yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(gateways): Introduce gateway model and update agent provisioning templates

Browse Source
This commit is contained in:
Abhimanyu Saharan
2026-02-04 23:07:22 +05:30
parent 1297c12a73
commit b6f31fe6ea
32 changed files with 2770 additions and 724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
backend/app/api/agents.py
View File

@@ -14,7 +14,7 @@ from app.core.auth import AuthContext
from app.core.config import settings
from app.db.session import get_session
from app.integrations.openclaw_gateway import (
GatewayConfig,
GatewayConfig as GatewayClientConfig,
OpenClawGatewayError,
ensure_session,
send_message,
@@ -22,6 +22,7 @@ from app.integrations.openclaw_gateway import (
from app.models.agents import Agent
from app.models.activity_events import ActivityEvent
from app.models.boards import Board
from app.models.gateways import Gateway
from app.schemas.agents import (
AgentCreate,
AgentDeleteConfirm,
@@ -57,7 +58,7 @@ def _workspace_path(agent_name: str, workspace_root: str | None) -> str:
if not workspace_root:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_workspace_root is required",
detail="Gateway workspace_root is required",
)
root = workspace_root.rstrip("/")
return f"{root}/workspace-{_slugify(agent_name)}"
@@ -75,28 +76,41 @@ def _require_board(session: Session, board_id: UUID | str | None) -> Board:
return board
def _require_gateway_config(board: Board) -> GatewayConfig:
if not board.gateway_url:
def _require_gateway(
session: Session, board: Board
) -> tuple[Gateway, GatewayClientConfig]:
if not board.gateway_id:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_url is required",
detail="Board gateway_id is required",
)
if not board.gateway_main_session_key:
gateway = session.get(Gateway, board.gateway_id)
if gateway is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_main_session_key is required",
detail="Board gateway_id is invalid",
)
if not board.gateway_workspace_root:
if not gateway.main_session_key:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_workspace_root is required",
detail="Gateway main_session_key is required",
)
return GatewayConfig(url=board.gateway_url, token=board.gateway_token)
if not gateway.url:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Gateway url is required",
)
if not gateway.workspace_root:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Gateway workspace_root is required",
)
return gateway, GatewayClientConfig(url=gateway.url, token=gateway.token)
async def _ensure_gateway_session(
agent_name: str,
config: GatewayConfig,
config: GatewayClientConfig,
) -> tuple[str, str | None]:
session_key = _build_session_key(agent_name)
try:
@@ -148,7 +162,7 @@ def _record_wakeup_failure(session: Session, agent: Agent, error: str) -> None:
async def _send_wakeup_message(
agent: Agent, config: GatewayConfig, verb: str = "provisioned"
agent: Agent, config: GatewayClientConfig, verb: str = "provisioned"
) -> None:
session_key = agent.openclaw_session_id or _build_session_key(agent.name)
await ensure_session(session_key, config=config, label=agent.name)
@@ -176,8 +190,13 @@ async def create_agent(
auth: AuthContext = Depends(require_admin_auth),
) -> Agent:
board = _require_board(session, payload.board_id)
config = _require_gateway_config(board)
agent = Agent.model_validate(payload)
gateway, client_config = _require_gateway(session, board)
data = payload.model_dump()
if data.get("identity_template") == "":
data["identity_template"] = None
if data.get("soul_template") == "":
data["soul_template"] = None
agent = Agent.model_validate(data)
agent.status = "provisioning"
raw_token = generate_agent_token()
agent.agent_token_hash = hash_agent_token(raw_token)
@@ -187,7 +206,9 @@ async def create_agent(
agent.provision_confirm_token_hash = hash_agent_token(provision_token)
agent.provision_requested_at = datetime.utcnow()
agent.provision_action = "provision"
session_key, session_error = await _ensure_gateway_session(agent.name, config)
session_key, session_error = await _ensure_gateway_session(
agent.name, client_config
)
agent.openclaw_session_id = session_key
session.add(agent)
session.commit()
@@ -209,7 +230,7 @@ async def create_agent(
session.commit()
try:
await send_provisioning_message(
agent, board, raw_token, provision_token, auth.user
agent, board, gateway, raw_token, provision_token, auth.user
)
record_activity(
session,
@@ -254,6 +275,10 @@ async def update_agent(
status_code=status.HTTP_403_FORBIDDEN,
detail="status is controlled by agent heartbeat",
)
if updates.get("identity_template") == "":
updates["identity_template"] = None
if updates.get("soul_template") == "":
updates["soul_template"] = None
if not updates:
return _with_computed_status(agent)
if "board_id" in updates:
@@ -267,10 +292,10 @@ async def update_agent(
session.commit()
session.refresh(agent)
board = _require_board(session, agent.board_id)
config = _require_gateway_config(board)
gateway, client_config = _require_gateway(session, board)
session_key = agent.openclaw_session_id or _build_session_key(agent.name)
try:
await ensure_session(session_key, config=config, label=agent.name)
await ensure_session(session_key, config=client_config, label=agent.name)
if not agent.openclaw_session_id:
agent.openclaw_session_id = session_key
session.add(agent)
@@ -291,7 +316,7 @@ async def update_agent(
session.refresh(agent)
try:
await send_update_message(
agent, board, raw_token, provision_token, auth.user
agent, board, gateway, raw_token, provision_token, auth.user
)
record_activity(
session,
@@ -345,7 +370,7 @@ async def heartbeat_or_create_agent(
if actor.actor_type == "agent":
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
board = _require_board(session, payload.board_id)
config = _require_gateway_config(board)
gateway, client_config = _require_gateway(session, board)
agent = Agent(
name=payload.name,
status="provisioning",
@@ -358,7 +383,9 @@ async def heartbeat_or_create_agent(
agent.provision_confirm_token_hash = hash_agent_token(provision_token)
agent.provision_requested_at = datetime.utcnow()
agent.provision_action = "provision"
session_key, session_error = await _ensure_gateway_session(agent.name, config)
session_key, session_error = await _ensure_gateway_session(
agent.name, client_config
)
agent.openclaw_session_id = session_key
session.add(agent)
session.commit()
@@ -380,7 +407,7 @@ async def heartbeat_or_create_agent(
session.commit()
try:
await send_provisioning_message(
agent, board, raw_token, provision_token, actor.user
agent, board, gateway, raw_token, provision_token, actor.user
)
record_activity(
session,
@@ -410,9 +437,9 @@ async def heartbeat_or_create_agent(
session.refresh(agent)
try:
board = _require_board(session, str(agent.board_id) if agent.board_id else None)
config = _require_gateway_config(board)
gateway, client_config = _require_gateway(session, board)
await send_provisioning_message(
agent, board, raw_token, provision_token, actor.user
agent, board, gateway, raw_token, provision_token, actor.user
)
record_activity(
session,
@@ -428,8 +455,10 @@ async def heartbeat_or_create_agent(
session.commit()
elif not agent.openclaw_session_id:
board = _require_board(session, str(agent.board_id) if agent.board_id else None)
config = _require_gateway_config(board)
session_key, session_error = await _ensure_gateway_session(agent.name, config)
gateway, client_config = _require_gateway(session, board)
session_key, session_error = await _ensure_gateway_session(
agent.name, client_config
)
agent.openclaw_session_id = session_key
if session_error:
record_activity(
@@ -472,7 +501,7 @@ def delete_agent(
return {"ok": True}
board = _require_board(session, str(agent.board_id) if agent.board_id else None)
config = _require_gateway_config(board)
gateway, client_config = _require_gateway(session, board)
raw_token = generate_agent_token()
agent.delete_confirm_token_hash = hash_agent_token(raw_token)
agent.delete_requested_at = datetime.utcnow()
@@ -488,10 +517,10 @@ def delete_agent(
session.commit()
async def _gateway_cleanup_request() -> None:
main_session = board.gateway_main_session_key
main_session = gateway.main_session_key
if not main_session:
raise OpenClawGatewayError("Board gateway_main_session_key is required")
workspace_path = _workspace_path(agent.name, board.gateway_workspace_root)
raise OpenClawGatewayError("Gateway main_session_key is required")
workspace_path = _workspace_path(agent.name, gateway.workspace_root)
base_url = settings.base_url or "REPLACE_WITH_BASE_URL"
cleanup_message = (
"Cleanup request for deleted agent.\n\n"
@@ -507,11 +536,11 @@ def delete_agent(
" Body: {\"token\": \"" + raw_token + "\"}\n"
"Reply NO_REPLY."
)
await ensure_session(main_session, config=config, label="Main Agent")
await ensure_session(main_session, config=client_config, label="Main Agent")
await send_message(
cleanup_message,
session_key=main_session,
config=config,
config=client_config,
deliver=False,
)
@@ -549,7 +578,7 @@ def confirm_provision_agent(
if agent.board_id is None:
raise HTTPException(status_code=status.HTTP_422_UNPROCESSABLE_ENTITY)
board = _require_board(session, str(agent.board_id))
config = _require_gateway_config(board)
_, client_config = _require_gateway(session, board)
action = payload.action or agent.provision_action or "provision"
verb = "updated" if action == "update" else "provisioned"
@@ -557,7 +586,7 @@ def confirm_provision_agent(
try:
import asyncio
asyncio.run(_send_wakeup_message(agent, config, verb=verb))
asyncio.run(_send_wakeup_message(agent, client_config, verb=verb))
except OpenClawGatewayError as exc:
_record_wakeup_failure(session, agent, str(exc))
session.commit()

125
backend/app/api/boards.py
View File

@@ -17,7 +17,7 @@ from app.api.deps import (
from app.core.auth import AuthContext
from app.db.session import get_session
from app.integrations.openclaw_gateway import (
GatewayConfig,
GatewayConfig as GatewayClientConfig,
OpenClawGatewayError,
delete_session,
ensure_session,
@@ -26,6 +26,7 @@ from app.integrations.openclaw_gateway import (
from app.models.activity_events import ActivityEvent
from app.models.agents import Agent
from app.models.boards import Board
from app.models.gateways import Gateway
from app.models.tasks import Task
from app.schemas.boards import BoardCreate, BoardRead, BoardUpdate
@@ -43,31 +44,44 @@ def _build_session_key(agent_name: str) -> str:
return f"{AGENT_SESSION_PREFIX}:{_slugify(agent_name)}:main"
def _board_gateway_config(board: Board) -> GatewayConfig | None:
if not board.gateway_url:
return None
if not board.gateway_main_session_key:
def _board_gateway(
session: Session, board: Board
) -> tuple[Gateway | None, GatewayClientConfig | None]:
if not board.gateway_id:
return None, None
config = session.get(Gateway, board.gateway_id)
if config is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_main_session_key is required",
detail="Board gateway_id is invalid",
)
if not board.gateway_workspace_root:
if not config.main_session_key:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_workspace_root is required",
detail="Gateway main_session_key is required",
)
return GatewayConfig(url=board.gateway_url, token=board.gateway_token)
if not config.url:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Gateway url is required",
)
if not config.workspace_root:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Gateway workspace_root is required",
)
return config, GatewayClientConfig(url=config.url, token=config.token)
async def _cleanup_agent_on_gateway(agent: Agent, board: Board, config: GatewayConfig) -> None:
async def _cleanup_agent_on_gateway(
agent: Agent,
config: Gateway,
client_config: GatewayClientConfig,
) -> None:
if agent.openclaw_session_id:
await delete_session(agent.openclaw_session_id, config=config)
if not board.gateway_main_session_key:
raise OpenClawGatewayError("Board gateway_main_session_key is required")
if not board.gateway_workspace_root:
raise OpenClawGatewayError("Board gateway_workspace_root is required")
main_session = board.gateway_main_session_key
workspace_root = board.gateway_workspace_root
await delete_session(agent.openclaw_session_id, config=client_config)
main_session = config.main_session_key
workspace_root = config.workspace_root
workspace_path = f"{workspace_root.rstrip('/')}/workspace-{_slugify(agent.name)}"
cleanup_message = (
"Cleanup request for deleted agent.\n\n"
@@ -80,8 +94,13 @@ async def _cleanup_agent_on_gateway(agent: Agent, board: Board, config: GatewayC
"2) Delete any lingering session artifacts.\n"
"Reply NO_REPLY."
