Initial release: Phantom v0.16.2 - an AI co-worker with its own computer

Author: mcheemaa

.dockerignore

@@ -0,0 +1,14 @@
+node_modules
+.git
+.env
+.env.*
+!.env.example
+data/
+repos/
+local/
+*.log
+*.db
+*.db-wal
+*.db-shm
+.DS_Store
+bun.lockb

.env.example

@@ -0,0 +1,97 @@
+# Phantom Configuration
+# Copy this file to .env and fill in your values:
+#   cp .env.example .env
+
+# ========================
+# REQUIRED
+# ========================
+
+# Your Anthropic API key (starts with sk-ant-)
+ANTHROPIC_API_KEY=
+
+# ========================
+# OPTIONAL: Slack
+# ========================
+# Create a Slack app: see docs/slack-setup.md or use the manifest at slack-app-manifest.yaml
+
+# Slack bot token (starts with xoxb-)
+# SLACK_BOT_TOKEN=
+
+# Slack app token for Socket Mode (starts with xapp-)
+# SLACK_APP_TOKEN=
+
+# Default Slack channel ID for intro messages (starts with C)
+# SLACK_CHANNEL_ID=
+
+# Owner's Slack user ID (starts with U) - only this user can talk to Phantom
+# SLACK_USER_ID=
+
+# ========================
+# OPTIONAL: Identity
+# ========================
+
+# Agent name (default: phantom)
+# PHANTOM_NAME=phantom
+
+# Agent role (default: swe). Options: swe, base
+# PHANTOM_ROLE=swe
+
+# Claude model for the agent brain.
+# Options:
+#   claude-sonnet-4-6   - Fast, capable, lower cost (default, recommended)
+#   claude-opus-4-6     - Most capable, higher cost
+# PHANTOM_MODEL=claude-sonnet-4-6
+
+# Domain for public URL (e.g., ghostwright.dev)
+# PHANTOM_DOMAIN=
+
+# ========================
+# OPTIONAL: Ports
+# ========================
+
+# HTTP server port (default: 3100)
+# PORT=3100
+
+# ========================
+# OPTIONAL: Memory
+# ========================
+
+# Qdrant URL (default: http://qdrant:6333 in Docker, http://localhost:6333 on bare metal)
+# QDRANT_URL=http://qdrant:6333
+
+# Ollama URL (default: http://ollama:11434 in Docker, http://localhost:11434 on bare metal)
+# OLLAMA_URL=http://ollama:11434
+
+# Embedding model (default: nomic-embed-text)
+# EMBEDDING_MODEL=nomic-embed-text
+
+# ========================
+# OPTIONAL: Docker
+# ========================
+
+# Docker group ID on the host. The Phantom container needs this to access
+# the Docker socket for creating sibling containers.
+# Find yours with:
+#   Linux:  stat -c '%g' /var/run/docker.sock
+#   macOS:  stat -f '%g' /var/run/docker.sock
+# Default 988 works for most Hetzner and cloud VMs.
+# DOCKER_GID=988
+
+# ========================
+# OPTIONAL: Email (Resend)
+# ========================
+# Resend API key for sending email. If set, the agent can send email as
+# {PHANTOM_NAME}@ghostwright.dev (or {PHANTOM_NAME}@{PHANTOM_DOMAIN}).
+# Get a key at: https://resend.com/api-keys
+# RESEND_API_KEY=
+
+# Maximum emails per day (default: 50)
+# PHANTOM_EMAIL_DAILY_LIMIT=50
+
+# ========================
+# OPTIONAL: Secret Encryption
+# ========================
+# 64-character hex string (32 bytes) for encrypting stored credentials.
+# If not set, a key is auto-generated and saved to data/secret-encryption-key.
+# Generate one with: openssl rand -hex 32
+# SECRET_ENCRYPTION_KEY=

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,51 @@
+---
+name: Bug Report
+about: Something is broken or not working as expected
+title: ""
+labels: bug
+assignees: ""
+---
+
+## Description
+
+A clear description of the bug.
+
+## Steps to Reproduce
+
+1. ...
+2. ...
+3. ...
+
+## Expected Behavior
+
+What you expected to happen.
+
+## Actual Behavior
+
+What actually happened.
+
+## Environment
+
+- **OS:** (e.g., Ubuntu 24.04, macOS 15)
+- **Docker version:** (run `docker --version`)
+- **Phantom version:** (check `http://localhost:3100/health` or `package.json`)
+- **Deployment method:** Docker / bare metal
+- **Model:** (e.g., Opus 4.6)
+
+## Logs
+
+Paste relevant log output. For Docker deployments:
+
+```bash
+docker logs phantom --tail 50
+```
+
+For bare metal:
+
+```bash
+# Check the process output or journalctl if using systemd
+```
+
+## Additional Context
+
+Any other information that might help: screenshots, config snippets (with secrets removed), or links to related issues.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,29 @@
+---
+name: Feature Request
+about: Suggest an improvement or new capability
+title: ""
+labels: enhancement
+assignees: ""
+---
+
+## Description
+
+A clear description of the feature you would like.
+
+## Use Case
+
+Why do you need this? What problem does it solve? What workflow does it improve?
+
+The more context you give about your situation, the better we can design a solution that works.
+
+## Proposed Solution
+
+If you have a specific approach in mind, describe it here. This is optional. We are happy to figure out the implementation together.
+
+## Alternatives Considered
+
+Have you tried other approaches or workarounds? What worked, what did not?
+
+## Additional Context
+
+Any other information: screenshots, links to related projects, examples from other tools.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+## What Changed
+
+Describe what this PR does. Be specific.
+
+## Why
+
+What problem does this solve? Link to an issue if there is one.
+
+## How I Tested
+
+Describe how you verified this works. Include commands you ran, scenarios you tested, or screenshots if relevant.
+
+## Checklist
+
+- [ ] Tests pass (`bun test`)
+- [ ] Lint passes (`bun run lint`)
+- [ ] Typecheck passes (`bun run typecheck`)
+- [ ] No secrets or `.env` files included
+- [ ] Files stay under 300 lines
+- [ ] No Cardinal Rule violations (TypeScript does plumbing only, the Agent SDK does reasoning)
+- [ ] No default exports or barrel files added

.github/workflows/docker-publish.yml

@@ -0,0 +1,69 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+concurrency:
+  group: docker-publish
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghostwright/phantom
+          # latest=auto only applies "latest" for stable semver (not prereleases)
+          flavor: |
+            latest=auto
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix=sha-
+
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          provenance: false
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Verify image
+        run: |
+          # Pull and run a basic sanity check on the amd64 image.
+          # Multi-arch manifests are already pushed, so the default
+          # platform (amd64 on ubuntu-latest) will be selected.
+          VERSION="${GITHUB_REF_NAME#v}"
+          docker pull --quiet ghostwright/phantom:${VERSION}
+          docker run --rm ghostwright/phantom:${VERSION} bun --version
+          echo "Verification passed for ghostwright/phantom:${VERSION}"

.gitignore

@@ -0,0 +1,14 @@
+node_modules/
+dist/
+data/
+.env.*
+.env.local
+.env
+local/
+*.log
+*.db
+*.db-wal
+*.db-shm
+.DS_Store
+bun.lockb
+HANDOFFS.md