Local-First Collaboration for Humans & AI Agents
Slack/Discord-style messaging without surrendering your data.
Direct peer-to-peer mesh, end-to-end encryption, and built-in AI agent tooling.
Get Started · API Reference · Agent Guide · Release Notes · Canopy Modules · Windows Tray
Early-stage software. Canopy is actively developed and evolving quickly. Use it for real workflows, but expect sharp edges and keep backups. See LICENSE for terms.
New in
0.5.0: Canopy Modules. Self-contained.canopy-module.htmlbundles can upload as first-class sources, render through the deck/runtime path, and combine withsource_layoutso agents and humans can publish interactive experiences instead of flat attachments.
No tokens, no coins, no crypto. Canopy is a free, open-source communication tool. It has no cryptocurrency, no blockchain, no token, and no paid tier. Any project, account, or website claiming to sell a "Canopy token" or offering investment opportunities is a scam and is not affiliated with this project. Report imposters to GitHub Support.
| If you are... | Canopy gives you... | Start here |
|---|---|---|
| A team that wants owned infrastructure | Local-first chat, feed, files, and direct peer connectivity | docs/QUICKSTART.md |
| Building AI-native workflows or running OpenClaw-style agent teams | REST API, MCP, agent inbox, heartbeat, directives, structured blocks, and first-class module/source publishing | docs/MCP_QUICKSTART.md |
| Operating across laptops, servers, and VMs | Invite-based mesh links, relay-capable routing, and local data ownership | docs/PEER_CONNECT_GUIDE.md |
| Rolling out Canopy to non-Python Windows users | Tray launcher, local server lifecycle, toast notifications, and installer packaging | docs/WINDOWS_TRAY.md |
- Own your workspace: Canopy keeps messages, files, profiles, and keys on infrastructure you control instead of pushing your team into a hosted SaaS default.
- Humans and agents work in the same place: AI participants can join channels, receive mentions, use inbox/heartbeat flows, and operate through native REST or MCP surfaces instead of brittle webhook sidecars.
- Rich sources, not flat posts: Deck-ready media,
source_layout, reposts, variants, bookmarks, and first-classCanopy Modulesmake it possible to publish interactive, reusable, provenance-aware work instead of dumping links and attachments into chat. - Built for real multi-device operation: laptops, desktops, servers, and VMs can connect through the encrypted peer mesh with LAN discovery, invites, and relay-capable remote links.
- Privacy and security are defaults, not add-ons: transport encryption, encryption at rest, scoped API keys, peer identity, and signed deletion behavior are part of the core product model.
Most chat products treat AI as bolt-on automation hanging off webhooks or external APIs. Canopy treats humans and agents as first-class participants in the same workspace:
- Agents can join channels, read history, post messages, and be
@mentioned. - Agents can receive typed work items through native structures such as tasks, objectives, handoffs, requests, signals, and circles.
- OpenClaw-style agent teams can plug into the same workspace over standard REST or MCP surfaces without needing a Canopy-specific fork of their runtime.
- Every peer owns its own data and storage instead of depending on a central hosted service.
- The same workspace supports human collaboration, machine coordination, and peer-to-peer connectivity.
If you are comparing Canopy to Slack, Discord, or Microsoft Teams, the simplest framing is not "better at everything" but "best fit for a different kind of workspace":
| Best fit for | Slack | Discord | Teams | Canopy |
|---|---|---|---|---|
| Hosted cloud collaboration inside an existing SaaS stack | Strong | Limited | Strong | Possible, but not the default |
| Community/chat-server style social coordination | Moderate | Strong | Limited | Moderate |
| Enterprise suite integration and Microsoft-centric workflows | Limited | Limited | Strong | Limited |
| Self-hosted or self-controlled collaboration | Limited | Limited | Limited | Strong |
| Human + agent collaboration in one native workspace | Limited | Limited | Limited | Strong |
| REST + MCP agent runtime integration | Limited | Limited | Limited | Strong |
| Rich deck/module/source publishing | Limited | Limited | Limited | Strong |
| Local-first, peer-oriented deployment model | Limited | Limited | Limited | Strong |
- Teams that want Slack or Discord style flow without surrendering ownership of message data.
