纸夹运算符
AI Skill Hub 推荐使用:纸夹运算符 是一款优质的Agent工作流。AI 综合评分 7.5 分,在同类工具中表现稳健。如果你正在寻找可靠的Agent工作流解决方案,这是一个值得深入了解的选择。
📚 深度解析
纸夹运算符 工作流的设计遵循"最小配置,最大复用"原则:核心逻辑已经封装好,用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制,在网络波动或 API 限速等情况下仍能稳定运行,适合作为生产环境的自动化基础设施。
在实际部署时,建议先在测试环境中运行 3-5 次,验证各个环节的输出结果符合预期,再部署到生产环境。AI Skill Hub 评分 7.5 分,是同类 Agent 工作流中的精选推荐。
📋 工具概览
Kubernetes运算符管理Paperclip实例
纸夹运算符 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
📖 中文文档
Kubernetes运算符管理Paperclip实例
纸夹运算符 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
# 方式一:go install(推荐) go install github.com/paperclipinc/paperclip-operator@latest # 方式二:从源码编译 git clone https://github.com/paperclipinc/paperclip-operator cd paperclip-operator go build -o paperclip-operator . # 方式三:下载预编译二进制 # 访问 Releases 页面下载对应平台二进制文件 # https://github.com/paperclipinc/paperclip-operator/releases
- 访问 GitHub 仓库获取工作流文件
- 在对应平台(Dify / Flowise / Make 等)中找到「导入工作流」功能
- 上传工作流文件
- 按照提示配置必要的环境变量和 API Key
- 运行测试确认流程正常后投入使用
# 查看帮助 paperclip-operator --help # 基本运行 paperclip-operator [options] <input> # 详细使用说明请查阅文档 # https://github.com/paperclipinc/paperclip-operator
# paperclip-operator 配置说明 # 查看配置选项 paperclip-operator --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export PAPERCLIP_OPERATOR_CONFIG="/path/to/config.yml"
Paperclip Kubernetes Operator
Deploy and manage Paperclip AI agent orchestration instances on Kubernetes with production-grade security, observability, and lifecycle management.
Paperclip is an open-source AI agent orchestration platform. While you can deploy it manually, production Kubernetes deployments involve more than a Deployment and a Service -- you need database provisioning, secret management, persistent storage, health monitoring, network isolation, scaling, backup, and config rollouts, all wired correctly. This operator encodes those concerns into a single Instance custom resource so you can go from zero to production in minutes:
apiVersion: paperclip.inc/v1alpha1
kind: Instance
metadata:
name: my-paperclip
spec:
deployment:
mode: authenticated
database:
mode: managed
auth:
secretRef:
name: paperclip-auth
key: BETTER_AUTH_SECRET
adapters:
apiKeysSecretRef:
name: paperclip-api-keys
storage:
persistence:
enabled: true
size: 5GiThe operator reconciles this into a fully managed stack of Kubernetes resources: secured, monitored, and self-healing.
---
Features
| Feature | Details | |
|---|---|---|
| **Declarative** | Single CRD | One resource defines the entire stack: StatefulSet, Service, ConfigMap, PVC, ServiceAccount, NetworkPolicy, Ingress, HPA, PDB, and more |
| **Database** | Managed PostgreSQL | Provisions PostgreSQL 17 with auto-generated credentials, data checksums, and graceful shutdown -- or connect to an external database, or use embedded PGlite |
| **Auth** | Full auth lifecycle | Better Auth with OAuth providers (Google, Apple), email verification via Resend, and automatic admin user bootstrap |
| **Secure** | Hardened by default | Non-root, all capabilities dropped, seccomp RuntimeDefault, default-deny NetworkPolicy, minimal RBAC |
| **Observable** | Built-in metrics | 7 Prometheus metrics, ServiceMonitor integration, configurable log levels |
| **Scalable** | Auto-scaling | HPA with CPU/memory targets, PodDisruptionBudgets, topology spread constraints |
| **Smart Probes** | Mode-aware health checks | Automatically uses TCP probes in authenticated mode (where /api/health returns 403) |
| **Storage** | S3 + Redis | S3/MinIO/R2 for multi-replica file storage, managed or external Redis for rate limiting |
| **Backup** | S3-backed snapshots | Scheduled backups with configurable retention, point-in-time restore into new instances |
| **Secrets** | Encrypted secrets | Paperclip's built-in secrets management with master key support and strict mode |
| **Connections** | OAuth integrations | GitHub, GitLab, Slack, and more via the Paperclip connections system |
| **Cloud Sandbox** | Isolated execution | Agent runtimes in isolated Kubernetes pods with persistent workspaces, inference metering proxy, resource tiers, and multi-namespace isolation |
| **Extensible** | Sidecars & init containers | Add custom sidecar containers, init containers, extra volumes, and volume mounts |
| **Auto-Update** | Registry polling | Opt-in digest-based image update detection with automatic rollouts |
| **Plugins** | Declarative install | Install Paperclip plugins via spec.plugins |
Prerequisites
- Kubernetes 1.28+
- Helm 3 (recommended) or kubectl
2. Create required Secrets
```bash
Auth secret (required for authenticated mode)
kubectl create secret generic paperclip-auth \ --from-literal=BETTER_AUTH_SECRET="$(openssl rand -hex 32)"
Prerequisites
- Go 1.24+
- Docker
- kubectl
- A Kubernetes cluster (Kind, minikube, or remote)
1. Install the operator
```bash
3. Deploy a Paperclip instance
apiVersion: paperclip.inc/v1alpha1
kind: Instance
metadata:
name: my-paperclip
spec:
image:
tag: latest
deployment:
mode: authenticated
database:
mode: managed
auth:
secretRef:
name: paperclip-auth
key: BETTER_AUTH_SECRET
adapters:
apiKeysSecretRef:
name: paperclip-api-keys
storage:
persistence:
enabled: true
size: 5Gikubectl apply -f my-paperclip.yamlDeployment Modes
Control authentication and network exposure:
spec:
deployment:
mode: authenticated # "open", "authenticated", or "single-tenant"
exposure: private # "private" (ClusterIP) or "public" (Ingress/LB)
publicURL: https://paperclip.example.com # required when exposure is "public"
allowedHostnames:
- paperclip.example.com # CORS allowed hostnames| Mode | Description |
|---|---|
authenticated (default) | Login required via Better Auth. Requires BETTER_AUTH_SECRET. |
open | No authentication. The operator binds to loopback (HOST=127.0.0.1) for safety. |
single-tenant | Single-user mode with authentication. |
| Exposure | Description |
|---|---|
private (default) | ClusterIP Service only. Access via port-forward or internal DNS. |
public | Enables Ingress/LoadBalancer. Set publicURL for the external-facing URL. |
Production Deployment Example
A full production deployment with external database, S3 storage, Redis, OAuth, Ingress with TLS, and monitoring:
apiVersion: paperclip.inc/v1alpha1
kind: Instance
metadata:
name: paperclip-prod
namespace: paperclip
spec:
image:
tag: v1.2.3
pullPolicy: IfNotPresent
deployment:
mode: authenticated
exposure: public
publicURL: https://paperclip.example.com
allowedHostnames:
- paperclip.example.com
database:
mode: external
externalURLSecretRef:
name: paperclip-database
key: DATABASE_URL
auth:
secretRef:
name: paperclip-auth
key: BETTER_AUTH_SECRET
adminUser:
email: admin@example.com
passwordSecretRef:
name: paperclip-admin
key: password
google:
credentialsSecretRef:
name: google-oauth
email:
resendAPIKeySecretRef:
name: resend-key
key: RESEND_API_KEY
from: "Paperclip <noreply@example.com>"
verificationRequired: true
secrets:
masterKeySecretRef:
name: paperclip-secrets
key: MASTER_KEY
strictMode: true
storage:
persistence:
enabled: true
size: 20Gi
storageClass: gp3
objectStorage:
provider: s3
bucket: paperclip-storage
region: us-east-1
credentialsSecretRef:
name: paperclip-s3
redis:
mode: external
externalURLSecretRef:
name: redis-credentials
key: REDIS_URL
adapters:
apiKeysSecretRef:
name: paperclip-api-keys
connections:
credentialsSecretRef:
name: paperclip-oauth-credentials
security:
networkPolicy:
enabled: true
rbac:
create: true
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/paperclip
networking:
service:
type: ClusterIP
port: 3100
ingress:
enabled: true
ingressClassName: nginx
hosts:
- paperclip.example.com
tls:
- hosts:
- paperclip.example.com
secretName: paperclip-tls
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
observability:
metrics:
enabled: true
serviceMonitor:
enabled: true
interval: 30s
logging:
level: info
availability:
replicas: 3
podDisruptionBudget:
enabled: true
minAvailable: 1
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: DoNotSchedule
probes:
startup:
failureThreshold: 60
periodSeconds: 5
backup:
schedule: "0 2 * * *"
retentionDays: 30
s3:
bucket: paperclip-backups
path: backups/prod
region: us-east-1
credentialsSecretRef:
name: backup-s3-credentials
resources:
requests:
cpu: "1"
memory: 1Gi
limits:
cpu: "4"
memory: 4Gi---
Build and run locally
git clone https://github.com/paperclipinc/paperclip-operator.git
cd paperclip-operator
go mod download
make install # Install CRDs into current cluster
make run # Run operator locally against current kubeconfigBuild Docker image
make docker-build IMG=my-registry/paperclip-operator:devQuick Start
LLM API keys (optional)
kubectl create secret generic paperclip-api-keys \ --from-literal=ANTHROPIC_API_KEY="sk-ant-..." \ --from-literal=OPENAI_API_KEY="sk-..." ```
Configuration
Image Configuration
spec:
image:
repository: ghcr.io/paperclipinc/paperclip # default
tag: latest # default
digest: sha256:abc123... # optional, overrides tag
pullPolicy: IfNotPresent # "Always", "Never", or "IfNotPresent"
pullSecrets:
- name: my-registry-secret
autoUpdate:
enabled: true
interval: 5m # polling interval (minimum: 1m)When autoUpdate is enabled, the operator polls the container registry for new digests matching the configured tag and triggers a rolling update when a new digest is detected. Auto-update is a no-op for digest-pinned images.
