Friday

Name: Friday
Author: thesongzhu

Warning

918stars

117forks

TypeScript

Added 5/4/2026

Installation

# Add to your Claude Code skills
git clone https://github.com/thesongzhu/Friday

Getting Started

Guides for using ai agents skills like Friday.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportWarning

Last scanned: 5/16/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "express-rate-limit: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono has CSS Declaration Injection via Style Object Values in JSX SSR",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "protobufjs: protobuf.js: Code injection through bytes field defaults in generated toObject code",
      "severity": "high"
    }
  ],
  "status": "WARNING",
  "scannedAt": "2026-05-16T06:21:17.642Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is Friday?

Friday is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by thesongzhu. AI. It has 918 GitHub stars.

Is Friday safe to use?

Friday returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.

How do I install Friday?

Clone the repository with "git clone https://github.com/thesongzhu/Friday" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is Friday written in?

Friday is primarily written in TypeScript. It is open-source under thesongzhu on GitHub, so you can review or fork the full source.

Are there alternatives to Friday?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Friday against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

217,466

PokeClaw notchi

What Is Friday?

Friday is a self-hosted personal AI and automation runtime: a local-first application layer that helps AI agents turn user-approved goals into verified work.

It is meant to feel less like a blank chatbot and more like a private execution partner: you give a goal, Friday checks what it can do, uses configured capabilities, asks for the human-only pieces, executes, verifies the result, and records what it learned. Capability acquisition and self-upgrade flows are active work and should be treated as review-gated WIP rather than a fully autonomous promise.

Friday is not a magic fully autonomous system. It will not create accounts for you, bypass CAPTCHA, pay for services, take production-changing actions, or use credentials you have not provided. Its job is to do the work it can safely do, stop clearly when it needs you, and leave evidence behind.

Current Release Posture

Friday is a public v1 local candidate distributed via npm/source only, not a release-complete claim for every integration in the repository.

Current public claims focus on the local UI, local runtime, BYOK setup, supervised operator workflows, memory, evidence, approval-gated tool use, and configured trusted-channel inbound on Discord, Telegram, and Lark/Feishu (proven by same-SHA Real Green Gate channel artifacts).
The current proof track does not claim outbound channel control automation, cloud live certification, external OTEL/Grafana export, desktop / Homebrew / notarized macOS / mobile distribution, "all integrations live", or release-complete-all.
Slack HTTP Events-API inbound and QQ remain unsupported in this release.
Real Green Gate success is counted only when the artifact is for the same SHA, has nonzero scenarios, all scenarios pass, and blockers are empty.
blocked_by_env, mock-only tests, workflow success alone, stale artifacts, and wrong-SHA artifacts are not release proof.
Dogfood gate for 1.0.1 closed as dogfood_partial_pass (UX 7.78/10 weighted). The published npm 1.0.2 package still carries the original nine proof-pending headlines. GitHub-visible source after 1.0.2 has closed several deterministic slices and is staged as a 1.0.3 package candidate, but 1.0.3 is not published until a future authorized release; see docs/public-v1-local-candidate.md.

The Product Loop

You give a goal. Example: "Read these PDFs, compare them with the latest web results, and save a short summary with citations."
Friday checks capabilities. It looks for text, vision, OCR, web search, PDF, file, browser, optional channel, model, memory, and workflow support.
Friday reports or drafts gap closure. It can search installed skills, trusted catalogs, MCP servers, local files, package registries, OpenAPI specs, and the web for candidate tools or skills. Generated or imported skills start as candidates, not as immediately runnable capabilities.
Friday asks when humans are required. API keys, OAuth, paid plans, CAPTCHA, logins, sensitive permissions, and high-risk actions go through a human gate.
Friday runs and verifies. It executes through skills, tools, workflows, browser/desktop control, or channel adapters, then checks the result.
Friday learns safely. It can store auditable memories, learned facts, routing signals, setup recipes, candidate skills, eval cases, and failure lessons. Learned signals do not automatically become unquestioned truth.

