Version: v0.2.1 Date: 2026-02-04 Status: 88% Operational (7/8 components)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenCLI Ecosystem β
β β
β βββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββ β
β β Client Layer β β Backend Layer β β
β β β β β β
β β βββββββββββββββββββ β β ββββββββββββββββββββββββββββββββ β β
β β β iOS App βββΌβββββββΌββΆβ OpenCLI Daemon β β β
β β β (Flutter) β β β β (Dart) β β β
β β β β
Connected β β β β β β β
β β β ws://...9876 β β β β β’ Task Execution β β β
β β βββββββββββββββββββ β β β β’ AI Model Management β β β
β β β β β β’ IPC Communication β β β
β β βββββββββββββββββββ β β β β’ Permission System β β β
β β β Android App β β β β β’ Plugin System (3) β β β
β β β (Flutter) β β β β β β β
β β β β Blocked βββΌβ β βββΌββΆβ Status: β
Running β β β
β β β localhost:9876 β β β β Uptime: 10+ hours β β β
β β βββββββββββββββββββ β β β Memory: 26.1 MB β β β
β β β β β CPU: <1% β β β
β β βββββββββββββββββββ β β ββββββββββββββββββββββββββββββββ β β
β β β macOS Desktop β β β β β β
β β β (Flutter) βββΌβββββββΌβββββββββββββββ β β
β β β β
Connected β β β β β
β β β + System Tray β β β β β
β β βββββββββββββββββββ β β β β
β β β β β β
β β βββββββββββββββββββ β β β β
β β β Web UI β β β β β
β β β (React+Vite) βββΌβββββββΌββββββββββββββββββββββββββββββββββ β β
β β β β
Running β β β β β β
β β β :3000 β β β β β β
β β βββββββββββββββββββ β β β β β
β βββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββ
β Host Machine β
β (MacBook) β
ββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββββΌβββββββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββ
β Port 9875 β β Port 9876 β β Port 3000 β
β β β β β β
β HTTP + WS β β WebSocket β β HTTP β
β (Unified) β β (Legacy Mobile) β β (Vite Dev) β
βββββββββββββββββ ββββββββββββββββββββ ββββββββββββββββββ
β β β
β β β
βΌ βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenCLI Daemon Process β
β PID: 19099 (example) β
β β
β βββββββββββββββ ββββββββββββββββ βββββββββββββββββββ β
β β Status β β Mobile WS β β IPC Socket β β
β β Server β β Server β β β β
β β β β β β /tmp/opencli β β
β β :9875 β β :9876 β β .sock β β
β βββββββββββββββ ββββββββββββββββ βββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Core Services β β
β β β’ Task Manager β β
β β β’ AI Model Router (3 models) β β
β β β’ Capability System (9 capabilities) β β
β β β’ Permission System β β
β β β’ Plugin Manager (3 plugins) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββ
β iOS Simulator β
β iPhone 16 Pro β
ββββββββββ¬βββββββββ
β WebSocket
β ws://localhost:9876
βΌ
βββββββββββ
β Daemon β
β :9876 β
βββββββββββ
Status: β
Connected
Latency: <50ms
Memory: 60-68 MB
βββββββββββββββββββ
β macOS Desktop β
β System Tray β
ββββββββββ¬βββββββββ
β WebSocket
β ws://localhost:9876
βΌ
βββββββββββ
β Daemon β
β :9876 β
βββββββββββ
Status: β
Connected
Polling: Every 3s
Memory: 117 MB
βββββββββββββββββββ
β Web UI β
β React + Vite β
ββββββββββ¬βββββββββ
β Vite Dev Server
β http://localhost:3000
βΌ
βββββββββββ
β Ready β
β :3000 β
βββββββββββ
Status: β
Running
Build: 227ms
Note: WebSocket not browser-tested
ββββββββββββββββββββββββ
β Android Emulator β
β Pixel 5 API 32 β
ββββββββββββ¬ββββββββββββ
β WebSocket (Attempting)
β ws://localhost:9876 β
βΌ
βββββββββββ
β ERROR β
β ECONNREFβ
βββββββββββ
Problem: In Android emulator, "localhost"
refers to emulator itself, not host
Solution: Use ws://10.0.2.2:9876 instead
(10.0.2.2 is emulator's host alias)
Current Users: iOS, Android, macOS Desktop
Client Daemon
β β
ββββ Connect ββββββββββββββββββΆβ
β β
ββββββ Welcome Message ββββββββββ€
β { connected: true } β
β β
ββββ JSON Messages βββββββββββββΆβ
