This is a fork of openclaw/openclaw with additional features for memory persistence, long-term context, agent security, and session resilience. See what's different below.
EXFOLIATE! EXFOLIATE!
OpenClaw is a personal AI assistant you run on your own devices. It answers you on the channels you already use (WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, WebChat), plus extension channels like BlueBubbles, Matrix, Zalo, and Zalo Personal. It can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane β the product is the assistant.
If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.
Website Β· Docs Β· DeepWiki Β· Getting Started Β· Updating Β· Showcase Β· FAQ Β· Wizard Β· Nix Β· Docker Β· Discord
Preferred setup: run the onboarding wizard (openclaw onboard). It walks through gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on macOS, Linux, and Windows (via WSL2; strongly recommended).
Works with npm, pnpm, or bun.
New install? Start here: Getting started
Subscriptions (OAuth):
Model note: while any model is supported, I strongly recommend Anthropic Pro/Max (100/200) + Opus 4.6 for longβcontext strength and better promptβinjection resistance. See Onboarding.
- Models config + CLI: Models
- Auth profile rotation (OAuth vs API keys) + fallbacks: Model failover
Runtime: Node β₯22.
npm install -g openclaw@latest
# or: pnpm add -g openclaw@latest
openclaw onboard --install-daemonThe wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.
Running OpenClaw on a VPS (Contabo, Hetzner, DigitalOcean, etc.):
# 1. SSH in and create a non-root user
ssh root@YOUR_SERVER_IP
adduser openclaw && usermod -aG sudo openclaw
# 2. Set up firewall β only SSH, never expose gateway/app ports
sudo ufw allow OpenSSH && sudo ufw enable
# 3. Install Node 22+ (via nvm)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
source ~/.bashrc
nvm install 22
# 4. Install and configure OpenClaw
npm install -g openclaw@latest
openclaw onboard --install-daemon
# 5. Access remotely via SSH tunnel (from your local machine)
# ssh -L 3001:localhost:3001 openclaw@YOUR_SERVER_IP
# Then open http://localhost:3001 in your browserSecurity: Never open ports 3001 or 28945 in the firewall. Always use an SSH tunnel or Cloudflare tunnel for remote access.
For a complete walkthrough (systemd services, Cloudflare tunnels, troubleshooting): see the full VPS setup guide.
Runtime: Node β₯22.
Full beginner guide (auth, pairing, channels): Getting started
openclaw onboard --install-daemon
openclaw gateway --port 18789 --verbose
# Send a message
openclaw message send --to +1234567890 --message "Hello from OpenClaw"
# Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Google Chat/Signal/iMessage/BlueBubbles/Microsoft Teams/Matrix/Zalo/Zalo Personal/WebChat)
openclaw agent --message "Ship checklist" --thinking highUpgrading? Updating guide (and run openclaw doctor).
- stable: tagged releases (
vYYYY.M.DorvYYYY.M.D-<patch>), npm dist-taglatest. - beta: prerelease tags (
vYYYY.M.D-beta.N), npm dist-tagbeta(macOS app may be missing). - dev: moving head of
main, npm dist-tagdev(when published).
Switch channels (git + npm): openclaw update --channel stable|beta|dev.
Details: Development channels.
Prefer pnpm for builds from source. Bun is optional for running TypeScript directly.
git clone https://github.com/openclaw/openclaw.git
cd openclaw
pnpm install
pnpm ui:build # auto-installs UI deps on first run
pnpm build
pnpm openclaw onboard --install-daemon
# Dev loop (auto-reload on TS changes)
pnpm gateway:watchNote: pnpm openclaw ... runs TypeScript directly (via tsx). pnpm build produces dist/ for running via Node / the packaged openclaw binary.
OpenClaw connects to real messaging surfaces. Treat inbound DMs as untrusted input.
Full security guide: Security
Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Google Chat/Slack:
- DM pairing (
dmPolicy="pairing"/channels.discord.dm.policy="pairing"/channels.slack.dm.policy="pairing"): unknown senders receive a short pairing code and the bot does not process their message. - Approve with:
openclaw pairing approve <channel> <code>(then the sender is added to a local allowlist store). - Public inbound DMs require an explicit opt-in: set
dmPolicy="open"and include"*"in the channel allowlist (allowFrom/channels.discord.dm.allowFrom/channels.slack.dm.allowFrom).