)
await ensure_session(main_session, config=config, label="Main Agent")
await send_message(cleanup_message, session_key=main_session, config=config, deliver=False)
await ensure_session(main_session, config=client_config, label="Main Agent")
await send_message(
cleanup_message,
session_key=main_session,
config=client_config,
deliver=False,
)
@router.get("", response_model=list[BoardRead])
@@ -99,23 +118,17 @@ def create_board(
auth: AuthContext = Depends(require_admin_auth),
) -> Board:
data = payload.model_dump()
if data.get("gateway_token") == "":
data["gateway_token"] = None
if data.get("identity_template") == "":
data["identity_template"] = None
if data.get("soul_template") == "":
data["soul_template"] = None
if data.get("gateway_url"):
if not data.get("gateway_main_session_key"):
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_main_session_key is required when gateway_url is set",
)
if not data.get("gateway_workspace_root"):
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_workspace_root is required when gateway_url is set",
)
if not data.get("gateway_id"):
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_id is required",
)
config = session.get(Gateway, data["gateway_id"])
if config is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_id is invalid",
)
board = Board.model_validate(data)
session.add(board)
session.commit()
@@ -139,25 +152,25 @@ def update_board(
auth: AuthContext = Depends(require_admin_auth),
) -> Board:
updates = payload.model_dump(exclude_unset=True)
if updates.get("gateway_token") == "":
updates["gateway_token"] = None
if updates.get("identity_template") == "":
updates["identity_template"] = None
if updates.get("soul_template") == "":
updates["soul_template"] = None
if "gateway_id" in updates:
if not updates.get("gateway_id"):
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_id is required",
)
config = session.get(Gateway, updates["gateway_id"])
if config is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_id is invalid",
)
for key, value in updates.items():
setattr(board, key, value)
if board.gateway_url:
if not board.gateway_main_session_key:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_main_session_key is required when gateway_url is set",
)
if not board.gateway_workspace_root:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_workspace_root is required when gateway_url is set",
)
if not board.gateway_id:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="gateway_id is required",
)
session.add(board)
session.commit()
session.refresh(board)
@@ -175,11 +188,11 @@ def delete_board(
session.exec(select(Task.id).where(Task.board_id == board.id))
)
config = _board_gateway_config(board)
if config:
config, client_config = _board_gateway(session, board)
if config and client_config:
try:
for agent in agents:
asyncio.run(_cleanup_agent_on_gateway(agent, board, config))
asyncio.run(_cleanup_agent_on_gateway(agent, config, client_config))
except OpenClawGatewayError as exc:
raise HTTPException(
status_code=status.HTTP_502_BAD_GATEWAY,

83
backend/app/api/gateway.py
View File

@@ -3,10 +3,9 @@ from __future__ import annotations
from fastapi import APIRouter, Body, Depends, HTTPException, Query, status
from sqlmodel import Session
from app.api.deps import require_admin_auth
from app.core.auth import AuthContext
from app.core.auth import AuthContext, get_auth_context
from app.integrations.openclaw_gateway import (
GatewayConfig,
GatewayConfig as GatewayClientConfig,
OpenClawGatewayError,
ensure_session,
get_chat_history,
@@ -20,19 +19,24 @@ from app.integrations.openclaw_gateway_protocol import (
)
from app.db.session import get_session
from app.models.boards import Board
from app.models.gateways import Gateway
router = APIRouter(prefix="/gateway", tags=["gateway"])
