This page introduces OpenClaw, a self-hosted multi-channel AI gateway that connects AI agents to messaging platforms (WhatsApp, Telegram, Discord, Slack, Signal, etc.) through a centralized control plane. It explains the system's core architecture, key components, and how they interact.
For detailed terminology definitions, see Key Concepts. For installation and first-run instructions, see Quick Start. For in-depth architecture diagrams, see Architecture Diagrams.
OpenClaw is a personal AI assistant framework that runs on your own infrastructure. It provides:
ws://127.0.0.1:18789) coordinates all channels, agents, and toolsThe system is built around a hub-and-spoke architecture: the Gateway acts as the central control plane, with channels, clients, and agents connecting via WebSocket RPC.
Sources: README.md1-498 package.json1-217
Key Code Entities:
Sources: src/index.ts1-94 src/config/zod-schema.ts1-470 README.md180-197
The Gateway is the central WebSocket server (port 18789 by default) that coordinates all system components. It exposes an RPC protocol defined in src/gateway/protocol.ts for:
config.get, config.set, config.apply, config.patchagent.send, agent.executesessions.list, sessions.history, sessions.sendchannels.status, channels.logingateway.health, gateway.statusThe Gateway runs as a background service via platform-specific supervisors:
launchd (LaunchAgent)systemd (user service)Configuration: Gateway behavior is controlled by gateway.* config keys:
| Field | Purpose | Default |
|---|---|---|
gateway.port | WebSocket listen port | 18789 |
gateway.bind | Network binding mode | "loopback" |
gateway.auth.mode | Authentication type | "token" |
gateway.reload.mode | Config hot-reload behavior | "hybrid" |
gateway.controlUi.enabled | Serve web dashboard | true |
Sources: src/config/types.gateway.ts docs/gateway/configuration.md1-480
OpenClaw uses a strict, hot-reloadable configuration system:
~/.openclaw/openclaw.json (JSON5 format supporting comments and trailing commas)Reload Modes (gateway.reload.mode):
| Mode | Behavior |
|---|---|
hybrid (default) | Hot-apply safe changes; auto-restart for infrastructure changes |
hot | Hot-apply only; log warnings for restart-needed changes |
restart | Restart Gateway on any config change |
off | No file watching; manual restart required |
Hot-Apply vs Restart:
channels.*, agents.*, tools.*, cron.*, hooks.*, session.*, messages.*gateway.port, gateway.bind, gateway.auth, gateway.tailscale, gateway.tlsInclude System: Configs support $include directives to split large configs:
Sources: src/config/config.ts1-15 src/config/zod-schema.ts95-470 docs/gateway/configuration.md327-366
The Agent Runtime executes AI agent turns via runEmbeddedPiAgent in src/agents/agent-pi.ts It orchestrates:
IDENTITY.md, SKILLS.md, MEMORY.md)memory_search toolTool Policy Resolution Chain:
Global tools.allow/deny
→ tools.byProvider[provider]
→ agents.list[agentId].tools
→ session-specific overrides (groups)
→ sandbox.tools (if sandboxed)
Deny always wins. Tool groups like group:fs, group:runtime expand to multiple tools.
Sources: src/agents/agent-pi.ts src/agents/system-prompt.ts src/tools/index.ts docs/tools/index.md1-227
OpenClaw provides semantic memory search over workspace Markdown files and session transcripts via a hybrid vector + BM25 index.
Architecture:
MemoryIndexManager in src/memory/manager.ts111-1128sqlite-vec extension (vector tables) + FTS5 (keyword search)node-llama-cppConfiguration Example:
Memory Sources:
memory: MEMORY.md + memory/*.md in workspacesessions: Session transcripts from ~/.openclaw/agents/<agentId>/sessions/*.jsonlTools:
memory_search(query): Semantic search with hybrid rankingmemory_get(path): Read specific memory file by pathAlternative Backend: QMD (memory.backend = "qmd") uses external qmd CLI for BM25 + vector + reranking.
Sources: src/memory/manager.ts1-1128 src/agents/memory-search.ts1-250 docs/concepts/memory.md1-250
Channels connect the Gateway to messaging platforms. OpenClaw includes built-in channels and supports extension channels via plugins.
Built-in Channels:
Extension Channels (npm plugins):
@openclaw/matrix), Zalo (@openclaw/zalo), Zalo Personal (@openclaw/zalouser), MS Teams (@openclaw/msteams)Channel Lifecycle:
Access Control (dmPolicy):
pairing (default): Require one-time approval codeallowlist: Only users in allowFrom arrayopen: Allow all DMs (requires allowFrom: ["*"])disabled: Ignore all DMsSources: src/channels/ docs/channels/ README.md336-399
Tools expose capabilities to agents. The system includes:
Core Tools (always available unless denied):
read, write, edit, apply_patchexec, bash, processsessions_list, sessions_history, sessions_send, sessions_spawn, session_statusmemory_search, memory_getweb_search, web_fetchbrowser, canvascron, gatewaymessagenodes (device control)image (understanding)Tool Profiles (base allowlists):
minimal: session_status onlycoding: File I/O + execution + sessions + memorymessaging: Messaging tools + session toolsfull: No restrictionsTool Groups (shorthands):
group:runtime: exec, bash, processgroup:fs: read, write, edit, apply_patchgroup:sessions: All session toolsgroup:memory: memory_search, memory_getgroup:web: web_search, web_fetchgroup:ui: browser, canvasPolicy Example:
Sources: src/tools/ src/config/types.tools.ts1-350 docs/tools/index.md1-227
The Sandbox System isolates agent tool execution in Docker containers to reduce security risk.
Configuration:
Modes:
off: No sandboxing (all tools on host)non-main: Sandbox non-DM sessions (groups, channels)all: Sandbox all sessionsScopes:
session: One container per session (isolated)agent: One container per agent (shared across sessions)shared: One container shared by all agentsWorkspace Access:
none: No workspace mountro: Read-only workspacerw: Read-write workspaceImage: Default is openclaw-sandbox:latest. Build with scripts/sandbox-setup.sh.
Sources: src/agents/sandbox/ docs/gateway/sandboxing.md1-120
OpenClaw supports extensions via npm packages that declare channel or capability plugins.
Plugin Metadata (package.json):
Plugin Discovery:
node_modules/@openclaw/* and extensions/*/package.jsonOpenClawSchema via src/config/schema.ts209-248Channel Extensions:
Capability Extensions:
Plugin SDK: Exported via dist/plugin-sdk/ (openclaw/plugin-sdk in package exports).
Sources: extensions/ src/plugins/ src/config/schema.ts91-165
Key Functions:
Sources: src/gateway/router.ts src/channels/ src/agents/agent-pi.ts
openclaw/
├── src/
│ ├── gateway/ # Gateway server, RPC protocol, router
│ ├── config/ # Schema (zod-schema.ts), validation, I/O
│ ├── agents/ # Agent runtime, system prompt, sandbox
│ ├── channels/ # Built-in channels (telegram, discord, etc.)
│ ├── memory/ # Memory index manager, embeddings, hybrid search
│ ├── tools/ # Tool registry, built-in tools (exec, read, etc.)
│ ├── sessions/ # Session management, transcript store
│ ├── cli/ # CLI commands (program.ts, agent-cli.ts, etc.)
│ └── infra/ # Infrastructure (env, errors, ports, dotenv)
├── extensions/ # Extension plugins (matrix, zalo, msteams)
│ ├── matrix/
│ ├── zalo/
│ ├── zalouser/
│ ├── msteams/
│ └── voice-call/
├── docs/ # Documentation (configuration, channels, tools)
├── ui/ # Control UI (Lit web components)
├── apps/ # Native apps (macos, ios, android)
├── skills/ # Bundled skills (markdown files)
├── scripts/ # Build and maintenance scripts
└── openclaw.json # User configuration file (~/.openclaw/)
Configuration Paths:
~/.openclaw/openclaw.json~/.openclaw/ (or $OPENCLAW_STATE_DIR)~/.openclaw/workspace/ (or agents.defaults.workspace)~/.openclaw/agents/<agentId>/sessions/*.jsonl~/.openclaw/agents/<agentId>/memory.sqliteSources: src/ extensions/ README.md309-311
OpenClaw is a hub-and-spoke AI gateway where:
runEmbeddedPiAgent with tool supportAll system state lives in files: config in openclaw.json, sessions in *.jsonl transcripts, memory in Markdown + SQLite, and workspace context in IDENTITY.md, SKILLS.md, etc.
Sources: README.md1-498 package.json1-217 src/config/zod-schema.ts95-470
Refresh this wiki
This wiki was recently refreshed. Please wait 2 days to refresh again.