kaiwu/openclaw-skill
1
0
Fork 0
forked from Selig/openclaw-skill
Code Pull Requests Activity

Initial commit: OpenClaw Skill Collection

Browse Source 
6 custom skills (assign-task, dispatch-webhook, daily-briefing,
task-capture, qmd-brain, tts-voice) with technical documentation.
Compatible with Claude Code, OpenClaw, Codex CLI, and OpenCode.
This commit is contained in:
Selig
2026-03-13 10:58:30 +08:00
commit 4c966a3ad2
884 changed files with 140761 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
openclaw-knowhow-skill/docs/infrastructure/web/index.md Normal file
View File

@@ -0,0 +1,114 @@
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.openclaw.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Web
# Web (Gateway)
The Gateway serves a small **browser Control UI** (Vite + Lit) from the same port as the Gateway WebSocket:
* default: `http://<host>:18789/`
* optional prefix: set `gateway.controlUi.basePath` (e.g. `/openclaw`)
Capabilities live in [Control UI](/web/control-ui).
This page focuses on bind modes, security, and web-facing surfaces.
## Webhooks
When `hooks.enabled=true`, the Gateway also exposes a small webhook endpoint on the same HTTP server.
See [Gateway configuration](/gateway/configuration) → `hooks` for auth + payloads.
## Config (default-on)
The Control UI is **enabled by default** when assets are present (`dist/control-ui`).
You can control it via config:
```json5 theme={null}
{
gateway: {
controlUi: { enabled: true, basePath: "/openclaw" }, // basePath optional
},
}
```
## Tailscale access
### Integrated Serve (recommended)
Keep the Gateway on loopback and let Tailscale Serve proxy it:
```json5 theme={null}
{
gateway: {
bind: "loopback",
tailscale: { mode: "serve" },
},
}
```
Then start the gateway:
```bash theme={null}
openclaw gateway
```
Open:
* `https://<magicdns>/` (or your configured `gateway.controlUi.basePath`)
### Tailnet bind + token
```json5 theme={null}
{
gateway: {
bind: "tailnet",
controlUi: { enabled: true },
auth: { mode: "token", token: "your-token" },
},
}
```
Then start the gateway (token required for non-loopback binds):
```bash theme={null}
openclaw gateway
```
Open:
* `http://<tailscale-ip>:18789/` (or your configured `gateway.controlUi.basePath`)
### Public internet (Funnel)
```json5 theme={null}
{
gateway: {
bind: "loopback",
tailscale: { mode: "funnel" },
auth: { mode: "password" }, // or OPENCLAW_GATEWAY_PASSWORD
},
}
```
## Security notes
* Gateway auth is required by default (token/password or Tailscale identity headers).
* Non-loopback binds still **require** a shared token/password (`gateway.auth` or env).
* The wizard generates a gateway token by default (even on loopback).
* The UI sends `connect.params.auth.token` or `connect.params.auth.password`.
* The Control UI sends anti-clickjacking headers and only accepts same-origin browser
websocket connections unless `gateway.controlUi.allowedOrigins` is set.
* With Serve, Tailscale identity headers can satisfy auth when
`gateway.auth.allowTailscale` is `true` (no token/password required). Set
`gateway.auth.allowTailscale: false` to require explicit credentials. See
[Tailscale](/gateway/tailscale) and [Security](/gateway/security).
* `gateway.tailscale.mode: "funnel"` requires `gateway.auth.mode: "password"` (shared password).
## Building the UI
The Gateway serves static files from `dist/control-ui`. Build them with:
```bash theme={null}
pnpm ui:build # auto-installs UI deps on first run
```