Skip to content
openclawOS

Architecture

How openclawOS actually works.

The OS metaphor isn't marketing. The Gateway behaves like a microkernel: it routes messages, isolates processes, and persists state. Channels, agents, and skills are composable layers above it.

Architecture

The Gateway is the kernel. Channels are processes.

openclawOS borrows the OS metaphor: one daemon coordinates routing, sessions and memory; channels and agents are isolated apps you compose. Crash one, the rest keep humming.

Channels

WhatsApp app
Telegram app
Discord app
Slack app
iMessage app
Signal app
Gateway (kernel)

Routes messages, tracks sender identity, isolates sessions per user/group, persists context.

  • Sessions & memory
  • Bindings & routing
  • Auth & secrets
  • Hooks & cron
  • Vector store (sqlite-vec)
core

Agents & providers

Pi (default)
Custom agent
Claude (Anthropic)
GPT (OpenAI)
Gemini (Google)
Any OpenAI-compatible
← inbound channels routing & sessions LLM providers →
Deep dive into the architecture →

The Gateway (the kernel)

A single long-running daemon. It owns the SQLite database (plus sqlite-vec for embeddings), the credential vault, and the WebSocket fan-out for any connected Control UI or mobile node. It does not talk to LLMs directly — it dispatches to agents.

Channels (the apps)

Each channel — WhatsApp, Discord, Signal, iMessage — is a separate Node.js process supervised by the Gateway. They speak a small protocol over an internal WebSocket. A crashing Discord adapter cannot take down your WhatsApp pairing. This is process isolation in the proper OS sense.

Bindings (the routing)

A binding answers the question "when a message comes in here, which agent gets it?". Bindings can scope to a user, a group, a sender domain, or even a regex match on the body. You can have a finance Pi answering DMs in Slack and a coding Pi answering @-mentions in a specific Discord channel — same Gateway, different bindings.

Sessions and memory

A session is one continuous conversation with one agent. Sessions belong to a sender identity, not a channel — so when you switch from WhatsApp to iMessage, Pi remembers what you were doing. Sessions support branching ("explore this idea") and compaction (LLM-driven summarisation when context gets long).

Long-term memory is a vector store backed by sqlite-vec. Pi can write to it during a session ("remember that I prefer Postgres over MySQL") and recall semantically later.

Agents and skills

Pi is the default agent. It speaks to whichever LLM you've configured and runs skills — in-process tools like file system, shell, browser, calendar, code editor, canvas UI. You can plug your own agent in by implementing a tiny interface; the Gateway treats it the same.

Nodes (mobile companions)

iOS and Android apps pair to the Gateway over the local network or relay. They render Pi's responses with full Canvas UI support, attach photos, and let you talk to your agent without opening a third-party messenger. Think of them as a remote terminal for the Gateway.

Security model

Credentials live in an encrypted SQLite blob; the encryption key lives in the OS keychain (Keychain on macOS, Secret Service on Linux). Outbound LLM traffic is the only data egress, and it goes to whichever provider you picked. There is no openclawOS telemetry. The Discord channel is your support; nothing phones home.

Wire it up.

The install walks you through every layer above.

Get installing Read the docs