TrustClaw is a local-first Trust Runtime for Agent (TRA): personal data, subscribed reference datasets, and auditable Agent Packs collaborate under explicit consent and an immutable evidence chain.
Principle
Meaning
个人数据不出域
Raw data stays in local SQLite (state/local_tra.db) only
凡答必有据
Conclusions trace to data, rules, and evidence chain
凡行必审计
Every data access and agent action is logged
Agent 与平台解耦
Vertical logic ships as Agent Packs, not platform hardcoding
Five planes: Data · Policy · Agent · Evidence · Operator — see Vision.
Open TRA Runtime Console at http://127.0.0.1:5174/trustclaw/ (dev) or Control UI → TRA Console at http://127.0.0.1:19001/ (dev gateway) / http://127.0.0.1:18789/ (prod). See Getting started for ports and auth.
Models & keys (dev profile, ~/.openclaw-dev/)
Role
Setting
Chat primary
ollama/qwen2.5:7b (local Ollama at http://127.0.0.1:11434)
Chat fallback
anthropic/claude-sonnet-4-6
Anthropic proxy
Same base URL as ~/.claude/settings.json → ANTHROPIC_BASE_URL; import API key with pnpm openclaw models auth paste-api-key --provider anthropic --dev
TRA Text2SQL
OPENAI_API_KEY (separate from chat models)
Control UI auth
Dev gateway uses token auth on :19001; open pnpm openclaw dashboard --no-open --dev (token in URL — do not paste into chat)
Quick setup after pnpm trustclaw:setup:
ollama pull qwen2.5:7b
pnpm openclaw config set models.providers.ollama.baseUrl "http://127.0.0.1:11434" --dev
pnpm openclaw config set env.OLLAMA_API_KEY "ollama-local" --dev
pnpm openclaw models set ollama/qwen2.5:7b --dev
pnpm openclaw models fallbacks add anthropic/claude-sonnet-4-6 --dev
# paste Anthropic key when prompted (can match ~/.claude/settings.json ANTHROPIC_AUTH_TOKEN)
pnpm openclaw models auth paste-api-key --provider anthropic --dev
pnpm openclaw models status --dev
Platform APIs (extensions/trustclaw-tra)
Endpoint
Purpose
POST /api/tra/init
Mount local TRA personal data
POST /api/tra/reset
Clear personal data + audit/ledger
POST /api/agent/chat
Run audited Agent Pack pipeline
GET /api/tra/domain-agents
Logical agent catalog
Agent tools:trustclaw_tra_query (read pipeline), trustclaw_tra_write (consented personal writes).
Or run pnpm trustclaw:setup (also sets TrustClaw gateway defaults).
Layout:trustclaw/tra/ (data plane) · trustclaw/runtime/ (pipeline) · trustclaw/ui/ (Runtime Console) · Control UI tab TRA Console.
See trustclaw/GETTING_STARTED.md and trustclaw/docs/AGENT_PLATFORM.md.
Built on OpenClaw
This repository forks OpenClaw — a multi-channel personal AI assistant and Gateway. TrustClaw reuses its agent runtime, SQLite patterns, Gateway, and Control UI shell while adding TRA (trustclaw/ + extensions/trustclaw-tra). The CLI/package name remains openclaw during transition (D13).
Send a test message or ask the assistant after either startup mode is running:
# Send a message
openclaw message send --target +1234567890 --message "Hello from OpenClaw"
# Talk to the assistant (optionally deliver back to any connected channel: WhatsApp/Telegram/Slack/Discord/Google Chat/Signal/iMessage/IRC/Microsoft Teams/Matrix/Feishu/LINE/Mattermost/Nextcloud Talk/Nostr/Synology Chat/Tlon/Twitch/Zalo/Zalo Personal/WeChat/QQ/WebChat)
openclaw agent --message "Ship checklist" --thinking high
Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Google Chat/Slack:
DM pairing (dmPolicy="pairing" / channels.discord.dmPolicy="pairing" / channels.slack.dmPolicy="pairing"; legacy: channels.discord.dm.policy, channels.slack.dm.policy): unknown senders receive a short pairing code and the bot does not process their message.
Approve with: openclaw pairing approve <channel> <code> (then the sender is added to a local allowlist store).
Public inbound DMs require an explicit opt-in: set dmPolicy="open" and include "*" in the channel allowlist (allowFrom / channels.discord.allowFrom / channels.slack.allowFrom; legacy: channels.discord.dm.allowFrom, channels.slack.dm.allowFrom).
Run openclaw doctor to surface risky/misconfigured DM policies.
Highlights
Local-first Gateway — single control plane for sessions, channels, tools, and events.
Onboarding + skills — onboarding-driven setup with bundled/managed/workspace skills.
Security model (important)
Default: tools run on the host for the main session, so the agent has full access when it is just you.
Group/channel safety: set agents.defaults.sandbox.mode: "non-main" to run non-main sessions inside sandboxes. Docker is the default sandbox backend; SSH and OpenShell backends are also available.
Use pnpm for source checkouts. The repository is a pnpm workspace, and bundled
plugins load from extensions/* during development so their package-local
dependencies and your edits are used directly. Plain npm install at the repo
root is not a supported source setup.
For the dev loop:
git clone <this-repo>
cd trustclaw # or your checkout directory
pnpm install
# First run only (or after resetting local OpenClaw config/workspace)
pnpm openclaw setup
# Optional: prebuild Control UI before first startup
pnpm ui:build
# Dev loop (auto-reload on source/config changes)
pnpm gateway:watch
If you need a built dist/ from the checkout (for Node, packaging, or release validation), run:
pnpm build
pnpm ui:build
pnpm openclaw setup writes the local config/workspace needed for pnpm gateway:watch. It is safe to re-run, but you normally only need it on first setup or after resetting local state. pnpm gateway:watch does not rebuild dist/control-ui, so rerun pnpm ui:build after ui/ changes or use pnpm ui:dev when iterating on the Control UI. If you want this checkout to run onboarding directly, use pnpm openclaw onboard --install-daemon.
Note: pnpm openclaw ... runs TypeScript directly (via tsx). pnpm build produces dist/ for running via Node / the packaged openclaw binary, while pnpm gateway:watch rebuilds the runtime on demand during the dev loop.
Development channels
stable: tagged releases (vYYYY.M.D or vYYYY.M.D-<patch>), npm dist-tag latest.
beta: prerelease tags (vYYYY.M.D-beta.N), npm dist-tag beta (macOS app may be missing).
dev: moving head of main, npm dist-tag dev (when published).
TrustClaw builds on OpenClaw. Sponsors, star history, Molty branding, and the full contributor wall live in the upstream README. OpenClaw docs: docs.openclaw.ai.
TrustClaw — Trust Runtime for Agent
TrustClaw is a local-first Trust Runtime for Agent (TRA): personal data, subscribed reference datasets, and auditable Agent Packs collaborate under explicit consent and an immutable evidence chain.
state/local_tra.db) onlyFive planes: Data · Policy · Agent · Evidence · Operator — see Vision.
TrustClaw docs
Getting started · Vision · Agent loop guide (canonical) · Decisions (审核) · OpenClaw reuse
TrustClaw quick start
Open TRA Runtime Console at
http://127.0.0.1:5174/trustclaw/(dev) or Control UI → TRA Console athttp://127.0.0.1:19001/(dev gateway) /http://127.0.0.1:18789/(prod). See Getting started for ports and auth.Models & keys (dev profile,
~/.openclaw-dev/)ollama/qwen2.5:7b(local Ollama athttp://127.0.0.1:11434)anthropic/claude-sonnet-4-6~/.claude/settings.json→ANTHROPIC_BASE_URL; import API key withpnpm openclaw models auth paste-api-key --provider anthropic --devOPENAI_API_KEY(separate from chat models):19001; openpnpm openclaw dashboard --no-open --dev(token in URL — do not paste into chat)Quick setup after
pnpm trustclaw:setup:Platform APIs (
extensions/trustclaw-tra)POST /api/tra/initPOST /api/tra/resetPOST /api/agent/chatGET /api/tra/domain-agentsAgent tools:
trustclaw_tra_query(read pipeline),trustclaw_tra_write(consented personal writes).Enable the plugin in
openclaw.json:Or run
pnpm trustclaw:setup(also sets TrustClaw gateway defaults).Layout:
trustclaw/tra/(data plane) ·trustclaw/runtime/(pipeline) ·trustclaw/ui/(Runtime Console) · Control UI tab TRA Console.See
trustclaw/GETTING_STARTED.mdandtrustclaw/docs/AGENT_PLATFORM.md.Built on OpenClaw
This repository forks OpenClaw — a multi-channel personal AI assistant and Gateway. TrustClaw reuses its agent runtime, SQLite patterns, Gateway, and Control UI shell while adding TRA (
trustclaw/+extensions/trustclaw-tra). The CLI/package name remainsopenclawduring transition (D13).OpenClaw docs · Upstream README · Third-party notices
Preferred upstream setup: run
openclaw onboardin your terminal. Works with npm, pnpm, or bun. Runtime: Node 24 (recommended) or Node 22.19+.Install (recommended)
Runtime: Node 24 (recommended) or Node 22.19+.
OpenClaw Onboard installs the Gateway daemon (launchd/systemd user service) so it stays running.
Quick start (TL;DR)
Runtime: Node 24 (recommended) or Node 22.19+.
Full beginner guide (auth, pairing, channels): Getting started
Recommended daemon mode:
Foreground/debug mode:
Send a test message or ask the assistant after either startup mode is running:
Upgrading? Updating guide (and run
openclaw doctor).Models config + CLI: Models. Auth profile rotation + fallbacks: Model failover.
Security defaults (DM access)
OpenClaw connects to real messaging surfaces. Treat inbound DMs as untrusted input.
Full security guide: Security. Before remote exposure, use the Gateway exposure runbook.
Default behavior on Telegram/WhatsApp/Signal/iMessage/Microsoft Teams/Discord/Google Chat/Slack:
dmPolicy="pairing"/channels.discord.dmPolicy="pairing"/channels.slack.dmPolicy="pairing"; legacy:channels.discord.dm.policy,channels.slack.dm.policy): unknown senders receive a short pairing code and the bot does not process their message.openclaw pairing approve <channel> <code>(then the sender is added to a local allowlist store).dmPolicy="open"and include"*"in the channel allowlist (allowFrom/channels.discord.allowFrom/channels.slack.allowFrom; legacy:channels.discord.dm.allowFrom,channels.slack.dm.allowFrom).Run
openclaw doctorto surface risky/misconfigured DM policies.Highlights
Security model (important)
mainsession, so the agent has full access when it is just you.agents.defaults.sandbox.mode: "non-main"to run non-mainsessions inside sandboxes. Docker is the default sandbox backend; SSH and OpenShell backends are also available.bash,process,read,write,edit,sessions_list,sessions_history,sessions_send,sessions_spawn; denybrowser,canvas,nodes,cron,discord,gateway.Operator quick refs
/status,/new,/reset,/compact,/think <level>,/verbose on|off,/trace on|off,/usage off|tokens|full,/restart,/activation mention|alwayssessions_list,sessions_history,sessions_sendDocs by goal
Apps (optional)
The Gateway alone delivers a great experience. All apps are optional and add extra features.
If you plan to build/run companion apps, follow the platform runbooks below.
macOS (OpenClaw.app) (optional)
Note: signed builds required for macOS permissions to stick across rebuilds (see macOS Permissions).
iOS node (optional)
openclaw nodes ….Runbook: iOS connect.
Android node (optional)
openclaw devices ...).From source (development)
Use
pnpmfor source checkouts. The repository is a pnpm workspace, and bundled plugins load fromextensions/*during development so their package-local dependencies and your edits are used directly. Plainnpm installat the repo root is not a supported source setup.For the dev loop:
If you need a built
dist/from the checkout (for Node, packaging, or release validation), run:pnpm openclaw setupwrites the local config/workspace needed forpnpm gateway:watch. It is safe to re-run, but you normally only need it on first setup or after resetting local state.pnpm gateway:watchdoes not rebuilddist/control-ui, so rerunpnpm ui:buildafterui/changes or usepnpm ui:devwhen iterating on the Control UI. If you want this checkout to run onboarding directly, usepnpm openclaw onboard --install-daemon.Note:
pnpm openclaw ...runs TypeScript directly (viatsx).pnpm buildproducesdist/for running via Node / the packagedopenclawbinary, whilepnpm gateway:watchrebuilds the runtime on demand during the dev loop.Development channels
vYYYY.M.DorvYYYY.M.D-<patch>), npm dist-taglatest.vYYYY.M.D-beta.N), npm dist-tagbeta(macOS app may be missing).main, npm dist-tagdev(when published).Switch channels (git + npm):
openclaw update --channel stable|beta|dev. Details: Development channels.Agent workspace + skills
~/.openclaw/workspace(configurable viaagents.defaults.workspace).AGENTS.md,SOUL.md,TOOLS.md.~/.openclaw/workspace/skills/<skill>/SKILL.md.Configuration
Minimal
~/.openclaw/openclaw.json(model + defaults):Full configuration reference (all keys + examples).
Upstream (OpenClaw)
TrustClaw builds on OpenClaw. Sponsors, star history, Molty branding, and the full contributor wall live in the upstream README. OpenClaw docs: docs.openclaw.ai.
TrustClaw-specific docs: Getting started · Vision · Agent loop · Decisions.