Autonomous AI Agents Running Your Business

OpenClaw-MABOS is a Multi-Agent Business Operating System built on the OpenClaw personal AI assistant platform. It deploys autonomous AI agents — each representing a C-suite or functional role — that perceive their environment, reason about goals, form plans, and execute actions across real business systems.

MABOS combines three architectural paradigms into a unified system:

• BDI Cognitive Architecture (from OpenClaw-MABOS core) — 16 autonomous agents with beliefs, desires, intentions, 35 reasoning methods, TypeDB knowledge graphs (runtime data storage) governed by SBVR ontology schemas (business vocabulary and rules)
• Corporate Governance (inspired by Paperclip) — atomic budget enforcement, RBAC, append-only audit trails, multi-company isolation
• Autonomous Agent Runtime (inspired by Hermes Agent) — multi-model routing with fallback chains, MoA ensemble reasoning, self-improving skill creation, session intelligence with user modeling, execution sandboxes (Docker/SSH/Modal), security hardening

Website · Docs · Vision · Architecture · Getting Started · Design Doc · Discord

┌─────────────────────────────────────────────────────────────────────┐
│                        MISSION CONTROL                              │
│                   (Operator Dashboard — Next.js)                    │
│        AI Planning, Task Dispatch, Knowledge Capture, Goal Kanban   │
├─────────────────────────────────────────────────────────────────────┤
│                     OPENCLAW GATEWAY (port 18789)                   │
├──────────┬──────────┬──────────┬──────────┬──────────┬──────────────┤
│ SECURITY │GOVERNANCE│  MODEL   │ SESSION  │EXECUTION │  SKILL LOOP  │
│          │          │  ROUTER  │  INTEL   │ SANDBOX  │              │
│ Injection│ Budget   │ 11-model │ FTS5     │ Local +  │ Auto-create  │
│ scanning │ ledger   │ registry │ search   │ Docker + │ from sessions│
│ SSRF     │ RBAC     │ Fallback │ Cross-   │ SSH +    │ Marketplace  │
│ Content  │ Audit    │ chains   │ session  │ Modal    │ Nudge system │
│ sanitize │ trail    │ Prompt   │ recall   │ File     │ Prompt       │
│ Tool     │ Multi-   │ caching  │ User     │ transfer │ injection    │
│ approval │ company  │ MoA      │ modeling │          │              │
│ guards   │          │ ensemble │          │          │              │
├──────────┴──────────┴──────────┴──────────┴──────────┴──────────────┤
│                        MABOS CORE ENGINE                            │
│  ┌─────────────┐ ┌──────────────┐ ┌──────────────┐ ┌─────────────┐ │
│  │ BDI Cycle   │ │ 35 Reasoning │ │ TypeDB       │ │ SBVR        │ │
│  │ 16 Agents   │ │ Methods      │ │ Knowledge    │ │ Ontology    │ │
│  │ 10-file     │ │ (formal,     │ │ Graphs       │ │ Schemas     │ │
│  │ cognitive   │ │ probabilistic│ │ (data store  │ │ (vocabulary │ │
│  │ state       │ │ causal,      │ │ + TypeQL)    │ │ + rules)    │ │
│  │             │ │ social, meta)│ │              │ │             │ │
│  └─────────────┘ └──────────────┘ └──────────────┘ └─────────────┘ │
│  ┌──────────────────────────────────────────────────────────────┐   │
│  │ 125 Agent Tools: BDI, Shopify, CRM, ERP, Email, Marketing, │   │
│  │ Finance, Compliance, Knowledge Graph, Workflows, Reasoning  │   │
│  └──────────────────────────────────────────────────────────────┘   │
├─────────────────────────────────────────────────────────────────────┤
│                    35+ MESSAGING CHANNELS                           │
│ WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Teams,       │
│ Matrix, LINE, IRC, Google Chat, Zalo, WebChat, and more            │
├─────────────────────────────────────────────────────────────────────┤
│           STORAGE: TypeDB + PostgreSQL + SQLite + LanceDB          │
└─────────────────────────────────────────────────────────────────────┘

Each agent runs a BDI (Belief-Desire-Intention) cycle with a 10-file cognitive state:

