Many users describe the AI agent OpenClaw (formerly Moltbot) as “always on” or “autonomous” – as if it has a life of its own. But that’s a misconception. OpenClaw is not a sentient being that thinks continuously. When the agent becomes active at 3 AM, a timer, heartbeat, or webhook triggered an event. What makes OpenClaw special is not consciousness, but excellent engineering.
In this architecture deep-dive, we examine how OpenClaw works internally – understandable for CIOs and technical decision-makers who want to understand how modern self-hosted AI agents are built.
What is OpenClaw (Moltbot)?
OpenClaw – still known to many by its original name Moltbot – is a personal AI assistant that runs on your own devices (self-hosted, local-first). It was developed by Peter Steinberger, who joined OpenAI on February 14, 2026 and transferred the project under its new name OpenClaw to a foundation model. The project is available under MIT license and has already collected over 200,000 GitHub stars.
Core Features:
- Connection to existing messaging channels: WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Google Chat, Microsoft Teams, Matrix, BlueBubbles, Zalo, WebChat, and more
- Real actions: Control browsers, read/write files, execute shell commands, cron jobs, camera/screen access
- Self-Hosted: All data remains on your devices – no cloud dependency
What OpenClaw is NOT:
- Not a continuously thinking system
- Not a sentient being
- No “real” autonomy – all actions are triggered by events
Autonomous AI Agents: The Misconception
OpenClaw feels proactive because it processes more input types than just chat messages – and processes them in a consistent loop. Unlike classic chatbots that only respond to direct user input, OpenClaw can react to various event sources:
- Chat messages from different platforms
- Timers & Cron jobs for scheduled tasks
- Webhooks from external systems
- Heartbeat events for status checks
- System events like file changes or network status
This variety of input sources creates the impression of autonomy. Technically speaking, OpenClaw is an event-driven state machine – highly efficient, but not “conscious.” For more on what AI agents actually are, read our foundational article AI Agents: What Are They, Really?
OpenClaw Architecture: The Hub-and-Spoke Model
OpenClaw follows a hub-and-spoke model with the gateway at the center:
WhatsApp / Telegram / Slack / Discord / Signal / iMessage / ...
│
▼
┌───────────────────────────────┐
│ Gateway (Daemon) │
│ (Control Plane) │
│ ws://127.0.0.1:18789 │
└──────────────┬────────────────┘
│
├─ Pi Agent Runtime (RPC)
├─ CLI (openclaw …)
├─ WebChat UI
├─ macOS App
└─ iOS / Android NodesComponents in Detail:
Gateway = Traffic Controller + Source of Truth
- A single, long-lived daemon
- Owns all messaging surfaces (WhatsApp via Baileys, Telegram via grammY, etc.)
- Validates incoming frames against JSON Schema
- Exposes a typed WebSocket API
- Exactly one gateway per host
Agent Runtime = Worker
- Handles the “thinking + acting”
- Executes LLM queries
- Orchestrates tools and skills
- Can work locally (Ollama, DeepSeek) or remotely (Claude, GPT)
The OpenClaw Gateway: Central Router and WebSocket API
The gateway is the heart of OpenClaw. It acts as a central router that collects, validates, and forwards all incoming events to the right agents.
Wire Protocol
OpenClaw uses a simple but powerful WebSocket protocol:
| Frame Type | Structure | Direction | Purpose |
|---|---|---|---|
| Request | {type: "req", id, method, params} | Client → Gateway | Request from client |
| Response | {type: "res", id, ok, payload|error} | Gateway → Client | Response from gateway |
| Event | {type: "event", event, payload, seq?} | Gateway → Client | Server-push event |
Important Rules:
- The first frame MUST be a
connectframe – otherwise the connection is hard-closed - Token auth for non-local connections
- TypeBox schemas as single source of truth → runtime validation, JSON schema export, Swift model codegen
Event Types
The gateway emits various event types:
- agent – Agent responses and status updates
- chat – New messages from messaging channels
- presence – Online/offline status of contacts
- health – System health checks
- heartbeat – Periodic heartbeats
- cron – Time-triggered events
This event diversity enables OpenClaw to react to various situations – without human intervention.
Session Management: Data Isolation in the AI Agent
A critical aspect of OpenClaw’s architecture is session management. Sessions prevent context leaks between different channels and people.
Session Concepts:
Default Mode (Standard):
- One shared DM session (
main) per agent – all DMs land in the same context - Separate sessions for groups/channels/threads
- Persistence as JSONL on disk:
~/.openclaw/agents/<agent-id>/sessions/
Secure DM Mode (opt-in):
- Isolates DMs per sender/channel
- