Max Mission Control
Multi-Agent Fleet Dashboard
Web-based dashboard for orchestrating multiple AI agent fleets — task boards, cost tracking, real-time monitoring, and pipeline orchestration behind a single pane of glass.
01 — The Problem
Running AI agents at scale means juggling sessions, tasks, costs, and reliability across multiple models and channels. Without a unified view, operators can't see what's running, what's blocked, what's cost what, or whether agents are healthy. The default state is chaos across disconnected tools.
02 — What the AI Does
Mission Control provides a web dashboard that connects to one or more OpenClaw gateways simultaneously. It surfaces: a Kanban task board (inbox → backlog → todo → in-progress → review → done), real-time agent status and session management, token usage and cost tracking per model, cron job monitoring, webhook delivery history, multi-gateway connection management, and role-based access control (viewer/operator/admin). Serves locally on the Mac mini at port 3200, exposed via Tailscale at `https://mac.tail1c85d6.ts.net`. Built on: Next.js 16 + React 19 + TypeScript + Tailwind CSS + SQLite (WAL mode) + WebSocket/SSE for real-time updates.
03 — Design Decisions
SQLite as the sole database (no Redis, no Postgres)
Zero external dependencies. `pnpm start` runs the whole thing. For a self-hosted dashboard on a personal Mac mini, adding a Redis or Postgres instance would be operational overhead with no meaningful benefit.
SQLite WAL mode enables concurrent reads, but concurrent writes still serialize. Under very high write volume the task board could bottleneck — but for a single-user or small-team deployment this is not a practical constraint.
Multi-gateway connection
Brett runs multiple agents (main + coach-dan + coach-joe), each with its own gateway or workspace. Mission Control is designed to connect to multiple gateways simultaneously and present a unified view across all agents.
The multi-gateway feature is functional but the UX for switching between gateways and attributing activity to the right agent needs care — the dashboard must clearly distinguish which gateway each panel is reading from.
WebSocket + SSE real-time updates with smart polling pause
Real-time is useful but polling when the user isn't looking at the dashboard wastes resources. The smart polling strategy pauses WebSocket updates when the browser tab is not visible and resumes when the user returns.
Smart polling requires client-side JavaScript to detect tab visibility. If the browser is backgrounded for very long periods, the polling strategy may need tuning to catch up on missed state.
Role-based access control (viewer/operator/admin)
Mission Control is designed to be shared. An operator can manage tasks and view agents but can't change credentials or access settings. An admin has full control. Viewer is read-only.
The auth system uses session + API key authentication. For the Mac mini deployment this is fine; for a network-accessible deployment it requires TLS and careful credential management (documented in SECURITY.md).
Direct CLI integration (Claude Code, Codex)
Agents running outside OpenClaw (e.g., Claude Code processes spawned by Brett's coding workflow) can register directly with Mission Control, send heartbeats with inline token reporting, and appear on the agent board alongside OpenClaw-managed agents.
CLI agents must implement the heartbeat protocol and token reporting format. Not all agents support this natively. The integration requires the agent process to actively cooperate.
04 — Tradeoffs & Limits
- **Not a production-grade access control system.** The RBAC is functional but not enterprise-grade. The auth model uses seeded credentials from environment variables, not a proper identity provider. For shared team use this is a gap. - **SQLite WAL mode has limits under concurrent write load.** If multiple agents are writing task updates simultaneously, write serialization could become a bottleneck. For a single-user deployment this is theoretical. - **CSP still includes `unsafe-inline`** — documented as a known limitation. This is a security trade-off for framework compatibility and represents a real attack surface that should be addressed before any network-accessible deployment. - **Known limitations section is thin.** The README explicitly calls out CSP as a known issue but the known limitations section is short. There are likely unlisted edge cases in the real-time sync layer. - **Tailscale exposure requires ongoing security attention.** The Mac mini is exposed via Tailscale at a public HTTPS URL. Any misconfiguration of `MC_ALLOWED_HOSTS` or TLS could expose the dashboard.
05 — Key Insight
Agent orchestration dashboards must be built for the operator's attention model, not the system's data model. A Kanban board that forces the operator to context-switch between "what am I managing" and "what is the system doing" fails its core job — Mission Control's value is in collapsing that gap into a single view.