β { type, payload } β
β β
ββββββ JSON Response ββββββββββββ€
β β
Message Format:
{
"type": "command",
"payload": { ... }
}Current Users: Test clients only (production migration pending)
Client Daemon
β β
ββββ Connect ββββββββββββββββββΆβ
β β
ββββββ Notification βββββββββββββ€
β { β
β type: "notification", β
β payload: { β
β event: "connected", β
β clientId: "...", β
β version: "0.2.0" β
β } β
β } β
β β
ββββ OpenCLIMessage ββββββββββββΆβ
β { β
β id: "...", β
β type: "command", β
β source: "mobile", β
β target: "daemon", β
β payload: {...}, β
β timestamp: 1234567890 β
β } β
β β
ββββββ OpenCLIMessage βββββββββββ€
β { β
β type: "response", β
β payload: { β
β status: "success", β
β data: {...} β
β } β
β } β
β β
Supported Commands:
execute_task- Run task on daemonget_tasks- List tasks with filtersget_models- List available AI modelssend_chat- Send AI chat messageget_status- Get daemon health/statsstop_task- Stop running task
Advantages:
- β Type-safe message structure
- β Client identification (mobile/desktop/web/cli)
- β Priority levels
- β Request/response correlation via ID
- β Broadcast notifications
- β Better error handling
ββββββββββββββββββββββββββββββββββββββββ
β iOS App (iPhone/iPad) β
β β
β ββββββββββββββββββββββββββββββββββ β
β β UI Layer β β
β β β’ ChatPage β β
β β β’ TasksPage β β
β β β’ SettingsPage β β
β β β’ ScanPage (QR pairing) β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β ββββββββββββββΌββββββββββββββββββββ β
β β Service Layer β β
β β β’ DaemonService (WS client) β β
β β β’ AudioRecorder (disabled) β β
β β β’ SpeechToText β β
β β β’ MemoryMonitor β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β βΌ β
β ws://localhost:9876 β
β β
β Status: β
Connected β
β Memory: 60-68 MB β
β Build: Debug mode β
ββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββ
β Android App (Phones/Tablets) β
β β
β ββββββββββββββββββββββββββββββββββ β
β β UI Layer (Same as iOS) β β
β β β’ ChatPage β β
β β β’ TasksPage β β
β β β’ SettingsPage β β
β β β’ ScanPage β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β ββββββββββββββΌββββββββββββββββββββ β
β β Service Layer (Same) β β
β β β’ DaemonService β β
β β β’ AudioRecorder β β
β β β’ SpeechToText β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β βΌ β
β ws://localhost:9876 β β
β (Should be 10.0.2.2:9876) β
β β
β Status: β Connection Refused β
β Issue: CRITICAL BLOCKER β
ββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββ
β macOS Desktop App β
β β
β ββββββββββββββββββββββββββββββββββ β
β β UI Layer β β
β β β’ Main Window β β
β β β’ Chat Interface β β
β β β’ Task Management β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β ββββββββββββββΌββββββββββββββββββββ β
β β Service Layer β β
β β β’ TrayService (System Tray) β β
β β ββ Icon Management β β
β β ββ Menu Building β β
β β ββ Status Polling (3s) β β
β β β’ DaemonService β β
β β β’ StartupService β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β βββΆ HTTP REST β
β β http://localhost:9875/status β
β β (Every 3s) β
β β β
β βββΆ WebSocket β
β ws://localhost:9876β
β β
β Status: β
Connected β
β Memory: 117 MB β
β Tray: β
Working (click events fixed)β
ββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββ
β Web UI (Browser) β
β β
β ββββββββββββββββββββββββββββββββββ β
β β Component Layer β β
β β β’ App.tsx β β
β β β’ DaemonStatus β β
β β β’ TaskList β β
β β β’ ChatInterface β β
β β β’ ModelSelector β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β ββββββββββββββΌββββββββββββββββββββ β
β β Service Layer (TypeScript) β β
β β β’ WebSocket Client β β
β β β’ API Client β β
β β β’ MessagePack Decoder β β
