--- summary: "OpenClaw plugins/extensions: discovery, config, and safety" read_when: - Adding or modifying plugins/extensions - Documenting plugin install or load rules title: "Plugins" --- # Plugins (Extensions) ## Quick start (new to plugins?) A plugin is just a **small code module** that extends OpenClaw with extra features (commands, tools, and Gateway RPC). Most of the time, you’ll use plugins when you want a feature that’s not built into core OpenClaw yet (or you want to keep optional features out of your main install). Fast path: 1. See what’s already loaded: ```bash openclaw plugins list ``` 2. Install an official plugin (example: Voice Call): ```bash openclaw plugins install @openclaw/voice-call ``` Npm specs are **registry-only** (package name + optional **exact version** or **dist-tag**). Git/URL/file specs and semver ranges are rejected. Bare specs and `@latest` stay on the stable track. If npm resolves either of those to a prerelease, OpenClaw stops and asks you to opt in explicitly with a prerelease tag such as `@beta`/`@rc` or an exact prerelease version. 3. Restart the Gateway, then configure under `plugins.entries..config`. See [Voice Call](/plugins/voice-call) for a concrete example plugin. Looking for third-party listings? See [Community plugins](/plugins/community). ## Architecture OpenClaw's plugin system has four layers: 1. **Manifest + discovery** OpenClaw finds candidate plugins from configured paths, workspace roots, global extension roots, and bundled extensions. Discovery reads `openclaw.plugin.json` plus package metadata first. 2. **Enablement + validation** Core decides whether a discovered plugin is enabled, disabled, blocked, or selected for an exclusive slot such as memory. 3. **Runtime loading** Enabled plugins are loaded in-process via jiti and register capabilities into a central registry. 4. **Surface consumption** The rest of OpenClaw reads the registry to expose tools, channels, provider setup, hooks, HTTP routes, CLI commands, and services. The important design boundary: - discovery + config validation should work from **manifest/schema metadata** without executing plugin code - runtime behavior comes from the plugin module's `register(api)` path That split lets OpenClaw validate config, explain missing/disabled plugins, and build UI/schema hints before the full runtime is active. ## Execution model Plugins run **in-process** with the Gateway. They are not sandboxed. A loaded plugin has the same process-level trust boundary as core code. Implications: - a plugin can register tools, network handlers, hooks, and services - a plugin bug can crash or destabilize the gateway - a malicious plugin is equivalent to arbitrary code execution inside the OpenClaw process Use allowlists and explicit install/load paths for non-bundled plugins. Treat workspace plugins as development-time code, not production defaults. Important trust note: - `plugins.allow` trusts **plugin ids**, not source provenance. - A workspace plugin with the same id as a bundled plugin intentionally shadows the bundled copy when that workspace plugin is enabled/allowlisted. - This is normal and useful for local development, patch testing, and hotfixes. ## Available plugins (official) - Microsoft Teams is plugin-only as of 2026.1.15; install `@openclaw/msteams` if you use Teams. - Memory (Core) — bundled memory search plugin (enabled by default via `plugins.slots.memory`) - Memory (LanceDB) — bundled long-term memory plugin (auto-recall/capture; set `plugins.slots.memory = "memory-lancedb"`) - [Voice Call](/plugins/voice-call) — `@openclaw/voice-call` - [Zalo Personal](/plugins/zalouser) — `@openclaw/zalouser` - [Matrix](/channels/matrix) — `@openclaw/matrix` - [Nostr](/channels/nostr) — `@openclaw/nostr` - [Zalo](/channels/zalo) — `@openclaw/zalo` - [Microsoft Teams](/channels/msteams) — `@openclaw/msteams` - Google Antigravity OAuth (provider auth) — bundled as `google-antigravity-auth` (disabled by default) - Gemini CLI OAuth (provider auth) — bundled as `google-gemini-cli-auth` (disabled by default) - Qwen OAuth (provider auth) — bundled as `qwen-portal-auth` (disabled by default) - Copilot Proxy (provider auth) — local VS Code Copilot Proxy bridge; distinct from built-in `github-copilot` device login (bundled, disabled by default) OpenClaw plugins are **TypeScript modules** loaded at runtime via jiti. **Config validation does not execute plugin code**; it uses the plugin manifest and JSON Schema instead. See [Plugin manifest](/plugins/manifest). Plugins can register: - Gateway RPC methods - Gateway HTTP routes - Agent tools - CLI commands - Background services - Context engines - Optional config validation - **Skills** (by listing `skills` directories in the plugin manifest) - **Auto-reply commands** (execute without invoking the AI agent) Plugins run **in‑process** with the Gateway, so treat them as trusted code. Tool authoring guide: [Plugin agent tools](/plugins/agent-tools). ## Load pipeline At startup, OpenClaw does roughly this: 1. discover candidate plugin roots 2. read `openclaw.plugin.json` and package metadata 3. reject unsafe candidates 4. normalize plugin config (`plugins.enabled`, `allow`, `deny`, `entries`, `slots`, `load.paths`) 5. decide enablement for each candidate 6. load enabled modules via jiti 7. call `register(api)` and collect registrations into the plugin