Use this file to discover all available pages before exploring further.

Matrix

Matrix is a bundled channel plugin for OpenClaw. It uses the official

text

matrix-js-sdk

and supports DMs, rooms, threads, media, reactions, polls, location, and E2EE.

Bundled plugin

Current packaged OpenClaw releases ship the Matrix plugin in the box. You do not need to install anything; configuring

text

channels.matrix.*

(see Setup) is what activates it.

For older builds or custom installs that exclude Matrix, install a current npm package when one is published:


bash
openclaw plugins install @openclaw/matrix

If npm reports the OpenClaw-owned package as deprecated, use a current packaged OpenClaw build or a local checkout until a newer npm package is published.

From a local checkout:


bash
openclaw plugins install ./path/to/local/matrix-plugin

text

plugins install

registers and enables the plugin, so no separate

text

openclaw plugins enable matrix

step is needed. The plugin still does nothing until you configure the channel below. See Plugins for general plugin behavior and install rules.

Setup

Create a Matrix account on your homeserver.
Configure
text
channels.matrix
with either
text
homeserver
+
text
accessToken
, or
text
homeserver
+
text
userId
+
text
password
.
Restart the gateway.
Start a DM with the bot, or invite it to a room (see auto-join — fresh invites only land when
text
autoJoin
allows them).

Interactive setup


bash
openclaw channels add
openclaw configure --section channels

The wizard asks for: homeserver URL, auth method (access token or password), user ID (password auth only), optional device name, whether to enable E2EE, and whether to configure room access and auto-join.

If matching

text

MATRIX_*

env vars already exist and the selected account has no saved auth, the wizard offers an env-var shortcut. To resolve room names before saving an allowlist, run

text

openclaw channels resolve --channel matrix "Project Room"

. When E2EE is enabled, the wizard writes the config and runs the same bootstrap as

text

openclaw matrix encryption setup

Minimal config

Token-based:


json5
{
  channels: {
    matrix: {
      enabled: true,
      homeserver: "https://matrix.example.org",
      accessToken: "syt_xxx",
      dm: { policy: "pairing" },
    },
  },
}

Password-based (the token is cached after first login):


json5
{
  channels: {
    matrix: {
      enabled: true,
      homeserver: "https://matrix.example.org",
      userId: "@bot:example.org",
      password: "replace-me", // pragma: allowlist secret
      deviceName: "OpenClaw Gateway",
    },
  },
}

Auto-join

text

channels.matrix.autoJoin

defaults to

text

off

. With the default, the bot will not appear in new rooms or DMs from fresh invites until you join manually.

OpenClaw cannot tell at invite time whether an invited room is a DM or a group, so all invites — including DM-style invites — go through

text

autoJoin

first.

text

dm.policy

only applies later, after the bot has joined and the room has been classified.

warning

Set `autoJoin: "allowlist"` plus `autoJoinAllowlist` to restrict which invites the bot accepts, or `autoJoin: "always"` to accept every invite.

text

autoJoinAllowlist

only accepts stable targets:

text

!roomId:server

text

#alias:server

, or

text

*

. Plain room names are rejected; alias entries are resolved against the homeserver, not against state claimed by the invited room.


json5
{
  channels: {
    matrix: {
      autoJoin: "allowlist",
      autoJoinAllowlist: ["!ops:example.org", "#support:example.org"],
      groups: {
        "!ops:example.org": { requireMention: true },
      },
    },
  },
}

To accept every invite, use

text

autoJoin: "always"

Allowlist target formats

DM and room allowlists are best populated with stable IDs:

DMs (
text
dm.allowFrom
,
text
groupAllowFrom
,
text
groups.<room>.users
): use
text
@user:server
. Display names only resolve when the homeserver directory returns exactly one match.
Rooms (
text
groups
,
text
autoJoinAllowlist
): use
text
!room:server
or
text
#alias:server
. Names are resolved best-effort against joined rooms; unresolved entries are ignored at runtime.

Account ID normalization

The wizard converts a friendly name into a normalized account ID. For example,

text

Ops Bot

becomes

text

ops-bot

. Punctuation is escaped in scoped env-var names so that two accounts cannot collide:

text

-

→

text

_X2D_

, so

text

ops-prod

maps to

text

MATRIX_OPS_X2D_PROD_*

Cached credentials

Matrix stores cached credentials under

text

~/.openclaw/credentials/matrix/

default account:
text
credentials.json
named accounts:
text
credentials-<account>.json

When cached credentials exist there, OpenClaw treats Matrix as configured even if the access token is not in the config file — that covers setup,

text

openclaw doctor

, and channel-status probes.

Environment variables

Used when the equivalent config key is not set. The default account uses unprefixed names; named accounts use the account ID inserted before the suffix.

