Self-hosted control plane for AI agents: dispatch tasks, review runs, track spend, and operate OpenClaw, Claude Code, Codex, and other runtimes.
# Add to your Claude Code skills
git clone https://github.com/builderz-labs/mission-controlGuides for using ai agents skills like mission-control.
Last scanned: 7/16/2026
{
"issues": [
{
"type": "npm-audit",
"message": "next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next-intl: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"file": "README.md",
"line": 124,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": "README.md",
"line": 129,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": "SKILL.md",
"line": 18,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": "SKILL.md",
"line": 28,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
},
{
"file": "SKILL.md",
"line": 230,
"type": "secret-exfiltration",
"message": "Instruction appears to send credentials/secrets to an external endpoint",
"severity": "medium"
}
],
"status": "PASSED",
"scannedAt": "2026-07-16T06:18:16.875Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}mission-control is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by builderz-labs. Self-hosted control plane for AI agents: dispatch tasks, review runs, track spend, and operate OpenClaw, Claude Code, Codex, and other runtimes. It has 5,763 GitHub stars.
Yes. mission-control passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/builderz-labs/mission-control" and add it to your Claude Code skills directory (see the Installation section above). mission-control ships a SKILL.md manifest, so compatible agents can discover and load it automatically.
mission-control is primarily written in TypeScript. It is open-source under builderz-labs on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh mission-control against similar tools.
No comments yet. Be the first to share your thoughts!
Mission Control (MC) is an AI agent orchestration dashboard with real-time SSE/WebSocket, a skill registry, framework adapters, and RBAC. This skill teaches agents how to interact with MC APIs programmatically.
Base URL: http://localhost:3000 (default Next.js dev) or your deployed host.
Auth header: x-api-key: <your-api-key>
Register + heartbeat in two calls:
# 1. Register
curl -X POST http://localhost:3000/api/adapters \
-H "Content-Type: application/json" \
-H "x-api-key: $MC_API_KEY" \
-d '{
"framework": "generic",
"action": "register",
"payload": { "agentId": "my-agent-01", "name": "My Agent" }
}'
# 2. Heartbeat (repeat every 5 minutes)
curl -X POST http://localhost:3000/api/adapters \
-H "Content-Type: application/json" \
-H "x-api-key: $MC_API_KEY" \
-d '{
"framework": "generic",
"action": "heartbeat",
"payload": { "agentId": "my-agent-01", "status": "online" }
}'
MC supports two auth methods:
| Method | Header | Use Case |
|---|---|---|
| API Key | x-api-key: <key> or Authorization: Bearer <key> |
Agents, scripts, CI/CD |
| Session cookie | Cookie: __Host-mc-session=<token> (HTTPS) or mc-session=<token> (HTTP) |
Browser UI |
Roles (hierarchical): viewer < operator < admin
API key auth grants admin role by default. The key is set via API_KEY env var or the security.api_key DB setting.
Agents can identify themselves with the optional X-Agent-Name header for attribution in audit logs.
register → heartbeat (5m interval) → fetch assignments → report task status → disconnect
All lifecycle actions go through the adapter protocol (POST /api/adapters).
{
"framework": "generic",
"action": "register",
"payload": {
"agentId": "my-agent-01",
"name": "My Agent",
"metadata": { "version": "1.0", "capabilities": ["code", "review"] }
}
}
Send every ~5 minutes to stay marked as online.
{
"framework": "generic",
"action": "heartbeat",
"payload": {
"agentId": "my-agent-01",
"status": "online",
"metrics": { "tasks_completed": 5, "uptime_seconds": 3600 }
}
}
Returns up to 5 pending tasks sorted by priority (critical → low), then due date.
{
"framework": "generic",
"action": "assignments",
"payload": { "agentId": "my-agent-01" }
}
Response:
{
"assignments": [
{ "taskId": "42", "description": "Fix login bug\nUsers cannot log in with SSO", "priority": 1 }
],
"framework": "generic"
}
{
"framework": "generic",
"action": "report",
"payload": {
"taskId": "42",
"agentId": "my-agent-01",
"progress": 75,
"status": "in_progress",
"output": "Fixed SSO handler, running tests..."
}
}
status values: in_progress, done, failed, blocked
{
"framework": "generic",
"action": "disconnect",
"payload": { "agentId": "my-agent-01" }
}
/api/agents| Method | Min Role | Description |
|---|---|---|
| GET | viewer | List agents. Query: ?status=online&role=dev&limit=50&offset=0 |
| POST | operator | Create agent. Body: { name, role, status?, config?, template?, session_key?, soul_content? } |
| PUT | operator | Update agent. Body: { name, status?, role?, config?, session_key?, soul_content?, last_activity? } |
GET response shape:
{
"agents": [{
"id": 1, "name": "scout", "role": "researcher", "status": "online",
"config": {}, "taskStats": { "total": 10, "assigned": 2, "in_progress": 1, "completed": 7 }
}],
"total": 1, "page": 1, "limit": 50
}
/api/tasks| Method | Min Role | Description |
|---|---|---|
| GET | viewer | List tasks. Query: ?status=in_progress&assigned_to=scout&priority=high&project_id=1&limit=50&offset=0 |
| POST | operator | Create task. Body: { title, description?, status?, priority?, assigned_to?, project_id?, tags?, metadata?, due_date?, estimated_hours? } |
| PUT | operator | Bulk status update. Body: { tasks: [{ id, status }] } |
Priority values: critical, high, medium, low
Status values: inbox, assigned, in_progress, review, done, failed, blocked, cancelled
Note: Moving a task to done via PUT requires an Aegis quality review approval.
POST response:
{
"task": {
"id": 42, "title": "Fix login bug", "status": "assigned",
"priority": "high", "assigned_to": "scout", "ticket_ref": "GEN-001",
"tags": ["bug"], "metadata": {}
}
}
/api/skills| Method | Min Role | Description |
|---|---|---|
| GET | viewer | List all skills across roots |
GET ?mode=content&source=...&name=... |
viewer | Read a skill's SKILL.md content |
GET ?mode=check&source=...&name=... |
viewer | Run security check on a skill |
| POST | operator | Create/upsert skill. Body: { source, name, content } |
| PUT | operator | Update skill content. Body: { source, name, content } |
DELETE ?source=...&name=... |
operator | Delete a skill |
Skill sources: user-agents, user-codex, project-agents, project-codex, openclaw
/api/status| Action | Min Role | Description |
|---|---|---|
GET ?action=overview |
viewer | System status (uptime, memory, disk, sessions) |
GET ?action=dashboard |
viewer | Aggregated dashboard data with DB stats |
GET ?action=gateway |
viewer | Gateway process status and port check |
GET ?action=models |
viewer | Available AI models (catalog + local Ollama) |
GET ?action=health |
viewer | Health checks (gateway, disk, memory) |
GET ?action=capabilities |
viewer | Feature flags: gateway reachable, Claude home, subscriptions |
/api/adapters| Method | Min Role | Description |
|---|---|---|
| GET | viewer | List available framework adapter names |
| POST | operator | Execute adapter action (see Agent Lifecycle above) |
All agent lifecycle operations use a single endpoint:
POST /api/adapters
Content-Type: application/json
x-api-key: <key>
{
"framework": "<adapter-name>",
"action": "<action>",
"payload": { ... }
}
Available frameworks: generic, openclaw, crewai, langgraph, autogen, claude-sdk
Available actions: register, heartbeat, report, assignments, disconnect
All adapters implement the same FrameworkAdapter interface — choose the one matching your agent framework, or use generic as a universal fallback.
Payload shapes by action:
| Action | Required Fields | Optional Fields |
|---|---|---|
register |
agentId, name |
metadata |
heartbeat |
agentId |
status, metrics |
report |
taskId, agentId |
progress, status, output |
assignments |
agentId |
— |
disconnect |
agentId |
— |
| Variable | Default | Description |
|---|---|---|
API_KEY |
— | API key for agent/script authentication |
OPENCLAW_GATEWAY_HOST |
127.0.0.1 |
Gateway host address |
OPENCLAW_GATEWAY_PORT |
18789 |
Gateway port |
OPENCLAW_STATE_DIR |
~/.openclaw |
OpenClaw state directory |
OPENCLAW_CONFIG_PATH |
<state-dir>/openclaw.json |
Gateway config file path |
MC_CLAUDE_HOME |
~/.claude |
Claude home directory |
MC broadcasts events via SSE (/api/events) and WebSocket. Key event types:
agent.created, agent.updated, agent.status_changedtask.created, task.updated, task.status_changedSubscribe to SSE for live dashboard updates when building integrations.
Self-hosted control plane for operating AI agents.
Dispatch tasks, inspect runs, review failures, track spend, and coordinate agent runtimes from one local dashboard backed by SQLite.

[!WARNING] Mission Control is alpha software. APIs, schemas, and configuration may change between releases. Read the security guidance before exposing it to a network.
Node.js 22 or newer and pnpm are required for a source install.
git clone https://github.com/builderz-labs/mission-control.git
cd mission-control
bash install.sh --local
Open http://localhost:3000/setup, create the first admin account, then copy the API key
from Settings if an agent or script needs headless access.
The manual path is useful when you already manage Node and pnpm:
nvm use 22
pnpm install
pnpm dev
Windows users can run ./install.ps1 -Mode local in PowerShell.
docker compose up
Or run the published multi-architecture image:
docker pull ghcr.io/builderz-labs/mission-control:latest
docker run --rm -p 3000:3000 ghcr.io/builderz-labs/mission-control:latest
Use the hardened Compose overlay for a network-accessible deployment:
docker compose -f docker-compose.yml -f docker-compose.hardened.yml up -d
The deployment guide covers persistent data, TLS termination, gateway connectivity, and standalone builds.
The control plane sits above agent runtimes. It does not replace their reasoning or tool loops. It gives operators one place to see and govern the work around those loops.
| Area | Shipped surface |
|---|---|
| Tasks | Inbox, assignment, execution, review, Aegis quality gate, and completion receipts |
| Agents | Registration, presence, sessions, runtime adapters, configuration, and workspace sync |
| Operations | Activity stream, schedules, alerts, webhooks, logs, token use, and cost views |
| Knowledge | Memory browser, relationship graph, skills registry, and local skill synchronization |
| Governance | Roles, API keys, security events, trust signals, approvals, audits, and evals |
| Interfaces | Web UI, CLI, MCP server, OpenAPI-described REST API, WebSocket, and SSE |
The runtime is self-hosted and workspace-aware. SQLite stores local control-plane state. Shared workspaces can use deployment-level runtime integrations. Strict workspaces block those integrations until the underlying resources carry workspace ownership. A gateway is optional for task, project, agent, scheduler, webhook, alert, and cost work; live session messaging needs a connected runtime gateway.
Dashboards compress a sequence into current state. When a run needs review, record the identity, task, tool call, approval, result, and verification evidence before changing it. Keep unresolved items distinct from accepted risk.

Logs show what ran. A completion receipt or inspected artifact shows what finished.
Use Mission Control when multiple agents or runtimes make it hard to answer who owns a task, what executed, which result passed review, or where spend and failures accumulated.
It is probably the wrong tool when:
Adapters and observation surfaces cover OpenClaw, Claude Code, Codex, CrewAI, LangGraph, AutoGen, and Claude SDK workflows. Adapter depth varies by runtime; see agent setup and CLI integration before assuming feature parity.
The shortest gateway-free loop uses the REST API. Export the URL and API key shown in Settings:
export MC_URL=http://localhost:3000
export MC_API_KEY=replace-with-your-api-key
Register an agent and create work:
curl -s -X POST "$MC_URL/api/agents/register" \
-H "Authorization: Bearer $MC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name":"scout","role":"researcher"}'
curl -s -X POST "$MC_URL/api/tasks" \
-H "Authorization: Bearer $MC_API_KEY" \
-H "Content-Type: application/json" \
-d '{"title":"Review open incidents","assigned_to":"scout","priority":"medium"}'
The agent can then claim its queue:
curl -s "$MC_URL/api/tasks/queue?agent=scout" \
-H "Authorization: Bearer $MC_API_KEY"
Continue with the first-agent quickstart for heartbeats, task results, queue behavior, CLI equivalents, and MCP setup.
pnpm mc agents list --json
pnpm mc tasks queue --agent scout --json
pnpm mc events watch --types agent,task
claude mcp add mission-control -- \
env MC_URL=http://127.0.0.1:3000 MC_API_KEY=replace-with-your-api-key \
node /absolute/path/to/mission-control/scripts/mc-mcp-server.cjs
Use the CLI and MCP reference for the current command and tool
surface. The REST contract lives in openapi.json. A running instance serves
the interactive reference at /docs and the OpenAPI JSON at /api/docs.
The task board tracks work through inbox, assignment, execution, review, quality review, and completion. Aegis review requires an approval record before a task reaches done.

Agent views combine registration state, heartbeats, sessions, configuration, local runtime discovery, and workspace files.

The memory browser and relationship graph inspect filesystem-backed memory and linked session knowledge. The Skills Hub discovers local skill roots and scans registry content before installation.

Recurring task templates create dated work on a cron schedule. The activity stream combines agent, task, and system events for operator review.


| Guide | Use it for |
|---|---|
| Quickstart | Register an agent and run the first task loop |
| Agent setup | Sources, identities, SOUL files, and heartbeats |
| Orchestration | Dispatch, handoffs, workflows, and review gates |
| CLI and MCP | Headless commands and agent tools |
| CLI integration | Claude Code, Codex, and gateway-free connections |
| Deployment | Local, Docker, standalone, reverse proxy, and VPS setup |
| Security hardening | Network, container, CSP, and secret controls |
| OpenClaw compatibility | Config and state-directory behavior |
| Release process | Versioning, tags, images, and release checks |
Web UI ─┐
CLI ────┼── auth ─ dispatch ─ events ─ policy ─ receipts
MCP ────┤ │
REST ───┘ SQLite + agent runtimes
| Layer | Technology |
|---|---|
| Application | Next.js 16 App Router, React 19, TypeScript 5 |
| Interface | Tailwind CSS 4, Zustand, Recharts, xterm.js |
| State | SQLite through better-sqlite3, with WAL mode |
| Boundaries | REST/OpenAPI, MCP, CLI, WebSocket, and SSE |
| Access | Session cookies, API keys, Google sign-in, and role checks |
| Validation | Zod at input boundaries |
| Verification | Vitest, Playwright, ESLint, TypeScript, build, and API parity checks |
Runtime data defaults to .data/. Set MISSION_CONTROL_DATA_DIR to an absolute persistent
path for standalone deployments. The complete environment contract is in
.env.example.
MC_ALLOWED_HOSTS are configured.Access controls and security inspection surfaces are included, but alpha status still applies. Read SECURITY-HARDENING.md before relying on a network-accessible deployment.
pnpm install --frozen-lockfile
pnpm lint
pnpm typecheck
pnpm test
pnpm build
pnpm test:e2e
pnpm quality:gate runs the full repository gate. Useful diagnostics:
bash scripts/station-doctor.sh
bash scripts/security-audit.sh
pnpm api:parity
Common local failures:
| Symptom | Check |
|---|---|
| Login returns an internal error after changing Node versions | Run pnpm rebuild better-sqlite3 |
| Docker cannot reach the gateway | Set OPENCLAW_GATEWAY_HOST=host.docker.internal |
| Browser WebSocket cannot |