🦞 CLAWDBOT — Personal AI Assistant

EXFOLIATE! EXFOLIATE!

Clawdbot is a personal AI assistant you run on your own devices. It answers you on the providers you already use (WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat), can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.

If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.

Website · Docs · Getting Started: https://docs.clawd.bot/getting-started · Updating: https://docs.clawd.bot/updating · Showcase: https://docs.clawd.bot/showcase · FAQ: https://docs.clawd.bot/faq · Wizard: https://docs.clawd.bot/wizard · Nix: https://github.com/clawdbot/nix-clawdbot · Docker: https://docs.clawd.bot/docker · Discord: https://discord.gg/clawd

Preferred setup: run the onboarding wizard (clawdbot onboard). It walks through gateway, workspace, providers, and skills. The CLI wizard is the recommended path and works on macOS, Windows, and Linux. Works with npm, pnpm, or bun. New install? Start here: https://docs.clawd.bot/getting-started

Subscriptions (OAuth):

• Anthropic (Claude Pro/Max)
• OpenAI (ChatGPT/Codex)

Model note: while any model is supported, I strongly recommend Anthropic Pro/Max (100/200) + Opus 4.5 for long‑context strength and better prompt‑injection resistance. See Onboarding.

Models (selection + auth)

• Models config + CLI: https://docs.clawd.bot/models
• Auth profile rotation (OAuth vs API keys) + fallbacks: https://docs.clawd.bot/model-failover

Recommended setup (from source)

Do not download prebuilt binaries. Run from source.

Prefer pnpm for builds from source. Bun is optional for running TypeScript directly.

# Clone this repo
git clone https://github.com/clawdbot/clawdbot.git
cd clawdbot

pnpm install
pnpm ui:install
pnpm ui:build
pnpm build
pnpm clawdbot onboard

Note: pnpm clawdbot ... runs TypeScript directly (via tsx). pnpm build produces dist/ for running via Node / the packaged clawdbot binary.

Quick start (TL;DR)

Runtime: Node ≥22.

Full beginner guide (auth, pairing, providers): https://docs.clawd.bot/getting-started

pnpm clawdbot onboard

pnpm clawdbot gateway --port 18789 --verbose

# Dev loop (auto-reload on TS changes)
pnpm gateway:watch

# Send a message
pnpm clawdbot send --to +1234567890 --message "Hello from Clawdbot"

# Talk to the assistant (optionally deliver back to WhatsApp/Telegram/Slack/Discord)
pnpm clawdbot agent --message "Ship checklist" --thinking high

Upgrading? https://docs.clawd.bot/updating (and run clawdbot doctor).

If you run from source, prefer pnpm clawdbot … (not global clawdbot).

Security defaults (DM access)

Clawdbot connects to real messaging surfaces. Treat inbound DMs as untrusted input.

Full security guide: https://docs.clawd.bot/security

Default behavior on Telegram/WhatsApp/Signal/iMessage/Discord/Slack:

• DM pairing (dmPolicy="pairing" / discord.dm.policy="pairing" / slack.dm.policy="pairing"): unknown senders receive a short pairing code and the bot does not process their message.
• Approve with: clawdbot pairing approve --provider <provider> <code> (then the sender is added to a local allowlist store).
• Public inbound DMs require an explicit opt-in: set dmPolicy="open" and include "*" in the provider allowlist (allowFrom / discord.dm.allowFrom / slack.dm.allowFrom).

Run clawdbot doctor to surface risky/misconfigured DM policies.

Highlights

• Local-first Gateway — single control plane for sessions, providers, tools, and events.
• Multi-provider inbox — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, WebChat, macOS, iOS/Android.
• Multi-agent routing — route inbound providers/accounts/peers to isolated agents (workspaces + per-agent sessions).
• Voice Wake + Talk Mode — always-on speech for macOS/iOS/Android with ElevenLabs.
• Live Canvas — agent-driven visual workspace with A2UI.
• First-class tools — browser, canvas, nodes, cron, sessions, and Discord/Slack actions.
• Companion apps — macOS menu bar app + iOS/Android nodes.
• Onboarding + skills — wizard-driven setup with bundled/managed/workspace skills.