registry 8. expose the registry to commands/runtime surfaces The safety gates happen **before** runtime execution. Candidates are blocked when the entry escapes the plugin root, the path is world-writable, or path ownership looks suspicious for non-bundled plugins. ### Manifest-first behavior The manifest is the control-plane source of truth. OpenClaw uses it to: - identify the plugin - discover declared channels/skills/config schema - validate `plugins.entries..config` - augment Control UI labels/placeholders - show install/catalog metadata The runtime module is the data-plane part. It registers actual behavior such as hooks, tools, commands, or provider flows. ### What the loader caches OpenClaw keeps short in-process caches for: - discovery results - manifest registry data - loaded plugin registries These caches reduce bursty startup and repeated command overhead. They are safe to think of as short-lived performance caches, not persistence. ## Runtime helpers Plugins can access selected core helpers via `api.runtime`. For telephony TTS: ```ts const result = await api.runtime.tts.textToSpeechTelephony({ text: "Hello from OpenClaw", cfg: api.config, }); ``` Notes: - Uses core `messages.tts` configuration (OpenAI or ElevenLabs). - Returns PCM audio buffer + sample rate. Plugins must resample/encode for providers. - Edge TTS is not supported for telephony. For STT/transcription, plugins can call: ```ts const { text } = await api.runtime.stt.transcribeAudioFile({ filePath: "/tmp/inbound-audio.ogg", cfg: api.config, // Optional when MIME cannot be inferred reliably: mime: "audio/ogg", }); ``` Notes: - Uses core media-understanding audio configuration (`tools.media.audio`) and provider fallback order. - Returns `{ text: undefined }` when no transcription output is produced (for example skipped/unsupported input). ## Gateway HTTP routes Plugins can expose HTTP endpoints with `api.registerHttpRoute(...)`. ```ts api.registerHttpRoute({ path: "/acme/webhook", auth: "plugin", match: "exact", handler: async (_req, res) => { res.statusCode = 200; res.end("ok"); return true; }, }); ``` Route fields: - `path`: route path under the gateway HTTP server. - `auth`: required. Use `"gateway"` to require normal gateway auth, or `"plugin"` for plugin-managed auth/webhook verification. - `match`: optional. `"exact"` (default) or `"prefix"`. - `replaceExisting`: optional. Allows the same plugin to replace its own existing route registration. - `handler`: return `true` when the route handled the request. Notes: - `api.registerHttpHandler(...)` is obsolete. Use `api.registerHttpRoute(...)`. - Plugin routes must declare `auth` explicitly. - Exact `path + match` conflicts are rejected unless `replaceExisting: true`, and one plugin cannot replace another plugin's route. - Overlapping routes with different `auth` levels are rejected. Keep `exact`/`prefix` fallthrough chains on the same auth level only. ## Plugin SDK import paths Use SDK subpaths instead of the monolithic `openclaw/plugin-sdk` import when authoring plugins: - `openclaw/plugin-sdk/core` for generic plugin APIs, provider auth types, and shared helpers. - `openclaw/plugin-sdk/compat` for bundled/internal plugin code that needs broader shared runtime helpers than `core`. - `openclaw/plugin-sdk/telegram` for Telegram channel plugins. - `openclaw/plugin-sdk/discord` for Discord channel plugins. - `openclaw/plugin-sdk/slack` for Slack channel plugins. - `openclaw/plugin-sdk/signal` for Signal channel plugins. - `openclaw/plugin-sdk/imessage` for iMessage channel plugins. - `openclaw/plugin-sdk/whatsapp` for WhatsApp channel plugins. - `openclaw/plugin-sdk/line` for LINE channel plugins. - `openclaw/plugin-sdk/msteams` for the bundled Microsoft Teams plugin surface. - Bundled extension-specific subpaths are also available: `openclaw/plugin-sdk/acpx`, `openclaw/plugin-sdk/bluebubbles`, `openclaw/plugin-sdk/copilot-proxy`, `openclaw/plugin-sdk/device-pair`, `openclaw/plugin-sdk/diagnostics-otel`, `openclaw/plugin-sdk/diffs`, `openclaw/plugin-sdk/feishu`, `openclaw/plugin-sdk/google-gemini-cli-auth`, `openclaw/plugin-sdk/googlechat`, `openclaw/plugin-sdk/irc`, `openclaw/plugin-sdk/llm-task`, `openclaw/plugin-sdk/lobster`, `openclaw/plugin-sdk/matrix`, `openclaw/plugin-sdk/mattermost`, `openclaw/plugin-sdk/memory-core`, `openclaw/plugin-sdk/memory-lancedb`, `openclaw/plugin-sdk/minimax-portal-auth`, `openclaw/plugin-sdk/nextcloud-talk`, `openclaw/plugin-sdk/nostr`, `openclaw/plugin-sdk/open-prose`, `openclaw/plugin-sdk/phone-control`, `openclaw/plugin-sdk/qwen-portal-auth`, `openclaw/plugin-sdk/synology-chat`, `openclaw/plugin-sdk/talk-voice`, `openclaw/plugin-sdk/test-utils`, `openclaw/plugin-sdk/thread-ownership`, `openclaw/plugin-sdk/tlon`, `openclaw/plugin-sdk/twitch`, `openclaw/plugin-sdk/voice-call`, `openclaw/plugin-sdk/zalo`, and `openclaw/plugin-sdk/zalouser`. Compatibility note: - `openclaw/plugin-sdk` remains supported for existing external plugins. - New and migrated bundled plugins should use channel or extension-specific subpaths; use `core` for generic surfaces and `compat` only when broader shared helpers are required. ## Read-only channel inspection If your plugin registers a channel, prefer implementing `plugin.config.inspectAccount(cfg, accountId)` alongside `resolveAccount(...)`. Why: - `resolveAccount(...)