Haven't installed OpenClaw yet? Click here for one-line install commands
curl -fsSL https://openclaw.ai/install.sh | bashiwr -useb https://openclaw.ai/install.ps1 | iexcurl -fsSL https://openclaw.ai/install.cmd -o install.cmd && install.cmd && del install.cmd- All OpenClaw settings are centralized in the JSON5-formatted file
~/.openclaw/openclaw.json, which supports comments and trailing commas and serves as the "control panel" for the entire agent system[1] - Model configuration uses a Primary + Fallback dual-layer mechanism -- when the primary model (e.g., Claude Opus 4.6) is unavailable, the system automatically downgrades to the fallback model, ensuring the agent is never interrupted[4]
- Gateway modes are divided into
local(local-only access) andremote(remote connections), switchable with a single command[5] - All sensitive parameters (API Keys, Gateway Tokens) should be written via the CLI
openclaw config setto avoid syntax errors from manual editing[3]
I. openclaw.json: Your Agent Control Panel
OpenClaw's design philosophy is "one config file to manage everything." Whether you need to adjust models, add communication channels, modify Gateway behavior, or configure security permissions, all settings converge in a single file.[1]
1.1 File Location
The default path is ~/.openclaw/openclaw.json. You can also specify a custom path via the OPENCLAW_CONFIG_PATH environment variable, but this is rarely needed in practice.[2]
When you run openclaw onboard for the first time, the system automatically creates this file and writes the initial settings. If you have a fresh installation, you don't need to create it manually.
1.2 JSON5 Format
openclaw.json uses the JSON5 format, which is a superset of standard JSON that allows:[8]
- Inline comments: Use
//to add explanations for each setting - Trailing commas: The last item can have a trailing comma, reducing copy-paste errors
- Unquoted keys: Simplified writing, less visual clutter
This means you can open it directly with a text editor and add comments so team members understand the purpose of each setting. However, the official recommendation is to use CLI commands to modify settings, to avoid syntax errors from manual editing.[3]
II. Model Settings: Primary and Fallback
Model settings are the most frequently adjusted part of OpenClaw. They determine which large language model your AI agent uses to "think."[4]
2.1 Setting the Primary Model
Use the following command to set your primary model:
openclaw config set agents.defaults.model.primary claude-opus-4-6OpenClaw supports multiple model providers, including Anthropic (Claude series), OpenAI (GPT series), Google (Gemini series), and more. When setting the model name, refer to each provider's model identifier.
2.2 Setting Fallback Models
Fallback models automatically activate when the primary model is unavailable (e.g., API rate limiting, service outage):
openclaw config set agents.defaults.model.fallbacks '["claude-sonnet-4-6", "gpt-4o"]'The fallback list is tried in order: the first available model is selected. In production environments, it is strongly recommended to configure at least one fallback model to ensure continuous agent operation.
2.3 Model Authentication
Each model provider requires independent API key or OAuth authentication. Use the following commands to manage authentication:
// Using API key
openclaw models auth setup-token --provider anthropic
// Using OAuth (interactive authorization)
openclaw models auth login --provider openaiAuthentication information is stored in ~/.openclaw/auth-profiles.json, separated from the main configuration file to reduce the risk of accidental exposure.[6]
III. Gateway Mode Settings
The Gateway is OpenClaw's central hub, routing all messages through it.[5] The Gateway mode determines who can access your agent.
3.1 Local Mode (Default)
The default local mode only allows connections from localhost (127.0.0.1), suitable for personal development and testing:
openclaw config set gateway.mode localIn this mode, the Web UI is at http://127.0.0.1:18789, accessible only from your own computer.
3.2 Remote Mode
When you need to access OpenClaw from a phone, another device, or an external network, switch to remote mode:
openclaw config set gateway.mode remoteAfter switching, you need to set up a Gateway Token to prevent unauthorized access:
openclaw doctor --generate-gateway-tokenSecurity reminder: In remote mode, be sure to use TLS (HTTPS) and a strong password Token; otherwise your entire computer will be exposed on the network.[6]
3.3 Port Configuration
The default port is 18789. If it conflicts with other services, you can customize it:
openclaw config set gateway.port 28789IV. Workspace and Agent Settings
Workspaces are OpenClaw's logical units for managing agent memory and state. Each Workspace can have independent agent settings.
4.1 Default Workspace Path
openclaw config set agents.defaults.workspace ~/my-workspaceThe Workspace directory contains the agent's context memory, conversation history, and tool call records. Different projects can use different Workspaces, allowing the agent to maintain independent knowledge contexts across projects.
4.2 Timeout Settings
The agent's execution time limit is controlled by timeoutSeconds:
openclaw config set agents.defaults.timeoutSeconds 300The default value is usually sufficient for most tasks. However, if your agent needs to perform long-running operations (such as scanning large codebases or complex browser automation workflows), you may need to increase this value.
V. Common Configuration Commands Quick Reference
| Purpose | Command |
|---|---|
| View all settings | openclaw config get |
| View specific setting | openclaw config get agents.defaults.model |
| Set primary model | openclaw config set agents.defaults.model.primary MODEL_ID |
| Set fallback models | openclaw config set agents.defaults.model.fallbacks '["MODEL_A","MODEL_B"]' |
| Switch Gateway mode | openclaw config set gateway.mode local|remote |
| Change port | openclaw config set gateway.port PORT |
| Set Workspace | openclaw config set agents.defaults.workspace PATH |
| Remove setting | openclaw config unset KEY |
| Validate config file | openclaw doctor |
All config set commands immediately write to openclaw.json, but some settings (such as Gateway mode) require restarting the Gateway to take effect.[3]
VI. Security Best Practices
OpenClaw is an agent with access to your entire computer. Improper configuration can lead to serious security risks.[6][7]
- Never push openclaw.json to Git: The config file may contain sensitive Tokens and path information
- Use CLI instead of manual editing:
openclaw config setautomatically validates format and value legality - Remote mode must use a Token: A remote Gateway without a Token is effectively handing over computer control to the public internet
- Rotate API keys regularly: Update model provider API keys every 90 days
- Principle of least privilege: Only enable the Skills and Hooks that the agent actually needs, reducing the attack surface
Conclusion
OpenClaw's configuration system is built around the core philosophy of "one file to manage everything," simplifying a complex distributed agent architecture into intuitive key-value pairs.[1] Master the structure of openclaw.json and the config set command, and you master control over the entire agent system.
If you encounter issues during configuration, refer to our "OpenClaw Troubleshooting Guide", or use openclaw doctor --fix to let the system automatically repair common configuration errors.