What Friday Can Do

Area	What Friday is built to do	Boundary
Chat and task execution	Answer, plan, execute tool-backed work, show progress, and recover from failures	Depends on configured providers and granted tools
Text, vision, OCR, PDF, files	Route work to configured providers or built-in parsers, then report what is missing when a lane is unavailable	Vision/OCR/TTS depend on provider support and credentials
Web and browser work	Use configured web search providers, local browser control, and workflow steps	Login, payment, CAPTCHA, and sensitive accounts require the user
Skills and workflows	Import, validate, stage, promote, run, verify, update, and roll back reusable skills/workflows where the lifecycle is closed	Generated or imported skills are candidates until review, canary, and promotion gates pass; workflow upgrade proof is not identical to skill lifecycle proof
Memory and self-improvement	Store explicit preferences, learned facts, lessons, provider routing signals, recipes, evals, and recovery notes	User-visible, auditable, and reversible; learned signals are not hidden model training, unquestioned truth, or guaranteed prompt behavior
Self-healing	Detect failures, propose fixes, and run low-risk repairs only where the path is wired, configured, and evidence-backed	Dispatcher-style auto-fix is default-off; high-risk or data-changing repairs require approval, receipts, and rollback or an explicit non-reversible record
Optional channel adapters	Connect Discord, Telegram, and Feishu/Lark trusted-inbound (proven via same-SHA Real Green Gate channel artifacts on the release SHA) where configured; other configured channels remain optional surfaces	Channels are configured-only surfaces; outbound channel control automation is not part of the public v1 local release claim; Slack HTTP Events-API inbound and QQ are `unsupported`; sensitive actions still require confirmation
Long-running goals	Run user-authorized standing goals, create agenda items, gather evidence, and report outcomes	Friday is goal-driven by the user; it does not invent unrelated long-term agendas

Setup

Option 1 - npm package

npm install -g @thesongzhu/friday
friday start
# Open http://localhost:3141

Option 2 - from source

git clone https://github.com/thesongzhu/Friday.git
cd Friday
bash scripts/ops/friday-first-run.sh
# Or on macOS, double-click "Friday Setup.command"

The first-run helper installs dependencies, builds Friday, starts the local runtime, and opens the setup page. On macOS it also attempts to install the login startup agent and menu-bar companion (an unsigned local-source build — not a notarized or release-proven desktop distribution; see the capability matrix) so Friday can come back after restart. If you run it from Desktop, Documents, or Downloads, it prepares the launchd-safe runtime at ~/Friday automatically before installing the login agents.

Option 3 - manual source start

git clone https://github.com/thesongzhu/Friday.git
cd Friday
npm install
npm run build
npm start
# Open http://localhost:3141

Option 4 - Docker from source

docker compose -f docker/docker-compose.yml up --build
# Open http://localhost:3141

First-run setup guides you through providers, local permissions, and optional capabilities. Channel setup is optional and must verify the configured channel before it is treated as available. After setup, Friday should open directly to Home.

Providers And Keys

Friday is BYOK: you bring the model and search/API credentials you want to use.

The setup flow should answer four questions for every capability:

Do I have this capability?
If not, what exactly is missing?
Where do I configure it?
After configuration, can Friday verify it with a real task?

Typical provider lanes include OpenAI, Doubao/Volcengine, Moonshot, Anthropic, Google, OpenRouter, Tavily, Serper, local browser/PDF/file tooling, MCP servers, and custom skills. A missing key or account is not treated as success; Friday should show it as a human blocker with the next configuration step.

Capability Self-Acquisition (WIP)

When Friday does not have a capability for a goal, the target closed loop is:

goal -> capability gap -> candidates -> sandbox/test -> approval if required -> install/register -> doctor verify -> execute

This loop is not yet a blanket production guarantee. Current builds can report gaps and exercise parts of the workflow, while generated skills, self-upgrades, and adjustment-fidelity paths remain review-gated and covered by ongoing stress tests. Allowed automatic steps depend on policy. Searching, analysis, draft generation, and sandbox verification are low-risk by default. Downloading code, installing packages, writing config, registering tools, shell access, and external network calls are governed by the autonomy policy. OAuth, payment, CAPTCHA, API keys, sensitive permissions, and production writes always require the user.

Memory, Growth, And Repair

Friday's self-improvement is intentionally boring and inspectable:

Memory facts: preferences, project rules, recurring context, and user corrections.
Routing preferences: which provider worked best for which kind of job.
Recipes: setup and recovery steps that worked.
Skills and workflows: generated or improved artifacts with tests