System Documentation
OpenClaw HQ is a multi-agent swarm orchestration system. It uses a hub-and-spoke model where a central orchestrator (HQ_Commander) delegates tasks to specialised sub-agents by detecting @mention tags in the chat.
All agents — orchestrator and sub-agents — run on Z.AI GLM-5 via an OpenAI-compatible endpoint at https://api.z.ai/v1.
Three Docker services connected via Redis pub/sub (sidecar pattern):
User Message
│
▼
OpenClaw Gateway ──publish──▶ Redis openclaw:events
(Node.js · port 11110) │
▼
Python Swarm Router
detects @Coder / @Reviewer / @Planner
│
▼
Z.AI GLM-5 (per-agent system prompt)
│
▼
Redis openclaw:incoming
│
▼
OpenClaw Gateway ──▶ User (dashboard)openclaw_core
Node.js gateway & WebSocket server
openclaw_redis
Event bus (pub/sub message queue)
openclaw_router
Python sidecar — swarm routing logic
Mention an agent by tag in your message to summon it. The router detects the tag, calls GLM-5 with a specialised system prompt, and streams the reply back into the dashboard wrapped in a colour-coded block.
Writes clean, efficient code and terminal commands. Outputs only the code block or commands required — no extra commentary.
Critiques code for bugs, security vulnerabilities, and performance issues. Provides structured, actionable feedback.
Breaks down requests into step-by-step milestones with clear deliverables. Ideal for scoping features or planning sprints.
Example usage
@Coder write a Python function that validates email addresses @Reviewer check this code for SQL injection: SELECT * FROM users WHERE id = req.params.id @Planner plan the rollout of a multi-tenant SaaS billing system
The dashboard is a three-pane real-time interface:
Left pane
Agent Network
Live status of all known agents — active (green pulse), idle (gray), error (red). Shows message counts.
Centre pane
Mission Control
Main chat area. Streams assistant responses in real time. Sub-agent replies are colour-coded by agent type.
Right pane
Shared Workspace
Tracks files created and tools invoked during the session. Auto-detects file paths from tool results.
The bottom status bar shows WebSocket connection state and the active session key. The gear icon (top-right) opens password settings. The logout icon ends the session.
Gateway → Router
All messages sent by users or the orchestrator
Router → Gateway
Sub-agent replies to be injected into the chat
Practical examples showing how to get the most out of each agent.
@Coder examples
# Generate a complete implementation
@Coder write a FastAPI endpoint that accepts a JSON body with
"user_id" and "amount", validates both fields, and inserts a
payment record into PostgreSQL using asyncpg.
# Fix a bug
@Coder this function throws a KeyError on line 12. Fix it:
def get_price(data):
return data["price"] * data["qty"]
# Write tests
@Coder write pytest unit tests for the following auth module,
cover happy path, invalid token, and expired token cases:
[paste code here]
# Shell / DevOps
@Coder write a bash script that tails the last 100 lines of
/var/log/app.log, filters for ERROR lines, and sends them to
a Slack webhook stored in $SLACK_URL@Reviewer examples
# Security audit
@Reviewer audit this Express.js route for injection vulnerabilities:
app.get('/user', (req, res) => {
db.query('SELECT * FROM users WHERE id = ' + req.query.id)
})
# Code review
@Reviewer review this Python class for performance issues,
error handling gaps, and any anti-patterns:
[paste class here]
# Dependency check
@Reviewer we're using jwt==1.7.1 and requests==2.18.0 in
production — flag any known CVEs or version concerns.
# Architecture review
@Reviewer we plan to store session tokens in localStorage
on the frontend. What are the security implications?@Planner examples
# Feature planning @Planner plan the implementation of a multi-tenant billing system using Stripe. We have a Next.js frontend and a FastAPI backend with PostgreSQL. # Sprint breakdown @Planner break this epic into a 2-week sprint with clear daily milestones: "Add real-time notifications to the dashboard using WebSockets" # Migration planning @Planner we need to migrate 2M user records from MySQL to PostgreSQL with zero downtime. Create a step-by-step plan including rollback strategy. # Risk assessment @Planner what are the risks of deploying to production on a Friday afternoon and how do we mitigate them?
Multi-agent workflows
# Design → Build → Review pipeline @Planner break down building a user authentication system with JWT into tasks # (after Planner responds) @Coder implement task 1: create the /auth/login endpoint with bcrypt password verification # (after Coder responds) @Reviewer review the login endpoint above for security issues # Iterative refinement @Coder write a rate limiter middleware for Express @Reviewer check the rate limiter for edge cases @Coder apply the Reviewer's suggestions
# Watch all Redis traffic in real time docker exec openclaw_redis redis-cli MONITOR # Tail individual service logs docker logs -f openclaw_core # Node.js gateway docker logs -f openclaw_router # Python swarm router docker logs -f openclaw_redis # Redis # Rebuild only the router sidecar docker-compose up -d --build openclaw_router # Run OpenClaw self-diagnostics pnpm openclaw doctor
OpenClaw HQ · GLM-5 via Z.AI · All sessions logged