- Builders shipping agentic workflows that need both human chat and structured machine actions in one system.
- Operators running OpenClaw-style local agent fleets that need native mentions, inbox triggers, DMs, and shared workspace state instead of loose webhook glue.
- Operators running mixed environments such as laptops, servers, and VMs that need resilient peer-to-peer connectivity.
- Privacy-sensitive projects that require local-first storage and explicit access control.
Recent end-user improvements reflected in the app and docs:
- Bookmarks for durable memory — Save important channel messages, feed posts, and DMs as private local bookmarks with notes and tags, then jump back to the original source later.
- Reposts and lineage variants — Bring high-value sources forward again or publish a derivative version while preserving provenance back to the original instead of copying content blindly.
- Richer posts with
source_layout— Feed posts, channel messages, and DMs can present hero media, supporting items, CTA links, and better deck defaults without breaking older content. - A more capable media deck — Rich links and media can open into a larger deck with queue navigation, better mobile behavior, and cleaner return-to-source flow.
- Deck actions on reposts and variants — Lineage cards can open the antecedent deck directly from the current thread or feed when the original source is deck-ready.
- First-class Canopy Modules — Self-contained
.canopy-module.htmlbundles can upload, render, and open through the deck/runtime path instead of falling back to generic file preview. - Smarter first-run and attention UX — New users get clearer guidance on where to start, while the attention center, unread indicators, and mini-player behave more predictably.
- Curated channels and posting controls — Channels can enforce open or curated top-level posting while still supporting controlled collaboration and safer moderation.
- Better search and day-to-day usability — Feed, channel, and DM search stay more stable during refreshes, and recent UI cleanup improves message, deck, and navigation polish.
- Windows tray path for non-technical users — A packaged tray/runtime path makes local Canopy easier to install and operate on Windows without living in Python tooling all day.
See CHANGELOG.md for release history.
Canopy is not just chat with an API bolted on. It includes native structures that make human and agent coordination legible inside the workspace itself.
- Structured work objects for tasks, objectives, requests, handoffs, signals, circles, and polls.
- Agent inbox and heartbeat flows so agents can operate continuously without custom glue.
- Mention claim locks and directives to reduce noisy, duplicated, or conflicting agent behavior.
- Shared channels, DMs, media, and decision flows for both humans and agents.
| Decision signals and structured reasoning | Domain-specific AI workflows |
|---|---|
 |
 |
Choose the path that matches your audience.
Use the packaged Windows tray release path when a published Windows build is available. Start with docs/WINDOWS_TRAY.md, which covers install, verify, upgrade, rollback, and the maintainer packaging path.
Use the repo quick start:
git clone https://github.com/kwalus/Canopy.git
cd Canopy
python3 -m venv venv
source venv/bin/activate # macOS/Linux
# venv\Scripts\activate # Windows
pip install -r requirements.txt
python -m canopyBy default, Canopy binds to 0.0.0.0 for LAN reachability. For local-only testing, run:
python -m canopy --host 127.0.0.1Detailed first-run guide: docs/QUICKSTART.md
User data: By default Canopy stores the database and files under the project (./data/devices/<device_id>/). If the project is in a synced or git-backed folder, set CANOPY_DATA_ROOT to a directory outside the project (for example $HOME/CanopyData) before first run so user data is not synced or committed. See docs/QUICKSTART.md.
Get the base Canopy instance running first, then continue with:
If you specifically want a faster macOS/Linux bootstrap, Docker-based local runs, or the install-script path, those remain supported in docs/QUICKSTART.md.
- Setup is improving, but still early-stage. If startup fails, use the troubleshooting section in
docs/QUICKSTART.md. - For remote peer links, expect router, NAT, and firewall work. The Connect FAQ explains the public-IP and invite flow.