β ββββββββββββββ¬ββββββββββββββββββββ β
β β β
β βΌ β
β Protocol TBD: β
β - ws://localhost:9875/ws? OR β
β - ws://localhost:9876? β
β β
β Dev Server: β
http://localhost:3000β
β Build Time: 227ms β
β Status: β
Ready (WS not tested) β
ββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββ
β Capability System (9 capabilities) β
β β
β β’ file_read - Read files β
β β’ file_write - Write/modify files β
β β’ network_access - Network operations β
β β’ process_execute - Run processes β
β β’ system_info - System information β
β β’ ai_access - AI model usage β
β β’ plugin_install - Install plugins β
β β’ config_modify - Change configuration β
β β’ task_manage - Task operations β
ββββββββββββββββββββββββββββββββββββββββββββββββββ
Client Request
β
βΌ
βββββββββββββββ
β Permission β
β Check β
ββββββββ¬βββββββ
β
ββββ Allowed? βββΆ Execute in Daemon Process β οΈ
β
ββββ Denied? ββββΆ Return Error
Current Architecture Risk: All code runs in the daemon process with complete system access. This creates security vulnerabilities:
- π΄ Code Injection: Malicious AI responses can inject dangerous commands
- π΄ Privilege Escalation: Tasks run with daemon's full permissions
- π΄ Data Leakage: Access to sensitive files and credentials
- π Resource Abuse: No limits on CPU/memory usage
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenCLI with MicroVM Isolation β
β β
β Client Request β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Daemon Process (Trusted Zone) β β
β β β β
β β βββββββββββββββββββ βββββββββββββββββββ β β
β β β Permission β β Security Router β β NEW β β
β β β Manager βββββββΆβ β β β
β β β β β Task Classifier β β β
β β βββββββββββββββββββ ββββββββββ¬βββββββββ β β
β β β β β
β β ββββββββββββ΄βββββββββββ β β
β β β β β β
β β βΌ βΌ β β
β β ββββββββββββββββββββ ββββββββββββββββββββββββ β β
β β β Safe Tasks β β Dangerous Tasks β β β
β β β (Local Execute) β β (MicroVM Isolate) β β β
β β β β β β β β
β β β β’ File read β β β’ Shell commands β β β
β β β β’ System info β β β’ Package install β β β
β β β β’ AI chat β β β’ Network ops β β β
β β β β’ List files β β β’ File delete β β β
β β ββββββββββββββββββββ ββββββββββββ¬ββββββββββββ β β
β β β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββΌβββββββββββββββ β
β β β
β KVM Hardware Isolation β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β MicroVM Pool (Untrusted Zone) β NEW β β
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β VM 1: Active β β β
β β β β’ Firecracker VMM β β β
β β β β’ Alpine Linux (20MB) β β β
β β β β’ Resources: 1 CPU, 256MB RAM β β β
β β β β’ Filesystem: Read-only + tmpfs β β β
β β β β’ Network: Whitelist only β β β
β β β β’ Timeout: 5 minutes β β β
β β β β’ Communication: vsock β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β VM 2: Idle (Pre-warmed) β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β VM 3: Idle (Pre-warmed) β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β β
β β Pool Management: β β
β β β’ Min idle VMs: 2 β β
β β β’ Max total VMs: 10 β β
β β β’ Startup time: ~125ms β β
β β β’ Memory per VM: ~256MB β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Security Level | Execute Where | Examples | Status |
|---|---|---|---|
| π’ Trusted | Daemon | AI chat, config read | β Current |
| π’ Safe | Daemon | File read, system info | β Current |
| π‘ Review | Daemon + Confirm | File write, screenshot | β Current |
| π΄ Dangerous | MicroVM | Shell commands, install packages | β³ Proposed |
| β« Blocked | Rejected | System modifications | β Current |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Security Improvements with MicroVM β
β β
β Risk Before After Improvement β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β Code Injection π΄ High π’ Low β¬οΈ 90% β
β Privilege Escalation π΄ Critical π’ Low β¬οΈ 95% β
β Data Leakage π High π‘ Medium β¬οΈ 70% β
β System Damage π΄ Critical π’ Low β¬οΈ 95% β
β Resource Abuse π‘ Medium π’ Low β¬οΈ 80% β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Status: π Design Phase
See detailed proposal: MICROVM_SECURITY_PROPOSAL.md
Timeline: 6-8 weeks development
Components to Build:
- Firecracker integration
- MicroVM Pool Manager
- Security Router
- Guest Agent
- vsock communication layer
Platform Support:
- β Linux (x86_64) - Firecracker via KVM
- π‘ macOS - gVisor fallback
- π‘ Windows - WSL2 + KVM
β οΈ Other platforms - Degraded mode (local execution)
| Operation | Current | With MicroVM | Overhead |
|---|---|---|---|
| Safe tasks (file read) | 5ms | 5ms | None |
| Dangerous (shell cmd) | 10ms | ~150ms | +140ms |
| Network request | 200ms | 350ms | +150ms |
Conclusion: 150ms overhead acceptable for security-critical isolation
ββββββββββββββββββββββββββββββββββββββββ
β Plugin Manager β
β β
β Loaded Plugins: 3 β
β β
β ββββββββββββββββββββββββββββββββββ β
β β Plugin 1: [Name TBD] β β
β ββββββββββββββββββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββ β
β β Plugin 2: [Name TBD] β β
β ββββββββββββββββββββββββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββ β
β β Plugin 3: [Name TBD] β β
β ββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββ
1. Client submits task
β
βΌ
2. Daemon receives command
β
βΌ
3. Permission check
β
βΌ
4. Task Manager creates task
β
βΌ
5. Task executes
β
βββΆ Progress notifications (real-time)
β βββΆ Broadcast to all clients
β
βΌ
6. Task completes
β
βΌ
7. Completion notification
βββΆ Broadcast to all clients
1. User types message in client
β
βΌ
2. Client sends to daemon
β
βΌ
3. Daemon routes to AI model
β
βββΆ Claude Sonnet 3.5
βββΆ GPT-4 Turbo
βββΆ Gemini Pro
β
βΌ
4. AI processes request
β
βΌ
5. Stream response tokens
β
βββΆ Progress updates
β βββΆ Client displays incrementally
β
βΌ
6. Complete response
βββΆ Client displays final message
Severity: π΄ Critical Impact: Android deployment blocked Status: Identified, not fixed
Problem:
Android Emulator uses localhost to refer to itself,
not the host machine. Connection fails with:
Error: Connection refused (OS Error: Connection refused, errno = 61)
Solution:
// In daemon_service.dart
String get _daemonHost {
if (Platform.isAndroid) {
return '10.0.2.2'; // Android emulator host alias
}
return 'localhost';
}Files to modify:
Severity: π‘ Medium Impact: WebUI real-time features unverified Status: Server ready, browser testing pending
Action: Open http://localhost:3000 in browser and test WebSocket connection
Severity: π‘ Medium Impact: Missing new protocol features Status: Migration planned
Action: Update iOS/Android to use ws://localhost:9875/ws with OpenCLIMessage protocol
| Metric | Value | Status |
|---|---|---|
| Uptime | 10+ hours | β Stable |
| Memory | 26.1 MB | β Excellent |
| CPU | <1% | β Excellent |
| Response Time | <10ms | β Excellent |
| Active Connections | 2+ | β Normal |
| Client | Status | Memory | Connection |
|---|---|---|---|
| iOS Simulator | β Running | 60-68 MB | ws://localhost:9876 |
| Android Emulator | β Blocked | N/A | Connection refused |
| macOS Desktop | β Running | 117 MB | ws://localhost:9876 |
| Web UI | β Ready | N/A | Server on :3000 |
βββββββββββββββββββββββββββββββββββββββ
β System Status: 88% Operational β
β β
β β
Daemon: Running β
β β
REST API: Working β
β β
WebSocket: Working β
β β
iOS: Connected β
β β Android: Blocked (localhost) β
β β
macOS: Connected β
β β
WebUI: Server Ready β
β β³ WebUI WS: Not tested β
β β
β Pass Rate: 7/8 components β
βββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
β Language: Dart β
β Runtime: Dart VM β
β β
β Key Dependencies: β
β β’ shelf (HTTP server) β
β β’ shelf_router (routing) β
β β’ shelf_web_socket (WebSocket) β
β β’ msgpack_dart (serialization) β
β β’ uuid (ID generation) β
β β’ opencli_shared (protocol) β
ββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
β Framework: Flutter 3.x β
β Language: Dart β
β β
β Key Dependencies: β
β β’ web_socket_channel β
β β’ speech_to_text β
β β’ mobile_scanner (QR codes) β
β β’ opencli_shared (protocol) β
β β’ provider (state management) β
ββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
β Framework: Flutter Desktop β
β Platform: macOS 10.14+ β
β β
β Key Dependencies: β
β β’ tray_manager (system tray) β
β β’ launch_at_startup β
β β’ package_info_plus β
β β’ window_manager β
β β’ opencli_shared (protocol) β
ββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββ
β Framework: React 18 β
β Build Tool: Vite 5 β
β Language: TypeScript β
β β
β Key Dependencies: β
β β’ react-markdown β
β β’ msgpack-lite β
β β’ (WebSocket client native) β
ββββββββββββββββββββββββββββββββββββββ
- β OpenCLI Daemon
- β REST API (ports 9875)
- β WebSocket Unified Protocol (9875/ws)
- β WebSocket Legacy Protocol (9876)
- β iOS Application
- β macOS Desktop Application
- β Web UI Server
- β Android Application (localhost connection issue)
- β³ WebUI WebSocket in browser
- β³ Manual UI testing (iOS/Android)
- β³ End-to-end feature testing
- β³ Device pairing flow
- β³ Push notifications
-
Fix Android Connection π΄
- Modify daemon_service.dart to use 10.0.2.2 on Android
- Test Android emulator connection
- Verify all features work
-
Test WebUI WebSocket π‘
- Open browser to http://localhost:3000
- Test daemon connection
- Verify real-time updates
-
Manual UI Testing π‘
- Test iOS app features (chat, tasks, settings)
- Test Android app features (after fix)
- Test WebUI features
-
Migrate to Unified Protocol π’
- Update iOS app to use ws://localhost:9875/ws
- Update Android app to use unified protocol
- Update WebUI to use unified protocol
- Deprecate port 9876
-
Add Authentication π’
- Implement device pairing
- Add token-based auth
- Secure WebSocket connections
-
Production Hardening π΅
- Add comprehensive logging
- Implement log rotation
- Add performance monitoring
- Set up error tracking
- Add metrics collection
-
Mobile Features π΅
- Implement push notifications
- Add background task support
- Optimize battery usage
- Add offline mode
- β WEBSOCKET_PROTOCOL.md - Unified protocol spec
- β BUG_FIXES_SUMMARY.md - All fixes applied
- β PRODUCTION_READINESS_REPORT.md - Initial testing
- β MOBILE_INTEGRATION_TEST_REPORT.md - Mobile testing
- β FINAL_TEST_REPORT.md - Comprehensive test results
- β SYSTEM_ARCHITECTURE.md - This document
- βΊοΈ Design System Documentation
- βΊοΈ API Reference
- βΊοΈ Plugin Development Guide
- βΊοΈ Deployment Guide
- βΊοΈ User Manual
- System Operational: 88% (7/8 components)
- Critical Issues: 1 (Android connection)
- Test Coverage: 85% automated, 0% manual UI
- Performance: Excellent (all metrics green)
- Stability: Excellent (10+ hours uptime)
- 100% component operational (currently 88%)
- Zero critical issues (currently 1)
- WebUI browser-tested
- Manual UI testing complete
- Authentication implemented
- Monitoring in place
Architecture Diagram Created: 2026-02-04 Last Updated: 2026-02-04 Status: Living Document