Source - OpenClaw System Architecture Overview
Source - OpenClaw System Architecture Overview
Origin: https://ppaolo.substack.com/p/openclaw-system-architecture-overview
Author: ppaolo (Substack)
Fetched: 2026-04-15
Summary
Overview of OpenClaw's full system architecture: hub-and-spoke Gateway design, channel adapters for multiple messaging platforms, control interfaces, the Agent Runtime, Canvas/A2UI system, six-phase execution flow, layered security model, and deployment topologies.
Key Takeaways
Hub-and-Spoke Architecture
The central Gateway (Node.js 22+, binds 127.0.0.1:18789 by default) is the control plane. Everything — channel adapters, control interfaces, and the agent runtime — routes through it.
Channel Adapters
Platform-specific connectors handling auth, message parsing, access control, and formatting for: WhatsApp, Telegram, Discord, Slack, iMessage, and other messaging platforms.
Control Interfaces
Web UI, CLI, macOS app, and mobile nodes for human interaction with the gateway.
Agent Runtime
Executes the AI loop: assembles context (AGENTS.md, SOUL.md, TOOLS.md system-prompt files + semantically-retrieved memory via hybrid search), invokes the model, executes tools, persists state. Docker-based sandboxing for untrusted tool sessions.
Canvas / A2UI
Agent-driven visual workspace. Uses a declarative A2UI (Agent-to-UI) framework for agents to render structured UI components.
Six-Phase Execution Flow
- Ingestion
- Access control & routing
- Context assembly
- Model invocation
- Tool execution
- Response delivery
Security Model (Layered)
- Network isolation (loopback binding)
- Authentication (tokens/passwords)
- Device pairing
- Channel allowlists
- Docker-based tool sandboxing for untrusted sessions
- Prompt injection defenses via context separation
Deployment Options
| Mode | Description |
|---|---|
| Local dev | All components on developer machine |
| macOS production | LaunchAgent background service + menu bar app |
| Linux/VPS | Remote Gateway via SSH tunnel or Tailscale |
| Fly.io containers | Cloud-native with persistent volumes |
Pages Created/Updated from This Source
wiki/concepts/openclaw-gateway.md(new)wiki/concepts/openclaw-context-assembly.md(new)wiki/concepts/openclaw-canvas.md(new)wiki/concepts/openclaw-security-model.md(new)wiki/concepts/openclaw-deployment.md(new)wiki/entities/openclaw.md(updated)