Environment Variables
Inject additional environment variables directly or from ConfigMaps/Secrets:
spec:
env:
- name: MY_CUSTOM_VAR
value: "my-value"
- name: SECRET_VAR
valueFrom:
secretKeyRef:
name: my-secret
key: secret-key
envFrom:
- configMapRef:
name: my-configmap
- secretRef:
name: my-secretLLM API Keys
Inject API keys for Anthropic, OpenAI, and other LLM providers from a Kubernetes Secret:
spec:
adapters:
apiKeysSecretRef:
name: paperclip-api-keys
# Secret should contain: ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.Check phase and endpoint
kubectl get pci my-paperclip
Connections (OAuth Integrations)
Enable Paperclip's connections system for third-party OAuth integrations (GitHub, GitLab, Slack, etc.):
spec:
connections:
credentialsSecretRef:
name: paperclip-oauth-credentials
credentialsKey: PAPERCLIP_OAUTH_CREDENTIALS # default key name
providersConfigRef:
name: custom-providers # optional: extend built-in provider catalogThe credentials Secret must contain a JSON object mapping provider IDs to OAuth client credentials:
apiVersion: v1
kind: Secret
metadata:
name: paperclip-oauth-credentials
type: Opaque
stringData:
PAPERCLIP_OAUTH_CREDENTIALS: |
{
"github": {
"clientId": "Iv1.xxxxxxxxxxxxxxxx",
"clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
"slack": {
"clientId": "1234567890.1234567890",
"clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}Set the OAuth callback URL to https://<your-domain>/api/connections/callback.
Plugins
Install Paperclip plugins declaratively:
spec:
plugins:
- name: "@paperclip/analytics"
version: "1.2.0"
- name: "some-other-plugin"Paperclip Kubernetes Operator 是一个用于管理 Kubernetes 资源的 Operator。它提供了一个声明式的 API,让用户可以定义整个应用栈的资源,包括 StatefulSet、Service、ConfigMap、PVC、ServiceAccount、NetworkPolicy、Ingress、HPA、PDB 等。
Paperclip Operator 提供了以下功能:声明式 API、管理 PostgreSQL 数据库、支持连接外部数据库或使用嵌入式 PG 等。
环境依赖与系统要求:Kubernetes 1.28+、Helm 3(推荐)或 kubectl。
安装步骤:1. 安装 Operator;2. 创建必要的 Secrets;3. 部署 Paperclip 实例。
快速开始:1. 创建 Paperclip 实例;2. 配置实例的模式和暴露方式;3. 检查实例的状态和端点。
配置说明:1. LLM API keys(可选);2. Image 配置;3. 自动更新配置。
LLM API Keys:将 API keys 注入到 Kubernetes Secret 中,用于 Anthropic、OpenAI 和其他 LLM 提供商。
工作流 / 模块说明:1. 连接(OAuth 整合);2. 插件(可选);3. 自动更新配置等。
高质量的AI工作流管理工具
- 构建多智能体协作系统的 Agent 开发者
- 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- 容器内无法访问宿主机 localhost — 使用 host.docker.internal
- Docker:paperclip-operator 提供官方镜像,docker compose up 一键启动
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 构建多智能体协作系统的 Agent 开发者
- 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- 容器内无法访问宿主机 localhost — 使用 host.docker.internal
👥 适合人群
🎯 使用场景
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
⚖️ 优点与不足
- +Apache-2.0 协议,可免费商用
- +大幅减少重复性人工操作
- +可视化流程,清晰直观
- +可扩展性强,支持复杂场景
- −初始配置和调试需投入一定时间
- −强依赖外部服务的稳定性
- −复杂场景需具备一定技术基础
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
🔗 相关工具推荐
❓ 常见问题 FAQ
总体来看,纸夹运算符 是一款质量良好的Agent工作流,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | paperclip-operator |
| 原始描述 | 开源AI工作流:Kubernetes operator for managing Paperclip instances - the open-source AI agent 。⭐11 · Go |
| Topics | AIKubernetesGoHelm工作流 |
| GitHub | https://github.com/paperclipinc/paperclip-operator |
| License | Apache-2.0 |
| 语言 | Go |
收录时间:2026-06-04 · 更新时间:2026-06-06 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。