Per-user persistent session. Survives across DMs from any channel. Memory + history keyed to the user identity, not the channel.
// LLM knowledge base for the OpenClaw personal AI assistant — gateway · channels · agents · skills · nodes · security
#id, a type badge, a one-paragraph description, and chips linking to what it depends on and what depends on it. Load this page as context when an LLM needs to reason about an OpenClaw install rather than scanning the full education guide. Anchor document: openclaw-education.
┌──────────── 20+ CHANNELS ────────────┐
│ Telegram · Slack · Discord · WhatsApp │
│ Signal · Matrix · SMS · TUI · web · …│
└──────────────────┬───────────────────┘
▼
┌────────────────────────────────────────┐
│ GATEWAY · ws://127.0.0.1:18789 │
│ openclaw.json · hot-reload config │
│ sessions · channel adapters · tools │
└──────────────────┬─────────────────────┘
▼
┌────────────────────────────────────────┐
│ Pi AGENT (RPC mode) │
│ AGENTS.md SOUL.md 6-step loop │
│ main ↔ group sessions · thinking │
└──────────────────┬─────────────────────┘
▼
┌────────────────────────────────────────┐
│ SKILLS + NODES │
│ SKILL.md · ClawHub │
│ macOS / iOS / Android · node.invoke │
└────────────────────────────────────────┘
6-layer security · Tailscale · mTLS · token · scope · audit · rate
Single WebSocket control plane at ws://127.0.0.1:18789. Hosts sessions, routes channel events, dispatches tools, streams output, and hot-reloads config from openclaw.json. Everything else in OpenClaw talks to the Gateway — not to each other.
The reasoning loop. Runs in RPC mode against the Gateway. Six-step loop: receive → load context → decide → call tools → stream → persist. Personality rules live in SOUL.md; task-level rules in AGENTS.md.
Browser-side cockpit that speaks to the Gateway over WS. Shows sessions, lets you wire channels, inspect logs, and swap Pi agents. Ships in a few flavours — desktop wrapper (ClawBox), built-in web UI, CLI TUI.
Tauri v2 desktop client that wraps the Control UI + bundles an optional portable OpenClaw runtime. Onboarding wizard for first-launch setup. Separate repo: Organized-AI/ClawBox.
Every channel adapter normalises its platform's events into OpenClaw's internal message shape. The Pi agent never knows which channel sent a message — that's the whole point of the design.
Bot API adapter. Supports DMs + groups. Pairing policy decides whether group messages hit the agent.
Socket-mode adapter. Posts as a bot user; opens a WebSocket to Slack per workspace.
Bot-gateway adapter. Handles servers + DMs; channel-level routing respects pairing policy.
Business API bridge. Message-level pairing; typically DM-only in practice.
Provider-abstract SMS bridge (Twilio-class). Lowest-common-denominator channel — handy as a fallback.
Terminal UI channel — talk to the Pi agent directly from a shell. Useful for debugging the Gateway itself.
Built-in web surface; voice channels for STT/TTS-backed conversations.
Per-channel rule that decides which events reach the agent: pairing (explicit DM pairing required), open (all messages), group-mention, etc. Encoded in openclaw.json per channel.
Maps inbound events to sessions. Same user across two channels gets the same session (keyed by identity mapping). Group conversations map to a group session distinct from the user's main session.
Task-level rules the Pi agent must follow. Mirrors the convention the broader agent community uses. Shipped alongside the Pi agent definition.
Personality / style / constraints. Human-editable. The "who" of the agent. ClawBox's SoulView edits this file directly.
receive → load context → decide → call tools → stream output → persist memory. The Gateway drives the loop; the Pi agent executes it per turn.
Agent-to-agent communication primitive. One session can hand work to another by calling sessions_send with the target session id + payload — enables delegation + sub-agent patterns.
/think slash-toggle that expands reasoning depth. Pairs with /compact (tighten context) and /new (fresh session). Per-turn rather than global.
Per-user persistent session. Survives across DMs from any channel. Memory + history keyed to the user identity, not the channel.
Per-room / per-channel / per-thread session distinct from main. Respects pairing policy — only engaged events enter the session.
Family of tools for session introspection + coordination. Used by sub-agents to read peer state, schedule work, and coordinate via the Gateway.
One markdown file per skill. Declares the skill's capability surface, its tool shape, and any prompt fragments. Loaded by the Pi agent on match.
The registry + matcher that decides which skills a given turn can see. Skills are lazy — only attached when relevant — to keep the context budget sane.
Community skill registry. Install skills from a hub + pin versions. Similar shape to a package manager for skills.
Skill-level permission check run before invocation. Guards side-effectful skills (filesystem, network, billing) behind explicit user scope.
A companion app that runs on a specific device and extends what the Gateway can do there — drive a macOS menu bar, read iOS voice, ring an Android notifier. Invoked via node.invoke.
Tool the Pi agent uses to call a node remotely. Routing is keyed on node identity; Tailscale keeps the connection authenticated.
Desktop companion — menu-bar presence, OS hooks (clipboard, notifications, Spotlight integration), local fs access.
iOS companion — voice wake, dictation, share-sheet extension. Supplies voice as a channel + audio as a capability.
Android companion — notifier, share-target, background trigger. Mirrors iOS node capabilities where the OS permits.
Device-identity overlay network. Every node + channel + Gateway runs on a Tailnet; nothing binds to a public port. Baseline for the rest of the security model.
Tailnet identity → mTLS between processes → scoped tokens → per-skill permission scope → audit log → rate limits. Layered so a single compromise doesn't unlock the whole system.
Documented attack scenarios + which layer blocks each one. Covered in the OpenClaw education guide's Security tab.
System-install path. Alternative: ClawBox's portable built-in runtime handles this automatically.
Start the Gateway. Dev flags: --dev --auth none --bind loopback --port 18789. Production: bound to Tailnet, token-auth, config-driven.
Diagnoses the install — runtime, config, channel auth, Tailnet reach. First-line debug tool.
In-chat slash commands. /compact tightens context; /new starts a fresh session; /think toggles thinking depth for the next turn.
Single source of truth for runtime config — which channels are up, which Pi agent backs each session, tool policy, skill registry, security scopes. Hot-reloaded by the Gateway.
Repo-level rules for any agent reading the codebase. Different from the Pi agent's per-agent AGENTS.md though the name matches intentionally.
Personality / style / constraints for the default Pi agent in a fresh install. Override per-agent by shipping a SOUL.md beside the agent definition.
The tabbed education guide this wiki distils. Phases: Overview → Gateway → Channels → Agents → Skills + Nodes → Security → Deployment → Glossary. Source of truth for phrasing.
ClawBox is the desktop client for the OpenClaw Gateway. The Clawbox wiki graphs the Tauri/React/Bun processes that talk to this Gateway.
Hermes Agent knowledge graph. Hermes is the Nous Research agent runtime; it shares conceptual shape with OpenClaw (gateway + skills + platforms) and is the runtime backing the Pi Harness deployment on claws-mac-mini.
The broader Organized Market project. OpenClaw is the personal-AI control plane; organized-market-arch describes the marketplace story that surrounds it.