router = APIRouter(prefix="/gateways", tags=["gateways"])
def _resolve_gateway_config(
def _resolve_gateway(
session: Session,
board_id: str | None,
gateway_url: str | None,
gateway_token: str | None,
gateway_main_session_key: str | None,
) -> tuple[Board | None, GatewayConfig, str | None]:
) -> tuple[Board | None, GatewayClientConfig, str | None]:
if gateway_url:
return None, GatewayConfig(url=gateway_url, token=gateway_token), gateway_main_session_key
return (
None,
GatewayClientConfig(url=gateway_url, token=gateway_token),
gateway_main_session_key,
)
if not board_id:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
@@ -41,24 +45,53 @@ def _resolve_gateway_config(
board = session.get(Board, board_id)
if board is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Board not found")
if not board.gateway_url:
if not board.gateway_id:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_url is required",
detail="Board gateway_id is required",
)
return board, GatewayConfig(url=board.gateway_url, token=board.gateway_token), board.gateway_main_session_key
gateway = session.get(Gateway, board.gateway_id)
if gateway is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Board gateway_id is invalid",
)
if not gateway.url:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="Gateway url is required",
)
return (
board,
GatewayClientConfig(url=gateway.url, token=gateway.token),
gateway.main_session_key,
)
def _require_gateway(
session: Session, board_id: str | None
) -> tuple[Board, GatewayClientConfig, str | None]:
board, config, main_session = _resolve_gateway(
session, board_id, None, None, None
)
if board is None:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
detail="board_id is required",
)
return board, config, main_session
@router.get("/status")
async def gateway_status(
async def gateways_status(
board_id: str | None = Query(default=None),
gateway_url: str | None = Query(default=None),
gateway_token: str | None = Query(default=None),
gateway_main_session_key: str | None = Query(default=None),
session: Session = Depends(get_session),
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, object]:
board, config, main_session = _resolve_gateway_config(
board, config, main_session = _resolve_gateway(
session,
board_id,
gateway_url,
@@ -100,12 +133,12 @@ async def gateway_status(
@router.get("/sessions")
async def list_sessions(
async def list_gateway_sessions(
board_id: str | None = Query(default=None),
session: Session = Depends(get_session),
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, object]:
board, config, main_session = _resolve_gateway_config(
board, config, main_session = _resolve_gateway(
session,
board_id,
None,
@@ -144,9 +177,9 @@ async def get_gateway_session(
session_id: str,
board_id: str | None = Query(default=None),
session: Session = Depends(get_session),
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, object]:
board, config, main_session = _resolve_gateway_config(
board, config, main_session = _resolve_gateway(
session,
board_id,
None,
@@ -161,7 +194,6 @@ async def get_gateway_session(
sessions_list = list(sessions.get("sessions") or [])
else:
sessions_list = list(sessions or [])
main_session = board.gateway_main_session_key
if main_session and not any(
session.get("key") == main_session for session in sessions_list
):
@@ -194,9 +226,9 @@ async def get_session_history(
session_id: str,
board_id: str | None = Query(default=None),
session: Session = Depends(get_session),
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, object]:
_, config = _require_board_config(session, board_id)
_, config, _ = _require_gateway(session, board_id)
try:
history = await get_chat_history(session_id, config=config)
except OpenClawGatewayError as exc:
@@ -207,21 +239,20 @@ async def get_session_history(
@router.post("/sessions/{session_id}/message")
async def send_session_message(
async def send_gateway_session_message(
session_id: str,
payload: dict = Body(...),
board_id: str | None = Query(default=None),
session: Session = Depends(get_session),
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, bool]:
content = payload.get("content")
if not content:
raise HTTPException(
status_code=status.HTTP_422_UNPROCESSABLE_ENTITY, detail="content is required"
)
board, config = _require_board_config(session, board_id)
board, config, main_session = _require_gateway(session, board_id)
try:
main_session = board.gateway_main_session_key
if main_session and session_id == main_session:
await ensure_session(main_session, config=config, label="Main Agent")
await send_message(content, session_key=session_id, config=config)
@@ -232,7 +263,7 @@ async def send_session_message(
@router.get("/commands")
async def gateway_commands(
auth: AuthContext = Depends(require_admin_auth),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, object]:
return {
"protocol_version": PROTOCOL_VERSION,

323
backend/app/api/gateways.py Normal file
View File

@@ -0,0 +1,323 @@
from __future__ import annotations
from uuid import UUID
from fastapi import APIRouter, Depends, HTTPException, status
from sqlmodel import Session, select
from app.core.auth import AuthContext, get_auth_context
from app.db.session import get_session
from app.integrations.openclaw_gateway import (
GatewayConfig as GatewayClientConfig,
OpenClawGatewayError,
ensure_session,
send_message,
)
from app.models.gateways import Gateway
from app.schemas.gateways import GatewayCreate, GatewayRead, GatewayUpdate
router = APIRouter(prefix="/gateways", tags=["gateways"])
SKYLL_ENABLE_MESSAGE = """
To re-enable this “dynamic Skyll installs” capability in the future, you just need to restore the skyll broker skill folder into OpenClaws shared skills directory.
Exact steps (copy/paste)
0) Overwrite any existing skyll install
rm -rf ~/.openclaw/skills/skyll
1) Put the skyll skill in the shared skills dir
mkdir -p ~/.openclaw/skills
Create the folder:
mkdir -p ~/.openclaw/skills/skyll/scripts
2) Create ~/.openclaw/skills/skyll/SKILL.md
cat > ~/.openclaw/skills/skyll/SKILL.md <<'EOF'
---
name: skyll
description: Dynamically discover and install AgentSkills from the Skyll (skills.sh) ecosystem using api.skyll.app. Use when the user requests a capability that is missing from the currently installed skills, or when you need a specialized workflow/tool integration and want to fetch a high-quality SKILL.md on demand.
---
# Skyll skill broker (dynamic skill install)
This skill helps you discover and materialize third-party AgentSkills into OpenClaw skills folders so they become available to the agent.
## Safety model (important)
Skills fetched from Skyll are untrusted content.
Rules:
- Prefer installing into the shared skills dir (~/.openclaw/skills/<skill-id>/) so other agents can discover it automatically.
- If you want per-agent isolation, install into that agents workspace skills/ instead.
- Default to confirm-before-write unless the user explicitly opts into auto-install.
- Before using a newly-installed skill, skim its SKILL.md to ensure its relevant and does not instruct dangerous actions.
- Do not run arbitrary scripts downloaded with a skill unless you understand them and the user asked you to.
## Procedure
1) Search:
node {baseDir}/scripts/skyll_install.js --query "..." --limit 8 --dry-run
2) Install (pick 1 result):
node {baseDir}/scripts/skyll_install.js --query "..." --pick 1
3) Refresh:
- If it doesnt show up immediately, start a new session (or wait for the skills watcher).
Notes:
- Default install location is ~/.openclaw/skills/<id>/ (shared across agents on this host).
- Use the script --out-dir {workspace}/skills for per-agent installs.
EOF
3) Create ~/.openclaw/skills/skyll/scripts/skyll_install.js
cat > ~/.openclaw/skills/skyll/scripts/skyll_install.js <<'EOF'
#!/usr/bin/env node
import fs from "node:fs/promises";
import path from "node:path";
import os from "node:os";
import process from "node:process";
const SKYLL_BASE = process.env.SKYLL_BASE_URL || "https://api.skyll.app";
const DEFAULT_LIMIT = 8;
function parseArgs(argv) {
const args = {
query: null,
limit: DEFAULT_LIMIT,
pick: 1,
includeReferences: false,
includeRaw: true,
includeContent: true,
dryRun: false,
outDir: null,
help: false,
};
for (let i = 2; i < argv.length; i++) {
const a = argv[i];
if (a === "--query") args.query = argv[++i];
else if (a === "--limit") args.limit = Number(argv[++i]);
else if (a === "--pick") args.pick = Number(argv[++i]);
else if (a === "--include-references") args.includeReferences = true;
else if (a === "--include-raw") args.includeRaw = true;
else if (a === "--no-include-raw") args.includeRaw = false;
else if (a === "--include-content") args.includeContent = true;
else if (a === "--no-include-content") args.includeContent = false;
else if (a === "--dry-run") args.dryRun = true;
else if (a === "--out-dir") args.outDir = argv[++i];
else if (a === "--help" || a === "-h") args.help = true;
else throw new Error(`Unknown arg: ${a}`);
}
if (args.help) return args;
if (!args.query || !args.query.trim()) throw new Error("--query is required");
if (!Number.isFinite(args.limit) || args.limit < 1 || args.limit > 50) throw new Error("--limit must be 1..50");
if (!Number.isFinite(args.pick) || args.pick < 1) throw new Error("--pick must be >= 1");
return args;
}
async function postJson(url, body) {
const res = await fetch(url, {
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify(body),
});
if (!res.ok) {
const text = await res.text().catch(() => "");
throw new Error(`HTTP ${res.status} from ${url}: ${text.slice(0, 500)}`);
}
return await res.json();
}
async function ensureDir(p) {
await fs.mkdir(p, { recursive: true });
}
async function writeFileSafe(filePath, content) {
await ensureDir(path.dirname(filePath));
await fs.writeFile(filePath, content, "utf8");
}
function sanitizeSkillId(id) {
return id.replace(/[^a-zA-Z0-9._-]/g, "-").slice(0, 80);
}
async function main() {
const args = parseArgs(process.argv);
if (args.help) {
console.log("Usage: skyll_install.js --query \"...\" [--dry-run] [--pick 1] [--out-dir PATH] [--include-references]");
process.exit(0);
}
const req = {
query: args.query,
limit: args.limit,
include_content: args.includeContent,
include_raw: args.includeRaw,
include_references: args.includeReferences,
};
const resp = await postJson(`${SKYLL_BASE}/search`, req);
const skills = resp.skills || [];
if (!skills.length) {
console.log(JSON.stringify({ query: resp.query, count: resp.count ?? 0, skills: [] }, null, 2));
process.exitCode = 2;
return;
}
const summary = skills.map((s, idx) => ({
rank: idx + 1,
id: s.id,
title: s.title,
source: s.source,
version: s.version ?? null,
install_count: s.install_count ?? 0,
allowed_tools: s.allowed_tools ?? null,
description: s.description ?? null,
refs: s.refs,
fetch_error: s.fetch_error ?? null,
}));
if (args.dryRun) {
console.log(JSON.stringify({ query: resp.query, count: resp.count ?? skills.length, skills: summary }, null, 2));
return;
}
const pickIdx = args.pick - 1;
if (pickIdx < 0 || pickIdx >= skills.length) throw new Error(`--pick ${args.pick} out of range (1..${skills.length})`);
const chosen = skills[pickIdx];
const skillId = sanitizeSkillId(chosen.id);
const sharedDefault = path.join(os.homedir(), ".openclaw", "skills");
const skillsRoot = args.outDir ? path.resolve(args.outDir) : sharedDefault;
const destDir = path.join(skillsRoot, skillId);
const skillMd = chosen.raw_content || chosen.content;
if (!skillMd) throw new Error("Chosen skill has no SKILL.md content (content/raw_content missing)");
await ensureDir(destDir);
await writeFileSafe(path.join(destDir, "SKILL.md"), skillMd);
if (Array.isArray(chosen.references) && chosen.references.length) {
for (const ref of chosen.references) {
const rel = ref.path || ref.name || ref.filename;
const content = ref.content;
if (!rel || typeof content !== "string") continue;
const safeRel = String(rel).replace(/^\\/+/, "");
await writeFileSafe(path.join(destDir, safeRel), content);
}
}
console.log(JSON.stringify({ installed: true, query: resp.query, chosen: summary[pickIdx], destDir }, null, 2));
}
main().catch((err) => {
console.error(String(err?.stack || err));
process.exitCode = 1;
});
EOF
chmod +x ~/.openclaw/skills/skyll/scripts/skyll_install.js
4) Verify OpenClaw sees it
Start a new session (or restart gateway), then run:
openclaw skills list --eligible | grep -i skyll
""".strip()
async def _send_skyll_enable_message(gateway: Gateway) -> None:
if not gateway.url:
raise OpenClawGatewayError("Gateway url is required")
if not gateway.main_session_key:
raise OpenClawGatewayError("gateway main_session_key is required")
client_config = GatewayClientConfig(url=gateway.url, token=gateway.token)
await ensure_session(
gateway.main_session_key, config=client_config, label="Main Agent"
)
await send_message(
SKYLL_ENABLE_MESSAGE,
session_key=gateway.main_session_key,
config=client_config,
deliver=False,
)
@router.get("", response_model=list[GatewayRead])
def list_gateways(
session: Session = Depends(get_session),
auth: AuthContext = Depends(get_auth_context),
) -> list[Gateway]:
return list(session.exec(select(Gateway)))
@router.post("", response_model=GatewayRead)
async def create_gateway(
payload: GatewayCreate,
session: Session = Depends(get_session),
auth: AuthContext = Depends(get_auth_context),
) -> Gateway:
data = payload.model_dump()
if data.get("token") == "":
data["token"] = None
gateway = Gateway.model_validate(data)
session.add(gateway)
session.commit()
session.refresh(gateway)
if gateway.skyll_enabled:
try:
await _send_skyll_enable_message(gateway)
except OpenClawGatewayError:
pass
return gateway
@router.get("/{gateway_id}", response_model=GatewayRead)
def get_gateway(
gateway_id: UUID,
session: Session = Depends(get_session),
auth: AuthContext = Depends(get_auth_context),
) -> Gateway:
gateway = session.get(Gateway, gateway_id)
if gateway is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Gateway not found")
return gateway
@router.patch("/{gateway_id}", response_model=GatewayRead)
async def update_gateway(
gateway_id: UUID,
payload: GatewayUpdate,
session: Session = Depends(get_session),
auth: AuthContext = Depends(get_auth_context),
) -> Gateway:
gateway = session.get(Gateway, gateway_id)
if gateway is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Gateway not found")
previous_skyll_enabled = gateway.skyll_enabled
updates = payload.model_dump(exclude_unset=True)
if updates.get("token") == "":
updates["token"] = None
for key, value in updates.items():
setattr(gateway, key, value)
session.add(gateway)
session.commit()
session.refresh(gateway)
if not previous_skyll_enabled and gateway.skyll_enabled:
try:
await _send_skyll_enable_message(gateway)
except OpenClawGatewayError:
pass
return gateway
@router.delete("/{gateway_id}")
def delete_gateway(
gateway_id: UUID,
session: Session = Depends(get_session),
auth: AuthContext = Depends(get_auth_context),
) -> dict[str, bool]:
gateway = session.get(Gateway, gateway_id)
if gateway is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Gateway not found")
session.delete(gateway)
session.commit()
return {"ok": True}