
|
|
|
vault_path_suffix: gitea
|
|
|
|
|
required: true
|
|
|
|
|
egress_rules:
|
|
|
|
|
- host: git.c5ai.ch
|
|
|
|
|
port: 443
|
|
|
|
|
customer_instructions: |
|
|
|
|
|
1. Log in to your Gitea instance (default https://git.c5ai.ch).
|
|
|
|
|
2. Go to Settings → Applications → Generate New Token.
|
|
|
|
|
3. Grant the scopes you want the assistant to use (repo, issue,
|
|
|
|
|
user — minimum needed for most workflows).
|
|
|
|
|
4. Copy the token.
|
|
|
|
|
|
|
|
|
|
whisper-self-hosted:
|
|
|
|
|
name: Whisper (Self-Hosted Transcription)
|
|
|
|
|
category: skill
|
|
|
|
|
description: >
|
|
|
|
|
Transcribe audio files via the platform's self-hosted Whisper
|
|
|
|
|
ASR instance. Useful for ad-hoc transcription tasks initiated
|
|
|
|
|
from chat; channel-level voice intake is handled separately by
|
|
|
|
|
the Voice CORE feature.
|
|
|
|
|
skills:
|
|
|
|
|
- "xavjer/openclaw-self-hosted-whisper"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: WHISPER_URL
|
|
|
|
|
default: "http://whisper-asr.whisper-asr.svc.cluster.local:9000"
|
|
|
|
|
|
|
|
|
|
searxng-local-search:
|
|
|
|
|
name: Web Search (SearXNG)
|
|
|
|
|
category: skill
|
|
|
|
|
description: >
|
|
|
|
|
Privacy-respecting web search via the platform's internal
|
|
|
|
|
SearXNG instance. Search the web, images, news, and more
|
|
|
|
|
without external API calls or trackers.
|
|
|
|
|
skills:
|
|
|
|
|
- "noblepayne/searxng-local-search"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: SEARXNG_URL
|
|
|
|
|
default: "http://searxng.searxng.svc.cluster.local:8080"
|
|
|
|
|
egress_rules: []
|
|
|
|
|
|
|
|
|
|
document-processing:
|
|
|
|
|
name: Document Processing
|
|
|
|
|
gog:
|
|
|
|
|
name: Google Workspace (Gog)
|
|
|
|
|
category: skill
|
|
|
|
|
description: PDF, DOCX, spreadsheet processing
|
|
|
|
|
description: >
|
|
|
|
|
Bundled access to Gmail, Calendar, Drive, Docs, Sheets, and
|
|
|
|
|
Contacts via Google OAuth. Setup requires a Google Cloud
|
|
|
|
|
project and an OAuth client. NOTE: OAuth flow is not yet
|
|
|
|
|
self-service in the portal — contact PieCed support for
|
|
|
|
|
credentials onboarding.
|
|
|
|
|
skills:
|
|
|
|
|
- "pack:openclaw/skills/document-processing@latest"
|
|
|
|
|
init_deps:
|
|
|
|
|
apt:
|
|
|
|
|
- pandoc
|
|
|
|
|
- libreoffice-writer-nogui
|
|
|
|
|
- ffmpeg
|
|
|
|
|
egress_rules: []
|
|
|
|
|
- "steipete/gog"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: GOG_CLIENT_ID
|
|
|
|
|
secret_key: client-id
|
|
|
|
|
vault_path_suffix: gog
|
|
|
|
|
required: true
|
|
|
|
|
- name: GOG_CLIENT_SECRET
|
|
|
|
|
secret_key: client-secret
|
|
|
|
|
vault_path_suffix: gog
|
|
|
|
|
required: true
|
|
|
|
|
- name: GOG_REFRESH_TOKEN
|
|
|
|
|
secret_key: refresh-token
|
|
|
|
|
vault_path_suffix: gog
|
|
|
|
|
required: true
|
|
|
|
|
egress_rules:
|
|
|
|
|
- host: oauth2.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: www.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: gmail.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: calendar.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: drive.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: docs.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: sheets.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
- host: people.googleapis.com
|
|
|
|
|
port: 443
|
|
|
|
|
customer_instructions: |
|
|
|
|
|
Google Workspace integration uses OAuth and requires manual
|
|
|
|
|
onboarding for now. Please open a support ticket to start
|
|
|
|
|
the setup process — we will exchange the client credentials
|
|
|
|
|
and a refresh token offline, then enable this package on
|
|
|
|
|
your tenant.
