OpenClaw reads an optional JSON5<\/strong> config from If the file is missing, OpenClaw uses safe defaults. Common reasons to add a config:<\/p>\n See the full reference<\/a> for every available field.<\/p>\n \n New to configuration?<\/strong> Start with “`json5 theme={“theme”:{“light”:”min-light”,”dark”:”min-dark”}} Most fields hot-apply without downtime. In ~\/.openclaw\/openclaw.json<\/code>.<\/p>\n\n
openclaw onboard<\/code> for interactive setup, or check out the Configuration Examples<\/a> guide for complete copy-paste configs.\n<\/p>\nMinimal config<\/h2>\n
\n\/\/ ~\/.openclaw\/openclaw.json
\n{
\n agents: { defaults: { workspace: “~\/.openclaw\/workspace” } },
\n channels: { whatsapp: { allowFrom: [“+15555550123”] } },
\n}<\/p>\n\n## Editing config\n\n<Tabs>\n <Tab title="Interactive wizard">\n ```bash theme={"theme":{"light":"min-light","dark":"min-dark"}}\n openclaw onboard # full onboarding flow\n openclaw configure # config wizard\n ```\n <\/Tab>\n\n <Tab title="CLI (one-liners)">\n ```bash theme={"theme":{"light":"min-light","dark":"min-dark"}}\n openclaw config get agents.defaults.workspace\n openclaw config set agents.defaults.heartbeat.every "2h"\n openclaw config unset plugins.entries.brave.config.webSearch.apiKey\n ```\n <\/Tab>\n\n <Tab title="Control UI">\n Open [http:\/\/127.0.0.1:18789](http:\/\/127.0.0.1:18789) and use the **Config** tab.\n The Control UI renders a form from the config schema, with a **Raw JSON** editor as an escape hatch.\n <\/Tab>\n\n <Tab title="Direct edit">\n Edit `~\/.openclaw\/openclaw.json` directly. The Gateway watches the file and applies changes automatically (see [hot reload](#config-hot-reload)).\n <\/Tab>\n<\/Tabs>\n\n## Strict validation\n\n<Warning>\n OpenClaw only accepts configurations that fully match the schema. Unknown keys, malformed types, or invalid values cause the Gateway to **refuse to start**. The only root-level exception is `$schema` (string), so editors can attach JSON Schema metadata.\n<\/Warning>\n\nWhen validation fails:\n\n* The Gateway does not boot\n* Only diagnostic commands work (`openclaw doctor`, `openclaw logs`, `openclaw health`, `openclaw status`)\n* Run `openclaw doctor` to see exact issues\n* Run `openclaw doctor --fix` (or `--yes`) to apply repairs\n\n## Common tasks\n\n<AccordionGroup>\n <Accordion title="Set up a channel (WhatsApp, Telegram, Discord, etc.)">\n Each channel has its own config section under `channels.<provider>`. See the dedicated channel page for setup steps:\n\n * [WhatsApp](\/channels\/whatsapp) \u2014 `channels.whatsapp`\n * [Telegram](\/channels\/telegram) \u2014 `channels.telegram`\n * [Discord](\/channels\/discord) \u2014 `channels.discord`\n * [Slack](\/channels\/slack) \u2014 `channels.slack`\n * [Signal](\/channels\/signal) \u2014 `channels.signal`\n * [iMessage](\/channels\/imessage) \u2014 `channels.imessage`\n * [Google Chat](\/channels\/googlechat) \u2014 `channels.googlechat`\n * [Mattermost](\/channels\/mattermost) \u2014 `channels.mattermost`\n * [Microsoft Teams](\/channels\/msteams) \u2014 `channels.msteams`\n\n All channels share the same DM policy pattern:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n channels: {\n telegram: {\n enabled: true,\n botToken: "123:abc",\n dmPolicy: "pairing", \/\/ pairing | allowlist | open | disabled\n allowFrom: ["tg:123"], \/\/ only for allowlist\/open\n },\n },\n }\n ```\n <\/Accordion>\n\n <Accordion title="Choose and configure models">\n Set the primary model and optional fallbacks:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n agents: {\n defaults: {\n model: {\n primary: "anthropic\/claude-sonnet-4-6",\n fallbacks: ["openai\/gpt-5.2"],\n },\n models: {\n "anthropic\/claude-sonnet-4-6": { alias: "Sonnet" },\n "openai\/gpt-5.2": { alias: "GPT" },\n },\n },\n },\n }\n ```\n\n * `agents.defaults.models` defines the model catalog and acts as the allowlist for `\/model`.\n * Model refs use `provider\/model` format (e.g. `anthropic\/claude-opus-4-6`).\n * `agents.defaults.imageMaxDimensionPx` controls transcript\/tool image downscaling (default `1200`); lower values usually reduce vision-token usage on screenshot-heavy runs.\n * See [Models CLI](\/concepts\/models) for switching models in chat and [Model Failover](\/concepts\/model-failover) for auth rotation and fallback behavior.\n * For custom\/self-hosted providers, see [Custom providers](\/gateway\/configuration-reference#custom-providers-and-base-urls) in the reference.\n <\/Accordion>\n\n <Accordion title="Control who can message the bot">\n DM access is controlled per channel via `dmPolicy`:\n\n * `"pairing"` (default): unknown senders get a one-time pairing code to approve\n * `"allowlist"`: only senders in `allowFrom` (or the paired allow store)\n * `"open"`: allow all inbound DMs (requires `allowFrom: ["*"]`)\n * `"disabled"`: ignore all DMs\n\n For groups, use `groupPolicy` + `groupAllowFrom` or channel-specific allowlists.\n\n See the [full reference](\/gateway\/configuration-reference#dm-and-group-access) for per-channel details.\n <\/Accordion>\n\n <Accordion title="Set up group chat mention gating">\n Group messages default to **require mention**. Configure patterns per agent:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n agents: {\n list: [\n {\n id: "main",\n groupChat: {\n mentionPatterns: ["@openclaw", "openclaw"],\n },\n },\n ],\n },\n channels: {\n whatsapp: {\n groups: { "*": { requireMention: true } },\n },\n },\n }\n ```\n\n * **Metadata mentions**: native @-mentions (WhatsApp tap-to-mention, Telegram @bot, etc.)\n * **Text patterns**: safe regex patterns in `mentionPatterns`\n * See [full reference](\/gateway\/configuration-reference#group-chat-mention-gating) for per-channel overrides and self-chat mode.\n <\/Accordion>\n\n <Accordion title="Tune gateway channel health monitoring">\n Control how aggressively the gateway restarts channels that look stale:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n gateway: {\n channelHealthCheckMinutes: 5,\n channelStaleEventThresholdMinutes: 30,\n channelMaxRestartsPerHour: 10,\n },\n channels: {\n telegram: {\n healthMonitor: { enabled: false },\n accounts: {\n alerts: {\n healthMonitor: { enabled: true },\n },\n },\n },\n },\n }\n ```\n\n * Set `gateway.channelHealthCheckMinutes: 0` to disable health-monitor restarts globally.\n * `channelStaleEventThresholdMinutes` should be greater than or equal to the check interval.\n * Use `channels.<provider>.healthMonitor.enabled` or `channels.<provider>.accounts.<id>.healthMonitor.enabled` to disable auto-restarts for one channel or account without disabling the global monitor.\n * See [Health Checks](\/gateway\/health) for operational debugging and the [full reference](\/gateway\/configuration-reference#gateway) for all fields.\n <\/Accordion>\n\n <Accordion title="Configure sessions and resets">\n Sessions control conversation continuity and isolation:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n session: {\n dmScope: "per-channel-peer", \/\/ recommended for multi-user\n threadBindings: {\n enabled: true,\n idleHours: 24,\n maxAgeHours: 0,\n },\n reset: {\n mode: "daily",\n atHour: 4,\n idleMinutes: 120,\n },\n },\n }\n ```\n\n * `dmScope`: `main` (shared) | `per-peer` | `per-channel-peer` | `per-account-channel-peer`\n * `threadBindings`: global defaults for thread-bound session routing (Discord supports `\/focus`, `\/unfocus`, `\/agents`, `\/session idle`, and `\/session max-age`).\n * See [Session Management](\/concepts\/session) for scoping, identity links, and send policy.\n * See [full reference](\/gateway\/configuration-reference#session) for all fields.