` is the runtime path. It is allowed to assume credentials are fully materialized and can fail fast when required secrets are missing. - Read-only command paths such as `openclaw status`, `openclaw status --all`, `openclaw channels status`, `openclaw channels resolve`, and doctor/config repair flows should not need to materialize runtime credentials just to describe configuration. Recommended `inspectAccount(...)` behavior: - Return descriptive account state only. - Preserve `enabled` and `configured`. - Include credential source/status fields when relevant, such as: - `tokenSource`, `tokenStatus` - `botTokenSource`, `botTokenStatus` - `appTokenSource`, `appTokenStatus` - `signingSecretSource`, `signingSecretStatus` - You do not need to return raw token values just to report read-only availability. Returning `tokenStatus: "available"` (and the matching source field) is enough for status-style commands. - Use `configured_unavailable` when a credential is configured via SecretRef but unavailable in the current command path. This lets read-only commands report “configured but unavailable in this command path” instead of crashing or misreporting the account as not configured. Performance note: - Plugin discovery and manifest metadata use short in-process caches to reduce bursty startup/reload work. - Set `OPENCLAW_DISABLE_PLUGIN_DISCOVERY_CACHE=1` or `OPENCLAW_DISABLE_PLUGIN_MANIFEST_CACHE=1` to disable these caches. - Tune cache windows with `OPENCLAW_PLUGIN_DISCOVERY_CACHE_MS` and `OPENCLAW_PLUGIN_MANIFEST_CACHE_MS`. ## Discovery & precedence OpenClaw scans, in order: 1. Config paths - `plugins.load.paths` (file or directory) 2. Workspace extensions - `/.openclaw/extensions/*.ts` - `/.openclaw/extensions/*/index.ts` 3. Global extensions - `~/.openclaw/extensions/*.ts` - `~/.openclaw/extensions/*/index.ts` 4. Bundled extensions (shipped with OpenClaw, mostly disabled by default) - `/extensions/*` Most bundled plugins must be enabled explicitly via `plugins.entries..enabled` or `openclaw plugins enable `. Default-on bundled plugin exceptions: - `device-pair` - `phone-control` - `talk-voice` - active memory slot plugin (default slot: `memory-core`) Installed plugins are enabled by default, but can be disabled the same way. Workspace plugins are **disabled by default** unless you explicitly enable them or allowlist them. This is intentional: a checked-out repo should not silently become production gateway code. Hardening notes: - If `plugins.allow` is empty and non-bundled plugins are discoverable, OpenClaw logs a startup warning with plugin ids and sources. - Candidate paths are safety-checked before discovery admission. OpenClaw blocks candidates when: - extension entry resolves outside plugin root (including symlink/path traversal escapes), - plugin root/source path is world-writable, - path ownership is suspicious for non-bundled plugins (POSIX owner is neither current uid nor root). - Loaded non-bundled plugins without install/load-path provenance emit a warning so you can pin trust (`plugins.allow`) or install tracking (`plugins.installs`). Each plugin must include a `openclaw.plugin.json` file in its root. If a path points at a file, the plugin root is the file's directory and must contain the manifest. If multiple plugins resolve to the same id, the first match in the order above wins and lower-precedence copies are ignored. That means: - workspace plugins intentionally shadow bundled plugins with the same id - `plugins.allow: ["foo"]` authorizes the active `foo` plugin by id, even when the active copy comes from the workspace instead of the bundled extension root - if you need stricter provenance control, use explicit install/load paths and inspect the resolved plugin source before enabling it ### Enablement rules Enablement is resolved after discovery: - `plugins.enabled: false` disables all plugins - `plugins.deny` always wins - `plugins.entries..enabled: false` disables that plugin - workspace-origin plugins are disabled by default - allowlists restrict the active set when `plugins.allow` is non-empty - allowlists are **id-based**, not source-based - bundled plugins are disabled by default unless: - the bundled id is in the built-in default-on set, or - you explicitly enable it, or - channel config implicitly enables the bundled channel plugin - exclusive slots can force-enable the selected plugin for that slot In current core, bundled default-on ids include local/provider helpers such as `ollama`, `sglang`, `vllm`, plus `device-pair`, `phone-control`, and `talk-voice`. ### Package packs A plugin directory may include a `package.json` with `openclaw.extensions`: ```json { "name": "my-pack", "openclaw": { "extensions": ["./src/safety.ts", "./src/tools.ts"] } } ``` Each entry becomes a plugin. If the pack lists multiple extensions, the plugin id becomes `name/`. If your plugin imports npm deps, install them in that directory so `node_modules` is available (`npm install` / `pnpm install`). Security guardrail: every `openclaw.extensions` entry must stay inside the plugin directory after symlink resolution. Entries that escape the package directory are rejected. Security note: `openclaw plugins install` installs plugin dependencies with `npm install --ignore-scripts` (no lifecycle scripts). Keep plugin dependency trees "pure JS/TS" and avoid packages that require `postinstall` builds. ### Channel catalog