Everything we built so far

Core platform

• Gateway WS control plane with sessions, presence, config, cron, webhooks, Control UI, and Canvas host.
• CLI surface: gateway, agent, send, wizard, and doctor.
• Pi agent runtime in RPC mode with tool streaming and block streaming.
• Session model: main for direct chats, group isolation, activation modes, queue modes, reply-back. Group rules: Groups.
• Media pipeline: images/audio/video, transcription hooks, size caps, temp file lifecycle. Audio details: Audio.

Providers

• Providers: WhatsApp (Baileys), Telegram (grammY), Slack (Bolt), Discord (discord.js), Signal (signal-cli), iMessage (imsg), WebChat.
• Group routing: mention gating, reply tags, per-provider chunking and routing. Provider rules: Providers.

Apps + nodes

• macOS app: menu bar control plane, Voice Wake/PTT, Talk Mode overlay, WebChat, debug tools, remote gateway control.
• iOS node: Canvas, Voice Wake, Talk Mode, camera, screen recording, Bonjour pairing.
• Android node: Canvas, Talk Mode, camera, screen recording, optional SMS.
• macOS node mode: system.run/notify + canvas/camera exposure.

Tools + automation

• Browser control: dedicated clawd Chrome/Chromium, snapshots, actions, uploads, profiles.
• Canvas: A2UI push/reset, eval, snapshot.
• Nodes: camera snap/clip, screen record, location.get, notifications.
• Cron + wakeups; webhooks; Gmail Pub/Sub.
• Skills platform: bundled, managed, and workspace skills with install gating + UI.

Ops + packaging

• Control UI + WebChat served directly from the Gateway.
• Tailscale Serve/Funnel or SSH tunnels with token/password auth.
• Nix mode for declarative config; Docker-based installs.
• Doctor migrations, logging.

How it works (short)

WhatsApp / Telegram / Slack / Discord / Signal / iMessage / WebChat
               │
               ▼
┌───────────────────────────────┐
│            Gateway            │  ws://127.0.0.1:18789
│       (control plane)         │  bridge: tcp://0.0.0.0:18790
└──────────────┬────────────────┘
               │
               ├─ Pi agent (RPC)
               ├─ CLI (clawdbot …)
               ├─ WebChat UI
               ├─ macOS app
               └─ iOS/Android nodes

Key subsystems

• Gateway WebSocket network — single WS control plane for clients, tools, and events (plus ops: Gateway runbook).
• Tailscale exposure — Serve/Funnel for the Gateway dashboard + WS (remote access: Remote).
• Browser control — clawd‑managed Chrome/Chromium with CDP control.
• Canvas + A2UI — agent‑driven visual workspace (A2UI host: Canvas/A2UI).
• Voice Wake + Talk Mode — always‑on speech and continuous conversation.
• Nodes — Canvas, camera snap/clip, screen record, location.get, notifications, plus macOS‑only system.run/system.notify.

Tailscale access (Gateway dashboard)

Clawdbot can auto-configure Tailscale Serve (tailnet-only) or Funnel (public) while the Gateway stays bound to loopback. Configure gateway.tailscale.mode:

• off: no Tailscale automation (default).
• serve: tailnet-only HTTPS via tailscale serve (uses Tailscale identity headers by default).
• funnel: public HTTPS via tailscale funnel (requires shared password auth).

Notes:

• gateway.bind must stay loopback when Serve/Funnel is enabled (Clawdbot enforces this).
• Serve can be forced to require a password by setting gateway.auth.mode: "password" or gateway.auth.allowTailscale: false.
• Funnel refuses to start unless gateway.auth.mode: "password" is set.
• Optional: gateway.tailscale.resetOnExit to undo Serve/Funnel on shutdown.

