Use this file to discover all available pages before exploring further.

Onboard

text
`openclaw onboard`

Interactive onboarding for local or remote Gateway setup.

Related guides

CLI onboarding hub

Walkthrough of the interactive CLI flow.

Onboarding overview

How OpenClaw onboarding fits together.

CLI setup reference

Outputs, internals, and per-step behavior.

CLI automation

Non-interactive flags and scripted setups.

macOS app onboarding

Onboarding flow for the macOS menu bar app.

Examples


bash
openclaw onboard
openclaw onboard --modern
openclaw onboard --flow quickstart
openclaw onboard --flow manual
openclaw onboard --flow import
openclaw onboard --import-from hermes --import-source ~/.hermes
openclaw onboard --skip-bootstrap
openclaw onboard --mode remote --remote-url wss://gateway-host:18789

text

--flow import

uses plugin-owned migration providers such as Hermes. It only runs against a fresh OpenClaw setup; if existing config, credentials, sessions, or workspace memory/identity files are present, reset or choose a fresh setup before importing.

text

--modern

starts the Crestodian conversational onboarding preview. Without

text

--modern

text

openclaw onboard

keeps the classic onboarding flow.

For plaintext private-network

text

ws://

targets (trusted networks only), set

text

OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1

in the onboarding process environment. There is no

text

openclaw.json

equivalent for this client-side transport break-glass.

Non-interactive custom provider:


bash
openclaw onboard --non-interactive \
  --auth-choice custom-api-key \
  --custom-base-url "https://llm.example.com/v1" \
  --custom-model-id "foo-large" \
  --custom-api-key "$CUSTOM_API_KEY" \
  --secret-input-mode plaintext \
  --custom-compatibility openai \
  --custom-image-input

text

--custom-api-key

is optional in non-interactive mode. If omitted, onboarding checks

text

CUSTOM_API_KEY

. OpenClaw marks common vision model IDs as image-capable automatically. Pass

text

--custom-image-input

for unknown custom vision IDs, or

text

--custom-text-input

to force text-only metadata.

LM Studio also supports a provider-specific key flag in non-interactive mode:


bash
openclaw onboard --non-interactive \
  --auth-choice lmstudio \
  --custom-base-url "http://localhost:1234/v1" \
  --custom-model-id "qwen/qwen3.5-9b" \
  --lmstudio-api-key "$LM_API_TOKEN" \
  --accept-risk

Non-interactive Ollama:


bash
openclaw onboard --non-interactive \
  --auth-choice ollama \
  --custom-base-url "http://ollama-host:11434" \
  --custom-model-id "qwen3.5:27b" \
  --accept-risk

text

--custom-base-url

defaults to

text

http://127.0.0.1:11434

text

--custom-model-id

is optional; if omitted, onboarding uses Ollama's suggested defaults. Cloud model IDs such as

text

kimi-k2.5:cloud

also work here.

Store provider keys as refs instead of plaintext:


bash
openclaw onboard --non-interactive \
  --auth-choice openai-api-key \
  --secret-input-mode ref \
  --accept-risk

With

text

--secret-input-mode ref

, onboarding writes env-backed refs instead of plaintext key values. For auth-profile backed providers this writes

text

keyRef

entries; for custom providers this writes

text

models.providers.<id>.apiKey

as an env ref (for example

text

{ source: "env", provider: "default", id: "CUSTOM_API_KEY" }

Non-interactive

text

ref

mode contract:

Set the provider env var in the onboarding process environment (for example
text
OPENAI_API_KEY
).
Do not pass inline key flags (for example
text
--openai-api-key
) unless that env var is also set.
If an inline key flag is passed without the required env var, onboarding fails fast with guidance.

Gateway token options in non-interactive mode:

text
--gateway-auth token --gateway-token <token>
stores a plaintext token.
text
--gateway-auth token --gateway-token-ref-env <name>
stores
text
gateway.auth.token
as an env SecretRef.
text
--gateway-token
and
text
--gateway-token-ref-env
are mutually exclusive.
text
--gateway-token-ref-env
requires a non-empty env var in the onboarding process environment.
With
text
--install-daemon
, when token auth requires a token, SecretRef-managed gateway tokens are validated but not persisted as resolved plaintext in supervisor service environment metadata.
With
text
--install-daemon
, if token mode requires a token and the configured token SecretRef is unresolved, onboarding fails closed with remediation guidance.
With
text
--install-daemon
, if both
text
gateway.auth.token
and
text
gateway.auth.password
are configured and
text
gateway.auth.mode
is unset, onboarding blocks install until mode is set explicitly.
Local onboarding writes
text
gateway.mode="local"
into the config. If a later config file is missing
text
gateway.mode
, treat that as config damage or an incomplete manual edit, not as a valid local-mode shortcut.
text
--allow-unconfigured
is a separate gateway runtime escape hatch. It does not mean onboarding may omit
text
gateway.mode
.

Example:


bash
export OPENCLAW_GATEWAY_TOKEN="your-token"
openclaw onboard --non-interactive \
  --mode local \
  --auth-choice skip \
  --gateway-auth token \
  --gateway-token-ref-env OPENCLAW_GATEWAY_TOKEN \
  --accept-risk

Non-interactive local gateway health:

Unless you pass
text
--skip-health
, onboarding waits for a reachable local gateway before it exits successfully.
text
--install-daemon
starts the managed gateway install path first. Without it, you must already have a local gateway running, for example
text
openclaw gateway run
.
If you only want config/workspace/bootstrap writes in automation, use
text
--skip-health
.
If you manage workspace files yourself, pass
text
--skip-bootstrap
to set
text
agents.defaults.skipBootstrap: true
and skip creating
text
AGENTS.md
,
text
SOUL.md
,
text
TOOLS.md
,
text
IDENTITY.md
,
text
USER.md
,
text
HEARTBEAT.md
, and
text
BOOTSTRAP.md
.
On native Windows,
text
--install-daemon
tries Scheduled Tasks first and falls back to a per-user Startup-folder login item if task creation is denied.

Interactive onboarding behavior with reference mode:

Choose Use secret reference when prompted.
Then choose either:
- Environment variable
- Configured secret provider (
  text
  file
  or
  text
  exec
  )
Onboarding performs a fast preflight validation before saving the ref.
- If validation fails, onboarding shows the error and lets you retry.

Non-interactive Z.AI endpoint choices

note

`--auth-choice zai-api-key` auto-detects the best Z.AI endpoint for your key (prefers the general API with `zai/glm-5.1`). If you specifically want the GLM Coding Plan endpoints, pick `zai-coding-global` or `zai-coding-cn`.


bash
# Promptless endpoint selection
openclaw onboard --non-interactive \
  --auth-choice zai-coding-global \
  --zai-api-key "$ZAI_API_KEY"

# Other Z.AI endpoint choices:
# --auth-choice zai-coding-cn
# --auth-choice zai-global
# --auth-choice zai-cn

Non-interactive Mistral example:


bash
openclaw onboard --non-interactive \
  --auth-choice mistral-api-key \
  --mistral-api-key "$MISTRAL_API_KEY"

Flow notes

Common follow-up commands


bash
openclaw configure
openclaw agents add <name>

note

`--json` does not imply non-interactive mode. Use `--non-interactive` for scripts.

OpenClaw Docs

Onboard

textCopyopenclaw onboard

Related guides

CLI onboarding hub

Onboarding overview

CLI setup reference

CLI automation

macOS app onboarding

Examples

Non-interactive Z.AI endpoint choices

note

Flow notes

Common follow-up commands

note

text
`openclaw onboard`