metadata Channel plugins can advertise onboarding metadata via `openclaw.channel` and install hints via `openclaw.install`. This keeps the core catalog data-free. Example: ```json { "name": "@openclaw/nextcloud-talk", "openclaw": { "extensions": ["./index.ts"], "channel": { "id": "nextcloud-talk", "label": "Nextcloud Talk", "selectionLabel": "Nextcloud Talk (self-hosted)", "docsPath": "/channels/nextcloud-talk", "docsLabel": "nextcloud-talk", "blurb": "Self-hosted chat via Nextcloud Talk webhook bots.", "order": 65, "aliases": ["nc-talk", "nc"] }, "install": { "npmSpec": "@openclaw/nextcloud-talk", "localPath": "extensions/nextcloud-talk", "defaultChoice": "npm" } } } ``` OpenClaw can also merge **external channel catalogs** (for example, an MPM registry export). Drop a JSON file at one of: - `~/.openclaw/mpm/plugins.json` - `~/.openclaw/mpm/catalog.json` - `~/.openclaw/plugins/catalog.json` Or point `OPENCLAW_PLUGIN_CATALOG_PATHS` (or `OPENCLAW_MPM_CATALOG_PATHS`) at one or more JSON files (comma/semicolon/`PATH`-delimited). Each file should contain `{ "entries": [ { "name": "@scope/pkg", "openclaw": { "channel": {...}, "install": {...} } } ] }`. ## Plugin IDs Default plugin ids: - Package packs: `package.json` `name` - Standalone file: file base name (`~/.../voice-call.ts` → `voice-call`) If a plugin exports `id`, OpenClaw uses it but warns when it doesn’t match the configured id. ## Registry model Loaded plugins do not directly mutate random core globals. They register into a central plugin registry. The registry tracks: - plugin records (identity, source, origin, status, diagnostics) - tools - legacy hooks and typed hooks - channels - providers - gateway RPC handlers - HTTP routes - CLI registrars - background services - plugin-owned commands Core features then read from that registry instead of talking to plugin modules directly. This keeps loading one-way: - plugin module -> registry registration - core runtime -> registry consumption That separation matters for maintainability. It means most core surfaces only need one integration point: "read the registry", not "special-case every plugin module". ## Config ```json5 { plugins: { enabled: true, allow: ["voice-call"], deny: ["untrusted-plugin"], load: { paths: ["~/Projects/oss/voice-call-extension"] }, entries: { "voice-call": { enabled: true, config: { provider: "twilio" } }, }, }, } ``` Fields: - `enabled`: master toggle (default: true) - `allow`: allowlist (optional) - `deny`: denylist (optional; deny wins) - `load.paths`: extra plugin files/dirs - `slots`: exclusive slot selectors such as `memory` and `contextEngine` - `entries.`: per‑plugin toggles + config Config changes **require a gateway restart**. Validation rules (strict): - Unknown plugin ids in `entries`, `allow`, `deny`, or `slots` are **errors**. - Unknown `channels.` keys are **errors** unless a plugin manifest declares the channel id. - Plugin config is validated using the JSON Schema embedded in `openclaw.plugin.json` (`configSchema`). - If a plugin is disabled, its config is preserved and a **warning** is emitted. ### Disabled vs missing vs invalid These states are intentionally different: - **disabled**: plugin exists, but enablement rules turned it off - **missing**: config references a plugin id that discovery did not find - **invalid**: plugin exists, but its config does not match the declared schema OpenClaw preserves config for disabled plugins so toggling them back on is not destructive. ## Plugin slots (exclusive categories) Some plugin categories are **exclusive** (only one active at a time). Use `plugins.slots` to select which plugin owns the slot: ```json5 { plugins: { slots: { memory: "memory-core", // or "none" to disable memory plugins contextEngine: "legacy", // or a plugin id such as "lossless-claw" }, }, } ``` Supported exclusive slots: - `memory`: active memory plugin (`"none"` disables memory plugins) - `contextEngine`: active context engine plugin (`"legacy"` is the built-in default) If multiple plugins declare `kind: "memory"` or `kind: "context-engine"`, only the selected plugin loads for that slot. Others are disabled with diagnostics. ### Context engine plugins Context engine plugins own session context orchestration for ingest, assembly, and compaction. Register them from your plugin with `api.registerContextEngine(id, factory)`, then select the active engine with `plugins.slots.contextEngine`. Use this when your plugin needs to replace or extend the default context pipeline rather than just add memory search or hooks. ## Control UI (schema + labels) The Control UI uses `config.schema` (JSON Schema + `uiHints`) to render better forms. OpenClaw augments `uiHints` at runtime based on discovered plugins: - Adds per-plugin labels for `plugins.entries.` / `.enabled` / `.config` - Merges optional plugin-provided config field hints under: `plugins.entries..config.