Details: Tailscale guide · Web surfaces

Remote Gateway (Linux is great)

It’s perfectly fine to run the Gateway on a small Linux instance. Clients (macOS app, CLI, WebChat) can connect over Tailscale Serve/Funnel or SSH tunnels, and you can still pair device nodes (macOS/iOS/Android) to execute device‑local actions when needed.

• Gateway host runs the bash tool and provider connections by default.
• Device nodes run device‑local actions (system.run, camera, screen recording, notifications) via node.invoke. In short: bash runs where the Gateway lives; device actions run where the device lives.

Details: Remote access · Nodes · Security

macOS permissions via the Gateway protocol

The macOS app can run in node mode and advertises its capabilities + permission map over the Gateway WebSocket (node.list / node.describe). Clients can then execute local actions via node.invoke:

• system.run runs a local command and returns stdout/stderr/exit code; set needsScreenRecording: true to require screen-recording permission (otherwise you’ll get PERMISSION_MISSING).
• system.notify posts a user notification and fails if notifications are denied.
• canvas.*, camera.*, screen.record, and location.get are also routed via node.invoke and follow TCC permission status.

Elevated bash (host permissions) is separate from macOS TCC:

• Use /elevated on|off to toggle per‑session elevated access when enabled + allowlisted.
• Gateway persists the per‑session toggle via sessions.patch (WS method) alongside thinkingLevel, verboseLevel, model, sendPolicy, and groupActivation.

Details: Nodes · macOS app · Gateway protocol

Agent to Agent (sessions_* tools)

• Use these to coordinate work across sessions without jumping between chat surfaces.
• sessions_list — discover active sessions (agents) and their metadata.
• sessions_history — fetch transcript logs for a session.
• sessions_send — message another session; optional reply‑back ping‑pong + announce step (REPLY_SKIP, ANNOUNCE_SKIP).

Details: Session tools

Skills registry (ClawdHub)

ClawdHub is a minimal skill registry. With ClawdHub enabled, the agent can search for skills automatically and pull in new ones as needed.

https://ClawdHub.com

Chat commands

Send these in WhatsApp/Telegram/Slack/WebChat (group commands are owner-only):

• /status — health + session info (group shows activation mode)
• /new or /reset — reset the session
• /compact — compact session context (summary)
• /think <level> — off|minimal|low|medium|high
• /verbose on|off
• /restart — restart the gateway (owner-only in groups)
• /activation mention|always — group activation toggle (groups only)

macOS app (optional)

The Gateway alone delivers a great experience. All apps are optional and add extra features.

If you plan to build/run companion apps, initialize submodules first:

git submodule update --init --recursive
./scripts/restart-mac.sh

macOS (Clawdbot.app) (optional)

• Menu bar control for the Gateway and health.
• Voice Wake + push-to-talk overlay.
• WebChat + debug tools.
• Remote gateway control over SSH.

Note: signed builds required for macOS permissions to stick across rebuilds (see docs/mac/permissions.md).

iOS node (optional)

• Pairs as a node via the Bridge.
• Voice trigger forwarding + Canvas surface.
• Controlled via clawdbot nodes ….

Runbook: iOS connect.

Android node (optional)

• Pairs via the same Bridge + pairing flow as iOS.
• Exposes Canvas, Camera, and Screen capture commands.
• Runbook: Android connect.

Agent workspace + skills

• Workspace root: ~/clawd (configurable via agent.workspace).
• Injected prompt files: AGENTS.md, SOUL.md, TOOLS.md.
• Skills: ~/clawd/skills/<skill>/SKILL.md.

Configuration

Minimal ~/.clawdbot/clawdbot.json (model + defaults):

{
  agent: {
    model: "anthropic/claude-opus-4-5"
  }
}

Full configuration reference (all keys + examples).

Security model (important)

• Default: tools run on the host for the main session, so the agent has full access when it’s just you.
• Group/channel safety: set agent.sandbox.mode: "non-main" to run non‑main sessions (groups/channels) inside per‑session Docker sandboxes; bash then runs in Docker for those sessions.
• Sandbox defaults: allowlist bash, process, read, write, edit, sessions_list, sessions_history, sessions_send, sessions_spawn; denylist browser, canvas, nodes, cron, discord, gateway.