Run openclaw doctor to surface risky/misconfigured DM policies.
- Local-first Gateway β single control plane for sessions, channels, tools, and events.
- Multi-channel inbox β WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, BlueBubbles (iMessage), iMessage (legacy), Microsoft Teams, Matrix, Zalo, Zalo Personal, WebChat, macOS, iOS/Android.
- Multi-agent routing β route inbound channels/accounts/peers to isolated agents (workspaces + per-agent sessions).
- Voice Wake + Talk Mode β always-on speech for macOS/iOS/Android with ElevenLabs.
- Live Canvas β agent-driven visual workspace with A2UI.
- First-class tools β browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
- Companion apps β macOS menu bar app + iOS/Android nodes.
- Onboarding + skills β wizard-driven setup with bundled/managed/workspace skills.
This fork extends upstream OpenClaw with features focused on memory persistence, long-term context, and agent security.
The core challenge: when context gets compacted (summarized to fit token limits) or a new session starts, the agent loses all conversational context. This fork solves it with a 3-layer memory system:
Workspace files (SOUL.md, AGENTS.md, USER.md, MEMORY.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md) are loaded fresh from disk and injected into the system prompt on every run β including compaction runs. This means the agent's identity, user knowledge, and curated long-term memory survive indefinitely, as long as the agent writes important context to these files.
- Files are trimmed to 20K chars max (70% head + 20% tail with truncation marker)
- Loaded via
resolveBootstrapContextForRun()βbuildBootstrapContextFiles() - Available to both normal runs and compaction runs
All workspace memory/ files (and optionally session transcripts) are chunked, embedded, and stored in a local SQLite database with vector similarity search:
| Feature | Details |
|---|---|
| Embeddings | OpenAI text-embedding-3-small, Gemini gemini-embedding-001, or local models |
| Storage | SQLite + sqlite-vec extension for vector similarity |
| Search | Hybrid: 70% vector similarity + 30% BM25 full-text search |
| Chunking | 400 tokens per chunk, 80 token overlap |
| Sync | File watcher (chokidar), on session start, on search, or on interval |
| Sources | memory/ files (default) + session transcripts (experimental) |
| Results | Max 6 results, minimum 0.35 relevance score |
The agent can call memory_search to semantically search across all its memory files and past session transcripts β not just what's in the current context window.
When the /new command is called to start a fresh session, a bundled hook automatically:
- Reads the last 15 messages from the current session transcript
- Generates a descriptive slug via LLM (e.g.,
clawos-security-audit) - Saves the session content to
memory/YYYY-MM-DD-slug.md
This ensures conversations are archived before being discarded, and become searchable via Layer 2.
When context is compacted, the compaction-safeguard extension preserves critical metadata in the summary:
<read-files>β list of files the agent was reading<modified-files>β list of files the agent changed- Tool failures β recent errors preserved for debugging continuity
- Dropped message recovery β if messages are pruned for context budget, they get a separate LLM summary so context isn't lost entirely
This fork includes the ClawOS security plugin β a 9-layer defense system protecting against prompt injection, data exfiltration, and session corruption. See the ClawOS repo for details.
These features are implemented in this fork and submitted to upstream OpenClaw:
| PR | Feature | Status |
|---|---|---|
| #10678 | after_tool_call hook |
Open, CI green |
| #10679 | gateway_start / gateway_stop lifecycle hooks |
Open, CI green |
| #10680 | Hook registration docs (api.on() vs api.registerHook()) |
Open, CI green |
The OpenClaw ecosystem has 12+ memory plugins, each with a different philosophy. Here's how we see the landscape and where our approach fits:
| Approach | Examples | Pros | Cons |
|---|---|---|---|
| External memory | Mem0, Supermemory, MemoryPlugin | Compaction-proof by design β memories live outside the context window | Cloud dependency, latency, privacy trade-off |
| Local-first | Our fork, bulletproof-memory, openclaw-memory, QMD | Full privacy, zero cloud, low latency | Must solve "survive compaction" at the architecture level |
We believe memory should be:
- On disk, not in the cloud. Your agent's memories are your data. They shouldn't live on someone else's server.
- Plain Markdown as source of truth. Files you can read, edit, grep, and version-control. No opaque vector databases as the primary store.
- Compaction-resilient by design, not by workaround. Bootstrap files are re-injected on every run β including compaction runs. This isn't a plugin that hopes to survive compaction; it's wired into the core runner.
- Agent-controlled retrieval. The agent decides when to search (
memory_search) rather than auto-injecting every turn (which floods context with irrelevant memories and wastes tokens). - Zero external dependencies. No API keys required for memory to work. SQLite + sqlite-vec runs entirely local.
| Feature | Cloud plugins (Mem0, Supermemory) | WAL/file plugins (bulletproof-memory) | This fork |
|---|---|---|---|
| Survives compaction | β External storage | β Files on disk | β Bootstrap injection + files |
| Survives session restart | β | β | β |
| Semantic search | β Cloud embeddings | β | β Local SQLite + sqlite-vec |
Auto-archiving on /new |
β | β | β Session-memory hook |
| Privacy | β Local | β Local | |
| Token efficiency | β On-demand | β On-demand search | |
| Infrastructure | Requires API key + cloud | Zero | Zero |
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Every Agent Run β
β β
β 1. Bootstrap injection (SOUL, AGENTS, USER, MEMORY, TOOLS) β
β β Always loaded, survives compaction + restarts β
β β
β 2. Compaction safeguard β
β β Preserves read-files, modified-files in summary β
β β Pre-compaction memory flush prompt β
β β
β 3. Vector memory search (on-demand via memory_search) β
β β SQLite + sqlite-vec, hybrid BM25 + vector β
β β Indexes memory/*.md + session transcripts β
β β
β 4. Session archiving (on /new) β
β β LLM-generated slug β memory/YYYY-MM-DD-slug.md β
β β Auto-archived, searchable via Layer 3 β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The key insight: we don't fight compaction β we work with it. Bootstrap files ensure the agent always knows who it is and what matters. Vector search gives it access to everything else on demand. Session archiving means nothing is lost when starting fresh.
Quick setup guides for connecting your agent to messaging platforms.
- Add the WhatsApp config to
~/.openclaw/openclaw.json. - Run
openclaw channels loginand scan the QR code via WhatsApp > Settings > Linked Devices. - Start the gateway.
{
channels: {
whatsapp: {
dmPolicy: "allowlist",
allowFrom: ["+15551234567"], // your phone number (E.164)
},
},
}Gotchas:
- Your personal number works fine. If you want a dedicated bot number, a prepaid SIM or eSIM works β avoid VoIP/virtual numbers.
- Bun runtime is not supported β use Node.
- Credentials are stored in
~/.openclaw/credentials/whatsapp/.
- Create a bot with @BotFather β verify the handle is exactly
@BotFather. Copy the token. - Set the token in config or env (
TELEGRAM_BOT_TOKEN). If both are set, config takes precedence. - Start the gateway and DM your bot β DM access is pairing by default, approve the code.
{
channels: {
telegram: {
enabled: true,
botToken: "123456:ABCDEF",
dmPolicy: "pairing",
groups: { "*": { requireMention: true } },
},
},
}Gotchas:
- Bots default to Privacy Mode β they only see commands and mentions in groups. Either disable it (
/setprivacyin BotFather) or make the bot a group admin. - After toggling privacy mode, you must remove and re-add the bot to each group for the change to take effect.
- Long-polling is the default (no public URL needed). Webhook mode available via
webhookUrl+webhookSecret.
- Create a Discord application at the Developer Portal > Bot > copy the token.
- Enable Message Content Intent (required) and Server Members Intent (needed for name lookups/allowlists) in the Bot settings.
- Invite the bot to your server with
bot+applications.commandsscopes and message permissions. - Set the token in config or env (
DISCORD_BOT_TOKEN). If both are set, config takes precedence. - Start the gateway. DM access is pairing by default.
