OpenClaw Gateway

The Gateway is the central control plane in OpenClaw's hub-and-spoke architecture. It routes messages from all inbound sources (channel adapters, control interfaces) to the Agent Runtime and returns responses.

Binding & Network

• Process: Node.js 22+
• Default bind: 127.0.0.1:18789 (loopback-only; no external exposure by default)
• This loopback binding is the first layer of OpenClaw's Security Model

Hub-and-Spoke Design

Channel Adapters ─┐
                  ├─→ Gateway (control plane) ─→ Agent Runtime
Control Interfaces┘

All traffic passes through the Gateway; adapters and interfaces do not talk to the runtime directly.

Channel Adapters

Platform-specific connectors that handle:

• Authentication with the upstream platform
• Message parsing and normalization
• Access control (allowlists per channel)
• Response formatting per platform conventions

Supported platforms: WhatsApp, Telegram, Discord, Slack, iMessage, and others.

Control Interfaces

Human-facing surfaces that connect to the Gateway:

• Web UI — browser-based interface
• CLI — command-line access
• macOS app — native menu bar application
• Mobile nodes — lightweight mobile clients

Six-Phase Execution Flow

Each inbound message traverses these phases inside the Gateway + Runtime:

Plugin System

Extension points exposed by the Gateway for channels, memory systems, tools, and provider plugins.

Multi-Agent Routing

Different channels can be routed to isolated agent instances with independent workspaces and models.

Related

• Agent Loop (OpenClaw) — inner loop mechanics (phases 3–5 in detail)
• Context Assembly — how context is built in phase 3
• Security Model — full layered security stack
• Command Queue — session-lane queuing between ingestion and execution
• OpenClaw Hooks — hook points along this flow
• OpenClaw — entity overview