Details: Security guide · Docker + sandboxing · Sandbox config

WhatsApp

• Link the device: pnpm clawdbot login (stores creds in ~/.clawdbot/credentials).
• Allowlist who can talk to the assistant via whatsapp.allowFrom.
• If whatsapp.groups is set, it becomes a group allowlist; include "*" to allow all.

Telegram

• Set TELEGRAM_BOT_TOKEN or telegram.botToken (env wins).
• Optional: set telegram.groups (with telegram.groups."*".requireMention); when set, it is a group allowlist (include "*" to allow all). Also telegram.allowFrom or telegram.webhookUrl as needed.

{
  telegram: {
    botToken: "123456:ABCDEF"
  }
}

Slack

• Set SLACK_BOT_TOKEN + SLACK_APP_TOKEN (or slack.botToken + slack.appToken).

Discord

• Set DISCORD_BOT_TOKEN or discord.token (env wins).
• Optional: set commands.native, commands.text, or commands.useAccessGroups, plus discord.dm.allowFrom, discord.guilds, or discord.mediaMaxMb as needed.

{
  discord: {
    token: "1234abcd"
  }
}

Signal

• Requires signal-cli and a signal config section.

iMessage

• macOS only; Messages must be signed in.
• If imessage.groups is set, it becomes a group allowlist; include "*" to allow all.

WebChat

• Uses the Gateway WebSocket; no separate WebChat port/config.

Browser control (optional):

{
  browser: {
    enabled: true,
    controlUrl: "http://127.0.0.1:18791",
    color: "#FF4500"
  }
}

Docs

Use these when you’re past the onboarding flow and want the deeper reference.

• Start with the docs index for navigation and “what’s where.”
• Read the architecture overview for the gateway + protocol model.
• Use the full configuration reference when you need every key and example.
• Run the Gateway by the book with the operational runbook.
• Learn how the Control UI/Web surfaces work and how to expose them safely.
• Understand remote access over SSH tunnels or tailnets.
• Follow the onboarding wizard flow for a guided setup.
• Wire external triggers via the webhook surface.
• Set up Gmail Pub/Sub triggers.
• Learn the macOS menu bar companion details.
• Platform guides: Windows, Linux, macOS, iOS, Android
• Debug common failures with the troubleshooting guide.
• Review security guidance before exposing anything.

Advanced docs (discovery + control)

• Discovery + transports
• Bonjour/mDNS
• Gateway pairing
• Remote gateway README
• Control UI
• Dashboard

Operations & troubleshooting

• Health checks
• Gateway lock
• Background process
• Browser troubleshooting (Linux)
• Logging

Deep dives

• Agent loop
• Presence
• TypeBox schemas
• RPC adapters
• Queue

Workspace & skills

• Skills config
• Default AGENTS
• Templates: AGENTS
• Templates: BOOTSTRAP
• Templates: IDENTITY
• Templates: SOUL
• Templates: TOOLS
• Templates: USER

Platform internals

• macOS dev setup
• macOS menu bar
• macOS voice wake
• iOS node
• Android node
• Windows app
• Linux app

Email hooks (Gmail)

Gmail Pub/Sub wiring (gcloud + gogcli), hook tokens, and auto-watch behavior are documented here.

Gateway auto-starts the watcher when hooks.enabled=true and hooks.gmail.account is set; clawdbot hooks gmail run is the manual daemon wrapper if you don’t want auto-start.

clawdbot hooks gmail setup --account you@gmail.com
clawdbot hooks gmail run

Clawd

Clawdbot was built for Clawd, a space lobster AI assistant. 🦞
by Peter Steinberger and the community.

• https://clawd.me
• https://soul.md
• https://steipete.me

Community

See CONTRIBUTING.md for guidelines, maintainers, and how to submit PRs.
AI/vibe-coded PRs welcome! 🤖

Thanks to all clawtributors: