let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
Files
e8dbb350aed89c4661c266d0f6af2fdded528e4b
clawdbot/docs/web/index.md
Peter Steinberger c46bab35df fix: drop explicit ui:install step
2026-01-09 07:02:42 +00:00

2.4 KiB
Raw Blame History

summary, read_when
summary read_when
Gateway web surfaces: Control UI, bind modes, and security
You want to access the Gateway over Tailscale
You want the browser Control UI and config editing

Web (Gateway)

The Gateway serves a small browser Control UI (Vite + Lit) from the same port as the Gateway WebSocket:

  • default: http://<host>:18789/
  • optional prefix: set gateway.controlUi.basePath (e.g. /clawdbot)

Capabilities live in docs/control-ui.md. This page focuses on bind modes, security, and web-facing surfaces.

Webhooks

When hooks.enabled=true, the Gateway also exposes a small webhook endpoint on the same HTTP server. See docs/configuration.mdhooks for auth + payloads.

Config (default-on)

The Control UI is enabled by default when assets are present (dist/control-ui). You can control it via config:

{
  gateway: {
    controlUi: { enabled: true, basePath: "/clawdbot" } // basePath optional
  }
}

Tailscale access

Integrated Serve (recommended)

Keep the Gateway on loopback and let Tailscale Serve proxy it:

{
  gateway: {
    bind: "loopback",
    tailscale: { mode: "serve" }
  }
}

Then start the gateway:

clawdbot gateway

Open:

  • https://<magicdns>/ (or your configured gateway.controlUi.basePath)

Tailnet bind + token (legacy)

{
  gateway: {
    bind: "tailnet",
    controlUi: { enabled: true }
  }
}

Then start the gateway (token required for non-loopback binds):

export CLAWDBOT_GATEWAY_TOKEN="…your token…"
clawdbot gateway

Open:

  • http://<tailscale-ip>:18789/ (or your configured gateway.controlUi.basePath)

Public internet (Funnel)

{
  gateway: {
    bind: "loopback",
    tailscale: { mode: "funnel" },
    auth: { mode: "password" } // or CLAWDBOT_GATEWAY_PASSWORD
  }
}

Security notes

  • Binding the Gateway to a non-loopback address requires auth (CLAWDBOT_GATEWAY_TOKEN or gateway.auth).
  • The UI sends connect.params.auth.token or connect.params.auth.password.
  • Use gateway.auth.allowTailscale: false to require explicit credentials even in Serve mode.
  • gateway.tailscale.mode: "funnel" requires gateway.auth.mode: "password" (shared password).

Building the UI

The Gateway serves static files from dist/control-ui. Build them with:

pnpm ui:build # auto-installs UI deps on first run
Reference in New Issue View Git Blame Copy Permalink