let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ea25b03546a0aff565a6a071e959a80a940eeac
clawdbot/docs/web.md
Peter Steinberger c27dd75135 build(control-ui): prefer bun for UI build
2026-01-06 09:08:25 +01:00

2.8 KiB
Raw Blame History

summary, read_when
summary read_when
Gateway web surfaces: Control UI, bind modes, and security
You want to access the Gateway over Tailscale
You want the browser Control UI and config editing

Web (Gateway)

The Gateway serves a small browser Control UI (Vite + Lit) from the same port as the Gateway WebSocket:

  • default: http://<host>:18789/
  • optional prefix: set gateway.controlUi.basePath (e.g. /clawdbot)

The UI talks directly to the Gateway WS and supports:

  • Chat (chat.history, chat.send, chat.abort)
  • Chat tool cards (agent tool events)
  • Connections (provider status, WhatsApp QR, Telegram config)
  • Instances (system-presence)
  • Sessions (sessions.list, sessions.patch)
  • Cron (cron.*)
  • Skills (skills.status, skills.update, skills.install)
  • Nodes (node.list, node.describe, node.invoke)
  • Config (config.get, config.set) for ~/.clawdbot/clawdbot.json
  • Debug (status/health/models snapshots + manual calls)

Webhooks

When hooks.enabled=true, the Gateway also exposes a small webhook surface on the same HTTP server. See docs/configuration.mdhooks for auth + payloads.

Config (default-on)

The Control UI is enabled by default when assets are present (dist/control-ui). You can control it via config:

{
  gateway: {
    controlUi: { enabled: true, basePath: "/clawdbot" } // basePath optional
  }
}

Tailscale access

Integrated Serve (recommended)

Keep the Gateway on loopback and let Tailscale Serve proxy it:

{
  gateway: {
    bind: "loopback",
    tailscale: { mode: "serve" }
  }
}

Then start the gateway:

clawdbot gateway

Open:

  • https://<magicdns>/ (or your configured gateway.controlUi.basePath)

Tailnet bind + token (legacy)

{
  gateway: {
    bind: "tailnet",
    controlUi: { enabled: true }
  }
}

Then start the gateway (token required for non-loopback binds):

export CLAWDBOT_GATEWAY_TOKEN="…your token…"
clawdbot gateway

Open:

  • http://<tailscale-ip>:18789/ (or your configured gateway.controlUi.basePath)

Public internet (Funnel)

{
  gateway: {
    bind: "loopback",
    tailscale: { mode: "funnel" },
    auth: { mode: "password" } // or CLAWDBOT_GATEWAY_PASSWORD
  }
}

Security notes

  • Binding the Gateway to a non-loopback address requires auth (CLAWDBOT_GATEWAY_TOKEN or gateway.auth).
  • The UI sends connect.params.auth.token or connect.params.auth.password.
  • Use gateway.auth.allowTailscale: false to require explicit credentials even in Serve mode.
  • gateway.tailscale.mode: "funnel" requires gateway.auth.mode: "password" (shared password).

Building the UI

The Gateway serves static files from dist/control-ui. Build them with:

bun run ui:install
bun run ui:build
Reference in New Issue View Git Blame Copy Permalink