Kill rogue agents. Enforce drift policies. Quarantine threats. Export compliance evidence. Not a dashboard — a control plane that acts.
Quick Start | What It Does | Security | Architecture | Contributing
You have 5 developers running Claude Code, Copilot, Cursor, and Codex across 12 machines. Last Tuesday, one agent modified production config files it shouldn't have touched. You found out two days later.
FCC exists so that never happens again.
It doesn't just show you what agents did — it stops them, enforces policy, quarantines violations, and produces signed evidence for your compliance team.
FCC manages sessions from any AI coding agent — not just one vendor. The node agent scans configurable discovery paths for session data.
| Agents | |
|---|---|
| Major | Claude Code, Codex CLI, GitHub Copilot, Cursor, Codeium/Windsurf, Gemini Code Assist, Augment, Kiro, Amazon Q, Tabnine |
| NVIDIA | NemoClaw, OpenShell, Nemotron |
| Open Source | Continue, OpenHands, Tabby, Goose, OpenCode, Cline |
| Custom | Any agent via discoveryPaths config — no vendor lock-in |
Each agent gets: heartbeat monitoring, stale detection, SOUL files (markdown personality definitions), event timeline, drift scoring, and fleet-wide scorecards.
FCC provides first-class support for NVIDIA's AI agent ecosystem:
| Agent | Role | Discovery Path | Models |
|---|---|---|---|
| NemoClaw | Enterprise AI coding agent stack built on NVIDIA NeMo. Provides tool-augmented code generation with enterprise guardrails. | ~/.nemoclaw |
nemoclaw-enterprise, nemoclaw-lite |
| OpenShell | Secure sandboxed runtime for AI agent execution. Isolates agent processes with GPU-aware resource controls. | ~/.openshell, ~/.config/openshell |
openshell-runtime, openshell-sandbox |
| Nemotron | NVIDIA's open-weight LLM family optimized for coding, reasoning, and agentic workflows. Available in nano (30B), super (120B), and ultra (253B) parameter variants. | Via provider config | nemotron-nano-30b, nemotron-super-120b, nemotron-ultra-253b |
FCC monitors these agents with the same controls as any other provider: sandbox enforcement, drift scoring, policy evaluation, kill switch, and tamper-evident audit logging. Credential files (~/.nemoclaw/credentials.json, ~/.openshell/config.json, ~/.config/openshell/credentials.json) are automatically protected from agent access.
Most agent tools are dashboards. FCC is a policy enforcement engine with teeth:
| Trigger | FCC Action |
|---|---|
| Agent touches files outside allowed paths | Blocked by zero-trust sandbox |
| Drift score exceeds threshold | Escalation ladder: warn → require approval → throttle → quarantine → kill |
| Honeytoken file accessed | Auto-quarantine + evidence bundle generated |
| Agent tries disallowed command | Rejected — typed safe actions only, no remote shell |
| High-risk operation requested | 4-eyes approval required, step-up MFA enforced |
| Security profile violated | Blocked or alerted per minimal/standard/strict profile |
# Kill a single session
node cli/clawcc.js kill session <sessionId>
# Kill all agents on a node
node cli/clawcc.js kill node <nodeId>
# Kill everything, everywhere, now
node cli/clawcc.js kill globalEvery kill generates a signed evidence bundle. Requires admin + step-up MFA. Cannot be triggered by accident.
FCC doesn't just log — it produces machine-verifiable, tamper-evident evidence:
- Append-only JSONL — Events cannot be retroactively modified
- SHA-256 hash chains — Each event references the previous hash; tampering breaks the chain
- Ed25519 signed receipts — Daily root signatures prove chain integrity
- Evidence export — ZIP bundles with events, audit logs, receipts, and integrity hashes
- Secret redaction — Automatic removal of passwords, tokens, and keys from event payloads
- Control mappings — SOC 2, ISO 27001, NIST CSF (COMPLIANCE_PACK.md)
| Feature | What It Does |
|---|---|
| Channels | Broadcast and group messaging between agents with SSE |
| Kanban Tasks | Assign work to agents with enforced status transitions |
| Skills Hub | Browse, install, security-scan, and quarantine agent skills |
| SOUL Files | Define agent personality and behavior in markdown |
| Evaluations | 4-layer scoring (output, trace, component, drift) with quality gates |
| Scheduler | Natural language ("every weekday at 9am") → cron jobs that spawn tasks |
| Projects | Group agents and sessions by project with assignment tracking |
Run FCC across multiple teams or environments. Gateway mode proxies and aggregates:
Team A (FCC) ──┐
Team B (FCC) ──┼── Gateway FCC ── Unified fleet view
Team C (FCC) ──┘
Health checks, circuit breakers, HMAC-signed upstream communication.
git clone https://github.com/alokemajumder/FleetControlCenter.git
cd FleetControlCenter
node control-plane/server.jsOpen http://localhost:3400. Login: admin / changeme.
No npm install. No build step. No Docker required. Zero dependencies.
# Or with Docker
docker compose up -d
# Or on Android
bash termux/setup.sh# On each machine running AI agents:
cp config/node-agent.config.example.json node-agent.config.json
# Set controlPlaneUrl and sharedSecret
node node-agent/agent.jsThe agent daemon scans configured discovery paths for session JSONL files, signs requests with HMAC, spools events offline, and auto-reconnects.
FCC is not "security-aware" — it enforces security by default. See SECURITY_ARCHITECTURE.md for the full threat model.
| Layer | What FCC Does |
|---|---|
| Identity | PBKDF2 (100K iterations, SHA-512), TOTP MFA, recovery codes, API keys (SHA-256 hashed) |
| Authorization | 4-role RBAC + ABAC conditions (environment, time window, risk score, node tags) |
| Agent Sandbox | Command + path allowlists, symlink resolution, traversal prevention, no remote shell |
| Policy Engine | Rule evaluation with drift scoring, enforcement ladders, and simulation lab |
| Secrets | 14+ scanner patterns (AWS, GitHub, Stripe, JWT, PEM), auto-redaction in events |
| Transport | HMAC-SHA256 request signing, nonce replay prevention, timing-safe comparison |
| Audit | Append-only, hash-chained, Ed25519-signed — every action, every actor, every reason |
| Headers | CSP nonces, HSTS, X-Frame-Options, rate limiting, 1MB body limit, ReDoS protection |
Three built-in enforcement levels:
| Profile | Auth failures | File access violations | Policy violations |
|---|---|---|---|
| Minimal | Log | Log | Log |
| Standard | Alert | Alert + audit | Block |
| Strict | Block + lockout | Block + quarantine | Block + kill |
Custom profiles supported. Switch profiles per-environment without code changes.
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Web UI │ │ CLI │ │ Mobile │
│ 21 pages │ │ 20 cmds │ │ PWA │
└────┬─────┘ └────┬─────┘ └────┬─────┘
└──────┬──────┴──────────────┘
│ HTTP / SSE
┌────────┴────────┐
│ Control Plane │──── 31 modules, 24 route files
└────────┬────────┘
│
┌─────────┼─────────┐
│ │ │
┌─┴──┐ ┌──┴──┐ ┌──┴──────┐
│JSONL│ │SQLite│ │Node │
│Store│ │Accel.│ │Agent │
│ │ │(opt.)│ │Daemon(s)│
└────┘ └─────┘ └─────────┘
- Data: Append-only JSONL (source of truth) + optional SQLite acceleration (Node.js 22+)
- Crypto: PBKDF2 + TOTP + HMAC-SHA256 + Ed25519 + SHA-256 chains — all
node:crypto - Dependencies: Zero. The entire stack — server, agent, UI, CLI, PWA — is pure Node.js stdlib
$ ls node_modules
ls: node_modules: No such file or directory
No npm packages. No supply-chain risk. No CVEs from transitive deps. Air-gap deployable. One person can audit the entire codebase.
833 tests. 31 suites. Zero external test frameworks.
node test/run-all.js # Unit tests
node test/e2e-smoke.js # Integration testsCovers: auth, crypto, sandbox, policy, events, intent, gateway, agents, channels, webhooks, scheduler, evaluations, skills, security profiles, secret scanner, knowledge graph, tenants, projects, config, doctor, updater, tasks, and more.
cp config/clawcc.config.example.json clawcc.config.json
node control-plane/server.js- Change the default admin password
- Generate a strong session secret (
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))") - Use HTTPS (directly or via reverse proxy)
- Restrict CORS origins
- Enable MFA for all admin accounts
- Set security profile to
standardorstrict - Consider Tailscale for node-to-control-plane encryption
node cli/clawcc.js status # Fleet overview
node cli/clawcc.js sessions # List sessions across fleet
node cli/clawcc.js drift <sessionId> # Check intent drift score
node cli/clawcc.js kill <target> # Emergency kill (session/node/global)
node cli/clawcc.js evidence <session> # Export signed evidence ZIP
node cli/clawcc.js keygen # Generate Ed25519 key pair
node cli/clawcc.js verify-receipts # Verify receipt chain integrityFCC tracks usage and enforces policy across 16 providers and 30 models:
| Provider | Models |
|---|---|
| Claude Code | claude-sonnet-4-20250514, claude-opus-4-20250514, claude-haiku-4-5-20251001 |
| Codex CLI | codex-mini, o4-mini, o3 |
| GitHub Copilot | gpt-4o, gpt-4o-mini, copilot-agent-v2 |
| Gemini | gemini-2.5-pro, gemini-2.5-flash |
| Cursor | cursor-fast, cursor-slow |
| Codeium/Windsurf | windsurf-cascade, codeium-autocomplete |
| Amazon Q | amazon-q-developer, amazon-q-transform |
| ZeroClaw | zeroclaw-rust-v1 |
| NemoClaw | nemoclaw-enterprise, nemoclaw-lite |
| OpenShell | openshell-runtime, openshell-sandbox |
| Nemotron | nemotron-nano-30b, nemotron-super-120b, nemotron-ultra-253b |
| Goose | goose-default |
| Aider | aider-architect, aider-editor |
| Cline | cline-v3 |
| OpenCode | opencode-default |
- Egress URL allowlisting
- Exportable session replay packs
- Grafana/Prometheus metrics bridge
- Plugin system for custom enforcement actions
See CONTRIBUTING.md. Run tests before submitting:
node test/run-all.js && node test/e2e-smoke.jsBuilt for teams who run AI agents in production and refuse to fly blind.
{ "port": 3400, "mode": "local", // or "fleet" "auth": { "defaultAdminPassword": "changeme", // CHANGE THIS "sessionSecret": "generate-32-bytes" }, "gateway": { "enabled": false }, // Multi-fleet federation "multiTenant": { "enabled": false } // Tenant isolation }