Skip to content

yassinebkr/openclaw

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

9,024 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

🦞 OpenClaw β€” Personal AI Assistant (Fork)

This is a fork of openclaw/openclaw with additional features for memory persistence, long-term context, agent security, and session resilience. See what's different below.


OpenClaw

EXFOLIATE! EXFOLIATE!

CI status GitHub release Discord MIT License

OpenClaw is a personal AI assistant you run on your own devices. It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, WebChat), plus extension channels like BlueBubbles, Matrix, Zalo, and Zalo Personal. It can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane β€” the product is the assistant.

If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.

Website Β· Docs Β· DeepWiki Β· Getting Started Β· Updating Β· Showcase Β· FAQ Β· Wizard Β· Nix Β· Docker Β· Discord

Preferred setup: run the onboarding wizard (openclaw onboard). It walks through gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on macOS, Linux, and Windows (via WSL2; strongly recommended). Works with npm, pnpm, or bun. New install? Start here: Getting started

Subscriptions (OAuth):

Model note: while any model is supported, I strongly recommend Anthropic Pro/Max (100/200) + Opus 4.6 for long‑context strength and better prompt‑injection resistance. See Onboarding.

Models (selection + auth)

Install (recommended)

Runtime: Node β‰₯22.

npm install -g openclaw@latest
# or: pnpm add -g openclaw@latest

openclaw onboard --install-daemon

The wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.

πŸ–₯️ VPS / Remote Server Setup

Running OpenClaw on a VPS (Contabo, Hetzner, DigitalOcean, etc.):

# 1. SSH in and create a non-root user
ssh root@YOUR_SERVER_IP
adduser openclaw && usermod -aG sudo openclaw

# 2. Set up firewall β€” only SSH, never expose gateway/app ports
sudo ufw allow OpenSSH && sudo ufw enable

# 3. Install Node 22+ (via nvm)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
source ~/.bashrc
nvm install 22

# 4. Install and configure OpenClaw
npm install -g openclaw@latest
openclaw onboard --install-daemon

# 5. Access remotely via SSH tunnel (from your local machine)
# ssh -L 3001:localhost:3001 openclaw@YOUR_SERVER_IP
# Then open http://localhost:3001 in your browser

Security: Never open ports 3001 or 28945 in the firewall. Always use an SSH tunnel or Cloudflare tunnel for remote access.

For a complete walkthrough (systemd services, Cloudflare tunnels, troubleshooting): see the full VPS setup guide.

Quick start (TL;DR)

Runtime: Node β‰₯22.

Full beginner guide (auth, pairing, channels): Getting started

openclaw onboard --install-daemon

openclaw gateway --port 18789 --verbose

# Send a message
openclaw message send --to +1234567890 --message "Hello from OpenClaw"

# Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Google Chat/Signal/iMessage/BlueBubbles/Microsoft Teams/Matrix/Zalo/Zalo Personal/WebChat)
openclaw agent --message "Ship checklist" --thinking high

Upgrading? Updating guide (and run openclaw doctor).

Development channels

  • stable: tagged releases (vYYYY.M.D or vYYYY.M.D-<patch>), npm dist-tag latest.
  • beta: prerelease tags (vYYYY.M.D-beta.N), npm dist-tag beta (macOS app may be missing).
  • dev: moving head of main, npm dist-tag dev (when published).

Switch channels (git + npm): openclaw update --channel stable|beta|dev. Details: Development channels.

From source (development)

Prefer pnpm for builds from source. Bun is optional for running TypeScript directly.

git clone https://github.com/openclaw/openclaw.git
cd openclaw

pnpm install
pnpm ui:build # auto-installs UI deps on first run
pnpm build

pnpm openclaw onboard --install-daemon

# Dev loop (auto-reload on TS changes)
pnpm gateway:watch

Note: pnpm openclaw ... runs TypeScript directly (via tsx). pnpm build produces dist/ for running via Node / the packaged openclaw binary.

Security defaults (DM access)

OpenClaw connects to real messaging surfaces. Treat inbound DMs as untrusted input.

Full security guide: Security

Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Google Chat/Slack:

  • DM pairing (dmPolicy="pairing" / channels.discord.dm.policy="pairing" / channels.slack.dm.policy="pairing"): unknown senders receive a short pairing code and the bot does not process their message.
  • Approve with: openclaw pairing approve <channel> <code> (then the sender is added to a local allowlist store).
  • Public inbound DMs require an explicit opt-in: set dmPolicy="open" and include "*" in the channel allowlist (allowFrom / channels.discord.dm.allowFrom / channels.slack.dm.allowFrom).

Run openclaw doctor to surface risky/misconfigured DM policies.

Highlights

  • Local-first Gateway β€” single control plane for sessions, channels, tools, and events.
  • Multi-channel inbox β€” WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, BlueBubbles (iMessage), iMessage (legacy), Microsoft Teams, Matrix, Zalo, Zalo Personal, WebChat, macOS, iOS/Android.
  • Multi-agent routing β€” route inbound channels/accounts/peers to isolated agents (workspaces + per-agent sessions).
  • Voice Wake + Talk Mode β€” always-on speech for macOS/iOS/Android with ElevenLabs.
  • Live Canvas β€” agent-driven visual workspace with A2UI.
  • First-class tools β€” browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
  • Companion apps β€” macOS menu bar app + iOS/Android nodes.
  • Onboarding + skills β€” wizard-driven setup with bundled/managed/workspace skills.

πŸ”± What's different in this fork

This fork extends upstream OpenClaw with features focused on memory persistence, long-term context, and agent security.

Memory Persistence Through Sessions & Compaction

The core challenge: when context gets compacted (summarized to fit token limits) or a new session starts, the agent loses all conversational context. This fork solves it with a 3-layer memory system:

Layer 1: Bootstrap File Injection

Workspace files (SOUL.md, AGENTS.md, USER.md, MEMORY.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md) are loaded fresh from disk and injected into the system prompt on every run β€” including compaction runs. This means the agent's identity, user knowledge, and curated long-term memory survive indefinitely, as long as the agent writes important context to these files.

  • Files are trimmed to 20K chars max (70% head + 20% tail with truncation marker)
  • Loaded via resolveBootstrapContextForRun() β†’ buildBootstrapContextFiles()
  • Available to both normal runs and compaction runs

Layer 2: Vector Memory Search (memory_search tool)

All workspace memory/ files (and optionally session transcripts) are chunked, embedded, and stored in a local SQLite database with vector similarity search:

Feature Details
Embeddings OpenAI text-embedding-3-small, Gemini gemini-embedding-001, or local models
Storage SQLite + sqlite-vec extension for vector similarity
Search Hybrid: 70% vector similarity + 30% BM25 full-text search
Chunking 400 tokens per chunk, 80 token overlap
Sync File watcher (chokidar), on session start, on search, or on interval
Sources memory/ files (default) + session transcripts (experimental)
Results Max 6 results, minimum 0.35 relevance score

The agent can call memory_search to semantically search across all its memory files and past session transcripts β€” not just what's in the current context window.

Layer 3: Session Memory Hook (/new auto-archiving)

When the /new command is called to start a fresh session, a bundled hook automatically:

  1. Reads the last 15 messages from the current session transcript
  2. Generates a descriptive slug via LLM (e.g., clawos-security-audit)
  3. Saves the session content to memory/YYYY-MM-DD-slug.md

This ensures conversations are archived before being discarded, and become searchable via Layer 2.

Compaction Safeguard

When context is compacted, the compaction-safeguard extension preserves critical metadata in the summary:

  • <read-files> β€” list of files the agent was reading
  • <modified-files> β€” list of files the agent changed
  • Tool failures β€” recent errors preserved for debugging continuity
  • Dropped message recovery β€” if messages are pruned for context budget, they get a separate LLM summary so context isn't lost entirely

Agent Security (ClawOS Plugin)

This fork includes the ClawOS security plugin β€” a 9-layer defense system protecting against prompt injection, data exfiltration, and session corruption. See the ClawOS repo for details.

Pending PRs to Upstream

These features are implemented in this fork and submitted to upstream OpenClaw:

PR Feature Status
#10678 after_tool_call hook Open, CI green
#10679 gateway_start / gateway_stop lifecycle hooks Open, CI green
#10680 Hook registration docs (api.on() vs api.registerHook()) Open, CI green

Our Vision: Local-First, Compaction-Resilient Memory

The OpenClaw ecosystem has 12+ memory plugins, each with a different philosophy. Here's how we see the landscape and where our approach fits:

The two camps

Approach Examples Pros Cons
External memory Mem0, Supermemory, MemoryPlugin Compaction-proof by design β€” memories live outside the context window Cloud dependency, latency, privacy trade-off
Local-first Our fork, bulletproof-memory, openclaw-memory, QMD Full privacy, zero cloud, low latency Must solve "survive compaction" at the architecture level

Why we chose local-first

We believe memory should be:

  1. On disk, not in the cloud. Your agent's memories are your data. They shouldn't live on someone else's server.
  2. Plain Markdown as source of truth. Files you can read, edit, grep, and version-control. No opaque vector databases as the primary store.
  3. Compaction-resilient by design, not by workaround. Bootstrap files are re-injected on every run β€” including compaction runs. This isn't a plugin that hopes to survive compaction; it's wired into the core runner.
  4. Agent-controlled retrieval. The agent decides when to search (memory_search) rather than auto-injecting every turn (which floods context with irrelevant memories and wastes tokens).
  5. Zero external dependencies. No API keys required for memory to work. SQLite + sqlite-vec runs entirely local.

How it compares

Feature Cloud plugins (Mem0, Supermemory) WAL/file plugins (bulletproof-memory) This fork
Survives compaction βœ… External storage βœ… Files on disk βœ… Bootstrap injection + files
Survives session restart βœ… βœ… βœ…
Semantic search βœ… Cloud embeddings ❌ βœ… Local SQLite + sqlite-vec
Auto-archiving on /new ❌ ❌ βœ… Session-memory hook
Privacy ⚠️ Cloud βœ… Local βœ… Local
Token efficiency ⚠️ Auto-inject every turn βœ… On-demand βœ… On-demand search
Infrastructure Requires API key + cloud Zero Zero

Architecture diagram

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                    Every Agent Run                            β”‚
β”‚                                                              β”‚
β”‚  1. Bootstrap injection (SOUL, AGENTS, USER, MEMORY, TOOLS)  β”‚
β”‚     β†’ Always loaded, survives compaction + restarts           β”‚
β”‚                                                              β”‚
β”‚  2. Compaction safeguard                                      β”‚
β”‚     β†’ Preserves read-files, modified-files in summary         β”‚
β”‚     β†’ Pre-compaction memory flush prompt                      β”‚
β”‚                                                              β”‚
β”‚  3. Vector memory search (on-demand via memory_search)        β”‚
β”‚     β†’ SQLite + sqlite-vec, hybrid BM25 + vector               β”‚
β”‚     β†’ Indexes memory/*.md + session transcripts               β”‚
β”‚                                                              β”‚
β”‚  4. Session archiving (on /new)                               β”‚
β”‚     β†’ LLM-generated slug β†’ memory/YYYY-MM-DD-slug.md         β”‚
β”‚     β†’ Auto-archived, searchable via Layer 3                   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

The key insight: we don't fight compaction β€” we work with it. Bootstrap files ensure the agent always knows who it is and what matters. Vector search gives it access to everything else on demand. Session archiving means nothing is lost when starting fresh.


πŸ“± Channel Setup

Quick setup guides for connecting your agent to messaging platforms.

WhatsApp

  1. Add the WhatsApp config to ~/.openclaw/openclaw.json.
  2. Run openclaw channels login and scan the QR code via WhatsApp > Settings > Linked Devices.
  3. Start the gateway.
{
  channels: {
    whatsapp: {
      dmPolicy: "allowlist",
      allowFrom: ["+15551234567"], // your phone number (E.164)
    },
  },
}

Gotchas:

  • Your personal number works fine. If you want a dedicated bot number, a prepaid SIM or eSIM works β€” avoid VoIP/virtual numbers.
  • Bun runtime is not supported β€” use Node.
  • Credentials are stored in ~/.openclaw/credentials/whatsapp/.

See full WhatsApp docs

Telegram

  1. Create a bot with @BotFather β€” verify the handle is exactly @BotFather. Copy the token.
  2. Set the token in config or env (TELEGRAM_BOT_TOKEN). If both are set, config takes precedence.
  3. Start the gateway and DM your bot β€” DM access is pairing by default, approve the code.
{
  channels: {
    telegram: {
      enabled: true,
      botToken: "123456:ABCDEF",
      dmPolicy: "pairing",
      groups: { "*": { requireMention: true } },
    },
  },
}

Gotchas:

  • Bots default to Privacy Mode β€” they only see commands and mentions in groups. Either disable it (/setprivacy in BotFather) or make the bot a group admin.
  • After toggling privacy mode, you must remove and re-add the bot to each group for the change to take effect.
  • Long-polling is the default (no public URL needed). Webhook mode available via webhookUrl + webhookSecret.

See full Telegram docs

Discord

  1. Create a Discord application at the Developer Portal > Bot > copy the token.
  2. Enable Message Content Intent (required) and Server Members Intent (needed for name lookups/allowlists) in the Bot settings.
  3. Invite the bot to your server with bot + applications.commands scopes and message permissions.
  4. Set the token in config or env (DISCORD_BOT_TOKEN). If both are set, config takes precedence.
  5. Start the gateway. DM access is pairing by default.
{
  channels: {
    discord: {
      enabled: true,
      token: "YOUR_BOT_TOKEN",
      dm: {
        policy: "pairing",
        allowFrom: ["YOUR_USER_ID"],
      },
    },
  },
}

Gotchas:

  • Enable Developer Mode in Discord (Settings > Advanced) to copy guild/channel/user IDs.
  • Without Message Content Intent, the bot connects but silently ignores all messages.
  • Guild channels require mention by default. Configure per-guild in guilds.
  • Don't grant the bot Administrator permission β€” give only the permissions it needs.

See full Discord docs

Signal

  1. Install signal-cli (requires Java).
  2. Link the bot device: signal-cli link -n "OpenClaw" and scan the QR in Signal.
  3. Configure and start the gateway.
{
  channels: {
    signal: {
      enabled: true,
      account: "+15551234567", // bot's Signal number
      cliPath: "signal-cli",
      dmPolicy: "pairing",
      allowFrom: ["+15557654321"], // your number
    },
  },
}

Gotchas:

  • A separate number is required for Signal. Running on your personal number means it ignores your own messages (loop protection β€” unlike WhatsApp, there's no self-chat workaround).
  • signal-cli has slow JVM cold starts. Use httpUrl + autoStart: false for external daemon mode on constrained hosts.
  • Signal has no usernames β€” use E.164 phone numbers or uuid:<id> in allowlists.

See full Signal docs


πŸ”‘ API Keys & Providers

All the API keys you need and where to get them.

Provider Purpose Free tier? Get your key
Anthropic (Claude) Primary LLM β€” recommended No (API billing or Claude subscription) console.anthropic.com (API key) or claude setup-token (subscription)
OpenAI GPT models, Whisper transcription No (API billing) platform.openai.com/api-keys
Moonshot (Kimi K2.5) Free alternative LLM Yes β€” free tier platform.moonshot.ai
Brave Search web_search tool Yes β€” free plan brave.com/search/api
Resend Email sending Yes β€” 100 emails/day resend.com
ElevenLabs Text-to-speech (TTS) Yes β€” limited elevenlabs.io

Anthropic (Claude) β€” Recommended

The primary and recommended provider. Two auth methods:

Option A: Setup token (Claude Pro/Max subscribers)

# On any machine with Claude CLI:
claude setup-token
# Then paste into OpenClaw:
openclaw models auth paste-token --provider anthropic

Option B: API key

{
  env: { ANTHROPIC_API_KEY: "sk-ant-..." },
  agents: { defaults: { model: { primary: "anthropic/claude-opus-4-6" } } },
}

See full Anthropic docs

OpenAI

Used for GPT models and also powers Whisper voice transcription in Scratchy.

{
  env: { OPENAI_API_KEY: "sk-..." },
  agents: { defaults: { model: { primary: "openai/gpt-4.1" } } },
}

The same API key is used for Whisper transcription (voice-to-text in Scratchy's voice input).

See full OpenAI docs

Moonshot / Kimi K2.5

Free-tier LLM with 256K context window. Good for testing or as a fallback.

  1. Create an account at platform.moonshot.ai.
  2. Generate an API key.
{
  env: { MOONSHOT_API_KEY: "sk-..." },
  agents: { defaults: { model: { primary: "moonshot/kimi-k2.5" } } },
}

Note: Moonshot and Kimi Coding are separate providers with different keys and endpoints. See the full docs for the detailed model config.

See full Moonshot docs

Brave Search

Powers the web_search tool. The Data for Search plan is required (not "Data for AI").

{
  tools: {
    web: {
      search: {
        provider: "brave",
        apiKey: "YOUR_BRAVE_API_KEY",
      },
    },
  },
}

Or set BRAVE_API_KEY as an environment variable.

See full Brave Search docs

Resend (Email) β€” Optional

For sending emails via the agent. Requires a verified domain for production use.

{
  env: { RESEND_API_KEY: "re_..." },
}

ElevenLabs (TTS) β€” Optional

For text-to-speech voice output.

{
  env: { ELEVENLABS_API_KEY: "..." },
}

πŸ›‘οΈ ClawOS β€” Agent Security Architecture

This fork includes ClawOS, a 9-layer security architecture for agent safety. It runs as an OpenClaw extension that intercepts all agent activity in real time.

What it does: ClawOS scans every tool call result (Layer 4+) for prompt injection patterns β€” attempts by external content to hijack the agent's instructions. When injection signals are detected, Layer C kicks in and blocks dangerous tools (exec, write, message) for the remainder of that run. This prevents a compromised agent from executing commands, modifying files, or sending messages on your behalf.

Why this matters: Agent self-verification is fundamentally unreliable. If an agent is successfully injected, asking it "were you injected?" will return "no" β€” because the injection told it to say that. ClawOS addresses this by enforcing security at the infrastructure level with before_tool_call hooks, outside the agent's own reasoning. The agent can't override its own guardrails.

Key capabilities:

  • Prompt injection detection via L4+ content scanning
  • Tool call interception with before_tool_call hooks
  • Layer C automatic blocking of dangerous tools when injection detected
  • Canary token tracking for data exfiltration detection
  • Integration with Scratchy for visual security status

See the ClawOS repo for the full architecture breakdown and layer definitions.


🐱 Scratchy β€” Recommended UI Client

Scratchy is a generative UI client built specifically for this fork.

  • Generative UI components β€” the agent renders rich interactive cards, charts, tables, and forms instead of plain text
  • Voice input with Whisper β€” speak to your agent with real-time transcription (requires OpenAI API key)
  • ClawOS security dashboard β€” visual layer status, injection alerts, and tool blocking indicators
  • WebSocket-native β€” connects directly to the OpenClaw Gateway with live streaming
  • Mobile-responsive β€” works on desktop and mobile browsers
  • Dark/light mode β€” automatic theme detection with manual toggle

Setup: clone the repo and run node serve.js. See the full setup guide for VPS deployment with systemd and remote access.


Star History

Star History Chart

Everything we built so far

Core platform

Channels

Apps + nodes

Tools + automation

Runtime + safety

Ops + packaging

How it works (short)

WhatsApp / Telegram / Slack / Discord / Google Chat / Signal / iMessage / BlueBubbles / Microsoft Teams / Matrix / Zalo / Zalo Personal / WebChat
               β”‚
               β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚            Gateway            β”‚
β”‚       (control plane)         β”‚
β”‚     ws://127.0.0.1:18789      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
               β”‚
               β”œβ”€ Pi agent (RPC)
               β”œβ”€ CLI (openclaw …)
               β”œβ”€ WebChat UI
               β”œβ”€ macOS app
               └─ iOS / Android nodes

Key subsystems

Tailscale access (Gateway dashboard)

OpenClaw can auto-configure Tailscale Serve (tailnet-only) or Funnel (public) while the Gateway stays bound to loopback. Configure gateway.tailscale.mode:

  • off: no Tailscale automation (default).
  • serve: tailnet-only HTTPS via tailscale serve (uses Tailscale identity headers by default).
  • funnel: public HTTPS via tailscale funnel (requires shared password auth).

Notes:

  • gateway.bind must stay loopback when Serve/Funnel is enabled (OpenClaw enforces this).
  • Serve can be forced to require a password by setting gateway.auth.mode: "password" or gateway.auth.allowTailscale: false.
  • Funnel refuses to start unless gateway.auth.mode: "password" is set.
  • Optional: gateway.tailscale.resetOnExit to undo Serve/Funnel on shutdown.

Details: Tailscale guide Β· Web surfaces

Remote Gateway (Linux is great)

It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over Tailscale Serve/Funnel or SSH tunnels, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.

  • Gateway host runs the exec tool and channel connections by default.
  • Device nodes run device‑local actions (system.run, camera, screen recording, notifications) via node.invoke. In short: exec runs where the Gateway lives; device actions run where the device lives.

