Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JorgeMedinaArauna/OpenClaw-Mission_control/llms.txt

Use this file to discover all available pages before exploring further.

Gateway Setup

Gateways are the runtime environments where agents execute. Each gateway runs OpenClaw and connects to Mission Control.

Prerequisites

  • OpenClaw Gateway installed and running
  • Gateway accessible via WebSocket (default port: 18789)
  • Active organization in Mission Control

Gateway Configuration

OpenClaw Gateway Setup

Edit ~/.openclaw/openclaw.json: 
{
  "gateway": {
    "enabled": true,
    "port": 18789,
    "controlUi": {
      "allowInsecureAuth": true,
      "dangerouslyDisableDeviceAuth": true
    }
  },
  "agents": {
    "list": []
  }
}
dangerouslyDisableDeviceAuth is required for Mission Control to manage agents. Without this flag, the gateway will reject RPC calls with “missing scope: operator.read”.
Source: TECHNICAL.md:476-494, TECHNICAL.md:813-829

Start Gateway

openoclaw gateway start
Verify it’s running: 
curl http://localhost:18789/health

Register Gateway in Mission Control

1

Prepare gateway credentials

Generate a secure token:
TOKEN=$(openssl rand -base64 32)
echo $TOKEN
2

Register gateway

curl -X POST http://localhost:8000/api/v1/gateways \
  -H "Authorization: Bearer $MC_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Primary Gateway",
    "url": "ws://localhost:18789",
    "token": "'$TOKEN'",
    "workspace_root": "/home/ubuntu/GDRIVE/agents",
    "disable_device_pairing": true,
    "allow_insecure_tls": false
  }'
3

Gateway verification

Mission Control:
  1. Validates gateway version (>= GATEWAY_MIN_VERSION)
  2. Tests WebSocket connection
  3. Creates gateway record
  4. Provisions main agent automatically
4

Response

{
  "id": "<gateway-id>",
  "name": "Primary Gateway",
  "url": "ws://localhost:18789",
  "workspace_root": "/home/ubuntu/GDRIVE/agents",
  "organization_id": "<org-id>",
  "created_at": "2026-03-05T12:00:00"
}
Source: backend/app/api/gateways.py:89-110

Gateway Fields

Required Fields

  • name - Human-readable identifier
  • url - WebSocket URL (e.g., ws://host:18789 or wss://host:18789)
  • workspace_root - Absolute path for agent workspaces

Optional Fields

  • token - Authentication token for gateway RPC (recommended)
  • disable_device_pairing - Set to true for Mission Control management (required)
  • allow_insecure_tls - Allow self-signed certificates (dev only)
Source: backend/app/schemas/gateways.py

Gateway Main Agent

Each gateway has a main agent that coordinates gateway-level operations.

Automatic Provisioning

The main agent is created automatically when you:
  1. Create a gateway
  2. Update gateway connection settings
Main agent properties:
  • board_id is NULL (gateway-scoped, not board-scoped)
  • Session key: agent:gateway-<gateway-id>:main
  • OpenClaw agent ID: mc-gateway-<gateway-id>
  • Workspace: {workspace_root}/workspace-gateway-<gateway-id>
Source: backend/app/services/openclaw/admin_service.py

Main Agent Templates

Main agents receive:
  • TOOLS.md - Mission Control API access
  • IDENTITY.md - Gateway coordinator role
  • SOUL.md - Gateway management behavior
  • USER.md - Organization context
Source: backend/app/services/openclaw/constants.py:MAIN_TEMPLATE_MAP

Template Sync

Template sync updates agent workspace files with the latest configuration.

When to Sync

Run template sync after:
  • Creating new boards
  • Adding agents to boards
  • Changing board rules or objectives
  • Updating agent identity profiles
  • Gateway configuration changes

Sync Command

curl -X POST "http://localhost:8000/api/v1/gateways/<gateway-id>/templates/sync" \
  -H "Authorization: Bearer $TOKEN"
Query Parameters:
ParameterDefaultDescription
include_maintrueSync gateway main agent
lead_onlyfalseOnly sync board lead agents
reset_sessionsfalseForce reset agent sessions
rotate_tokensfalseGenerate new auth tokens
force_bootstrapfalseOverwrite BOOTSTRAP.md
overwritefalseOverwrite all files
board_idnullLimit to specific board
Source: backend/app/api/gateways.py:170-184

Sync with Token Rotation

Use when:
  • First-time gateway setup
  • Agents removed from openclaw.json
  • Tokens compromised
curl -X POST "http://localhost:8000/api/v1/gateways/<gateway-id>/templates/sync?rotate_tokens=true&overwrite=true" \
  -H "Authorization: Bearer $TOKEN"
This will:
  1. Generate new auth tokens for all agents
  2. Update database with new token hashes
  3. Rewrite all TOOLS.md files with new tokens
  4. Preserve agent-editable files (MEMORY.md, USER.md)
Source: TECHNICAL.md:531-574

Sync Response

{
  "synced_agents": [
    {
      "agent_id": "<agent-id>",
      "agent_name": "Lead Agent",
      "board_id": "<board-id>",
      "board_name": "Product Development",
      "status": "success"
    }
  ],
  "errors": [],
  "total_synced": 5,
  "total_failed": 0
}
Source: backend/app/schemas/gateways.py:GatewayTemplatesSyncResult

Gateway RPC Protocol

Mission Control communicates with gateways via WebSocket RPC.

Connection Flow

1

WebSocket connection

ws = await connect(f"{gateway.url}")  # ws://host:18789
2

Authentication (if token set)

await ws.send(json.dumps({
    "method": "auth",
    "token": gateway.token
}))
3

RPC calls

await ws.send(json.dumps({
    "id": "<request-id>",
    "method": "agents.create",
    "params": {"name": "mc-c91361ef-...", "workspace": "..."}
}))

response = await ws.recv()
# {"id": "<request-id>", "result": {...}}
Source: backend/app/services/openclaw/gateway_rpc.py

Available RPC Methods

Agent management:
  • agents.create - Create agent entry
  • agents.update - Update agent metadata
  • agents.delete - Remove agent
  • agents.files.list - List workspace files
  • agents.files.get - Read file content
  • agents.files.set - Write file content
  • agents.files.delete - Remove file
Session management:
  • sessions.ensure - Ensure session exists
  • sessions.reset - Clear session history
  • sessions.delete - Remove session
Configuration:
  • config.get - Read gateway config
  • config.patch - Update config (heartbeat settings)
Communication:
  • chat.send - Send message to agent
Source: backend/app/services/openclaw/provisioning.py:498-620

Gateway Health Check

Verify gateway connectivity: 
GET /api/v1/gateway/status
Response: 
{
  "status": "healthy",
  "version": "2026.02.9",
  "uptime_seconds": 86400
}
Source: backend/app/api/gateway_runtime.py

Update Gateway

Modify gateway configuration: 
curl -X PATCH http://localhost:8000/api/v1/gateways/<gateway-id> \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Gateway",
    "workspace_root": "/mnt/agents"
  }'
Updating connection settings (url, token) triggers main agent reprovisioning. Source: backend/app/api/gateways.py:128-167

Delete Gateway

Deleting a gateway removes the main agent but does not delete boards or board agents. Reassign boards to another gateway before deleting.
curl -X DELETE http://localhost:8000/api/v1/gateways/<gateway-id> \
  -H "Authorization: Bearer $TOKEN"
Source: backend/app/api/gateways.py:210-248

Troubleshooting

Gateway version too old

Error: “Gateway version 2026.01.5 is below minimum 2026.02.9” Fix: Update OpenClaw: 
pip install --upgrade openclaw
Set minimum version in backend .env: 
GATEWY_MIN_VERSION=2026.02.9
Source: backend/app/services/openclaw/gateway_compat.py

Connection refused

Causes:
  1. Gateway not running
  2. Firewall blocking port 18789
  3. Incorrect URL in gateway record
Debug: 
# Test direct connection
wscat -c ws://localhost:18789

# Check gateway logs
tail -f ~/.openclaw/logs/gateway.log

RPC timeout

Causes:
  1. Gateway overloaded
  2. Network latency
  3. Large file operations
Adjust timeout in code: 
config = GatewayClientConfig(
    url=gateway.url,
    token=gateway.token,
    timeout_ms=10000  # 10 seconds
)
Source: backend/app/services/openclaw/gateway_rpc.py:GatewayClientConfig

”unable to read AUTH_TOKEN from TOOLS.md”

Cause: Agent missing from openclaw.json or TOOLS.md not synced Fix: Run sync with token rotation: 
curl -X POST "http://localhost:8000/api/v1/gateways/<gateway-id>/templates/sync?rotate_tokens=true" \
  -H "Authorization: Bearer $TOKEN"
Source: TECHNICAL.md:806-811

List Gateways

GET /api/v1/gateways
Response: 
{
  "items": [
    {
      "id": "<gateway-id>",
      "name": "Primary Gateway",
      "url": "ws://localhost:18789",
      "workspace_root": "/home/ubuntu/GDRIVE/agents",
      "organization_id": "<org-id>",
      "created_at": "2026-03-05T12:00:00"
    }
  ],
  "total": 1,
  "limit": 50,
  "offset": 0
}
Source: backend/app/api/gateways.py:75-86

Database Schema

CREATE TABLE gateways (
    id UUID PRIMARY KEY,
    organization_id UUID REFERENCES organizations(id),
    name TEXT NOT NULL,
    url TEXT NOT NULL,
    token TEXT,
    workspace_root TEXT NOT NULL,
    disable_device_pairing BOOLEAN DEFAULT FALSE,
    allow_insecure_tls BOOLEAN DEFAULT FALSE,
    created_at TIMESTAMP,
    updated_at TIMESTAMP
);
Source: backend/app/models/gateways.py

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us