~/.openclaw/workspace/agents/{agent-id}/
├── Beliefs.md          # What the agent knows (certainty-scored)
├── Desires.md          # What the agent wants (priority-sorted)
├── Goals.md            # Strategic/tactical/operational goals
├── Intentions.md       # Committed plans with deadlines
├── Plans.md            # Available action plans
├── Skills.md           # Agent capabilities
├── Observations.md     # Sensory input from environment
├── Facts.json          # SPO triples with provenance
├── Memory.md           # Long-term memory
└── experience-log.jsonl # Timestamped action history

Dual-Process Cognitive Router (3-tier fast-then-slow pipeline):

• Tier 1 (Reflexive): 0 LLM calls — pattern-matched signals
• Tier 2 (Analytical): 1 LLM call — medium-urgency signals
• Tier 3 (Deliberative): 3-5 LLM calls — strategic reasoning

35 Reasoning Methods across 6 categories:

Protects all agent operations with three defense layers:

• Injection Scanner — 8 detection patterns covering prompt injection (role override, delimiter escape, invisible unicode), exfiltration (curl, base64, DNS), and data extraction (env dump, file paths)
• Content Sanitizer — Neutralizes detected threats by redacting high/critical matches and escaping lower-severity patterns. Strips invisible Unicode, escapes prompt delimiters
• SSRF Validator — Blocks private IPs (10.x, 172.16-31.x, 192.168.x), cloud metadata (169.254.169.254), localhost, and non-HTTP protocols. Supports explicit domain allowlists
• Tool Approval Guard — Flags dangerous tools (delete operations, payments, external comms) for operator approval. Wildcard matching, role-based auto-approve, sensitive argument redaction, pending approval queue
• HTTP API: GET /mabos/security/status, GET /mabos/security/scan-log, GET /mabos/security/approvals, POST /mabos/security/approvals/resolve

Atomic budget enforcement inspired by Paperclip:

• Budget Ledger — SQLite WAL-mode database with reservation pattern. Before every tool call, funds are reserved atomically; after execution, settled at actual cost. Prevents double-spend across concurrent agents. Daily and monthly limits per agent
• RBAC Engine — Four roles (admin, operator, agent, viewer) with wildcard permission matching. Deny overrides allow
• Audit Log — Append-only SQLite trail of every tool call, budget event, and security incident. Filterable by time range, action, and actor
• Multi-Company Isolation — All budget, audit, and session data scoped to company ID. Enables multi-tenant deployments
• Agent Tools: budget_status, budget_request, audit_query
• HTTP API: GET /mabos/governance/budget/summary, GET /mabos/governance/audit

Multi-provider model routing inspired by Hermes Agent:

• 11-Model Registry — Anthropic (Claude Opus/Sonnet/Haiku), OpenAI (GPT-4.1/O3/O4-mini), Google (Gemini 2.5 Pro/Flash), DeepSeek (R1/V3). Each with context window, pricing, and capability metadata
• Fallback Chains — Automatic model failover. If primary model is unavailable, transparently falls through to next in chain
• Cost Estimation — Per-model token pricing with configurable overrides. Cheapest-model suggestions based on requirements (context window, vision, thinking)
• Prompt Caching — Anthropic cache control optimization with configurable breakpoints. Cache hit/miss tracking with estimated savings
• MoA Ensemble — Mixture-of-Agents reasoning: 4 diverse models generate independent responses, an aggregator synthesizes the best answer. Agreement scoring detects consensus
• Agent Tools: model_list, model_cost, model_switch, reason_ensemble
• HTTP API: GET /mabos/models/list, GET /mabos/models/health

Cross-session organizational memory:

• FTS5 Index — SQLite full-text search with Porter stemming across all past conversations. Agent and company scoping
• Cross-Session Recall — Groups search results by session, ranks by relevance. Enables agents to reference past decisions and discussions
• User Profile Builder — Dialectic user modeling that analyzes session history to capture communication style, domain expertise, workflow preferences, and decision patterns. Profile injected into agent system prompts for personalization
• Session-End Indexing — Automatically indexes completed sessions via session_end plugin hook
• Agent Tools: session_search, session_recall, user_profile
• HTTP API: GET /mabos/sessions/search, POST /mabos/sessions/recall, GET /mabos/sessions/profile

Isolated terminal backends for safe agent code execution:

• Local Backend — Pass-through to host shell (default, zero overhead)
• Docker Backend — Container lifecycle management with memory limits, CPU caps, PID limits, network isolation. Containers created per-task, destroyed after
• SSH Backend — Remote execution via SSH with configurable host, port, user, and key path
• Modal Backend — Serverless GPU execution on Modal for ML/AI workloads
• File Transfer — Upload files into sandboxes and download results back to local filesystem via base64 encoding
• Per-Agent Routing — Configure which agents use which backend (e.g., CTO gets Docker, CEO gets local)
• Terminal Interception — Hooks into terminal/execute_command tool calls to transparently route through sandbox when enabled
• Agent Tools: sandbox_exec, sandbox_upload, sandbox_download, sandbox_status, sandbox_destroy
• HTTP API: GET /mabos/sandbox/status, POST /mabos/sandbox/destroy-all

Autonomous self-improvement from experience:

• Skill Registry — File-based skill discovery across configurable paths. Each skill is a SKILL.md + manifest.json directory. Search by name, tags, description, or agent role
• Skill Creator — Analyzes successful multi-tool sessions and proposes reusable skills. Extracts tool-call sequences, generalizes parameters, generates markdown documentation
• Nudge System — After every N sessions (configurable), evaluates whether the session could become a reusable skill. Surfaces proposals to the operator for approval
• Marketplace — Browse and install skills from ClawHub and GitHub community sources. Validates GitHub URLs for SSRF prevention
• Prompt Injection — Automatically injects relevant skills into agent prompts based on task context, agent role, and recently used tools
• Agent Tools: skill_list, skill_search, skill_create, skill_install, skill_run
• HTTP API: GET /mabos/skills, GET /mabos/skills/search, POST /mabos/skills/install

27+ page web UI at /mabos/dashboard/:

Plus a Command Palette (Cmd+K) with sections for navigation, agent actions, tools, models, and skills.

107 original MABOS tools + 18 new tools from the unified modules:

All modules expose REST endpoints under /mabos/ for dashboard consumption and external integration:

All new modules are config-gated via feature flags. Security is on by default; all others are opt-in.

# openclaw.json — MABOS module configuration
mabos:
  workspaceDir: ~/.openclaw/workspace
  bdiCycleIntervalMinutes: 30
  cognitiveContextEnabled: true

  # Security (on by default)
  securityEnabled: true
  security:
    injectionScanning:
      enabled: true
      blockOnDetection: true
    toolGuard:
      enabled: true
      dangerousTools: ["execute_command", "shopify_delete_*", "send_payment"]
      autoApproveForRoles: ["admin", "operator"]

  # Governance
  governanceEnabled: true
  governance:
    budget:
      enabled: true
      defaultDailyLimitUsd: 50
      defaultMonthlyLimitUsd: 500
      requireApprovalAboveUsd: 25
    rbac:
      enabled: true
      defaultRole: agent
    audit:
      enabled: true
      retentionDays: 90

  # Model Router
  modelRouterEnabled: true
  modelRouter:
    defaultProvider: anthropic
    fallbackChain:
      - anthropic/claude-opus-4-6
      - openai/gpt-4.1
      - deepseek/deepseek-r1
    promptCaching:
      enabled: true
    moa:
      enabled: true

  # Session Intelligence
  sessionIntelEnabled: true
  sessionIntel:
    fts:
      enabled: true
    recall:
      enabled: true
      summarizeResults: true
    userModel:
      enabled: true
      updateInterval: 5

  # Execution Sandbox
  sandboxEnabled: true
  sandbox:
    defaultBackend: docker
    docker:
      image: node:22-slim
      memoryLimitMb: 512
      networkMode: bridge
    ssh:
      host: sandbox.example.com
      user: agent
    modal:
      appName: mabos-sandbox

  # Skill Loop
  skillLoopEnabled: true
  skillLoop:
    creationNudgeInterval: 10
    marketplace:
      enabled: true

75 tests across 13 test files covering all new modules:

# Run all module tests
npx vitest run extensions/mabos/extensions-mabos/tests/security-*.test.ts \
  extensions/mabos/extensions-mabos/tests/governance-*.test.ts \
  extensions/mabos/extensions-mabos/tests/model-router-*.test.ts \
  extensions/mabos/extensions-mabos/tests/session-intel-*.test.ts \
  extensions/mabos/extensions-mabos/tests/sandbox-*.test.ts \
  extensions/mabos/extensions-mabos/tests/skill-loop-*.test.ts \
  --config vitest.extensions.config.ts