{
channels: {
discord: {
enabled: true,
token: "YOUR_BOT_TOKEN",
dm: {
policy: "pairing",
allowFrom: ["YOUR_USER_ID"],
},
},
},
}Gotchas:
- Enable Developer Mode in Discord (Settings > Advanced) to copy guild/channel/user IDs.
- Without Message Content Intent, the bot connects but silently ignores all messages.
- Guild channels require mention by default. Configure per-guild in
guilds. - Don't grant the bot Administrator permission β give only the permissions it needs.
- Install
signal-cli(requires Java). - Link the bot device:
signal-cli link -n "OpenClaw"and scan the QR in Signal. - Configure and start the gateway.
{
channels: {
signal: {
enabled: true,
account: "+15551234567", // bot's Signal number
cliPath: "signal-cli",
dmPolicy: "pairing",
allowFrom: ["+15557654321"], // your number
},
},
}Gotchas:
- A separate number is required for Signal. Running on your personal number means it ignores your own messages (loop protection β unlike WhatsApp, there's no self-chat workaround).
signal-clihas slow JVM cold starts. UsehttpUrl+autoStart: falsefor external daemon mode on constrained hosts.- Signal has no usernames β use E.164 phone numbers or
uuid:<id>in allowlists.
See full Signal docs
All the API keys you need and where to get them.
| Provider | Purpose | Free tier? | Get your key |
|---|---|---|---|
| Anthropic (Claude) | Primary LLM β recommended | No (API billing or Claude subscription) | console.anthropic.com (API key) or claude setup-token (subscription) |
| OpenAI | GPT models, Whisper transcription | No (API billing) | platform.openai.com/api-keys |
| Moonshot (Kimi K2.5) | Free alternative LLM | Yes β free tier | platform.moonshot.ai |
| Brave Search | web_search tool |
Yes β free plan | brave.com/search/api |
| Resend | Email sending | Yes β 100 emails/day | resend.com |
| ElevenLabs | Text-to-speech (TTS) | Yes β limited | elevenlabs.io |
The primary and recommended provider. Two auth methods:
Option A: Setup token (Claude Pro/Max subscribers)
# On any machine with Claude CLI:
claude setup-token
# Then paste into OpenClaw:
openclaw models auth paste-token --provider anthropicOption B: API key
{
env: { ANTHROPIC_API_KEY: "sk-ant-..." },
agents: { defaults: { model: { primary: "anthropic/claude-opus-4-6" } } },
}Used for GPT models and also powers Whisper voice transcription in Scratchy.
{
env: { OPENAI_API_KEY: "sk-..." },
agents: { defaults: { model: { primary: "openai/gpt-4.1" } } },
}The same API key is used for Whisper transcription (voice-to-text in Scratchy's voice input).
See full OpenAI docs
Free-tier LLM with 256K context window. Good for testing or as a fallback.
- Create an account at platform.moonshot.ai.
- Generate an API key.
{
env: { MOONSHOT_API_KEY: "sk-..." },
agents: { defaults: { model: { primary: "moonshot/kimi-k2.5" } } },
}Note: Moonshot and Kimi Coding are separate providers with different keys and endpoints. See the full docs for the detailed model config.
Powers the web_search tool. The Data for Search plan is required (not "Data for AI").
{
tools: {
web: {
search: {
provider: "brave",
apiKey: "YOUR_BRAVE_API_KEY",
},
},
},
}Or set BRAVE_API_KEY as an environment variable.
For sending emails via the agent. Requires a verified domain for production use.
{
env: { RESEND_API_KEY: "re_..." },
}For text-to-speech voice output.
{
env: { ELEVENLABS_API_KEY: "..." },
}This fork includes ClawOS, a 9-layer security architecture for agent safety. It runs as an OpenClaw extension that intercepts all agent activity in real time.
What it does: ClawOS scans every tool call result (Layer 4+) for prompt injection patterns β attempts by external content to hijack the agent's instructions. When injection signals are detected, Layer C kicks in and blocks dangerous tools (exec, write, message) for the remainder of that run. This prevents a compromised agent from executing commands, modifying files, or sending messages on your behalf.