` If you want your plugin config fields to show good labels/placeholders (and mark secrets as sensitive), provide `uiHints` alongside your JSON Schema in the plugin manifest. Example: ```json { "id": "my-plugin", "configSchema": { "type": "object", "additionalProperties": false, "properties": { "apiKey": { "type": "string" }, "region": { "type": "string" } } }, "uiHints": { "apiKey": { "label": "API Key", "sensitive": true }, "region": { "label": "Region", "placeholder": "us-east-1" } } } ``` ## CLI ```bash openclaw plugins list openclaw plugins info openclaw plugins install # copy a local file/dir into ~/.openclaw/extensions/ openclaw plugins install ./extensions/voice-call # relative path ok openclaw plugins install ./plugin.tgz # install from a local tarball openclaw plugins install ./plugin.zip # install from a local zip openclaw plugins install -l ./extensions/voice-call # link (no copy) for dev openclaw plugins install @openclaw/voice-call # install from npm openclaw plugins install @openclaw/voice-call --pin # store exact resolved name@version openclaw plugins update openclaw plugins update --all openclaw plugins enable openclaw plugins disable openclaw plugins doctor ``` `plugins update` only works for npm installs tracked under `plugins.installs`. If stored integrity metadata changes between updates, OpenClaw warns and asks for confirmation (use global `--yes` to bypass prompts). Plugins may also register their own top‑level commands (example: `openclaw voicecall`). ## Plugin API (overview) Plugins export either: - A function: `(api) => { ... }` - An object: `{ id, name, configSchema, register(api) { ... } }` `register(api)` is where plugins attach behavior. Common registrations include: - `registerTool` - `registerHook` - `on(...)` for typed lifecycle hooks - `registerChannel` - `registerProvider` - `registerHttpRoute` - `registerCommand` - `registerCli` - `registerContextEngine` - `registerService` Context engine plugins can also register a runtime-owned context manager: ```ts export default function (api) { api.registerContextEngine("lossless-claw", () => ({ info: { id: "lossless-claw", name: "Lossless Claw", ownsCompaction: true }, async ingest() { return { ingested: true }; }, async assemble({ messages }) { return { messages, estimatedTokens: 0 }; }, async compact() { return { ok: true, compacted: false }; }, })); } ``` Then enable it in config: ```json5 { plugins: { slots: { contextEngine: "lossless-claw", }, }, } ``` ## Plugin hooks Plugins can register hooks at runtime. This lets a plugin bundle event-driven automation without a separate hook pack install. ### Example ```ts export default function register(api) { api.registerHook( "command:new", async () => { // Hook logic here. }, { name: "my-plugin.command-new", description: "Runs when /new is invoked", }, ); } ``` Notes: - Register hooks explicitly via `api.registerHook(...)`. - Hook eligibility rules still apply (OS/bins/env/config requirements). - Plugin-managed hooks show up in `openclaw hooks list` with `plugin:`. - You cannot enable/disable plugin-managed hooks via `openclaw hooks`; enable/disable the plugin instead. ### Agent lifecycle hooks (`api.on`) For typed runtime lifecycle hooks, use `api.on(...)`: ```ts export default function register(api) { api.on( "before_prompt_build", (event, ctx) => { return { prependSystemContext: "Follow company style guide.", }; }, { priority: 10 }, ); } ``` Important hooks for prompt construction: - `before_model_resolve`: runs before session load (`messages` are not available). Use this to deterministically override `modelOverride` or `providerOverride`. - `before_prompt_build`: runs after session load (`messages` are available). Use this to shape prompt input. - `before_agent_start`: legacy compatibility hook. Prefer the two explicit hooks above. Core-enforced hook policy: - Operators can disable prompt mutation hooks per plugin via `plugins.entries..hooks.allowPromptInjection: false`. - When disabled, OpenClaw blocks `before_prompt_build` and ignores prompt-mutating fields returned from legacy `before_agent_start` while preserving legacy `modelOverride` and `providerOverride`. `before_prompt_build` result fields: - `prependContext`: prepends text to the user prompt for this run. Best for turn-specific or dynamic content. - `systemPrompt`: full system prompt override. - `prependSystemContext`: prepends text to the current system prompt. - `appendSystemContext`: appends text to the current system prompt. Prompt build order in embedded runtime: 1. Apply `prependContext` to the user prompt. 2. Apply `systemPrompt` override when provided. 3. Apply `prependSystemContext + current system prompt + appendSystemContext`. Merge and precedence notes: - Hook handlers run by priority (higher first). - For merged context fields, values are concatenated in execution order. - `before_prompt_build` values are applied before legacy `before_agent_start` fallback values. Migration guidance: - Move static guidance from `prependContext` to `prependSystemContext` (or `appendSystemContext`) so providers can cache stable system-prefix content. - Keep `prependContext` for per-turn dynamic context that should stay tied to the user message. ## Provider plugins (model auth) Plugins can register **model providers** so users can run OAuth or API-key setup inside OpenClaw, surface provider setup in onboarding/model-pickers, and contribute implicit provider discovery. Provider plugins are the modular extension seam for model-provider setup. They are not just "OAuth helpers" anymore. ### Provider plugin lifecycle A provider plugin can participate in five distinct phases: 1. **Auth** `auth[].run(ctx)` performs OAuth, API-key capture, device code, or custom setup and returns auth profiles plus optional config patches. 2. **Non-interactive setup** `auth[].runNonInteractive(ctx)` handles `openclaw onboard --non-interactive` without prompts. Use this when the provider needs custom headless setup beyond the built-in simple API-key paths. 3. **Wizard integration** `wizard.onboarding` adds an entry to `openclaw onboard`. `wizard.modelPicker` adds a setup entry to the model picker. 4. **Implicit discovery** `discovery.run(ctx)` can contribute provider config automatically during model resolution/listing. 5. **Post-selection follow-up** `onModelSelected(ctx)` runs after a model is chosen. Use this for provider- specific work such as downloading a local model. This is the recommended split because these phases have different lifecycle requirements: - auth is interactive and writes credentials/config - non-interactive setup is flag/env-driven and must not prompt - wizard metadata is static and UI-facing - discovery should be safe, quick, and failure-tolerant - post-select hooks are side effects tied to the chosen model ### Provider auth contract `auth[].run(ctx)` returns: - `profiles`: auth profiles to write - `configPatch`: optional `openclaw.json` changes - `defaultModel`: optional `provider/model` ref - `notes`: optional user-facing notes Core then: 1. writes the returned auth profiles 2. applies auth-profile config wiring 3. merges the config patch 4. optionally applies the default model 5. runs the provider's `onModelSelected` hook when appropriate That means a provider plugin owns the provider-specific setup logic, while core owns the generic persistence and config-merge path. ### Provider non-interactive contract `auth[].runNonInteractive(ctx)` is optional. Implement it when the provider needs headless setup that cannot be expressed through the built-in generic API-key flows. The non-interactive context includes: - the current and base config - parsed onboarding CLI options - runtime logging/error helpers - agent/workspace dirs - `resolveApiKey(...)` to read provider keys from flags, env, or existing auth profiles while honoring `--secret-input-mode` - `toApiKeyCredential(...)` to convert a resolved key into an auth-profile credential with the right plaintext vs secret-ref storage Use this surface for providers such as: - self-hosted OpenAI-compatible runtimes that need `--custom-base-url` + `--custom-model-id` - provider-specific non-interactive verification or config synthesis Do not prompt from `runNonInteractive`. Reject missing inputs with actionable errors instead. ### Provider wizard metadata `wizard.onboarding` controls how the provider appears in grouped onboarding: - `choiceId`: auth-choice value - `choiceLabel`: option label - `choiceHint`: short hint - `groupId`: group bucket id - `groupLabel`: group label - `groupHint`: group hint - `methodId`: auth method to run `wizard.modelPicker` controls how a provider appears as a "set this up now" entry in model selection: - `label` - `hint` - `methodId` When a provider has multiple auth methods, the wizard can either point at one explicit method or let OpenClaw synthesize per-method choices. OpenClaw validates provider wizard metadata when the plugin registers: - duplicate or blank auth-method ids are rejected - wizard metadata is ignored when the provider has no auth methods - invalid `methodId` bindings are downgraded to warnings and fall back to the provider's remaining auth methods ### Provider discovery contract `discovery.run(ctx)` returns one of: - `{ provider }` - `{ providers }` - `null` Use `{ provider }` for the common case where the plugin owns one provider id. Use `{ providers }` when a plugin discovers multiple provider entries. The discovery context includes: - the current config - agent/workspace dirs - process env - a helper to resolve the provider API key and a discovery-safe API key value Discovery should be: - fast - best-effort - safe to skip on failure - careful about side effects It should not depend on prompts or long-running setup. ### Discovery ordering Provider discovery runs in ordered phases: - `simple` - `profile` - `paired` - `late` Use: - `simple` for cheap environment-only discovery - `profile` when discovery depends on auth profiles - `paired` for providers that need to coordinate with another discovery step - `late` for expensive or local-network probing Most self-hosted providers should use `late`. ### Good provider-plugin boundaries Good fit for provider plugins: - local/self-hosted providers with custom setup flows - provider-specific OAuth/device-code login - implicit discovery of local model servers - post-selection side effects such as model pulls Less compelling fit: - trivial API-key-only providers that differ only by env var, base URL, and one default model Those can still become plugins, but the main modularity payoff comes from extracting behavior-rich providers first. Register a provider via `api.registerProvider(...)`. Each provider exposes one or more auth methods (OAuth, API key, device code, etc.). Those methods can power: - `openclaw models auth login --provider [--method ]` - `openclaw onboard` - model-picker “custom provider” setup entries - implicit provider discovery during model resolution/listing Example: ```ts api.registerProvider({ id: "acme", label: "AcmeAI", auth: [ { id: "oauth", label: "OAuth", kind: "oauth", run: async (ctx) => { // Run OAuth flow and return auth profiles. return { profiles: [ { profileId: "acme:default", credential: { type: "oauth", provider: "acme", access: "...", refresh: "...", expires: Date.now() + 3600 * 1000, }, }, ], defaultModel: "acme/opus-1", }; }, }, ], wizard: { onboarding: { choiceId: "acme", choiceLabel: "AcmeAI", groupId: "acme", groupLabel: "AcmeAI", methodId: "oauth", }, modelPicker: { label: "AcmeAI (custom)", hint: "Connect a self-hosted AcmeAI endpoint", methodId: "oauth", }, }, discovery: { order: "late", run: async () => ({ provider: { baseUrl: "https://acme.example/v1", api: "openai-completions", apiKey: "${ACME_API_KEY}", models: [], }, }), }, }); ``` Notes: - `run` receives a `ProviderAuthContext` with `prompter`, `runtime`, `openUrl`, and `oauth.createVpsAwareHandlers` helpers. - `runNonInteractive` receives a `ProviderAuthMethodNonInteractiveContext` with `opts`, `resolveApiKey`, and `toApiKeyCredential` helpers for headless onboarding. - Return `configPatch` when you need to add default models or provider config. - Return `defaultModel` so `--set-default` can update agent defaults. - `wizard.onboarding` adds a provider choice to `openclaw onboard`. - `wizard.modelPicker` adds a “setup this provider” entry to the model picker. - `discovery.run` returns either `{ provider }` for the plugin’s own provider id or `{ providers }` for multi-provider discovery. - `discovery.order` controls when the provider runs relative to built-in discovery phases: `simple`, `profile`, `paired`, or `late`. - `onModelSelected` is the post-selection hook for provider-specific follow-up work such as pulling a local model. ### Register a messaging channel Plugins can register **channel plugins** that behave like built‑in channels (WhatsApp, Telegram, etc.). Channel config lives under `channels.` and is validated by your channel plugin code. ```ts const myChannel = { id: "acmechat", meta: { id: "acmechat", label: "AcmeChat", selectionLabel: "AcmeChat (API)", docsPath: "/channels/acmechat", blurb: "demo channel plugin.", aliases: ["acme"], }, capabilities: { chatTypes: ["direct"] }, config: { listAccountIds: (cfg) => Object.keys(cfg.channels?.acmechat?.accounts ?? {}), resolveAccount: (cfg, accountId) => cfg.channels?.acmechat?.accounts?.[accountId ?? "default"] ?? { accountId, }, }, outbound: { deliveryMode: "direct", sendText: async () => ({ ok: true }), }, }; export default function (api) { api.registerChannel({ plugin: myChannel }); } ``` Notes: - Put config under `channels.` (not `plugins.entries`). - `meta.label` is used for labels in CLI/UI lists. - `meta.aliases` adds alternate ids for normalization and CLI inputs. - `meta.preferOver` lists channel ids to skip auto-enable when both are configured. - `meta.detailLabel` and `meta.systemImage` let UIs show richer channel labels/icons. ### Channel onboarding hooks Channel plugins can define optional onboarding hooks on `plugin.onboarding`: - `configure(ctx)` is the baseline setup flow. - `configureInteractive(ctx)` can fully own interactive setup for both configured and unconfigured states. - `configureWhenConfigured(ctx)` can override behavior only for already configured channels. Hook precedence in the wizard: 1. `configureInteractive` (if present) 2. `configureWhenConfigured` (only when channel status is already configured) 3. fallback to `configure` Context details: - `configureInteractive` and `configureWhenConfigured` receive: - `configured` (`true` or `false`) - `label` (user-facing channel name used by prompts) - plus the shared config/runtime/prompter/options fields - Returning `"skip"` leaves selection and account tracking unchanged. - Returning `{ cfg, accountId? }` applies config updates and records account selection. ### Write a new messaging channel (step‑by‑step) Use this when you want a **new chat surface** (a "messaging channel"), not a model provider. Model provider docs live under `/providers/*`. 1. Pick an id + config shape - All channel config lives under `channels.`. - Prefer `channels..accounts.` for multi‑account setups. 2. Define the channel metadata - `meta.label`, `meta.selectionLabel`, `meta.docsPath`, `meta.blurb` control CLI/UI lists. - `meta.docsPath` should point at a docs page like `/channels/`. - `meta.preferOver` lets a plugin replace another channel (auto-enable prefers it). - `meta.detailLabel` and `meta.systemImage` are used by UIs for detail text/icons. 3. Implement the required adapters - `config.listAccountIds` + `config.resolveAccount` - `capabilities` (chat types, media, threads, etc.) - `outbound.deliveryMode` + `outbound.sendText` (for basic send) 4. Add optional adapters as needed - `setup` (wizard), `security` (DM policy), `status` (health/diagnostics) - `gateway` (start/stop/login), `mentions`, `threading`, `streaming` - `actions` (message actions), `commands` (native command behavior) 5. Register the channel in your plugin - `api.registerChannel({ plugin })` Minimal config example: ```json5 { channels: { acmechat: { accounts: { default: { token: "ACME_TOKEN", enabled: true }, }, }, }, } ``` Minimal channel plugin (outbound‑only): ```ts const plugin = { id: "acmechat", meta: { id: "acmechat", label: "AcmeChat", selectionLabel: "AcmeChat (API)", docsPath: "/channels/acmechat", blurb: "AcmeChat messaging channel.", aliases: ["acme"], }, capabilities: { chatTypes: ["direct"] }, config: { listAccountIds: (cfg) => Object.keys(cfg.channels?.acmechat?.accounts ?? {}), resolveAccount: (cfg, accountId) => cfg.channels?.acmechat?.accounts?.[accountId ?? "default"] ?? { accountId, }, }, outbound: { deliveryMode: "direct", sendText: async ({ text }) => { // deliver `text` to your channel here return { ok: true }; }, }, }; export default function (api) { api.registerChannel({ plugin }); } ``` Load the plugin (extensions dir or `plugins.load.paths`), restart the gateway, then configure `channels.` in your config. ### Agent tools See the dedicated guide: [Plugin agent tools](/plugins/agent-tools). ### Register a gateway RPC method ```ts export default function (api) { api.registerGatewayMethod("myplugin.status", ({ respond }) => { respond(true, { ok: true }); }); } ``` ### Register CLI commands ```ts export default function (api) { api.registerCli( ({ program }) => { program.command("mycmd").action(() => { console.log("Hello"); }); }, { commands: ["mycmd"] }, ); } ``` ### Register auto-reply commands Plugins can register custom slash commands that execute **without invoking the AI agent**. This is useful for toggle commands, status checks, or quick actions that don't need LLM processing. ```ts export default function (api) { api.registerCommand({ name: "mystatus", description: "Show plugin status", handler: (ctx) => ({ text: `Plugin is running! Channel: ${ctx.channel}`, }), }); } ``` Command handler context: - `senderId`: The sender's ID (if available) - `channel`: The channel where the command was sent - `isAuthorizedSender`: Whether the sender is an authorized user - `args`: Arguments passed after the command (if `acceptsArgs: true`) - `commandBody`: The full command text - `config`: The current OpenClaw config Command options: - `name`: Command name (without the leading `/`) - `nativeNames`: Optional native-command aliases for slash/menu surfaces. Use `default` for all native providers, or provider-specific keys like `discord` - `description`: Help text shown in command lists - `acceptsArgs`: Whether the command accepts arguments (default: false). If false and arguments are provided, the command won't match and the message falls through to other handlers - `requireAuth`: Whether to require authorized sender (default: true) - `handler`: Function that returns `{ text: string }` (can be async) Example with authorization and arguments: ```ts api.registerCommand({ name: "setmode", description: "Set plugin mode", acceptsArgs: true, requireAuth: true, handler: async (ctx) => { const mode = ctx.args?.trim() || "default"; await saveMode(mode); return { text: `Mode set to: ${mode}` }; }, }); ``` Notes: - Plugin commands are processed **before** built-in commands and the AI agent - Commands are registered globally and work across all channels - Command names are case-insensitive (`/MyStatus` matches `/mystatus`) - Command names must start with a letter and contain only letters, numbers, hyphens, and underscores - Reserved command names (like `help`, `status`, `reset`, etc.) cannot be overridden by plugins - Duplicate command registration across plugins will fail with a diagnostic error ### Register background services ```ts export default function (api) { api.registerService({ id: "my-service", start: () => api.logger.info("ready"), stop: () => api.logger.info("bye"), }); } ``` ## Naming conventions - Gateway methods: `pluginId.action` (example: `voicecall.status`) - Tools: `snake_case` (example: `voice_call`) - CLI commands: kebab or camel, but avoid clashing with core commands ## Skills Plugins can ship a skill in the repo (`skills//SKILL.md`). Enable it with `plugins.entries..enabled` (or other config gates) and ensure it’s present in your workspace/managed skills locations. ## Distribution (npm) Recommended packaging: - Main package: `openclaw` (this repo) - Plugins: separate npm packages under `@openclaw/*` (example: `@openclaw/voice-call`) Publishing contract: - Plugin `package.json` must include `openclaw.extensions` with one or more entry files. - Entry files can be `.js` or `.ts` (jiti loads TS at runtime). - `openclaw plugins install ` uses `npm pack`, extracts into `~/.openclaw/extensions//`, and enables it in config. - Config key stability: scoped packages are normalized to the **unscoped** id for `plugins.entries.*`. ## Example plugin: Voice Call This repo includes a voice‑call plugin (Twilio or log fallback): - Source: `extensions/voice-call` - Skill: `skills/voice-call` - CLI: `openclaw voicecall start|status` - Tool: `voice_call` - RPC: `voicecall.start`, `voicecall.status` - Config (twilio): `provider: "twilio"` + `twilio.accountSid/authToken/from` (optional `statusCallbackUrl`, `twimlUrl`) - Config (dev): `provider: "log"` (no network) See [Voice Call](/plugins/voice-call) and `extensions/voice-call/README.md` for setup and usage. ## Safety notes Plugins run in-process with the Gateway. Treat them as trusted code: - Only install plugins you trust. - Prefer `plugins.allow` allowlists. - Remember that `plugins.allow` is id-based, so an enabled workspace plugin can intentionally shadow a bundled plugin with the same id. - Restart the Gateway after changes. ## Testing plugins Plugins can (and should) ship tests: - In-repo plugins can keep Vitest tests under `src/**` (example: `src/plugins/voice-call.plugin.test.ts`). - Separately published plugins should run their own CI (lint/build/test) and validate `openclaw.extensions` points at the built entrypoint (`dist/index.js`).