Details: Remote access Β· Nodes Β· Security

macOS permissions via the Gateway protocol

The macOS app can run in node mode and advertises its capabilities + permission map over the Gateway WebSocket (node.list / node.describe). Clients can then execute local actions via node.invoke:

  • system.run runs a local command and returns stdout/stderr/exit code; set needsScreenRecording: true to require screen-recording permission (otherwise you’ll get PERMISSION_MISSING).
  • system.notify posts a user notification and fails if notifications are denied.
  • canvas.*, camera.*, screen.record, and location.get are also routed via node.invoke and follow TCC permission status.

Elevated bash (host permissions) is separate from macOS TCC:

  • Use /elevated on|off to toggle per‑session elevated access when enabled + allowlisted.
  • Gateway persists the per‑session toggle via sessions.patch (WS method) alongside thinkingLevel, verboseLevel, model, sendPolicy, and groupActivation.

Details: Nodes Β· macOS app Β· Gateway protocol

Agent to Agent (sessions_* tools)

  • Use these to coordinate work across sessions without jumping between chat surfaces.
  • sessions_list β€” discover active sessions (agents) and their metadata.
  • sessions_history β€” fetch transcript logs for a session.
  • sessions_send β€” message another session; optional reply‑back ping‑pong + announce step (REPLY_SKIP, ANNOUNCE_SKIP).

Details: Session tools

Skills registry (ClawHub)

ClawHub is a minimal skill registry. With ClawHub enabled, the agent can search for skills automatically and pull in new ones as needed.

ClawHub

Chat commands

Send these in WhatsApp/Telegram/Slack/Google Chat/Microsoft Teams/WebChat (group commands are owner-only):

  • /status β€” compact session status (model + tokens, cost when available)
  • /new or /reset β€” reset the session
  • /compact β€” compact session context (summary)
  • /think <level> β€” off|minimal|low|medium|high|xhigh (GPT-5.2 + Codex models only)
  • /verbose on|off
  • /usage off|tokens|full β€” per-response usage footer
  • /restart β€” restart the gateway (owner-only in groups)
  • /activation mention|always β€” group activation toggle (groups only)

Apps (optional)

The Gateway alone delivers a great experience. All apps are optional and add extra features.

If you plan to build/run companion apps, follow the platform runbooks below.

macOS (OpenClaw.app) (optional)

  • Menu bar control for the Gateway and health.
  • Voice Wake + push-to-talk overlay.
  • WebChat + debug tools.
  • Remote gateway control over SSH.

Note: signed builds required for macOS permissions to stick across rebuilds (see docs/mac/permissions.md).

iOS node (optional)

  • Pairs as a node via the Bridge.
  • Voice trigger forwarding + Canvas surface.
  • Controlled via openclaw nodes ….

Runbook: iOS connect.

Android node (optional)

  • Pairs via the same Bridge + pairing flow as iOS.
  • Exposes Canvas, Camera, and Screen capture commands.
  • Runbook: Android connect.

Agent workspace + skills

  • Workspace root: ~/.openclaw/workspace (configurable via agents.defaults.workspace).
  • Injected prompt files: AGENTS.md, SOUL.md, TOOLS.md.
  • Skills: ~/.openclaw/workspace/skills/<skill>/SKILL.md.

Configuration

Minimal ~/.openclaw/openclaw.json (model + defaults):

{
  agent: {
    model: "anthropic/claude-opus-4-6",
  },
}

Full configuration reference (all keys + examples).

Security model (important)

  • Default: tools run on the host for the main session, so the agent has full access when it’s just you.
  • Group/channel safety: set agents.defaults.sandbox.mode: "non-main" to run non‑main sessions (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
  • Sandbox defaults: allowlist bash, process, read, write, edit, sessions_list, sessions_history, sessions_send, sessions_spawn; denylist browser, canvas, nodes, cron, discord, gateway.

Details: Security guide Β· Docker + sandboxing Β· Sandbox config

  • Link the device: pnpm openclaw channels login (stores creds in ~/.openclaw/credentials).
  • Allowlist who can talk to the assistant via channels.whatsapp.allowFrom.
  • If channels.whatsapp.groups is set, it becomes a group allowlist; include "*" to allow all.
  • Set TELEGRAM_BOT_TOKEN or channels.telegram.botToken (env wins).
  • Optional: set channels.telegram.groups (with channels.telegram.groups."*".requireMention); when set, it is a group allowlist (include "*" to allow all). Also channels.telegram.allowFrom or channels.telegram.webhookUrl + channels.telegram.webhookSecret as needed.
{
  channels: {
    telegram: {
      botToken: "123456:ABCDEF",
    },
  },
}
  • Set SLACK_BOT_TOKEN + SLACK_APP_TOKEN (or channels.slack.botToken + channels.slack.appToken).
  • Set DISCORD_BOT_TOKEN or channels.discord.token (env wins).
  • Optional: set commands.native, commands.text, or commands.useAccessGroups, plus channels.discord.dm.allowFrom, channels.discord.guilds, or channels.discord.mediaMaxMb as needed.
{
  channels: {
    discord: {
      token: "1234abcd",
    },
  },
}
  • Requires signal-cli and a channels.signal config section.
  • Recommended iMessage integration.
  • Configure channels.bluebubbles.serverUrl + channels.bluebubbles.password and a webhook (channels.bluebubbles.webhookPath).
  • The BlueBubbles server runs on macOS; the Gateway can run on macOS or elsewhere.
  • Legacy macOS-only integration via imsg (Messages must be signed in).
  • If channels.imessage.groups is set, it becomes a group allowlist; include "*" to allow all.
  • Configure a Teams app + Bot Framework, then add a msteams config section.
  • Allowlist who can talk via msteams.allowFrom; group access via msteams.groupAllowFrom or msteams.groupPolicy: "open".
  • Uses the Gateway WebSocket; no separate WebChat port/config.

Browser control (optional):

{
  browser: {
    enabled: true,
    color: "#FF4500",
  },
}

Docs

Use these when you’re past the onboarding flow and want the deeper reference.

Advanced docs (discovery + control)

Operations & troubleshooting

Deep dives

Workspace & skills

Platform internals

Email hooks (Gmail)

Molty

OpenClaw was built for Molty, a space lobster AI assistant. 🦞 by Peter Steinberger and the community.

Community

See CONTRIBUTING.md for guidelines, maintainers, and how to submit PRs. AI/vibe-coded PRs welcome! πŸ€–

Special thanks to Mario Zechner for his support and for pi-mono. Special thanks to Adam Doppelt for lobster.bot.

Thanks to all clawtributors:

steipete joshp123 cpojer Mariano Belinky plum-dawg bohdanpodvirnyi sebslight iHildy jaydenfyi joaohlisboa mneves75 MatthieuBizien Glucksberg MaudeBot gumadeiras tyler6204 rahthakor vrknetha vignesh07 radek-paclt abdelsfane Tobias Bischoff christianklotz czekaj ethanpalm mukhtharcm maxsumrall xadenryan VACInc rodrigouroz juanpablodlc conroywhitney hsrvc magimetal zerone0x Takhoffman meaningfool mudrii patelhiren NicholasSpisak jonisjongithub abhisekbasu1 jamesgroat BunsDev claude JustYannicc Hyaxia dantelex SocialNerd42069 daveonkels google-labs-jules[bot] lc0rp adam91holt mousberg hougangdev shakkernerd coygeek mteam88 hirefrank M00N7682 joeynyc orlyjamie dbhurley Eng. Juan Combetto TSavo aerolalit julianengel bradleypriest benithors lsh411 gut-puncture rohannagpal timolins f-trycua benostein elliotsecops nachx639 pvoo sreekaransrinath gupsammy cristip73 stefangalescu nachoiacovino Vasanth Rao Naik Sabavat petter-b thewilloftheshadow leszekszpunar scald pycckuu andranik-sahakyan davidguttman sleontenko denysvitali clawdinator[bot] TinyTb sircrumpet peschee nicolasstanley davidiach nonggialiang ironbyte-rgb rafaelreis-r dominicnunez lploc94 ratulsarna sfo2001 lutr0 kiranjd danielz1z Iranb AdeboyeDN Alg0rix obviyus papago2355 emanuelst evanotero KristijanJovanovski jlowin rdev rhuanssauro joshrad-dev osolmaz adityashaw2 CashWilliams sheeek ryancontent jasonsschin artuskg onutc pauloportella HirokiKobayashi-R ThanhNguyxn 18-RAJAT kimitaka yuting0624 neooriginal manuelhettich minghinmatthewlam unisone baccula manikv12 myfunc travisirby fujiwara-tofu-shop buddyh connorshea bjesuiter kyleok slonce70 mcinteerj badlogic dependabot[bot] amitbiswal007 John-Rood timkrase uos-status gerardward2007 roshanasingh4 tosh-hamburg azade-c dlauer grp06 JonUleis shivamraut101 cheeeee robbyczgw-cla YuriNachos Josh Phillips Wangnov kaizen403 pookNast Whoaa512 chriseidhof ngutman therealZpoint-bot wangai-studio ysqander Yurii Chukhlib aj47 kennyklee superman32432432 Hisleren shatner antons austinm911 blacksmith-sh[bot] damoahdominic dan-dr GHesericsu HeimdallStrategy imfing jalehman jarvis-medmatic kkarimi Lukavyi mahmoudashraf93 pkrmf RandyVentures robhparker Ryan Lisse Yeom-JinHo doodlewind dougvk erikpr1994 fal3 Ghost hyf0-agent jonasjancarik Keith the Silly Goose L36 Server Marc mitschabaude-bot mkbehr neist sibbl zats abhijeet117 chrisrodz Friederike Seiler gabriel-trigo iamadig itsjling Jonathan D. Rhyne (DJ-D) Joshua Mitchell kelvinCB Kit koala73 manmal mattqdev mitsuhiko ogulcancelik pasogott petradonka rubyrunsstuff siddhantjain spiceoogway suminhthanh svkozak wes-davis 24601 ameno- bonald bravostation Chris Taylor dguido Django Navarro evalexpr henrino3 humanwritten j2h4u larlyssa odysseus0 oswalpalash pcty-nextgen-service-account pi0 rmorse Roopak Nijhara Syhids Ubuntu xiaose Aaron Konyer aaronveklabs aldoeliacim andreabadesso Andrii BinaryMuse bqcfjwhz85-arch cash-echo-bot Clawd ClawdFx damaozi danballance Elarwei001 EnzeD erik-agens Evizero fcatuhe gildo hclsys itsjaydesu ivancasco ivanrvpereira Jarvis jayhickey jeffersonwarrior jeffersonwarrior jverdi lailoo longmaba Marco Marandiz MarvinCui mattezell mjrussell odnxe optimikelabs p6l-richard philipp-spiess Pocket Clawd robaxelsen Sash Catanzarite Suksham-sharma T5-AndyML tewatia thejhinvirtuoso travisp VAC william arzt yudshj zknicker 0oAstro abhaymundhara aduk059 aisling404 akramcodez alejandro maza Alex-Alaniz alexanderatallah alexstyl AlexZhangji andrewting19 anpoirier araa47 arthyn Asleep123 Ayush Ojha Ayush10 bguidolim bolismauro caelum0x championswimmer chenyuan99 Chloe-VP Clawdbot Maintainers conhecendoia dasilva333 David-Marsh-Photo deepsoumya617 Developer Dimitrios Ploutarchos Drake Thomsen dvrshil dxd5001 dylanneve1 Felix Krause foeken frankekn fredheir ganghyun kim grrowl gtsifrikas HassanFleyah HazAT hrdwdmrbl hugobarauna iamEvanYT ichbinlucaskim Jamie Openshaw Jane Jarvis Deploy Jefferson Nunn jogi47 kentaro Kevin Lin kira-ariaki kitze Kiwitwitter levifig Lloyd loganaden longjos loukotal louzhixian mac mimi martinpucik Matt mini mcaxtr mertcicekci0 Miles mrdbstn MSch Mustafa Tag Eldeen mylukin nathanbosse ndraiman nexty5870 Noctivoro Omar-Khaleel ozgur-polat ppamment prathamdby ptn1411 rafelbev reeltimeapps RLTCmpe Rony Kelner ryancnelson Samrat Jha senoldogann Seredeep sergical shiv19 shiyuanhai Shrinija17 siraht snopoke stephenchen2025 techboss testingabc321 The Admiral thesash Vibe Kanban vincentkoc voidserf Vultr-Clawd Admin Wimmie wolfred wstock wytheme YangHuang2280 yazinsai yevhen YiWang24 ymat19 Zach Knickerbocker zackerthescar 0xJonHoldsCrypto aaronn Alphonse-arianee atalovesyou Azade carlulsoe ddyo Erik jiulingyun latitudeki5223 Manuel Maly Mourad Boustani odrobnik pcty-nextgen-ios-builder Quentin Randy Torres rhjoh Rolf Fredheim ronak-guliani William Stock

About

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • TypeScript 83.7%
  • Swift 12.4%
  • Kotlin 1.7%
  • Shell 0.8%
  • CSS 0.5%
  • JavaScript 0.3%
  • Other 0.6%