ClawHub

CopilotKit-Runtime-Patterns

v1.0.1

Server-side runtime patterns for CopilotKit. Use when setting up CopilotKit runtime endpoints (Express, Hono, Next.js), configuring remote agent endpoints, a...

0· 540·1 current·1 all-time
byJerel@generaljerel·duplicate of @generaljerel/copilotkit-agent-patterns
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the included files: this is a rules/guidance document for CopilotKit runtime endpoints, middleware, security, and performance. It does not request credentials, binaries, or config paths. Note: source/homepage are missing in metadata (origin not verifiable), which reduces provenance confidence but does not contradict the stated purpose.
Instruction Scope
SKILL.md and rule files contain guidance and example code snippets that stay within runtime configuration scope (Express/Hono/Next.js, CopilotRuntime, middleware, CORS, auth, rate limiting). Examples reference process.env variables (FRONTEND_URL, LANGGRAPH_URL) as expected for deployment examples and do not instruct reading unrelated local files or exfiltrating data.
Install Mechanism
No install spec and no code files executed by the platform — instruction-only skill (lowest install risk).
Credentials
The skill declares no required environment variables or credentials. Code examples reference common deployment env vars for frontend URL and remote endpoints, which are proportional and expected for the documented tasks.
Persistence & Privilege
Skill is not always-included, is user-invocable, and does not request persistent privileges or modify other skills. Autonomous model invocation is allowed (platform default) but not a unique risk for this skill.
Scan Findings in Context
[scanner-no-files] expected: The regex-based scanner had nothing to analyze because this is an instruction-only skill (no code files). That is expected for a documentation-only skill; absence of matches is not proof of safety but is consistent with the provided manifest.
Assessment
This skill is documentation-only and internally consistent with its stated purpose; it doesn't request secrets or install code. Before using in production, verify provenance (source/homepage missing), compare the advice against the official CopilotKit docs/repo, and review any code snippets you paste into your codebase. Pay attention to the recommended security items (auth middleware, CORS for specific origins, and rate limiting) and ensure remote endpoints (LANGGRAPH_URL, etc.) are trusted and correctly configured.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769kebps9fxt5qbtqf86zdvs81zqpw
540downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Jerel@generaljerel
latest
Download

CopilotKit Runtime Patterns

Server-side runtime configuration patterns. Contains 15 rules across 5 categories.

When to Apply

Reference these guidelines when:

  • Setting up CopilotKit runtime endpoints (Express, Hono, Next.js API routes)
  • Configuring CopilotRuntime with service adapters (OpenAIAdapter, etc.)
  • Registering agents via remote endpoints (LangGraph, CrewAI)
  • Adding middleware for logging, auth, or request modification
  • Securing the runtime (CORS, auth, rate limiting)
  • Optimizing runtime performance

Rule Categories by Priority

PriorityCategoryImpactPrefix
1Endpoint SetupCRITICALendpoint-
2Agent ConfigurationHIGHrunner-
3MiddlewareMEDIUMmiddleware-
4SecurityHIGHsecurity-
5PerformanceMEDIUMperf-

Quick Reference

1. Endpoint Setup (CRITICAL)

  • endpoint-express-setup - Configure Express endpoint with CopilotRuntime and CORS
  • endpoint-hono-setup - Configure Hono endpoint for edge runtimes
  • endpoint-nextjs-route - Set up Next.js API route with copilotRuntimeNextJSAppRouterEndpoint

2. Agent Configuration (HIGH)

  • runner-inmemory-vs-sqlite - Use persistent storage for production thread management
  • runner-agent-registration - Register agents via remoteEndpoints
  • runner-multiple-agents - Configure routing for multi-agent setups

3. Middleware (MEDIUM)

  • middleware-before-request - Use onBeforeRequest for auth, logging, context injection
  • middleware-after-request - Use onAfterRequest for response logging and cleanup
  • middleware-error-handling - Handle errors in middleware without crashing the runtime

4. Security (HIGH)

  • security-cors-config - Configure CORS for your specific frontend origin
  • security-auth-middleware - Authenticate requests before agent execution
  • security-rate-limiting - Rate limit by user or API key

5. Performance (MEDIUM)

  • perf-streaming-response - Ensure streaming is not buffered by proxies

Full Compiled Document

For the complete guide with all rules expanded: AGENTS.md

Comments

Loading comments...