Default account	Named account ( text `<ID>` is the normalized account ID)
text `MATRIX_HOMESERVER`	text `MATRIX_<ID>_HOMESERVER`
text `MATRIX_ACCESS_TOKEN`	text `MATRIX_<ID>_ACCESS_TOKEN`
text `MATRIX_USER_ID`	text `MATRIX_<ID>_USER_ID`
text `MATRIX_PASSWORD`	text `MATRIX_<ID>_PASSWORD`
text `MATRIX_DEVICE_ID`	text `MATRIX_<ID>_DEVICE_ID`
text `MATRIX_DEVICE_NAME`	text `MATRIX_<ID>_DEVICE_NAME`
text `MATRIX_RECOVERY_KEY`	text `MATRIX_<ID>_RECOVERY_KEY`

For account

text

ops

, the names become

text

MATRIX_OPS_HOMESERVER

text

MATRIX_OPS_ACCESS_TOKEN

, and so on. The recovery-key env vars are read by recovery-aware CLI flows (

text

verify backup restore

text

verify device

text

verify bootstrap

) when you pipe the key in via

text

--recovery-key-stdin

text

MATRIX_HOMESERVER

cannot be set from a workspace

text

.env

; see Workspace

text

.env

files.

Configuration example

A practical baseline with DM pairing, room allowlist, and E2EE:


json5
{
  channels: {
    matrix: {
      enabled: true,
      homeserver: "https://matrix.example.org",
      accessToken: "syt_xxx",
      encryption: true,

      dm: {
        policy: "pairing",
        sessionScope: "per-room",
        threadReplies: "off",
      },

      groupPolicy: "allowlist",
      groupAllowFrom: ["@admin:example.org"],
      groups: {
        "!roomid:example.org": { requireMention: true },
      },

      autoJoin: "allowlist",
      autoJoinAllowlist: ["!roomid:example.org"],
      threadReplies: "inbound",
      replyToMode: "off",
      streaming: "partial",
    },
  },
}

Streaming previews

Matrix reply streaming is opt-in.

text

streaming

controls how OpenClaw delivers the in-flight assistant reply;

text

blockStreaming

controls whether each completed block is preserved as its own Matrix message.


json5
{
  channels: {
    matrix: {
      streaming: "partial",
    },
  },
}

To keep live answer previews but hide interim tool/progress lines, use object form:


json5
{
  channels: {
    matrix: {
      streaming: {
        mode: "partial",
        preview: {
          toolProgress: false,
        },
      },
    },
  },
}

text `streaming`	Behavior
text `"off"` (default)	Wait for the full reply, send once. text `true` ↔ text `"partial"` , text `false` ↔ text `"off"` .
text `"partial"`	Edit one normal text message in place as the model writes the current block. Stock Matrix clients may notify on the first preview, not the final edit.
text `"quiet"`	Same as text `"partial"` but the message is a non-notifying notice. Recipients only get a notification once a per-user push rule matches the finalized edit (see below).

text

blockStreaming

is independent of

text

streaming

text `streaming`	text `blockStreaming: true`	text `blockStreaming: false` (default)
text `"partial"` / text `"quiet"`	Live draft for the current block, completed blocks kept as messages	Live draft for the current block, finalized in place
text `"off"`	One notifying Matrix message per finished block	One notifying Matrix message for the full reply

Notes:

If a preview grows past Matrix's per-event size limit, OpenClaw stops preview streaming and falls back to final-only delivery.
Media replies always send attachments normally. If a stale preview can no longer be reused safely, OpenClaw redacts it before sending the final media reply.
Tool-progress preview updates are enabled by default when Matrix preview streaming is active. Set
text
streaming.preview.toolProgress: false
to keep preview edits for answer text but leave tool progress on the normal delivery path.
Preview edits cost extra Matrix API calls. Leave
text
streaming: "off"
if you want the most conservative rate-limit profile.

Approval metadata

Matrix native approval prompts are normal

text

m.room.message

events with OpenClaw-specific custom event content under

text

com.openclaw.approval

. Matrix permits custom event-content keys, so stock clients still render the text body while OpenClaw-aware clients can read the structured approval id, kind, state, available decisions, and exec/plugin details.

When an approval prompt is too long for one Matrix event, OpenClaw chunks the visible text and attaches

text

com.openclaw.approval

to the first chunk only. Reactions for allow/deny decisions are bound to that first event, so long prompts keep the same approval target as single-event prompts.

Self-hosted push rules for quiet finalized previews

text

streaming: "quiet"

only notifies recipients once a block or turn is finalized — a per-user push rule has to match the finalized preview marker. See Matrix push rules for quiet previews for the full recipe (recipient token, pusher check, rule install, per-homeserver notes).

Bot-to-bot rooms

By default, Matrix messages from other configured OpenClaw Matrix accounts are ignored.

Use

text

allowBots

when you intentionally want inter-agent Matrix traffic:


json5
{
  channels: {
    matrix: {
      allowBots: "mentions", // true | "mentions"
      groups: {
        "!roomid:example.org": {
          requireMention: true,
        },
      },
    },
  },
}

text
allowBots: true
accepts messages from other configured Matrix bot accounts in allowed rooms and DMs.
text
allowBots: "mentions"
accepts those messages only when they visibly mention this bot in rooms. DMs are still allowed.
text
groups.<room>.allowBots
overrides the account-level setting for one room.
OpenClaw still ignores messages from the same Matrix user ID to avoid self-reply loops.
Matrix does not expose a native bot flag here; OpenClaw treats "bot-authored" as "sent by another configured Matrix account on this OpenClaw gateway".

Use strict room allowlists and mention requirements when enabling bot-to-bot traffic in shared rooms.

Encryption and verification

In encrypted (E2EE) rooms, outbound image events use

text

thumbnail_file

so image previews are encrypted alongside the full attachment. Unencrypted rooms still use plain

text

thumbnail_url

. No configuration is needed — the plugin detects E2EE state automatically.

All

text

openclaw matrix

commands accept

text

--verbose

(full diagnostics),

text

--json

(machine-readable output), and

text

--account <id>

(multi-account setups). Output is concise by default with quiet internal SDK logging. The examples below show the canonical form; add the flags as needed.

Enable encryption


bash
openclaw matrix encryption setup

Bootstraps secret storage and cross-signing, creates a room-key backup if needed, then prints status and next steps. Useful flags:

text
--recovery-key <key>
apply a recovery key before bootstrapping (prefer the stdin form documented below)
text
--force-reset-cross-signing
discard the current cross-signing identity and create a new one (use only intentionally)

For a new account, enable E2EE at creation time:


bash
openclaw matrix account add \
  --homeserver https://matrix.example.org \
  --access-token syt_xxx \
  --enable-e2ee

text

--encryption

is an alias for

text

--enable-e2ee

Manual config equivalent:


json5
{
  channels: {
    matrix: {
      enabled: true,
      homeserver: "https://matrix.example.org",
      accessToken: "syt_xxx",
      encryption: true,
      dm: { policy: "pairing" },
    },
  },
}

Status and trust signals


bash
openclaw matrix verify status
openclaw matrix verify status --include-recovery-key --json

text

verify status

reports three independent trust signals (

text

--verbose

shows all of them):

text
Locally trusted
: trusted by this client only
text
Cross-signing verified
: the SDK reports verification via cross-signing
text
Signed by owner
: signed by your own self-signing key (diagnostic only)

text

Verified by owner

becomes

text

yes

only when

text

Cross-signing verified

text

yes

. Local trust or an owner signature alone is not enough.

text

--allow-degraded-local-state

returns best-effort diagnostics without preparing the Matrix account first; useful for offline or partially-configured probes.

Verify this device with a recovery key

The recovery key is sensitive — pipe it via stdin instead of passing it on the command line. Set

text

MATRIX_RECOVERY_KEY

(or

text

MATRIX_<ID>_RECOVERY_KEY

for a named account):


bash
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify device --recovery-key-stdin

The command reports three states:

text
Recovery key accepted
: Matrix accepted the key for secret storage or device trust.
text
Backup usable
: room-key backup can be loaded with the trusted recovery material.
text
Device verified by owner
: this device has full Matrix cross-signing identity trust.

It exits non-zero when full identity trust is incomplete, even if the recovery key unlocked backup material. In that case, finish self-verification from another Matrix client:


bash
openclaw matrix verify self

text

verify self

waits for

text

Cross-signing verified: yes

before it exits successfully. Use

text

--timeout-ms <ms>

to tune the wait.

The literal-key form

text

openclaw matrix verify device "<recovery-key>"

is also accepted, but the key ends up in your shell history.

Bootstrap or repair cross-signing


bash
openclaw matrix verify bootstrap

text

verify bootstrap

is the repair and setup command for encrypted accounts. In order, it:

bootstraps secret storage, reusing an existing recovery key when possible
bootstraps cross-signing and uploads missing public keys
marks and cross-signs the current device
creates a server-side room-key backup if one does not already exist

If the homeserver requires UIA to upload cross-signing keys, OpenClaw tries no-auth first, then

text

m.login.dummy

, then

text

m.login.password

(requires

text

channels.matrix.password

Useful flags:

text
--recovery-key-stdin
(pair with
text
printf '%s\n' "$MATRIX_RECOVERY_KEY" | …
) or
text
--recovery-key <key>
text
--force-reset-cross-signing
to discard the current cross-signing identity (intentional only)

Room-key backup


bash
openclaw matrix verify backup status
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin

text

backup status

shows whether a server-side backup exists and whether this device can decrypt it.

text

backup restore

imports backed-up room keys into the local crypto store; if the recovery key is already on disk you can omit

text

--recovery-key-stdin

To replace a broken backup with a fresh baseline (accepts losing unrecoverable old history; can also recreate secret storage if the current backup secret is unloadable):


bash
openclaw matrix verify backup reset --yes

Add

text

--rotate-recovery-key

only when you intentionally want the previous recovery key to stop unlocking the fresh backup baseline.

Listing, requesting, and responding to verifications


bash
openclaw matrix verify list

Lists pending verification requests for the selected account.


bash
openclaw matrix verify request --own-user
openclaw matrix verify request --user-id @ops:example.org --device-id ABCDEF

Sends a verification request from this OpenClaw account.

text

--own-user

requests self-verification (you accept the prompt in another Matrix client of the same user);

text

--user-id

text

--device-id

text

--room-id

target someone else.

text

--own-user

cannot be combined with the other targeting flags.

For lower-level lifecycle handling — typically while shadowing inbound requests from another client — these commands act on a specific request

text

<id>

(printed by

text

verify list

and

text

verify request

Command	Purpose
text `openclaw matrix verify accept <id>`	Accept an inbound request
text `openclaw matrix verify start <id>`	Start the SAS flow
text `openclaw matrix verify sas <id>`	Print the SAS emoji or decimals
text `openclaw matrix verify confirm-sas <id>`	Confirm that the SAS matches what the other client shows
text `openclaw matrix verify mismatch-sas <id>`	Reject the SAS when the emoji or decimals do not match
text `openclaw matrix verify cancel <id>`	Cancel; takes optional text `--reason <text>` and text `--code <matrix-code>`

text

accept

text

start

text

sas

text

confirm-sas

text

mismatch-sas

, and

text

cancel

all accept

text

--user-id

and

text

--room-id

as DM follow-up hints when the verification is anchored to a specific direct-message room.

Multi-account notes

Without

text

--account <id>

, Matrix CLI commands use the implicit default account. If you have multiple named accounts and have not set

text

channels.matrix.defaultAccount

, they will refuse to guess and ask you to choose. When E2EE is disabled or unavailable for a named account, errors point at that account's config key, for example

text

channels.matrix.accounts.assistant.encryption

Profile management

Update the Matrix self-profile for the selected account:


bash
openclaw matrix profile set --name "OpenClaw Assistant"
openclaw matrix profile set --avatar-url https://cdn.example.org/avatar.png

You can pass both options in one call. Matrix accepts

text

mxc://

avatar URLs directly; when you pass

text

http://

text

https://

, OpenClaw uploads the file first and stores the resolved

text

mxc://

URL into

text

channels.matrix.avatarUrl

(or the per-account override).

Threads

Matrix supports native Matrix threads for both automatic replies and message-tool sends. Two independent knobs control behavior:

Session routing (
text
`sessionScope`
)

text

dm.sessionScope

decides how Matrix DM rooms map to OpenClaw sessions:

text
"per-user"
(default): all DM rooms with the same routed peer share one session.
text
"per-room"
: each Matrix DM room gets its own session key, even when the peer is the same.

Explicit conversation bindings always win over

text

sessionScope

, so bound rooms and threads keep their chosen target session.

Reply threading (
text
`threadReplies`
)

text

threadReplies

decides where the bot posts its reply:

text
"off"
: replies are top-level. Inbound threaded messages stay on the parent session.
text
"inbound"
: reply inside a thread only when the inbound message was already in that thread.
text
"always"
: reply inside a thread rooted at the triggering message; that conversation is routed through a matching thread-scoped session from the first trigger onward.

text

dm.threadReplies

overrides this for DMs only — for example, keep room threads isolated while keeping DMs flat.

Thread inheritance and slash commands

Inbound threaded messages include the thread root message as extra agent context.
Message-tool sends auto-inherit the current Matrix thread when targeting the same room (or the same DM user target), unless an explicit
text
threadId
is provided.
DM user-target reuse only kicks in when the current session metadata proves the same DM peer on the same Matrix account; otherwise OpenClaw falls back to normal user-scoped routing.
text
/focus
,
text
/unfocus
,
text
/agents
,
text
/session idle
,
text
/session max-age
, and thread-bound
text
/acp spawn
all work in Matrix rooms and DMs.
Top-level
text
/focus
creates a new Matrix thread and binds it to the target session when
text
threadBindings.spawnSubagentSessions: true
.
Running
text
/focus
or
text
/acp spawn --thread here
inside an existing Matrix thread binds that thread in place.

When OpenClaw detects a Matrix DM room colliding with another DM room on the same shared session, it posts a one-time

text

m.notice

in that room pointing to the

text

/focus

escape hatch and suggesting a

text

dm.sessionScope

change. The notice only appears when thread bindings are enabled.

ACP conversation bindings

Matrix rooms, DMs, and existing Matrix threads can be turned into durable ACP workspaces without changing the chat surface.

Fast operator flow:

Run
text
/acp spawn codex --bind here
inside the Matrix DM, room, or existing thread you want to keep using.
In a top-level Matrix DM or room, the current DM/room stays the chat surface and future messages route to the spawned ACP session.
Inside an existing Matrix thread,
text
--bind here
binds that current thread in place.
text
/new
and
text
/reset
reset the same bound ACP session in place.
text
/acp close
closes the ACP session and removes the binding.

Notes:

text
--bind here
does not create a child Matrix thread.
text
threadBindings.spawnAcpSessions
is only required for
text
/acp spawn --thread auto|here
, where OpenClaw needs to create or bind a child Matrix thread.

Thread binding config

Matrix inherits global defaults from

text

session.threadBindings

, and also supports per-channel overrides:

text
threadBindings.enabled
text
threadBindings.idleHours
text
threadBindings.maxAgeHours
text
threadBindings.spawnSubagentSessions
text
threadBindings.spawnAcpSessions

Matrix thread-bound spawn flags are opt-in:

Set
text
threadBindings.spawnSubagentSessions: true
to allow top-level
text
/focus
to create and bind new Matrix threads.
Set
text
threadBindings.spawnAcpSessions: true
to allow
text
/acp spawn --thread auto|here
to bind ACP sessions to Matrix threads.

Reactions

Matrix supports outbound reactions, inbound reaction notifications, and ack reactions.

Outbound reaction tooling is gated by

text

channels.matrix.actions.reactions

text
react
adds a reaction to a Matrix event.
text
reactions
lists the current reaction summary for a Matrix event.
text
emoji=""
removes the bot's own reactions on that event.
text
remove: true
removes only the specified emoji reaction from the bot.

Resolution order (first defined value wins):

Setting	Order
text `ackReaction`	per-account → channel → text `messages.ackReaction` → agent identity emoji fallback
text `ackReactionScope`	per-account → channel → text `messages.ackReactionScope` → default text `"group-mentions"`
text `reactionNotifications`	per-account → channel → default text `"own"`

text

reactionNotifications: "own"

forwards added

text

m.reaction

events when they target bot-authored Matrix messages;

text

"off"

disables reaction system events. Reaction removals are not synthesized into system events because Matrix surfaces those as redactions, not as standalone

text

m.reaction

removals.

History context

text
channels.matrix.historyLimit
controls how many recent room messages are included as
text
InboundHistory
when a Matrix room message triggers the agent. Falls back to
text
messages.groupChat.historyLimit
; if both are unset, the effective default is
text
0
. Set
text
0
to disable.
Matrix room history is room-only. DMs keep using normal session history.
Matrix room history is pending-only: OpenClaw buffers room messages that did not trigger a reply yet, then snapshots that window when a mention or other trigger arrives.
The current trigger message is not included in
text
InboundHistory
; it stays in the main inbound body for that turn.
Retries of the same Matrix event reuse the original history snapshot instead of drifting forward to newer room messages.

Context visibility

Matrix supports the shared

text

contextVisibility

control for supplemental room context such as fetched reply text, thread roots, and pending history.

text
contextVisibility: "all"
is the default. Supplemental context is kept as received.
text
contextVisibility: "allowlist"
filters supplemental context to senders allowed by the active room/user allowlist checks.
text
contextVisibility: "allowlist_quote"
behaves like
text
allowlist
, but still keeps one explicit quoted reply.

This setting affects supplemental context visibility, not whether the inbound message itself can trigger a reply. Trigger authorization still comes from

text

groupPolicy

text

groups

text

groupAllowFrom

, and DM policy settings.

DM and room policy


json5
{
  channels: {
    matrix: {
      dm: {
        policy: "allowlist",
        allowFrom: ["@admin:example.org"],
        threadReplies: "off",
      },
      groupPolicy: "allowlist",
      groupAllowFrom: ["@admin:example.org"],
      groups: {
        "!roomid:example.org": { requireMention: true },
      },
    },
  },
}

To silence DMs entirely while keeping rooms working, set

text

dm.enabled: false


json5
{
  channels: {
    matrix: {
      dm: { enabled: false },
      groupPolicy: "allowlist",
      groupAllowFrom: ["@admin:example.org"],
    },
  },
}

See Groups for mention-gating and allowlist behavior.

Pairing example for Matrix DMs:


bash
openclaw pairing list matrix
openclaw pairing approve matrix <CODE>

If an unapproved Matrix user keeps messaging you before approval, OpenClaw reuses the same pending pairing code and may send a reminder reply after a short cooldown instead of minting a new code.

See Pairing for the shared DM pairing flow and storage layout.

Direct room repair

If direct-message state drifts out of sync, OpenClaw can end up with stale

text

m.direct

mappings that point at old solo rooms instead of the live DM. Inspect the current mapping for a peer:


bash
openclaw matrix direct inspect --user-id @alice:example.org

Repair it:


bash
openclaw matrix direct repair --user-id @alice:example.org

Both commands accept

text

--account <id>

for multi-account setups. The repair flow:

prefers a strict 1:1 DM that is already mapped in
text
m.direct
falls back to any currently joined strict 1:1 DM with that user
creates a fresh direct room and rewrites
text
m.direct
if no healthy DM exists

It does not delete old rooms automatically. It picks the healthy DM and updates the mapping so future Matrix sends, verification notices, and other direct-message flows target the right room.

Exec approvals

Matrix can act as a native approval client. Configure under

text

channels.matrix.execApprovals

(or

text

channels.matrix.accounts.<account>.execApprovals

for a per-account override):

text
enabled
: deliver approvals through Matrix-native prompts. When unset or
text
"auto"
, Matrix auto-enables once at least one approver can be resolved. Set
text
false
to disable explicitly.
text
approvers
: Matrix user IDs (
text
@owner:example.org
) allowed to approve exec requests. Optional — falls back to
text
channels.matrix.dm.allowFrom
.
text
target
: where prompts go.
text
"dm"
(default) sends to approver DMs;
text
"channel"
sends to the originating Matrix room or DM;
text
"both"
sends to both.
text
agentFilter
/
text
sessionFilter
: optional allowlists for which agents/sessions trigger Matrix delivery.

Authorization differs slightly between approval kinds:

Exec approvals use
text
execApprovals.approvers
, falling back to
text
dm.allowFrom
.
Plugin approvals authorize through
text
dm.allowFrom
only.

Both kinds share Matrix reaction shortcuts and message updates. Approvers see reaction shortcuts on the primary approval message:

text
✅
allow once
text
❌
deny
text
♾️
allow always (when the effective exec policy allows it)

Fallback slash commands:

text

/approve <id> allow-once

text

/approve <id> allow-always

text

/approve <id> deny

Only resolved approvers can approve or deny. Channel delivery for exec approvals includes the command text — only enable

text

channel

text

both

in trusted rooms.

Related: Exec approvals.

Slash commands

Slash commands (

text

/new

text

/reset

text

/model

text

/focus

text

/unfocus

text

/agents

text

/session

text

/acp

text

/approve

, etc.) work directly in DMs. In rooms, OpenClaw also recognizes commands that are prefixed with the bot's own Matrix mention, so

text

@bot:server /new

triggers the command path without a custom mention regex. This keeps the bot responsive to the room-style

text

@mention /command

posts that Element and similar clients emit when a user tab-completes the bot before typing the command.

Authorization rules still apply: command senders must satisfy the same DM or room allowlist/owner policies as plain messages.

Multi-account


json5
{
  channels: {
    matrix: {
      enabled: true,
      defaultAccount: "assistant",
      dm: { policy: "pairing" },
      accounts: {
        assistant: {
          homeserver: "https://matrix.example.org",
          accessToken: "syt_assistant_xxx",
          encryption: true,
        },
        alerts: {
          homeserver: "https://matrix.example.org",
          accessToken: "syt_alerts_xxx",
          dm: {
            policy: "allowlist",
            allowFrom: ["@ops:example.org"],
            threadReplies: "off",
          },
        },
      },
    },
  },
}

Inheritance:

Top-level
text
channels.matrix
values act as defaults for named accounts unless an account overrides them.
Scope an inherited room entry to a specific account with
text
groups.<room>.account
. Entries without
text
account
are shared across accounts;
text
account: "default"
still works when the default account is configured at the top level.

Default account selection:

Set
text
defaultAccount
to pick the named account that implicit routing, probing, and CLI commands prefer.
If you have multiple accounts and one is literally named
text
default
, OpenClaw uses it implicitly even when
text
defaultAccount
is unset.
If you have multiple named accounts and no default is selected, CLI commands refuse to guess — set
text
defaultAccount
or pass
text
--account <id>
.
The top-level
text
channels.matrix.*
block is only treated as the implicit
text
default
account when its auth is complete (
text
homeserver
+
text
accessToken
, or
text
homeserver
+
text
userId
+
text
password
). Named accounts remain discoverable from
text
homeserver
+
text
userId
once cached credentials cover auth.

Promotion:

When OpenClaw promotes a single-account config to multi-account during repair or setup, it preserves the existing named account if one exists or
text
defaultAccount
already points at one. Only Matrix auth/bootstrap keys move into the promoted account; shared delivery-policy keys stay at the top level.

See Configuration reference for the shared multi-account pattern.

Private/LAN homeservers

By default, OpenClaw blocks private/internal Matrix homeservers for SSRF protection unless you explicitly opt in per account.

If your homeserver runs on localhost, a LAN/Tailscale IP, or an internal hostname, enable

text

network.dangerouslyAllowPrivateNetwork

for that Matrix account:


json5
{
  channels: {
    matrix: {
      homeserver: "http://matrix-synapse:8008",
      network: {
        dangerouslyAllowPrivateNetwork: true,
      },
      accessToken: "syt_internal_xxx",
    },
  },
}

CLI setup example:


bash
openclaw matrix account add \
  --account ops \
  --homeserver http://matrix-synapse:8008 \
  --allow-private-network \
  --access-token syt_ops_xxx

This opt-in only allows trusted private/internal targets. Public cleartext homeservers such as

text

http://matrix.example.org:8008

remain blocked. Prefer

text

https://

whenever possible.

Proxying Matrix traffic

If your Matrix deployment needs an explicit outbound HTTP(S) proxy, set

text

channels.matrix.proxy


json5
{
  channels: {
    matrix: {
      homeserver: "https://matrix.example.org",
      accessToken: "syt_bot_xxx",
      proxy: "http://127.0.0.1:7890",
    },
  },
}

Named accounts can override the top-level default with

text

channels.matrix.accounts.<id>.proxy

. OpenClaw uses the same proxy setting for runtime Matrix traffic and account status probes.

Target resolution

Matrix accepts these target forms anywhere OpenClaw asks you for a room or user target:

Users:
text
@user:server
,
text
user:@user:server
, or
text
matrix:user:@user:server
Rooms:
text
!room:server
,
text
room:!room:server
, or
text
matrix:room:!room:server
Aliases:
text
#alias:server
,
text
channel:#alias:server
, or
text
matrix:channel:#alias:server

Matrix room IDs are case-sensitive. Use the exact room ID casing from Matrix when configuring explicit delivery targets, cron jobs, bindings, or allowlists. OpenClaw keeps internal session keys canonical for storage, so those lowercase keys are not a reliable source for Matrix delivery IDs.

Live directory lookup uses the logged-in Matrix account:

User lookups query the Matrix user directory on that homeserver.
Room lookups accept explicit room IDs and aliases directly, then fall back to searching joined room names for that account.
Joined-room name lookup is best-effort. If a room name cannot be resolved to an ID or alias, it is ignored by runtime allowlist resolution.

Configuration reference

Allowlist-style fields (

text

groupAllowFrom

text

dm.allowFrom

text

groups.<room>.users

) accept full Matrix user IDs (safest). Exact directory matches are resolved at startup and whenever the allowlist changes while the monitor is running; entries that cannot be resolved are ignored at runtime. Room allowlists prefer room IDs or aliases for the same reason.

Account and connection

text
enabled
: enable or disable the channel.
text
name
: optional display label for the account.
text
defaultAccount
: preferred account ID when multiple Matrix accounts are configured.
text
accounts
: named per-account overrides. Top-level
text
channels.matrix
values are inherited as defaults.
text
homeserver
: homeserver URL, for example
text
https://matrix.example.org
.
text
network.dangerouslyAllowPrivateNetwork
: allow this account to connect to
text
localhost
, LAN/Tailscale IPs, or internal hostnames.
text
proxy
: optional HTTP(S) proxy URL for Matrix traffic. Per-account override supported.
text
userId
: full Matrix user ID (
text
@bot:example.org
).
text
accessToken
: access token for token-based auth. Plaintext and SecretRef values supported across env/file/exec providers (Secrets Management).
text
password
: password for password-based login. Plaintext and SecretRef values supported.
text
deviceId
: explicit Matrix device ID.
text
deviceName
: device display name used at password-login time.
text
avatarUrl
: stored self-avatar URL for profile sync and
text
profile set
updates.
text
initialSyncLimit
: maximum number of events fetched during startup sync.

Encryption

text
encryption
: enable E2EE. Default:
text
false
.
text
startupVerification
:
text
"if-unverified"
(default when E2EE is on) or
text
"off"
. Auto-requests self-verification on startup when this device is unverified.
text
startupVerificationCooldownHours
: cooldown before the next automatic startup request. Default:
text
24
.

Access and policy

text
groupPolicy
:
text
"open"
,
text
"allowlist"
, or
text
"disabled"
. Default:
text
"allowlist"
.
text
groupAllowFrom
: allowlist of user IDs for room traffic.
text
dm.enabled
: when
text
false
, ignore all DMs. Default:
text
true
.
text
dm.policy
:
text
"pairing"
(default),
text
"allowlist"
,
text
"open"
, or
text
"disabled"
. Applies after the bot has joined and classified the room as a DM; it does not affect invite handling.
text
dm.allowFrom
: allowlist of user IDs for DM traffic.
text
dm.sessionScope
:
text
"per-user"
(default) or
text
"per-room"
.
text
dm.threadReplies
: DM-only override for reply threading (
text
"off"
,
text
"inbound"
,
text
"always"
).
text
allowBots
: accept messages from other configured Matrix bot accounts (
text
true
or
text
"mentions"
).
text
allowlistOnly
: when
text
true
, forces all active DM policies (except
text
"disabled"
) and
text
"open"
group policies to
text
"allowlist"
. Does not change
text
"disabled"
policies.
text
autoJoin
:
text
"always"
,
text
"allowlist"
, or
text
"off"
. Default:
text
"off"
. Applies to every Matrix invite, including DM-style invites.
text
autoJoinAllowlist
: rooms/aliases allowed when
text
autoJoin
is
text
"allowlist"
. Alias entries are resolved against the homeserver, not against state claimed by the invited room.
text
contextVisibility
: supplemental context visibility (
text
"all"
default,
text
"allowlist"
,
text
"allowlist_quote"
).

Reply behavior

text
replyToMode
:
text
"off"
,
text
"first"
,
text
"all"
, or
text
"batched"
.
text
threadReplies
:
text
"off"
,
text
"inbound"
, or
text
"always"
.
text
threadBindings
: per-channel overrides for thread-bound session routing and lifecycle.
text
streaming
:
text
"off"
(default),
text
"partial"
,
text
"quiet"
, or object form
text
{ mode, preview: { toolProgress } }
.
text
true
↔
text
"partial"
,
text
false
↔
text
"off"
.
text
blockStreaming
: when
text
true
, completed assistant blocks are kept as separate progress messages.
text
markdown
: optional Markdown rendering config for outbound text.
text
responsePrefix
: optional string prepended to outbound replies.
text
textChunkLimit
: outbound chunk size in characters when
text
chunkMode: "length"
. Default:
text
4000
.
text
chunkMode
:
text
"length"
(default, splits by character count) or
text
"newline"
(splits at line boundaries).
text
historyLimit
: number of recent room messages included as
text
InboundHistory
when a room message triggers the agent. Falls back to
text
messages.groupChat.historyLimit
; effective default
text
0
(disabled).
text
mediaMaxMb
: media size cap in MB for outbound sends and inbound processing.

Reaction settings

text
ackReaction
: ack reaction override for this channel/account.
text
ackReactionScope
: scope override (
text
"group-mentions"
default,
text
"group-all"
,
text
"direct"
,
text
"all"
,
text
"none"
,
text
"off"
).
text
reactionNotifications
: inbound reaction notification mode (
text
"own"
default,
text
"off"
).

Tooling and per-room overrides

text
actions
: per-action tool gating (
text
messages
,
text
reactions
,
text
pins
,
text
profile
,
text
memberInfo
,
text
channelInfo
,
text
verification
).
text
groups
: per-room policy map. Session identity uses the stable room ID after resolution. (
text
rooms
is a legacy alias.)
- text
  groups.<room>.account
  : restrict one inherited room entry to a specific account.
- text
  groups.<room>.allowBots
  : per-room override of the channel-level setting (
  text
  true
  or
  text
  "mentions"
  ).
- text
  groups.<room>.users
  : per-room sender allowlist.
- text
  groups.<room>.tools
  : per-room tool allow/deny overrides.
- text
  groups.<room>.autoReply
  : per-room mention-gating override.
  text
  true
  disables mention requirements for that room;
  text
  false
  forces them back on.
- text
  groups.<room>.skills
  : per-room skill filter.
- text
  groups.<room>.systemPrompt
  : per-room system prompt snippet.

Exec approval settings

text
execApprovals.enabled
: deliver exec approvals through Matrix-native prompts.
text
execApprovals.approvers
: Matrix user IDs allowed to approve. Falls back to
text
dm.allowFrom
.
text
execApprovals.target
:
text
"dm"
(default),
text
"channel"
, or
text
"both"
.
text
execApprovals.agentFilter
/
text
execApprovals.sessionFilter
: optional agent/session allowlists for delivery.

Channels Overview — all supported channels
Pairing — DM authentication and pairing flow
Groups — group chat behavior and mention gating
Channel Routing — session routing for messages
Security — access model and hardening

OpenClaw Docs

Matrix

Bundled plugin

Setup

Interactive setup

Minimal config

Auto-join

warning

Allowlist target formats

Account ID normalization

Cached credentials

Environment variables

Configuration example

Streaming previews

Approval metadata

Self-hosted push rules for quiet finalized previews

Bot-to-bot rooms

Encryption and verification

Enable encryption

Status and trust signals

Verify this device with a recovery key

Bootstrap or repair cross-signing

Room-key backup

Listing, requesting, and responding to verifications

Multi-account notes

Profile management

Threads

Session routing (textCopysessionScope)

Reply threading (textCopythreadReplies)

Thread inheritance and slash commands

ACP conversation bindings

Thread binding config

Reactions

History context

Context visibility

DM and room policy

Direct room repair

Exec approvals

Slash commands

Multi-account

Private/LAN homeservers

Proxying Matrix traffic

Target resolution

Configuration reference

Account and connection

Encryption

Access and policy

Reply behavior

Reaction settings

Tooling and per-room overrides

Exec approval settings

Related

Session routing (
text
`sessionScope`
)

Reply threading (
text
`threadReplies`
)