XWorkmate is a Flutter-based AI workspace shell for running assistant threads, local or remote gateway tasks, and multi-agent collaboration in one app.
Go to file
Haitao Pan fa161247d3
Ci/vault secrets per platform release (#45)
* chore(security): add gitleaks config allowlisting vendored/test fixtures

Suppress false positives so `gitleaks detect` is clean:
- third_party/* (cargokit ships a public binary-verification key)
- workspace_management_unit_test.dart (obfuscated "token" fixture)
- gatewayruntime/runtime_test.go (hardcoded "device-1" test key pair)

Real leaked secrets are purged from history, not allowlisted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(security): remove historical secret fixtures

* chore(release): bump build metadata for 1.1.5+2

* chore(release): bump version to 1.1.5+2

* chore(release): bump build metadata for 1.1.5+2

---------

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>

* ci(release): add TestFlight release matrix

* chore(release): bump version to 1.1.5+2

* chore(release): bump build metadata for 1.1.5+2

* ci(release): add TestFlight release matrix

---------

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>

* ci(release): load Vault secrets per-platform in build matrix

The build matrix loaded all 17 signing secrets in one shared block for
every platform. vault-action's ignoreNotFound only suppresses path-level
404s, not field-level "No match data" errors, so a single missing field
(e.g. APPLE_MAC_PROVISION_PROFILE_BASE64) failed every leg — including
linux/windows/android that need no Apple secrets.

Split the load into per-OS-family steps gated by matrix.platform:
- Apple (macos/ios): Apple cert + provisioning + keychain + export method
- Windows: WINDOWS_PFX_* + codesign subject
- Android: ANDROID_KEYSTORE_* + key alias/password
Linux requests nothing.

Also drop APP_STORE_CONNECT_* from the build matrix: only
testflight_upload.sh consumes them and it runs in the release job, which
loads them itself. The build matrix no longer depends on them.

Add shell: bash to the Export step (its `{ … } >> $GITHUB_ENV` brace
syntax is bash-only and would fail under the default pwsh on windows).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
2026-06-29 15:56:26 +08:00
.github Ci/vault secrets per platform release (#45) 2026-06-29 15:56:26 +08:00
android Add multi-platform build and release workflow 2026-03-21 10:08:12 +08:00
assets chore(aris): remove legacy ARIS assets and clean up associated code 2026-04-17 18:07:04 +08:00
config chore: update macOS deployment target to 14.0 and commit pending changes 2026-06-25 09:52:33 +08:00
docs security(docs): remove plaintext review credentials, inject from .env 2026-06-29 10:57:31 +08:00
images docs: simplify root readme 2026-03-26 09:49:58 +08:00
integration_test Add desktop settings integration test 2026-05-26 11:46:32 +08:00
ios Remove Patrol from macOS package 2026-06-05 21:47:08 +08:00
lib fix(assistant): keep manual bridge usable when signed out of svc.plus 2026-06-29 10:57:00 +08:00
linux feat: Remote Desktop UI and Client WebRTC Integration 2026-06-03 10:50:06 +08:00
macos chore: update macOS deployment target to 14.0 and commit pending changes 2026-06-25 09:52:33 +08:00
packaging/windows Add multi-platform build and release workflow 2026-03-21 10:08:12 +08:00
releases/v0.5 Remove bundled app helper binaries 2026-04-11 14:45:50 +08:00
scripts Ci/vault secrets per platform release (#45) 2026-06-29 15:56:26 +08:00
test chore(security): remove historical secret fixtures 2026-06-29 12:29:37 +08:00
tmp Add local tmp cache directory 2026-03-23 12:23:17 +08:00
tool Refactor bridge runtime routing 2026-04-21 16:28:26 +08:00
windows feat: Remote Desktop UI and Client WebRTC Integration 2026-06-03 10:50:06 +08:00
.env.example security(docs): remove plaintext review credentials, inject from .env 2026-06-29 10:57:31 +08:00
.gitignore security(docs): remove plaintext review credentials, inject from .env 2026-06-29 10:57:31 +08:00
.gitmodules Implement local-first single-agent artifact sync 2026-04-10 14:59:42 +08:00
.metadata Initial Flutter workspace shell 2026-03-11 07:32:52 +08:00
agent.md Unify single-agent task flow under ACP 2026-04-08 20:27:35 +08:00
AGENTS.md Remove Patrol from macOS package 2026-06-05 21:47:08 +08:00
analysis_options.yaml Fix macOS archive symbols and packaging settings 2026-03-27 16:32:23 +08:00
CHANGELOG.md Remove bundled app helper binaries 2026-04-11 14:45:50 +08:00
dart_test.yaml Integrate gateway settings into integrations page 2026-03-22 17:07:27 +08:00
LICENSE Initial commit 2026-03-11 00:49:57 +08:00
Makefile Remove Patrol from macOS package 2026-06-05 21:47:08 +08:00
package.json Initial Flutter workspace shell 2026-03-11 07:32:52 +08:00
pubspec.lock chore(security): remove historical secret fixtures 2026-06-29 12:29:37 +08:00
pubspec.yaml chore(security): remove historical secret fixtures 2026-06-29 12:29:37 +08:00
README.md feat: add one-line XWorkmate installer (#42) 2026-06-29 15:48:49 +08:00

xworkmate-app

Flutter-based AI workspace shell for running assistant threads with local and remote gateway task execution via ACP bridge.

Architecture

Single execution path: Flutter → GoTaskServiceClient → ACP Transport → xworkmate-bridge → Remote Provider

See docs/architecture/ for the full architecture documentation.

Dependencies

Repository Role
xworkmate-bridge Go-based ACP control plane and bridge backend
xworkspace-core-skills Core skill bundles (pptx, docx, xlsx, pdf, image, browser automation)
openclaw-multi-session-plugins OpenClaw Gateway multi-session plugin runtime
playbooks Deployment playbooks and infrastructure automation

Quick Start

git clone https://github.com/x-evor/xworkmate-app.git
cd xworkmate-app
flutter pub get
flutter analyze
flutter test
flutter run -d macos

For local development, keep xworkmate-bridge checked out alongside xworkmate-app, or set XWORKMATE_BRIDGE_DIR explicitly before building.

macOS (Xcode)

open macos/Runner.xcworkspace
# or
make open-macos-xcode

In Xcode:

  • Select the shared Runner scheme
  • Select My Mac as the destination
  • Configure signing only on the Runner target
  • Leave CocoaPods plugin targets under Pods alone

For release builds:

flutter build macos
make build-macos

For a one-line install from the latest GitHub release:

curl -sfL https://install.svc.plus/xworkmate-app | bash -

Downloads

Platform Download
macOS Latest Release
Windows Latest Release
Linux Latest Release
iOS Latest Release
Android Latest Release

Learn More