All 6 modules register through the MABOS extension entry point with config-driven activation and graceful error handling. Each module follows a consistent pattern:

1. Config-gated activation — disabled by default (except Security), enabled via feature flags
2. Graceful degradation — if a module fails to initialize, the rest of the system continues
3. Plugin SDK hooks — before_tool_call, after_tool_call, llm_output, session_end, before_prompt_build
4. HTTP routes — registered via api.registerHttpRoute() for dashboard consumption
5. Zero new root dependencies — all module deps live in the extension package.json

• Unified MABOS Design — Full architecture, data flow, and config reference
• Implementation Plan — TDD task breakdown with code

OpenClaw-MABOS extends the OpenClaw personal AI assistant platform. Everything below is the base OpenClaw functionality.

Preferred setup: run the onboarding wizard (openclaw onboard) in your terminal. The wizard guides you step by step through setting up the gateway, workspace, channels, and skills. The CLI wizard is the recommended path and works on macOS, Linux, and Windows (via WSL2; strongly recommended). Works with npm, pnpm, or bun. New install? Start here: Getting started

OpenAI	Vercel	Blacksmith	Convex

Subscriptions (OAuth):

• OpenAI (ChatGPT/Codex)

Model note: while many providers/models are supported, for the best experience and lower prompt-injection risk use the strongest latest-generation model available to you. See Onboarding.

• Models config + CLI: Models
• Auth profile rotation (OAuth vs API keys) + fallbacks: Model failover

Runtime: Node ≥22.

npm install -g openclaw@latest
# or: pnpm add -g openclaw@latest

openclaw onboard --install-daemon

The wizard installs the Gateway daemon (launchd/systemd user service) so it stays running.

Runtime: Node ≥22.

Full beginner guide (auth, pairing, channels): Getting started

openclaw onboard --install-daemon

openclaw gateway --port 18789 --verbose

# Send a message
openclaw message send --to +1234567890 --message "Hello from OpenClaw"

# Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Google Chat/Signal/iMessage/BlueBubbles/IRC/Microsoft Teams/Matrix/Feishu/LINE/Mattermost/Nextcloud Talk/Nostr/Synology Chat/Tlon/Twitch/Zalo/Zalo Personal/WebChat)
openclaw agent --message "Ship checklist" --thinking high

Upgrading? Updating guide (and run openclaw doctor).

• stable: tagged releases (vYYYY.M.D or vYYYY.M.D-<patch>), npm dist-tag latest.
• beta: prerelease tags (vYYYY.M.D-beta.N), npm dist-tag beta (macOS app may be missing).
• dev: moving head of main, npm dist-tag dev (when published).

Switch channels (git + npm): openclaw update --channel stable|beta|dev. Details: Development channels.

Prefer pnpm for builds from source. Bun is optional for running TypeScript directly.

git clone https://github.com/openclaw/openclaw.git
cd openclaw

pnpm install
pnpm ui:build # auto-installs UI deps on first run
pnpm build

pnpm openclaw onboard --install-daemon

# Dev loop (auto-reload on TS changes)
pnpm gateway:watch

Note: pnpm openclaw ... runs TypeScript directly (via tsx). pnpm build produces dist/ for running via Node / the packaged openclaw binary.

OpenClaw connects to real messaging surfaces. Treat inbound DMs as untrusted input.

Full security guide: Security

Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Google Chat/Slack:

• DM pairing (dmPolicy="pairing" / channels.discord.dmPolicy="pairing" / channels.slack.dmPolicy="pairing"; legacy: channels.discord.dm.policy, channels.slack.dm.policy): unknown senders receive a short pairing code and the bot does not process their message.
• Approve with: openclaw pairing approve <channel> <code> (then the sender is added to a local allowlist store).
• Public inbound DMs require an explicit opt-in: set dmPolicy="open" and include "*" in the channel allowlist (allowFrom / channels.discord.allowFrom / channels.slack.allowFrom; legacy: channels.discord.dm.allowFrom, channels.slack.dm.allowFrom).

Run openclaw doctor to surface risky/misconfigured DM policies.

• Local-first Gateway — single control plane for sessions, channels, tools, and events.
• Multi-channel inbox — WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, BlueBubbles (iMessage), iMessage (legacy), IRC, Microsoft Teams, Matrix, Feishu, LINE, Mattermost, Nextcloud Talk, Nostr, Synology Chat, Tlon, Twitch, Zalo, Zalo Personal, WebChat, macOS, iOS/Android.
• Multi-agent routing — route inbound channels/accounts/peers to isolated agents (workspaces + per-agent sessions).
• Voice Wake + Talk Mode — wake words on macOS/iOS and continuous voice on Android (ElevenLabs + system TTS fallback).
• Live Canvas — agent-driven visual workspace with A2UI.
• First-class tools — browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
• Companion apps — macOS menu bar app + iOS/Android nodes.
• Onboarding + skills — wizard-driven setup with bundled/managed/workspace skills.

• Gateway WS control plane with sessions, presence, config, cron, webhooks, Control UI, and Canvas host.
• CLI surface: gateway, agent, send, wizard, and doctor.
• Pi agent runtime in RPC mode with tool streaming and block streaming.
• Session model: main for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: Groups.
• Media pipeline: images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: Audio.

• Channels: WhatsApp (Baileys), Telegram (grammY), Slack (Bolt), Discord (discord.js), Google Chat (Chat API), Signal (signal-cli), BlueBubbles (iMessage, recommended), iMessage (legacy imsg), IRC, Microsoft Teams, Matrix, Feishu, LINE, Mattermost, Nextcloud Talk, Nostr, Synology Chat, Tlon, Twitch, Zalo, Zalo Personal, WebChat.
• Group routing: mention gating, reply tags, per-channel chunking and routing. Channel rules: Channels.

• macOS app: menu bar control plane, Voice Wake/PTT, Talk Mode overlay, WebChat, debug tools, remote gateway control.
• iOS node: Canvas, Voice Wake, Talk Mode, camera, screen recording, Bonjour + device pairing.
• Android node: Connect tab (setup code/manual), chat sessions, voice tab, Canvas, camera/screen recording, and Android device commands (notifications/location/SMS/photos/contacts/calendar/motion/app update).
• macOS node mode: system.run/notify + canvas/camera exposure.

• Browser control: dedicated openclaw Chrome/Chromium, snapshots, actions, uploads, profiles.
• Canvas: A2UI push/reset, eval, snapshot.
• Nodes: camera snap/clip, screen record, location.get, notifications.
• Cron + wakeups; webhooks; Gmail Pub/Sub.
• Skills platform: bundled, managed, and workspace skills with install gating + UI.

• Channel routing, retry policy, and streaming/chunking.
• Presence, typing indicators, and usage tracking.
• Models, model failover, and session pruning.
• Security and troubleshooting.

• Control UI + WebChat served directly from the Gateway.
• Tailscale Serve/Funnel or SSH tunnels with token/password auth.
• Nix mode for declarative config; Docker-based installs.
• Doctor migrations, logging.

WhatsApp / Telegram / Slack / Discord / Google Chat / Signal / iMessage / BlueBubbles / IRC / Microsoft Teams / Matrix / Feishu / LINE / Mattermost / Nextcloud Talk / Nostr / Synology Chat / Tlon / Twitch / Zalo / Zalo Personal / WebChat
               │
               ▼
┌───────────────────────────────┐
│            Gateway            │
│       (control plane)         │
│     ws://127.0.0.1:18789      │
└──────────────┬────────────────┘
               │
               ├─ Pi agent (RPC)
               ├─ CLI (openclaw …)
               ├─ WebChat UI
               ├─ macOS app
               └─ iOS / Android nodes

• Gateway WebSocket network — single WS control plane for clients, tools, and events (plus ops: Gateway runbook).
• Tailscale exposure — Serve/Funnel for the Gateway dashboard + WS (remote access: Remote).
• Browser control — openclaw‑managed Chrome/Chromium with CDP control.
• Canvas + A2UI — agent‑driven visual workspace (A2UI host: Canvas/A2UI).
• Voice Wake + Talk Mode — wake words on macOS/iOS plus continuous voice on Android.
• Nodes — Canvas, camera snap/clip, screen record, location.get, notifications, plus macOS‑only system.run/system.notify.

OpenClaw can auto-configure Tailscale Serve (tailnet-only) or Funnel (public) while the Gateway stays bound to loopback. Configure gateway.tailscale.mode:

• off: no Tailscale automation (default).
• serve: tailnet-only HTTPS via tailscale serve (uses Tailscale identity headers by default).
• funnel: public HTTPS via tailscale funnel (requires shared password auth).

Notes:

• gateway.bind must stay loopback when Serve/Funnel is enabled (OpenClaw enforces this).
• Serve can be forced to require a password by setting gateway.auth.mode: "password" or gateway.auth.allowTailscale: false.
• Funnel refuses to start unless gateway.auth.mode: "password" is set.
• Optional: gateway.tailscale.resetOnExit to undo Serve/Funnel on shutdown.

Details: Tailscale guide · Web surfaces

It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over Tailscale Serve/Funnel or SSH tunnels, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.

• Gateway host runs the exec tool and channel connections by default.
• Device nodes run device‑local actions (system.run, camera, screen recording, notifications) via node.invoke. In short: exec runs where the Gateway lives; device actions run where the device lives.

Details: Remote access · Nodes · Security

The macOS app can run in node mode and advertises its capabilities + permission map over the Gateway WebSocket (node.list / node.describe). Clients can then execute local actions via node.invoke:

• system.run runs a local command and returns stdout/stderr/exit code; set needsScreenRecording: true to require screen-recording permission (otherwise you’ll get PERMISSION_MISSING).
• system.notify posts a user notification and fails if notifications are denied.
• canvas.*, camera.*, screen.record, and location.get are also routed via node.invoke and follow TCC permission status.

Elevated bash (host permissions) is separate from macOS TCC:

• Use /elevated on|off to toggle per‑session elevated access when enabled + allowlisted.
• Gateway persists the per‑session toggle via sessions.patch (WS method) alongside thinkingLevel, verboseLevel, model, sendPolicy, and groupActivation.

Details: Nodes · macOS app · Gateway protocol

• Use these to coordinate work across sessions without jumping between chat surfaces.
• sessions_list — discover active sessions (agents) and their metadata.
• sessions_history — fetch transcript logs for a session.
• sessions_send — message another session; optional reply‑back ping‑pong + announce step (REPLY_SKIP, ANNOUNCE_SKIP).

Details: Session tools

ClawHub is a minimal skill registry. With ClawHub enabled, the agent can search for skills automatically and pull in new ones as needed.

ClawHub

Send these in WhatsApp/Telegram/Slack/Google Chat/Microsoft Teams/WebChat (group commands are owner-only):

• /status — compact session status (model + tokens, cost when available)
• /new or /reset — reset the session
• /compact — compact session context (summary)
• /think <level> — off|minimal|low|medium|high|xhigh (GPT-5.2 + Codex models only)
• /verbose on|off
• /usage off|tokens|full — per-response usage footer
• /restart — restart the gateway (owner-only in groups)
• /activation mention|always — group activation toggle (groups only)

The Gateway alone delivers a great experience. All apps are optional and add extra features.

If you plan to build/run companion apps, follow the platform runbooks below.

• Menu bar control for the Gateway and health.
• Voice Wake + push-to-talk overlay.
• WebChat + debug tools.
• Remote gateway control over SSH.

Note: signed builds required for macOS permissions to stick across rebuilds (see docs/mac/permissions.md).

• Pairs as a node over the Gateway WebSocket (device pairing).
• Voice trigger forwarding + Canvas surface.
• Controlled via openclaw nodes ….

Runbook: iOS connect.

• Pairs as a WS node via device pairing (openclaw devices ...).
• Exposes Connect/Chat/Voice tabs plus Canvas, Camera, Screen capture, and Android device command families.
• Runbook: Android connect.

• Workspace root: ~/.openclaw/workspace (configurable via agents.defaults.workspace).
• Injected prompt files: AGENTS.md, SOUL.md, TOOLS.md.
• Skills: ~/.openclaw/workspace/skills/<skill>/SKILL.md.

Minimal ~/.openclaw/openclaw.json (model + defaults):

{
  agent: {
    model: "anthropic/claude-opus-4-6",
  },
}

Full configuration reference (all keys + examples).

• Default: tools run on the host for the main session, so the agent has full access when it’s just you.
• Group/channel safety: set agents.defaults.sandbox.mode: "non-main" to run non‑main sessions (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
• Sandbox defaults: allowlist bash, process, read, write, edit, sessions_list, sessions_history, sessions_send, sessions_spawn; denylist browser, canvas, nodes, cron, discord, gateway.

Details: Security guide · Docker + sandboxing · Sandbox config

• Link the device: pnpm openclaw channels login (stores creds in ~/.openclaw/credentials).
• Allowlist who can talk to the assistant via channels.whatsapp.allowFrom.
• If channels.whatsapp.groups is set, it becomes a group allowlist; include "*" to allow all.

• Set TELEGRAM_BOT_TOKEN or channels.telegram.botToken (env wins).
• Optional: set channels.telegram.groups (with channels.telegram.groups."*".requireMention); when set, it is a group allowlist (include "*" to allow all). Also channels.telegram.allowFrom or channels.telegram.webhookUrl + channels.telegram.webhookSecret as needed.

{
  channels: {
    telegram: {
      botToken: "123456:ABCDEF",
    },
  },
}

• Set SLACK_BOT_TOKEN + SLACK_APP_TOKEN (or channels.slack.botToken + channels.slack.appToken).

• Set DISCORD_BOT_TOKEN or channels.discord.token (env wins).
• Optional: set commands.native, commands.text, or commands.useAccessGroups, plus channels.discord.allowFrom, channels.discord.guilds, or channels.discord.mediaMaxMb as needed.

{
  channels: {
    discord: {
      token: "1234abcd",
    },
  },
}

• Requires signal-cli and a channels.signal config section.

• Recommended iMessage integration.
• Configure channels.bluebubbles.serverUrl + channels.bluebubbles.password and a webhook (channels.bluebubbles.webhookPath).
• The BlueBubbles server runs on macOS; the Gateway can run on macOS or elsewhere.

• Legacy macOS-only integration via imsg (Messages must be signed in).
• If channels.imessage.groups is set, it becomes a group allowlist; include "*" to allow all.

• Configure a Teams app + Bot Framework, then add a msteams config section.
• Allowlist who can talk via msteams.allowFrom; group access via msteams.groupAllowFrom or msteams.groupPolicy: "open".

• Uses the Gateway WebSocket; no separate WebChat port/config.

Browser control (optional):

{
  browser: {
    enabled: true,
    color: "#FF4500",
  },
}

Use these when you’re past the onboarding flow and want the deeper reference.

• Start with the docs index for navigation and “what’s where.”
• Read the architecture overview for the gateway + protocol model.
• Use the full configuration reference when you need every key and example.
• Run the Gateway by the book with the operational runbook.
• Learn how the Control UI/Web surfaces work and how to expose them safely.
• Understand remote access over SSH tunnels or tailnets.
• Follow the onboarding wizard flow for a guided setup.
• Wire external triggers via the webhook surface.
• Set up Gmail Pub/Sub triggers.
• Learn the macOS menu bar companion details.
• Platform guides: Windows (WSL2), Linux, macOS, iOS, Android
• Debug common failures with the troubleshooting guide.
• Review security guidance before exposing anything.

• Discovery + transports
• Bonjour/mDNS
• Gateway pairing
• Remote gateway README
• Control UI
• Dashboard

• Health checks
• Gateway lock
• Background process
• Browser troubleshooting (Linux)
• Logging

• Agent loop
• Presence
• TypeBox schemas
• RPC adapters
• Queue

• Skills config
• Default AGENTS
• Templates: AGENTS
• Templates: BOOTSTRAP
• Templates: IDENTITY
• Templates: SOUL
• Templates: TOOLS
• Templates: USER

• macOS dev setup
• macOS menu bar
• macOS voice wake
• iOS node
• Android node
• Windows (WSL2)
• Linux app

• docs.openclaw.ai/gmail-pubsub

OpenClaw was built for Molty, a space lobster AI assistant. 🦞 by Peter Steinberger and the community.

• openclaw.ai
• soul.md
• steipete.me
• @openclaw

See CONTRIBUTING.md for guidelines, maintainers, and how to submit PRs. AI/vibe-coded PRs welcome! 🤖

Special thanks to Mario Zechner for his support and for pi-mono. Special thanks to Adam Doppelt for lobster.bot.

Thanks to all clawtributors: