{"id":"alibaba-hiclaw","name":"hiclaw","homepage":"https://hiclaw.io","repo_url":"https://github.com/alibaba/hiclaw","category":"automation","subcategories":[],"tags":["ai-ml","automation","messaging","devtools","infrastructure","multi-agent","matrix","mcp"],"what_it_does":"HiClaw is an open-source Collaborative Multi-Agent OS that coordinates multiple agent “Workers” via a “Manager” agent, using Matrix rooms for transparent human-in-the-loop task coordination. It includes a local/self-hosted Matrix server (Element Web + Matrix backend), a MinIO-backed shared filesystem for inter-agent exchange, and a Higress AI Gateway for proxying/isolating real credentials (workers use consumer tokens).","use_cases":["Human-in-the-loop multi-agent task execution with visible conversation history (Matrix rooms)","Coordinating specialized agents for coding, planning, and tool-using workflows","Self-hosted agent team collaboration without exposing real provider credentials to workers","Integrating external MCP tools safely through a credential-handling gateway"],"not_for":["A lightweight, single-process chatbot (it is an orchestrated multi-container system)","Apps that require a simple public hosted API service (this is primarily self-hosted)","Environments that cannot run Docker/Matrix or want only a REST/SDK integration surface"],"best_when":"You want a self-hosted, observable multi-agent workspace where humans can monitor and intervene in real time, and where credential isolation between coordinator and workers is important.","avoid_when":"You need a minimal REST/GraphQL/SDK API for programmatic access, or you cannot operate a Matrix server plus supporting infrastructure (MinIO, gateway containers).","alternatives":["OpenClaw (native multi-agent runtime without the additional Matrix/gateway orchestration layer)","LangGraph / LangChain agent orchestrations (different tradeoff: typically less room-based human-in-the-loop visibility)","CrewAI/AutoGen-style agent frameworks (often different UX and credential isolation model)","Self-managed Matrix + custom agent orchestration (build your own manager/worker workflow)"],"af_score":40.0,"security_score":61.8,"reliability_score":31.2,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T18:05:12.645294+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Login to the bundled Matrix server (Element IM client)","Worker access via gateway-issued consumer tokens (real credentials stay in the gateway)"],"oauth":false,"scopes":false,"notes":"Documentation emphasizes that workers do not hold real API keys/PATs and use consumer tokens mediated by the Higress AI Gateway. Specific token format/scope model is not detailed in the provided README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source project; pricing for hosted components is not described in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":40.0,"security_score":61.8,"reliability_score":31.2,"mcp_server_quality":55.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":20.0,"tls_enforcement":70.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":40.0,"secret_handling":85.0,"security_notes":"README claims worker agents use only consumer tokens while real credentials (API keys, GitHub PATs) remain in the Higress AI Gateway. This is a strong credential isolation story, but the provided content does not detail scope granularity, token lifetimes, revocation, audit logging, or how TLS is enforced in all modes (local vs external). Also no dependency/SBOM/CVE hygiene details are provided.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This system is chat/room-driven; programmatic agent integration may require understanding the Matrix workflow rather than a clean API surface.","Credential isolation relies on gateway behavior; agent operators should ensure the gateway configuration correctly prevents real credential exposure to workers."]}}