Why this matters: Agent self-verification is fundamentally unreliable. If an agent is successfully injected, asking it "were you injected?" will return "no" β because the injection told it to say that. ClawOS addresses this by enforcing security at the infrastructure level with before_tool_call hooks, outside the agent's own reasoning. The agent can't override its own guardrails.
Key capabilities:
- Prompt injection detection via L4+ content scanning
- Tool call interception with
before_tool_callhooks - Layer C automatic blocking of dangerous tools when injection detected
- Canary token tracking for data exfiltration detection
- Integration with Scratchy for visual security status
See the ClawOS repo for the full architecture breakdown and layer definitions.
Scratchy is a generative UI client built specifically for this fork.
- Generative UI components β the agent renders rich interactive cards, charts, tables, and forms instead of plain text
- Voice input with Whisper β speak to your agent with real-time transcription (requires OpenAI API key)
- ClawOS security dashboard β visual layer status, injection alerts, and tool blocking indicators
- WebSocket-native β connects directly to the OpenClaw Gateway with live streaming
- Mobile-responsive β works on desktop and mobile browsers
- Dark/light mode β automatic theme detection with manual toggle
Setup: clone the repo and run node serve.js. See the full setup guide for VPS deployment with systemd and remote access.
- Gateway WS control plane with sessions, presence, config, cron, webhooks, Control UI, and Canvas host.
- CLI surface: gateway, agent, send, wizard, and doctor.
- Pi agent runtime in RPC mode with tool streaming and block streaming.
- Session model:
mainfor direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: Groups. - Media pipeline: images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: Audio.
- Channels: WhatsApp (Baileys), Telegram (grammY), Slack (Bolt), Discord (discord.js), Google Chat (Chat API), Signal (signal-cli), BlueBubbles (iMessage, recommended), iMessage (legacy imsg), Microsoft Teams (extension), Matrix (extension), Zalo (extension), Zalo Personal (extension), WebChat.
- Group routing: mention gating, reply tags, per-channel chunking and routing. Channel rules: Channels.
- macOS app: menu bar control plane, Voice Wake/PTT, Talk Mode overlay, WebChat, debug tools, remote gateway control.
- iOS node: Canvas, Voice Wake, Talk Mode, camera, screen recording, Bonjour pairing.
- Android node: Canvas, Talk Mode, camera, screen recording, optional SMS.
- macOS node mode: system.run/notify + canvas/camera exposure.
- Browser control: dedicated openclaw Chrome/Chromium, snapshots, actions, uploads, profiles.
- Canvas: A2UI push/reset, eval, snapshot.
- Nodes: camera snap/clip, screen record, location.get, notifications.
- Cron + wakeups; webhooks; Gmail Pub/Sub.
- Skills platform: bundled, managed, and workspace skills with install gating + UI.
- Channel routing, retry policy, and streaming/chunking.
- Presence, typing indicators, and usage tracking.
- Models, model failover, and session pruning.
- Security and troubleshooting.
- Control UI + WebChat served directly from the Gateway.
- Tailscale Serve/Funnel or SSH tunnels with token/password auth.
- Nix mode for declarative config; Docker-based installs.
- Doctor migrations, logging.
WhatsApp / Telegram / Slack / Discord / Google Chat / Signal / iMessage / BlueBubbles / Microsoft Teams / Matrix / Zalo / Zalo Personal / WebChat
β
βΌ
βββββββββββββββββββββββββββββββββ
β Gateway β
β (control plane) β
β ws://127.0.0.1:18789 β
ββββββββββββββββ¬βββββββββββββββββ
β
ββ Pi agent (RPC)
ββ CLI (openclaw β¦)
ββ WebChat UI
ββ macOS app
ββ iOS / Android nodes
- Gateway WebSocket network β single WS control plane for clients, tools, and events (plus ops: Gateway runbook).
- Tailscale exposure β Serve/Funnel for the Gateway dashboard + WS (remote access: Remote).
- Browser control β openclawβmanaged Chrome/Chromium with CDP control.
- Canvas + A2UI β agentβdriven visual workspace (A2UI host: Canvas/A2UI).
- Voice Wake + Talk Mode β alwaysβon speech and continuous conversation.