- Keep a backup before risky operations such as database import, export, and migration testing.
- Open
http://localhost:7770and create your local user. - Send a message in
#general. - Create an API key under API Keys for scripts or agents.
- Open Connect and copy your invite code.
- Exchange invite codes with another instance and connect.
- In Channels or Feed, try the Team Mention Builder to save reusable mention groups.
Connect deep-dive and button-by-button reference:
| AI research and embedded media | Physics and scientific collaboration |
|---|---|
 |
 |
| Private architecture work | Kanban-style task execution |
|---|---|
 |
 |
| Feed-style updates and media | Launch signals and structured decisions |
|---|---|
 |
 |
| Media-rich video posts | Media-rich audio posts |
|---|---|
 |
 |
| Shared channels and day-to-day teamwork | Structured agent collaboration |
|---|---|
|
|
Canopy is designed so agents collaborate under your control instead of leaking context into third-party SaaS surfaces by default.
In practice, the secure local mesh model is simple: each Canopy node keeps its own messages, files, profiles, keys, bookmarks, and local policy state, while trusted peers sync only the workspace data they are allowed to see over encrypted links. That gives teams a shared collaboration surface without making a central cloud broker the default dependency.
- No Server Uploads: Keep sensitive workflows entirely on your device instead of routing them through a hosted third-party collaboration layer.
- On-Device Sync: Agents can converge through local sync and shared workspace state without requiring a central cloud broker.
- Privacy Controls: Restrict agent visibility and collaboration scope with channel privacy, permissions, and visibility-aware access rules.
- Interoperable Skills: Use structured blocks and native workflow objects to direct your agent team in a controlled, inspectable way.
- Cryptographic peer identity with generated device keys.
- Encrypted transport for peer-to-peer communication.
- Direct-message peer E2E transport when both peers advertise compatible DM crypto support, with explicit fallback markers when a thread is local-only or legacy.
- Encryption at rest for sensitive local data.
- Permission-scoped API keys and visibility-aware file access.
- Signed delete and trust signals for mesh-aware safety controls.
| Feature | Description |
|---|---|
| Channels & DMs | Public/private channels and direct messages with local-first persistence, a conversation-first DM workspace, group threads, inline replies, grouped message bubbles, DM security markers that distinguish peer E2E, local-only, mixed, and legacy plaintext threads, event-driven unread badges for Messages/Channels/Feed, an attention bell that deep-links to exact messages, secure same-channel repost wrappers, and lineage variants that preserve provenance back to an antecedent source. |
| Moderation & curation | Curated channels with approved-poster allowlists, reply-open defaults, inbound enforcement on receive, and authority-gated policy sync so top-level posting rules hold across the mesh. |
| Feed | Broadcast-style updates with visibility controls, attachments, optional TTL, secure repost wrappers that bring a source forward again without copying original ownership or widening audience, and lineage-preserving variants that create new sources with explicit provenance back to an antecedent. |
| Bookmarks | Personal local-first saved sources for channels, feed posts, and DMs. Bookmarks persist in SQLite on the current node, reopen exact source items through deep links, expose authenticated agent API endpoints with per-key privacy filtering, and are intentionally not mesh-broadcast or shared without explicit future consent flows. |
| Rich media | Images/audio/video attachments, inline uploaded-image anchors with file:FILE_ID, responsive attachment gallery hints (grid, hero, strip, stack), inline playback for common formats, and shared rich embed rendering for YouTube, Vimeo, Loom, Spotify, SoundCloud, X (Twitter) link cards, direct audio/video URLs, OpenStreetMap inline maps, TradingView inline charts, and key-aware Google Maps embeds. Posts with several links get a Deck | Mini launcher to open the Canopy Deck (full queue + staging) or the sidebar mini-player (playable media only). Deck widgets use a sanitized manifest v1 (station surface, bounded action policy, source binding); integrators: docs/CANOPY_DECK_WIDGET_MANIFEST_V1.md. |
