Living Architecture: OpenClaw and Clawbot
Why This Was Built
Every architect worth following has a system they built and operate themselves. Not a weekend prototype that gets abandoned after the demo. A real system that runs in production, breaks in interesting ways, and teaches lessons that no whiteboard session or architecture review can replicate.
OpenClaw exists to understand agentic AI at the level of operational truth — not the level of conference talks and vendor demos. When papers describe autonomous agents that can use tools, manage long-running tasks, and recover from failures, the question is: does it actually work when nobody is watching? What happens when the network drops at 3 AM and the agent is mid-task? What does model orchestration look like when every unnecessary API call costs real money? How do you build a skills system that is modular enough to extend but reliable enough to run unsupervised?
The answers to those questions are captured in this document. OpenClaw is not a toy — it is a comprehensive automation platform that manages security monitoring, infrastructure health, data backup, communication management, and development workflows across dedicated personal infrastructure. It has been running continuously since early 2025, and the architectural decisions documented here reflect hundreds of iterations driven by real operational experience. Fred Brooks wrote in 1987 that there is "no silver bullet" for software complexity — only the steady accumulation of tactical improvements. OpenClaw is a living demonstration of that principle.
System Overview
- OpenClaw Version: 2026.2.17
- Gateway: Port 18789 (Bound to LAN)
- Primary Interface: Telegram Bot Channel
- Architecture Pattern: Gateway-mediated agent with modular skills and scheduled automation
- Deployment Model: Single-node, always-on, with network-accessible API gateway
The system follows a design philosophy influenced by the Twelve-Factor App methodology, adapted for an autonomous agent context:
- Codebase: Single repository tracked in Git, with automated sync (
git-auto-sync). - Dependencies: Explicitly declared, with the skills framework managing capability dependencies.
- Configuration: Stored in environment variables and configuration files, separated from code.
- Backing Services: External services (AI model APIs, messaging APIs, camera feeds) treated as attached resources, swappable without code changes.
- Build/Release/Run: Skills are developed, tested, and deployed through the
clawhubframework. - Processes: The gateway process is stateless between requests; state is persisted to the database.
- Port Binding: The gateway binds to a configurable port and serves requests over HTTP.
- Concurrency: Cron jobs run as independent processes, avoiding contention.
- Disposability: The system can be stopped and restarted cleanly; cron jobs are idempotent.
- Dev/Prod Parity: The development and production environments are the same physical machine — eliminating the gap entirely.
- Logs: All agent actions are logged through the
session-logsskill for audit and analysis. - Admin Processes: Diagnostic and maintenance tasks run through the
doctorcommand.
Intelligence and Models
OpenClaw implements multi-model intelligence — the architectural decision to route tasks to different AI models based on the nature of the work rather than relying on a single model for everything. This is not just a cost optimization strategy (though it is that too). It reflects a design principle that Martin Fowler would recognize: use the right tool for the job. A fast, broad model handles routine monitoring and triage. A deeper, more expensive model handles complex analysis and creative problem-solving. A specialized coding agent handles software development tasks.
- Default Model:
google-gemini-cli/gemini-3-flash-preview— Selected for its combination of speed, context window size (2M+ tokens), and multimodal capability. Handles the majority of routine tasks: monitoring interpretation, email processing, status reporting, and conversational interactions. - Auth Providers:
- Google Gemini CLI: OAuth-based authentication. Primary model provider for fast reasoning and broad task coverage.
- Google Antigravity: OAuth-based authentication. Used for specialized Google ecosystem integrations.
- Anthropic: API Key authentication. Used for tasks requiring deep analytical reasoning, nuanced writing, and complex multi-step planning.
Model Routing Strategy
The task router selects models based on several signals:
- Task Complexity: Simple status checks and formatting tasks go to the fastest available model. Multi-step reasoning and analysis tasks go to deeper models.
- Latency Requirements: Real-time interactions (Telegram responses) prioritize low-latency models. Background tasks (daily scans, batch analysis) can use slower, more capable models.
- Cost Sensitivity: Routine monitoring tasks that run hourly should not consume premium API credits. The system tracks cumulative API spend and can throttle model selection based on budget thresholds.
- Modality: Tasks involving image analysis (camera feeds, screenshot interpretation) require multimodal-capable models.
This pattern mirrors a key principle for enterprise AI adoption: do not commit to a single vendor or model. Build an abstraction layer that lets you swap models as the landscape evolves — because it will evolve, rapidly and unpredictably.
Automation (Cron Jobs)
The cron automation layer is where OpenClaw demonstrates the practical value of autonomous agents. These are not simple scripts triggered on a schedule — each cron job invokes the agent, which reasons about the current state, decides what actions to take, and executes them. The agent can adapt its behavior based on context: the network-watchdog does not just check connectivity; it diagnoses the nature of failures and takes different remediation actions for DNS issues versus gateway unreachability versus bandwidth degradation.
The following tasks are scheduled and managed by the OpenClaw Gateway:
| Job | Frequency | Purpose | Intelligence Required |
|---|---|---|---|
hourly-nexus-sitrep | Hourly | Aggregated system status report synthesizing all monitoring signals into a coherent situation report | Multi-source reasoning, summarization |
daily-project-intel-scan | Daily | Workspace analysis — scans active projects for stale branches, open issues, dependency vulnerabilities, and development opportunities | Code analysis, prioritization |
camera-monitors | Periodic | Reliability checks on camera feeds — detects offline cameras, degraded image quality, and storage issues | Image analysis, anomaly detection |
email-spam-cleanup | Periodic | Inbox maintenance — identifies and archives spam, categorizes actionable emails, flags items requiring attention | NLP classification, priority scoring |
network-watchdog | Periodic | Connectivity monitoring — tests DNS resolution, gateway reachability, bandwidth, and latency; diagnoses and remediates failures | Diagnostic reasoning, tool use |
git-auto-sync | Periodic | Repository backup — ensures all local repositories are synced with remote origins; detects and reports sync conflicts | Git operations, conflict detection |
shop-monitor | Periodic | Availability tracking for monitored services and endpoints | HTTP health checking, alerting |
driveway-alerts | Event-driven | Security monitoring — analyzes driveway camera events for vehicles and persons of interest | Computer vision, event correlation |
nest-monitor | Periodic | Motion event tracking from Nest devices — filters noise from actionable events | Event classification |
db-backup | Daily | Database persistence — creates and validates backups; rotates old backups based on retention policy | File operations, validation |
hourly-mop | Hourly | Temp file cleanup — identifies and removes temporary files, stale caches, and orphaned processes | File system analysis, safe deletion |
macbook-tracker | Periodic | Device location monitoring — tracks and reports MacBook location for asset management | API integration |
arrival-detection | Event-driven | Vehicle and person identification — correlates camera events with known patterns for presence detection | Pattern matching, temporal correlation |
Design Decision: Agent-Driven versus Script-Driven Automation
An earlier version of OpenClaw used traditional scripts for scheduled tasks — Python scripts that checked conditions and took predetermined actions. The shift to agent-driven automation was motivated by a specific observation: traditional scripts fail silently when they encounter states that the script author did not anticipate. An agent, by contrast, can reason about unexpected states and either adapt its approach or escalate to human attention.
For example, the network-watchdog script would check if a ping succeeded and restart the network interface if it failed. The agent-driven version checks connectivity across multiple paths, diagnoses whether the issue is DNS, gateway, ISP, or hardware, and takes appropriate action for each case — including deciding not to act if the issue is transient and likely to self-resolve. This is the difference between automation and autonomy.
Capabilities and Skills
The skills framework is OpenClaw's implementation of the microservices pattern applied to agent capabilities. Each skill is independently developed, tested, and deployed. Skills communicate through the agent's orchestration layer rather than directly with each other, maintaining loose coupling.
Installed via clawhub and available to the agent:
| Skill | Category | Description |
|---|---|---|
clawhub | System | Skill management — install, update, remove, and inspect available skills. The package manager for agent capabilities. |
coding-agent | Development | Sub-agent delegation — spawns a specialized coding agent for software development tasks, isolating complex multi-file edits from the main agent context. |
gemini | Intelligence | One-shot generation — direct access to Gemini models for tasks that benefit from a clean context without conversation history. |
gh-issues | Development | GitHub automation — creates, updates, and triages GitHub issues based on project intelligence scans and monitoring alerts. |
github | Development | CLI integration — full GitHub CLI access for repository management, pull request workflows, and code review. |
healthcheck | Operations | Security and audit — comprehensive system health assessment including service status, disk space, process health, and security posture. |
session-logs | Observability | History analysis — query and analyze past agent sessions for debugging, performance optimization, and audit compliance. |
skill-creator | Development | Skill development — scaffolds new skills with proper structure, configuration, and testing harness. Enables the system to extend itself. |
tmux | Operations | Remote control — manage terminal sessions for long-running tasks, background processes, and multi-window workflows. |
weather | Information | Forecasts — weather data integration for scheduling outdoor tasks and environmental context in monitoring decisions. |
Skill Architecture
Each skill follows a consistent structure:
- Manifest: Declares the skill's name, version, description, required permissions, and configuration parameters.
- Handler: The executable logic that the agent invokes. Handlers receive structured input and return structured output.
- Configuration: Environment-specific settings stored separately from code. API keys, endpoints, and thresholds are configurable without modifying the skill.
- Tests: Each skill includes test cases that validate behavior against expected inputs and outputs. Skills that fail tests are not deployed.
This structure enables a critical capability: the system can extend itself. The skill-creator skill scaffolds new skills, and the coding-agent skill can implement the logic. A human reviews and approves the new skill before deployment, maintaining the human-in-the-loop principle for capability expansion.
Custom Scripts
Local scripts provide targeted automation for tasks that do not require agent intelligence — straightforward operational tasks where a deterministic script is more appropriate than agent reasoning. These scripts are located in the workspace (~/clawd/scripts or ~/.openclaw/workspace/scripts):
| Script | Purpose |
|---|---|
email-spam-cleaner.py | Rule-based email filtering and archival |
camera-reliability.py | Camera uptime and feed quality monitoring |
network-watchdog.py | Network connectivity testing and basic remediation |
db-backup.py | Database snapshot creation and rotation |
driveway-alert.py | Motion detection event processing |
git-auto-sync.py | Repository synchronization with conflict detection |
shop-monitor.py | Service availability polling |
nest-monitor.py | Nest device event processing |
hourly-mop.py | Temporary file and process cleanup |
The division between agent-driven cron jobs and deterministic scripts is deliberate. Not every task benefits from AI reasoning. File cleanup, database backups, and basic connectivity checks are well-defined problems where a script is simpler, faster, and more predictable. The agent orchestrates these scripts — deciding when to run them, interpreting their output, and escalating when they report anomalies — but does not replace them where they are the right tool.
Hardware Specification
OpenClaw runs on deliberately modest hardware. This is a conscious design choice, not a limitation. If an autonomous agent system requires high-end infrastructure to function, it is not demonstrating the value of intelligent orchestration — it is demonstrating the value of expensive hardware. The constraint forces architectural discipline: efficient model routing, aggressive caching, minimal local compute, and offloading heavy inference to cloud APIs.
- CPU/Chipset: Intel 5 Series/3400 chipset
- Storage:
- Seagate 500GB HDD (archival storage, backups)
- SPCC 1TB SSD (primary storage — note: performance limited by SATA II interface, which constrains sequential read/write to approximately 300MB/s)
- Memory: Sufficient for gateway process, cron scheduler, and concurrent script execution
- Network: LAN-connected with internet gateway access for API calls
- Uptime Target: Continuous operation (24/7/365) with self-healing for common failure modes
Why Modest Hardware Matters
Running on constrained hardware has forced several architectural decisions that translate directly to enterprise best practices:
- Efficient Model Routing: You cannot afford to send every task to the most expensive model when you are paying per token. This forced the development of the model routing strategy described above — which is exactly the pattern that enterprise AI platforms need when operating at scale.
- Stateless Gateway: The gateway process is lightweight because it has to be. State is persisted to disk, and the gateway can be restarted without losing context. This is the Twelve-Factor App principle of disposability, practiced out of necessity.
- Incremental Processing: Batch jobs process data incrementally rather than loading everything into memory. The
hourly-mopjob scans for new temporary files since the last run, not all temporary files ever created. - Graceful Degradation: When hardware resources are constrained, the system prioritizes critical tasks (security monitoring, backups) over discretionary tasks (project intelligence scans, weather updates). This priority hierarchy is the same pattern used in enterprise systems for resource management under load.
References
- Brooks, F. P. (1987). "No Silver Bullet: Essence and Accidents of Software Engineering." Computer, 20(4), 10-19. IEEE. https://doi.org/10.1109/MC.1987.1663532
- Fowler, M. (2002). Patterns of Enterprise Application Architecture. Addison-Wesley.
- Fowler, M. (2014). "Microservices: a definition of this new architectural term." https://martinfowler.com/articles/microservices.html
- Wiggins, A. (2011). "The Twelve-Factor App." https://12factor.net/
- Newman, S. (2015). Building Microservices: Designing Fine-Grained Systems. O'Reilly Media.
- Kim, G., Humble, J., Debois, P., & Willis, J. (2016). The DevOps Handbook. IT Revolution Press.
- Humble, J. & Farley, D. (2010). Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation. Addison-Wesley.