OpenClaw Operator — Quick Start
This is the fastest way to get the repo running as a self-hosted operator workspace. The recommended first run is the root local-dev path, which starts the orchestrator and serves the canonical operator console at /operator.
Deployment Paths
Path A: Recommended First Run (Root Local Dev)
cd openclaw-operator
npm install
cp orchestrator/.env.example orchestrator/.env
# fill in the required vars in orchestrator/.env
npm run devOpen http://127.0.0.1:3000/operator.
Path A now uses the repo-local ./orchestrator/data/orchestrator-state.json state target by default, so a first boot does not require Mongo or Redis.
Config: ./orchestrator_config.json (repo-relative paths for local dev)
Systemd service: ./systemd/orchestrator.service
If you want the always-on user-service path on 3312 after the first local boot:
mkdir -p ~/.config/systemd/user
install -m 0644 systemd/orchestrator.service ~/.config/systemd/user/orchestrator.service
systemctl --user daemon-reload
systemctl --user enable --now orchestratorThen open http://127.0.0.1:3312/operator. The tracked service assumes the repo lives at ~/openclaw-operator; if you clone elsewhere, update the unit paths before enabling it.
Path B: Official Docker Demo Stack
This is the supported public Docker path. It brings up the orchestrator, MongoDB, and Redis from the repo root and serves the operator console on a localhost-only port.
cd openclaw-operator
docker compose up -d --build
npm run docker:demo:smokeOpen http://127.0.0.1:4300/operator.
Demo bearer keys:
- viewer:
demo-viewer-key-local-only - operator:
demo-operator-key-local-only - admin:
demo-admin-key-local-only
The Docker quickstart uses ./orchestrator/orchestrator_config.json inside the container image and keeps the default host exposure on 127.0.0.1:4300 so it does not collide with the common repo-native dev port.
If you want real provider keys, different ports, or non-demo credentials:
cp docker-compose.override.example.yml docker-compose.override.yml
# edit docker-compose.override.yml
docker compose up -d --build
npm run docker:demo:smokePath C: Advanced Observability Stack
Use ./orchestrator/docker-compose.yml only when you intentionally want the heavier stack with Prometheus, Grafana, and Alertmanager.
cd openclaw-operator/orchestrator
cp .env.example .env
# fill in all required vars (see below)
docker compose up -d --buildEnvironment Variables
Local root dev vars live in ./orchestrator/.env.
| Variable | Required | Notes |
|---|---|---|
API_KEY_ROTATION or API_KEY | ✅ | Bearer auth for protected operator APIs |
WEBHOOK_SECRET | ✅ | Security posture check — orchestrator refuses to start without it |
DATABASE_URL | Optional | Enables Mongo-backed historical persistence and export surfaces |
REDIS_URL | Optional | Enables Redis-backed coordination and response caching |
OPENAI_API_KEY | Usually | Needed for the common agent mix |
ANTHROPIC_API_KEY | Optional | Needed only for Anthropic-backed paths you enable |
SLACK_ERROR_WEBHOOK | Optional | Alert delivery to Slack |
Docker demo note:
- the official root Docker path ships demo-local auth/database/cache credentials directly in
docker-compose.yml - that makes first boot easy, but those values are only for localhost try-outs
- replace them through
docker-compose.override.ymlbefore any shared or non-local deployment
Verify OpenClaw Operator Is Running
curl http://127.0.0.1:3000/health
curl http://127.0.0.1:3000/api/knowledge/summary
curl http://127.0.0.1:3312/health
curl http://127.0.0.1:4300/healthThen open http://127.0.0.1:3000/operator for root local dev, http://127.0.0.1:3312/operator for the user service, or http://127.0.0.1:4300/operator for the Docker demo and confirm the console loads.
Scheduled Tasks (in-process)
| Schedule | Task | What |
|---|---|---|
0 23 * * * (11pm UTC) | nightly-batch | Collect leads, mark high-confidence, create digest |
0 6 * * * (6am UTC) | send-digest | Send digest notification |
| Every 5 min | heartbeat | Health check |
Public Proof Surface
The public proof routes are now served directly by the orchestrator. No separate proof app or ingest pipeline is required for the active local runtime.
Public read-only surfaces:
GET /api/command-center/overviewGET /api/command-center/controlGET /api/command-center/demandGET /api/command-center/demand-liveGET /api/milestones/latestGET /api/milestones/dead-letter
Troubleshooting
Operator won't start — for root local dev, check orchestrator/.env for API_KEY_ROTATION or API_KEY, WEBHOOK_SECRET, and your model-provider key. If you intentionally enabled Mongo or Redis, also verify DATABASE_URL and REDIS_URL. For Docker demo, run docker compose logs -f orchestrator.
Public proof looks stale — check /api/milestones/latest, /api/milestones/dead-letter, and /api/command-center/overview before assuming a queue or UI problem.
Slack alerts not arriving — verify SLACK_ERROR_WEBHOOK is set and test with:
curl -X POST "$SLACK_ERROR_WEBHOOK" -d '{"text":"test"}'Deployment Checklist
- [ ]
.envcreated with the required auth vars for Path A, or full service vars for Path C - [ ]
npm installrun in the repo root (rootpostinstallinstalls orchestrator and operator console deps) - [ ]
npm run devrebuilds the operator console bundle and starts the orchestrator from the repo root - [ ]
http://127.0.0.1:3000/operator,http://127.0.0.1:3312/operator, orhttp://127.0.0.1:4300/operatorloads the canonical operator console - [ ]
/operatorloads the built operator console instead of a fixture bundle - [ ] Public proof routes respond from the orchestrator:
/api/milestones/latestand/api/command-center/overview
Root Command Hub
The root package.json is now the default command hub for the active control plane:
cd openclaw-operator
npm run build
npm run typecheck
npm run test
npm run test:unit
npm run test:integration
npm run docs:drift
npm run docs:links
npm run clean:dry-runnpm run clean is intentionally conservative: it removes cache, coverage, and TypeScript build-info artifacts only. Frontend dist/ cleanup is opt-in via npm run clean:builds.