|
|
|
|
|
disclaimer: >
|
|
|
|
|
By enabling Google Workspace integration you authorize PieCed
|
|
|
|
|
to access Gmail, Calendar, Drive, Docs, Sheets, and Contacts
|
|
|
|
|
on your behalf. Data flows through Google's APIs subject to
|
|
|
|
|
Google's terms.
|
|
|
|
|
|
|
|
|
|
mail:
|
|
|
|
|
name: Email (IMAP / SMTP)
|
|
|
|
|
category: skill
|
|
|
|
|
description: >
|
|
|
|
|
Read, search, and manage email via IMAP; send via SMTP. Works
|
|
|
|
|
with Gmail (with an app password), Outlook, Fastmail, and any
|
|
|
|
|
standard IMAP/SMTP host. Replaces the previous Gmail-only
|
|
|
|
|
channel.
|
|
|
|
|
skills:
|
|
|
|
|
- "ivangdavila/mail"
|
|
|
|
|
env_vars:
|
|
|
|
|
- name: IMAP_HOST
|
|
|
|
|
secret_key: imap-host
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
- name: IMAP_USER
|
|
|
|
|
secret_key: imap-user
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
- name: IMAP_PASS
|
|
|
|
|
secret_key: imap-pass
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
- name: SMTP_HOST
|
|
|
|
|
secret_key: smtp-host
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
- name: SMTP_USER
|
|
|
|
|
secret_key: smtp-user
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
- name: SMTP_PASS
|
|
|
|
|
secret_key: smtp-pass
|
|
|
|
|
vault_path_suffix: mail
|
|
|
|
|
required: true
|
|
|
|
|
# The mail skill connects to tenant-supplied IMAP/SMTP servers on
|
|
|
|
|
# ports 993 / 465 / 587. The hostnames are not known at catalog
|
|
|
|
|
# time, so we open these ports to "world" rather than declaring
|
|
|
|
|
# FQDNs. Trade-off accepted for pilot — see catalog.EgressRule
|
|
|
|
|
# for the rule shape and rationale.
|
|
|
|
|
egress_rules:
|
|
|
|
|
- port: 993
|
|
|
|
|
world: true
|
|
|
|
|
- port: 465
|
|
|
|
|
world: true
|
|
|
|
|
- port: 587
|
|
|
|
|
world: true
|
|
|
|
|
customer_instructions: |
|
|
|
|
|
1. For Gmail: enable 2-Step Verification, then create an App
|
|
|
|
|
Password at https://myaccount.google.com/apppasswords and
|
|
|
|
|
use it as both IMAP and SMTP password.
|
|
|
|
|
2. For Outlook/Microsoft 365 with MFA: generate an app
|
|
|
|
|
password under your account's security settings.
|
|
|
|
|
3. For other providers: refer to their IMAP/SMTP documentation
|
|
|
|
|
for host names and ports.
|
|
|
|
|
4. Typical IMAP_HOST values: imap.gmail.com, outlook.office365.com.
|
|
|
|
|
5. Typical SMTP_HOST values: smtp.gmail.com, smtp.office365.com.
|
|
|
|
|
disclaimer: >
|
|
|
|
|
The assistant gains read/write access to the mailbox you
|
|
|
|
|
configure. Use a dedicated address rather than a personal
|
|
|
|
|
inbox if you want to limit scope.
|
|
|
|
|
|