- Nodes β Canvas, camera snap/clip, screen record,
location.get, notifications, plus macOSβonlysystem.run/system.notify.
OpenClaw can auto-configure Tailscale Serve (tailnet-only) or Funnel (public) while the Gateway stays bound to loopback. Configure gateway.tailscale.mode:
off: no Tailscale automation (default).serve: tailnet-only HTTPS viatailscale serve(uses Tailscale identity headers by default).funnel: public HTTPS viatailscale funnel(requires shared password auth).
Notes:
gateway.bindmust stayloopbackwhen Serve/Funnel is enabled (OpenClaw enforces this).- Serve can be forced to require a password by setting
gateway.auth.mode: "password"orgateway.auth.allowTailscale: false. - Funnel refuses to start unless
gateway.auth.mode: "password"is set. - Optional:
gateway.tailscale.resetOnExitto undo Serve/Funnel on shutdown.
Details: Tailscale guide Β· Web surfaces
Itβs perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over Tailscale Serve/Funnel or SSH tunnels, and you can still pair device nodes (macOS/iOS/Android) to execute deviceβlocal actions when needed.
- Gateway host runs the exec tool and channel connections by default.
- Device nodes run deviceβlocal actions (
system.run, camera, screen recording, notifications) vianode.invoke. In short: exec runs where the Gateway lives; device actions run where the device lives.
Details: Remote access Β· Nodes Β· Security
The macOS app can run in node mode and advertises its capabilities + permission map over the Gateway WebSocket (node.list / node.describe). Clients can then execute local actions via node.invoke:
system.runruns a local command and returns stdout/stderr/exit code; setneedsScreenRecording: trueto require screen-recording permission (otherwise youβll getPERMISSION_MISSING).system.notifyposts a user notification and fails if notifications are denied.canvas.*,camera.*,screen.record, andlocation.getare also routed vianode.invokeand follow TCC permission status.
Elevated bash (host permissions) is separate from macOS TCC:
- Use
/elevated on|offto toggle perβsession elevated access when enabled + allowlisted. - Gateway persists the perβsession toggle via
sessions.patch(WS method) alongsidethinkingLevel,verboseLevel,model,sendPolicy, andgroupActivation.
Details: Nodes Β· macOS app Β· Gateway protocol
- Use these to coordinate work across sessions without jumping between chat surfaces.
sessions_listβ discover active sessions (agents) and their metadata.sessions_historyβ fetch transcript logs for a session.sessions_sendβ message another session; optional replyβback pingβpong + announce step (REPLY_SKIP,ANNOUNCE_SKIP).
Details: Session tools
ClawHub is a minimal skill registry. With ClawHub enabled, the agent can search for skills automatically and pull in new ones as needed.
Send these in WhatsApp/Telegram/Slack/Google Chat/Microsoft Teams/WebChat (group commands are owner-only):
/statusβ compact session status (model + tokens, cost when available)/newor/resetβ reset the session/compactβ compact session context (summary)/think <level>β off|minimal|low|medium|high|xhigh (GPT-5.2 + Codex models only)/verbose on|off/usage off|tokens|fullβ per-response usage footer/restartβ restart the gateway (owner-only in groups)/activation mention|alwaysβ group activation toggle (groups only)
The Gateway alone delivers a great experience. All apps are optional and add extra features.
If you plan to build/run companion apps, follow the platform runbooks below.
- Menu bar control for the Gateway and health.
- Voice Wake + push-to-talk overlay.
- WebChat + debug tools.
- Remote gateway control over SSH.
Note: signed builds required for macOS permissions to stick across rebuilds (see docs/mac/permissions.md).
- Pairs as a node via the Bridge.
- Voice trigger forwarding + Canvas surface.
- Controlled via
openclaw nodes β¦.
Runbook: iOS connect.
- Pairs via the same Bridge + pairing flow as iOS.
- Exposes Canvas, Camera, and Screen capture commands.
- Runbook: Android connect.
- Workspace root:
~/.openclaw/workspace(configurable viaagents.defaults.workspace). - Injected prompt files:
AGENTS.md,SOUL.md,TOOLS.md. - Skills:
~/.openclaw/workspace/skills/<skill>/SKILL.md.
Minimal ~/.openclaw/openclaw.json (model + defaults):
{
agent: {
model: "anthropic/claude-opus-4-6",
},
}Full configuration reference (all keys + examples).
- Default: tools run on the host for the main session, so the agent has full access when itβs just you.
- Group/channel safety: set
agents.defaults.sandbox.mode: "non-main"to run nonβmain sessions (groups/channels) inside perβsession Docker sandboxes; bash then runs in Docker for those sessions. - Sandbox defaults: allowlist
bash,process,read,write,edit,sessions_list,sessions_history,sessions_send,sessions_spawn; denylistbrowser,canvas,nodes,cron,discord,gateway.
Details: Security guide Β· Docker + sandboxing Β· Sandbox config
- Link the device:
pnpm openclaw channels login(stores creds in~/.openclaw/credentials). - Allowlist who can talk to the assistant via
channels.whatsapp.allowFrom. - If
channels.whatsapp.groupsis set, it becomes a group allowlist; include"*"to allow all.
- Set
TELEGRAM_BOT_TOKENorchannels.telegram.botToken(env wins). - Optional: set
channels.telegram.groups(withchannels.telegram.groups."*".requireMention); when set, it is a group allowlist (include"*"to allow all). Alsochannels.telegram.allowFromorchannels.telegram.webhookUrl+channels.telegram.webhookSecretas needed.
{
channels: {
telegram: {
botToken: "123456:ABCDEF",
},
},
}- Set
SLACK_BOT_TOKEN+SLACK_APP_TOKEN(orchannels.slack.botToken+channels.slack.appToken).
- Set
DISCORD_BOT_TOKENorchannels.discord.token(env wins). - Optional: set
commands.native,commands.text, orcommands.useAccessGroups, pluschannels.discord.dm.allowFrom,channels.discord.guilds, orchannels.discord.mediaMaxMbas needed.
{
channels: {
discord: {
token: "1234abcd",
},
},
}- Requires
signal-cliand achannels.signalconfig section.
- Recommended iMessage integration.
- Configure
channels.bluebubbles.serverUrl+channels.bluebubbles.passwordand a webhook (channels.bluebubbles.webhookPath). - The BlueBubbles server runs on macOS; the Gateway can run on macOS or elsewhere.
- Legacy macOS-only integration via
imsg(Messages must be signed in). - If
channels.imessage.groupsis set, it becomes a group allowlist; include"*"to allow all.
- Configure a Teams app + Bot Framework, then add a
msteamsconfig section. - Allowlist who can talk via
msteams.allowFrom; group access viamsteams.groupAllowFromormsteams.groupPolicy: "open".
- Uses the Gateway WebSocket; no separate WebChat port/config.
Browser control (optional):
{
browser: {
enabled: true,
color: "#FF4500",
},
}Use these when youβre past the onboarding flow and want the deeper reference.
- Start with the docs index for navigation and βwhatβs where.β
- Read the architecture overview for the gateway + protocol model.
- Use the full configuration reference when you need every key and example.
- Run the Gateway by the book with the operational runbook.
- Learn how the Control UI/Web surfaces work and how to expose them safely.
- Understand remote access over SSH tunnels or tailnets.
- Follow the onboarding wizard flow for a guided setup.
- Wire external triggers via the webhook surface.
- Set up Gmail Pub/Sub triggers.
- Learn the macOS menu bar companion details.
- Platform guides: Windows (WSL2), Linux, macOS, iOS, Android
- Debug common failures with the troubleshooting guide.
- Review security guidance before exposing anything.
- Skills config
- Default AGENTS
- Templates: AGENTS
- Templates: BOOTSTRAP
- Templates: IDENTITY
- Templates: SOUL
- Templates: TOOLS
- Templates: USER
OpenClaw was built for Molty, a space lobster AI assistant. π¦ by Peter Steinberger and the community.
See CONTRIBUTING.md for guidelines, maintainers, and how to submit PRs. AI/vibe-coded PRs welcome! π€
Special thanks to Mario Zechner for his support and for pi-mono. Special thanks to Adam Doppelt for lobster.bot.
Thanks to all clawtributors: