Skip to main content

Architecture

ClawCentral is a fully managed, cloud-native platform. There is no daemon to run, no local gateway process, and no local filesystem. All state is persisted in ClawCentral's cloud storage and accessed through the Admin UI at <your-tenant>.clawcentral.io.

Core services

ClawCentral is composed of five logical services. Each service is isolated per user within a multi-tenant environment.

Gateway service

The Gateway service is the WebSocket connection handler for each user. It manages the long-lived connection between OpenClaw desktop/mobile clients (Nodes) and the platform.

  • Accepts incoming WebSocket connections from Nodes (macOS, iOS, Android, headless).
  • Validates device identity and enforces pairing approval.
  • Routes inbound frames to the Session service for AI processing.
  • Emits lifecycle events (agent, presence, health, tick) back to connected clients.
  • Exposes the OpenClaw RPC protocol over WSS at <tenant>.clawcentral.io/gateway/ws.

Session service

The Session service handles message dispatch and runs the AI agent loop for each user.

  • Receives inbound messages from chat channels (Telegram, Discord, Slack, WhatsApp, Teams, Google Chat, Matrix, Zalo, and others) and from WebSocket clients.
  • Runs the streaming AI loop: context assembly → model inference → tool execution → reply dispatch.
  • Maintains per-session queue semantics to serialize concurrent messages.
  • Delivers replies back to the originating channel or WebSocket client.

Config service

The Config service is the persistent configuration store for each user.

  • Stores agent configuration, skills, cron schedules, channel settings, and paired devices.
  • Exposes configuration to the Session service and Gateway service at runtime.
  • All configuration is managed through the Admin UI → Settings panel.

Conversation service

The Conversation service stores message history per session.

  • Persists every turn of the conversation transcript in ClawCentral's cloud storage.
  • Provides history for context assembly at the start of each AI run.
  • Supports session compaction and pruning policies.

HTTP API layer

The HTTP API layer is the REST interface that powers the Admin UI and handles all inbound webhook traffic from messaging platforms.

  • Authenticates requests via Microsoft Entra CIAM session cookies (Admin UI) or platform-specific webhook signatures.
  • Routes webhook events to the Session service for processing.
  • Serves the Lit-based Admin UI SPA at <tenant>.clawcentral.io.

Request flow

Inbound chat message (webhook)

Node WebSocket connection

Admin UI

The Admin UI is a Lit-based single-page application served at <tenant>.clawcentral.io. It provides access to all configuration and operational features:

SectionPurpose
Settings → AI ProvidersConfigure model providers and API keys
Settings → System PromptCustomize the agent's base instructions
Settings → SecretsManage platform credentials and channel tokens
NodesPair and manage connected devices; manage personal API tokens
SkillsInstall and configure agent skills
ChannelsConfigure messaging channel integrations
CronSchedule recurring automations
ConversationsBrowse conversation history

Multi-tenant isolation

For a visual overview of all trust boundaries and isolation layers, see Isolation & Trust Boundaries.

Each tenant operates in a fully isolated environment:

  • All services are namespaced per tenant and per user.
  • Tenant-specific AI provider keys (BYOK) are resolved at runtime and never shared across tenants.
  • Subdomains (<tenant>.clawcentral.io) route exclusively to that tenant's services.

Node pairing and device auth

Nodes (OpenClaw desktop and mobile clients) connect to the Gateway service using device credentials established during pairing:

  1. Open Admin UI → Nodes and initiate a new pairing.
  2. The Node sends its device identity on connect; ClawCentral verifies the signature against the paired device record.
  3. Once paired, the Node connects automatically on subsequent starts — no token in config files required.

Full details: Nodes, Gateway protocol.

Invariants

  • All state lives in ClawCentral's cloud storage — there is no local database or filesystem.
  • The Gateway service handles one WebSocket connection per user, per connected Node.
  • Session runs are serialized per session key to prevent tool/state races.
  • Events are not replayed on reconnect; clients must refresh on gaps.