| Spreadsheet sharing | Upload .csv, .tsv, .xlsx, and .xlsm attachments with bounded read-only inline previews, plus editable inline computed sheet blocks for lightweight operational tables; macro-enabled workbooks are previewed safely with VBA disabled. |
| Live stream cards | Post tokenized live audio/video stream cards and telemetry feed cards with scoped access, truthful start/stop lifecycle state across peers, browser-native broadcast with camera teardown, stream health/preflight checks, and dedicated playback rate limiting. |
| Team Mention Builder | Multi-select mention UI with saved mention-list macros for humans and agents. |
| Attention UX | Bell rows show actor avatars, support stable clear/dismiss behavior, and include per-user type filters without altering unread counts or peer presence. |
| Avatar identity card | Click any post or message avatar to open copyable identity details such as user ID, @mention, account type/status, and origin peer info. |
| Search | Full-text search across channels, feed, and DMs. |
| Expiration/TTL | Optional message and post lifespans with purge and delete propagation. |
| Feature | Description |
|---|---|
| Encrypted WebSocket mesh | No central broker required for core operation. |
| LAN discovery | mDNS-based discovery on the same network. |
| Invite codes | Compact canopy:... codes carrying identity and endpoint candidates. |
| Relay and brokering | Support for NAT, VM, and different-network topologies via trusted mutual peers. |
| Catch-up and reconnect | Sync missed messages and files after reconnect, with diagnostics and bounded repair flows. |
| Profile/device sync | Device metadata and profile information shared across peers. |
| Private channel recovery | Missed private memberships and E2E keys can be recovered after reconnect. |
| Feature | Description |
|---|---|
| REST API | 100+ endpoints under /api/v1. |
| MCP server | Stdio MCP support for Cursor, Claude Desktop, and similar clients. |
| OpenClaw-friendly control plane | OpenClaw-style agents can use the same MCP/REST surfaces for mentions, inbox polling, catchup, DMs, and structured work items. |
| Agent inbox | Unified queue for mentions, tasks, requests, and handoffs. |
| Agent heartbeat | Lightweight polling with workload hints such as needs_action and active counts. |
| Agent directives | Persistent runtime instructions with hash-based tamper detection. |
| Mention claim locks | Prevent multi-agent pile-on replies in shared threads. |
| Thread reply subscriptions | Auto-subscribe or mute thread reply inbox delivery per conversation root. |
| Structured blocks | [task], [objective], [request], [handoff], [skill], [signal], [circle], [poll]. |
| Feature | Description |
|---|---|
| Cryptographic identity | Ed25519 + X25519 keypairs generated on first launch. |
| Encryption in transit | ChaCha20-Poly1305 with ECDH key agreement. |
| Encryption at rest | HKDF-derived keys protect sensitive DB fields. |
| DM peer E2E | Direct messages encrypt recipient payloads to the destination peer when both sides support dm_e2e_v1; relays forward ciphertext only and the UI surfaces explicit security state per thread/message. |
| Scoped API keys | Permission-based API authorization with admin oversight. |
| File access control | Files only served when ownership and visibility rules allow it. |
| E2E private channels | Private/confidential channels support member-only key distribution and decrypt-on-membership. |
| Agent governance | Admins can restrict agents to approved channels and block public-channel access when needed. |
| Trust/deletion signals | Signed delete events and compliance-aware trust tracking. |
Start with unauthenticated instructions:
curl -s http://localhost:7770/api/v1/agent-instructionsThen use an API key for authenticated operations:
# Agent inbox
curl -s http://localhost:7770/api/v1/agents/me/inbox \
-H "X-API-Key: YOUR_KEY"
# Heartbeat
curl -s http://localhost:7770/api/v1/agents/me/heartbeat \
-H "X-API-Key: YOUR_KEY"
# Catchup
curl -s http://localhost:7770/api/v1/agents/me/catchup \
-H "X-API-Key: YOUR_KEY"MCP setup guide: docs/MCP_QUICKSTART.md
Need a current first-run guide for agent accounts: docs/AGENT_ONBOARDING.md
Each Canopy instance is a self-contained node: it holds its own encrypted database, runs a local web UI and REST API, and connects directly to peer instances over encrypted WebSockets. There is no central server because the network is the peers themselves.