\n <\/Accordion>\n\n <Accordion title="Enable sandboxing">\n Run agent sessions in isolated Docker containers:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n agents: {\n defaults: {\n sandbox: {\n mode: "non-main", \/\/ off | non-main | all\n scope: "agent", \/\/ session | agent | shared\n },\n },\n },\n }\n ```\n\n Build the image first: `scripts\/sandbox-setup.sh`\n\n See [Sandboxing](\/gateway\/sandboxing) for the full guide and [full reference](\/gateway\/configuration-reference#agents-defaults-sandbox) for all options.\n <\/Accordion>\n\n <Accordion title="Enable relay-backed push for official iOS builds">\n Relay-backed push is configured in `openclaw.json`.\n\n Set this in gateway config:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n gateway: {\n push: {\n apns: {\n relay: {\n baseUrl: "https:\/\/relay.example.com",\n \/\/ Optional. Default: 10000\n timeoutMs: 10000,\n },\n },\n },\n },\n }\n ```\n\n CLI equivalent:\n\n ```bash theme={"theme":{"light":"min-light","dark":"min-dark"}}\n openclaw config set gateway.push.apns.relay.baseUrl https:\/\/relay.example.com\n ```\n\n What this does:\n\n * Lets the gateway send `push.test`, wake nudges, and reconnect wakes through the external relay.\n * Uses a registration-scoped send grant forwarded by the paired iOS app. The gateway does not need a deployment-wide relay token.\n * Binds each relay-backed registration to the gateway identity that the iOS app paired with, so another gateway cannot reuse the stored registration.\n * Keeps local\/manual iOS builds on direct APNs. Relay-backed sends apply only to official distributed builds that registered through the relay.\n * Must match the relay base URL baked into the official\/TestFlight iOS build, so registration and send traffic reach the same relay deployment.\n\n End-to-end flow:\n\n 1. Install an official\/TestFlight iOS build that was compiled with the same relay base URL.\n 2. Configure `gateway.push.apns.relay.baseUrl` on the gateway.\n 3. Pair the iOS app to the gateway and let both node and operator sessions connect.\n 4. The iOS app fetches the gateway identity, registers with the relay using App Attest plus the app receipt, and then publishes the relay-backed `push.apns.register` payload to the paired gateway.\n 5. The gateway stores the relay handle and send grant, then uses them for `push.test`, wake nudges, and reconnect wakes.\n\n Operational notes:\n\n * If you switch the iOS app to a different gateway, reconnect the app so it can publish a new relay registration bound to that gateway.\n * If you ship a new iOS build that points at a different relay deployment, the app refreshes its cached relay registration instead of reusing the old relay origin.\n\n Compatibility note:\n\n * `OPENCLAW_APNS_RELAY_BASE_URL` and `OPENCLAW_APNS_RELAY_TIMEOUT_MS` still work as temporary env overrides.\n * `OPENCLAW_APNS_RELAY_ALLOW_HTTP=true` remains a loopback-only development escape hatch; do not persist HTTP relay URLs in config.\n\n See [iOS App](\/platforms\/ios#relay-backed-push-for-official-builds) for the end-to-end flow and [Authentication and trust flow](\/platforms\/ios#authentication-and-trust-flow) for the relay security model.\n <\/Accordion>\n\n <Accordion title="Set up heartbeat (periodic check-ins)">\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n agents: {\n defaults: {\n heartbeat: {\n every: "30m",\n target: "last",\n },\n },\n },\n }\n ```\n\n * `every`: duration string (`30m`, `2h`). Set `0m` to disable.\n * `target`: `last` | `whatsapp` | `telegram` | `discord` | `none`\n * `directPolicy`: `allow` (default) or `block` for DM-style heartbeat targets\n * See [Heartbeat](\/gateway\/heartbeat) for the full guide.\n <\/Accordion>\n\n <Accordion title="Configure cron jobs">\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n cron: {\n enabled: true,\n maxConcurrentRuns: 2,\n sessionRetention: "24h",\n runLog: {\n maxBytes: "2mb",\n keepLines: 2000,\n },\n },\n }\n ```\n\n * `sessionRetention`: prune completed isolated run sessions from `sessions.json` (default `24h`; set `false` to disable).\n * `runLog`: prune `cron\/runs\/<jobId>.jsonl` by size and retained lines.\n * See [Cron jobs](\/automation\/cron-jobs) for feature overview and CLI examples.\n <\/Accordion>\n\n <Accordion title="Set up webhooks (hooks)">\n Enable HTTP webhook endpoints on the Gateway:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n hooks: {\n enabled: true,\n token: "shared-secret",\n path: "\/hooks",\n defaultSessionKey: "hook:ingress",\n allowRequestSessionKey: false,\n allowedSessionKeyPrefixes: ["hook:"],\n mappings: [\n {\n match: { path: "gmail" },\n action: "agent",\n agentId: "main",\n deliver: true,\n },\n ],\n },\n }\n ```\n\n Security note:\n\n * Treat all hook\/webhook payload content as untrusted input.\n * Keep unsafe-content bypass flags disabled (`hooks.gmail.allowUnsafeExternalContent`, `hooks.mappings[].allowUnsafeExternalContent`) unless doing tightly scoped debugging.\n * For hook-driven agents, prefer strong modern model tiers and strict tool policy (for example messaging-only plus sandboxing where possible).\n\n See [full reference](\/gateway\/configuration-reference#hooks) for all mapping options and Gmail integration.\n <\/Accordion>\n\n <Accordion title="Configure multi-agent routing">\n Run multiple isolated agents with separate workspaces and sessions:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n {\n agents: {\n list: [\n { id: "home", default: true, workspace: "~\/.openclaw\/workspace-home" },\n { id: "work", workspace: "~\/.openclaw\/workspace-work" },\n ],\n },\n bindings: [\n { agentId: "home", match: { channel: "whatsapp", accountId: "personal" } },\n { agentId: "work", match: { channel: "whatsapp", accountId: "biz" } },\n ],\n }\n ```\n\n See [Multi-Agent](\/concepts\/multi-agent) and [full reference](\/gateway\/configuration-reference#multi-agent-routing) for binding rules and per-agent access profiles.\n <\/Accordion>\n\n <Accordion title="Split config into multiple files ($include)">\n Use `$include` to organize large configs:\n\n ```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n \/\/ ~\/.openclaw\/openclaw.json\n {\n gateway: { port: 18789 },\n agents: { $include: ".\/agents.json5" },\n broadcast: {\n $include: [".\/clients\/a.json5", ".\/clients\/b.json5"],\n },\n }\n ```\n\n * **Single file**: replaces the containing object\n * **Array of files**: deep-merged in order (later wins)\n * **Sibling keys**: merged after includes (override included values)\n * **Nested includes**: supported up to 10 levels deep\n * **Relative paths**: resolved relative to the including file\n * **Error handling**: clear errors for missing files, parse errors, and circular includes\n <\/Accordion>\n<\/AccordionGroup>\n\n## Config hot reload\n\nThe Gateway watches `~\/.openclaw\/openclaw.json` and applies changes automatically \u2014 no manual restart needed for most settings.\n\n### Reload modes\n\n| Mode | Behavior |\n| ---------------------- | --------------------------------------------------------------------------------------- |\n| **`hybrid`** (default) | Hot-applies safe changes instantly. Automatically restarts for critical ones. |\n| **`hot`** | Hot-applies safe changes only. Logs a warning when a restart is needed \u2014 you handle it. |\n| **`restart`** | Restarts the Gateway on any config change, safe or not. |\n| **`off`** | Disables file watching. Changes take effect on the next manual restart. |\n\n```json5 theme={"theme":{"light":"min-light","dark":"min-dark"}}\n{\n gateway: {\n reload: { mode: "hybrid", debounceMs: 300 },\n },\n}\n<\/code><\/pre>\nWhat hot-applies vs what needs a restart<\/h3>\n
hybrid<\/code> mode, restart-required changes are handled automatically.<\/p>\n