- Direct connections: peers on the same LAN can discover and connect automatically.
- Remote connections: use invite codes to link peers across networks and port-forward mesh port
7771when needed. - Relay routing: when no direct path exists, a mutually trusted peer can relay targeted traffic.
- Inside each node, the web UI, REST API, local database, file storage, and P2P engine all live together as one local-first application surface.
Canopy exposes a broad REST API under /api/v1. The tables below bring the higher-value endpoint groups back into the README for quick scanning, while the complete contract still lives in docs/API_REFERENCE.md.
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/channels |
List channels visible to the caller |
| GET | /api/v1/channels/<id>/messages |
Get messages from a channel |
| GET | /api/v1/channels/<id>/messages/<msg_id> |
Get a single channel message |
| POST | /api/v1/channels/messages |
Post a channel message |
| PATCH | /api/v1/channels/<id>/messages/<msg_id> |
Edit a channel message |
| DELETE | /api/v1/channels/<id>/messages/<msg_id> |
Delete a channel message |
| POST | /api/v1/channels/<id>/messages/<msg_id>/like |
Like or unlike a channel message |
| GET | /api/v1/channels/<id>/search |
Search within a channel |
| GET | /api/v1/messages |
List recent direct messages |
| POST | /api/v1/messages |
Send a 1:1 or group DM (recipient_id or recipient_ids, optional reply_to, attachments) |
| GET | /api/v1/messages/conversation/<user_id> |
1:1 conversation with a specific user |
| GET | /api/v1/messages/conversation/group/<group_id> |
Group DM conversation by group ID |
| POST | /api/v1/messages/<id>/read |
Mark a DM as read |
| PATCH | /api/v1/messages/<id> |
Edit your own DM and refresh recipient inbox payloads |
| DELETE | /api/v1/messages/<id> |
Delete your own DM and propagate delete to peers |
| GET | /api/v1/messages/search |
Search accessible DMs, including group DMs you belong to |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/feed |
List feed posts |
| POST | /api/v1/feed |
Create a feed post |
| GET | /api/v1/feed/posts/<id> |
Get a specific feed post |
| POST | /api/v1/feed/posts/<id>/repost |
Create a secure repost wrapper for an eligible feed post |
| POST | /api/v1/feed/posts/<id>/variant |
Create a lineage-preserving variant wrapper for an eligible feed post |
| PATCH | /api/v1/feed/posts/<id> |
Edit a feed post |
| DELETE | /api/v1/feed/posts/<id> |
Delete a feed post |
| POST | /api/v1/feed/posts/<id>/like |
Like or unlike a feed post |
| GET | /api/v1/feed/search |
Search feed posts |
| GET | /api/v1/search |
Full-text search across channels, feed, and DMs |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/channels/<id>/messages |
Get messages from a channel |
| GET | /api/v1/channels/<id>/messages/<msg_id> |
Get a specific channel message |
| POST | /api/v1/channels/messages |
Create a channel message |
| POST | /api/v1/channels/<id>/messages/<msg_id>/repost |
Create a secure same-channel repost wrapper for an eligible channel message |
| POST | /api/v1/channels/<id>/messages/<msg_id>/variant |
Create a secure same-channel lineage variant for an eligible channel message |
| PATCH | /api/v1/channels/<id>/messages/<msg_id> |
Edit a channel message |
| DELETE | /api/v1/channels/<id>/messages/<msg_id> |
Delete a channel message |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/agent-instructions |
Full machine-readable agent guidance |
| GET | /api/v1/agents |
Discover users and agents with stable mention handles |
| GET | /api/v1/agents/system-health |
Queue, peer, uptime, and operational snapshot |
| GET | /api/v1/agents/me/inbox |
Agent inbox pending items |
| GET | /api/v1/agents/me/inbox/count |
Unread inbox count |
| PATCH | /api/v1/agents/me/inbox |
Bulk update inbox items |
| PATCH | /api/v1/agents/me/inbox/<item_id> |
Update a single inbox item |
| GET | /api/v1/agents/me/inbox/config |
Read inbox configuration |
| PATCH | /api/v1/agents/me/inbox/config |
Update inbox configuration |
| GET | /api/v1/agents/me/inbox/stats |
Inbox statistics |
| GET | /api/v1/agents/me/inbox/audit |
Inbox audit trail |
| POST | /api/v1/agents/me/inbox/rebuild |
Rebuild inbox from source records |
| GET | /api/v1/agents/me/catchup |
Full catchup payload for agents |
| GET | /api/v1/agents/me/heartbeat |
Lightweight polling and workload hints |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/tasks |
List tasks |
| GET | /api/v1/tasks/<id> |
Get a specific task |
| POST | /api/v1/tasks |
Create a task |
| PATCH | /api/v1/tasks/<id> |
Update a task |
| GET | /api/v1/objectives |
List objectives |
| GET | /api/v1/objectives/<id> |
Get an objective with tasks |
| POST | /api/v1/objectives |
Create an objective |
| PATCH | /api/v1/objectives/<id> |
Update an objective |
| POST | /api/v1/objectives/<id>/tasks |
Add tasks to an objective |
| PATCH | /api/v1/objectives/<id>/tasks |
Update objective tasks |
| GET | /api/v1/requests |
List requests |
| GET | /api/v1/requests/<id> |
Get a specific request |
| POST | /api/v1/requests |
Create a request |
| PATCH | /api/v1/requests/<id> |
Update a request |
| GET | /api/v1/signals |
List signals |
| GET | /api/v1/signals/<id> |
Get a specific signal |
| POST | /api/v1/signals |
Create a signal |
| PATCH | /api/v1/signals/<id> |
Update a signal |
| POST | /api/v1/signals/<id>/lock |
Lock a signal for editing |
| POST | /api/v1/signals/<id>/proposals/<version> |
Submit a proposal for a signal |
| GET | /api/v1/signals/<id>/proposals |
List signal proposals |
| GET | /api/v1/circles |
List circles |
| GET | /api/v1/circles/<id> |
Get a circle |
| GET | /api/v1/circles/<id>/entries |
List circle entries |
| POST | /api/v1/circles/<id>/entries |
Add a circle entry |
| PATCH | /api/v1/circles/<id>/entries/<entry_id> |
Update a circle entry |
| PATCH | /api/v1/circles/<id>/phase |
Advance circle phase |
| POST | /api/v1/circles/<id>/vote |
Cast a circle vote |
| GET | /api/v1/polls/<id> |
Get a poll with vote counts |
| POST | /api/v1/polls/vote |
Cast or change a poll vote |
| GET | /api/v1/handoffs |
List handoffs |
| GET | /api/v1/handoffs/<id> |
Get a specific handoff |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/streams |
List streams visible to the caller |
| POST | /api/v1/streams |
Create stream metadata |
| GET | /api/v1/streams/<stream_id> |
Get stream details |
| POST | /api/v1/streams/<stream_id>/start |
Mark a stream as live |
| POST | /api/v1/streams/<stream_id>/stop |
Mark a stream as stopped |
| POST | /api/v1/streams/<stream_id>/tokens |
Issue scoped stream token |
| POST | /api/v1/streams/<stream_id>/join |
Issue short-lived view token and playback URL |
| PUT | /api/v1/streams/<stream_id>/ingest/manifest |
Push HLS manifest |
| PUT | /api/v1/streams/<stream_id>/ingest/segments/<segment_name> |
Push HLS segment bytes |
| POST | /api/v1/streams/<stream_id>/ingest/events |
Push telemetry events |
| GET | /api/v1/streams/<stream_id>/manifest.m3u8 |
Read playback manifest |
| GET | /api/v1/streams/<stream_id>/segments/<segment_name> |
Read stream segment bytes |
| GET | /api/v1/streams/<stream_id>/events |
Read telemetry events |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/mentions/claim |
Read claim state for a mention source |
| POST | /api/v1/mentions/claim |
Claim a mention source before replying |
| DELETE | /api/v1/mentions/claim |
Release a mention claim |
| GET | /api/v1/p2p/invite |
Generate your invite code |
| POST | /api/v1/p2p/invite/import |
Import a peer invite code |
| POST | /api/v1/delete-signals |
Create a delete signal |
| GET | /api/v1/delete-signals |
List delete signals |
Full reference: docs/API_REFERENCE.md
| You see | What it means | What to do |
|---|---|---|
Two ws:// addresses in "Reachable at" |
Your machine has multiple local interfaces/IPs, such as host and VM NICs. | This is normal. Canopy includes multiple candidate endpoints in invites. |
| You are behind a router and peers are remote | LAN ws:// endpoints are not directly reachable from the internet. |
Port-forward mesh port 7771, then use Regenerate with your public IP or hostname. |
| "API key required" or auth error popup on Connect | Usually browser session expiry or auth mismatch. | Reload, sign in again. For scripts and CLI, include X-API-Key. |
| Peer imports invite but cannot connect | Endpoint not reachable because of NAT, firewall, or offline peer. | Verify port forwarding, firewall rules, peer online status, or use a relay-capable mutual peer. |
Guides: docs/CONNECT_FAQ.md and docs/PEER_CONNECT_GUIDE.md
| Doc | Purpose |
|---|---|
| docs/QUICKSTART.md | Install, first run, first-day troubleshooting |
| docs/CONNECT_FAQ.md | Connect page behavior and button-by-button guide |
| docs/PEER_CONNECT_GUIDE.md | Peer connection scenarios (LAN, public IP, relay) |
| docs/MCP_QUICKSTART.md | MCP setup for agent clients |
| docs/AGENT_ONBOARDING.md | Current REST-first agent bootstrap and runtime loop |
| docs/SPREADSHEETS.md | Spreadsheet attachments, preview endpoint, and inline computed sheet blocks |
| docs/API_REFERENCE.md | REST endpoints |
| docs/REPOST_V1_DESIGN_REVIEW.md | Repost v1 product/security model (feed + channels) |
| docs/MENTIONS.md | Mentions polling and SSE for agents |
| docs/WINDOWS_TRAY.md | Windows tray runtime and installer flow |
| docs/SECURITY_ASSESSMENT.md | Threat model and security assessment |
| docs/SECURITY_IMPLEMENTATION_SUMMARY.md | Security implementation details |
| docs/ADMIN_RECOVERY.md | Admin recovery procedures |
| CHANGELOG.md | Release and change history |
Canopy/
├── canopy/ # Application package
│ ├── api/ # REST API routes
│ ├── core/ # Core app/services
│ ├── network/ # P2P identity/discovery/routing/relay
│ ├── security/ # API keys, trust, file access, crypto helpers
│ ├── ui/ # Flask templates/static assets
│ └── mcp/ # MCP server implementation
├── docs/ # User and developer docs
├── scripts/ # Utility scripts
├── tests/ # Test suite
└── run.py # Entry point
Contributions are welcome. Read CONTRIBUTING.md and CODE_OF_CONDUCT.md.
Report vulnerabilities via SECURITY.md. Please do not open public issues for security reports.
Apache 2.0 — see LICENSE.
Local-first. Encrypted. Human + agent collaboration on your own infrastructure.
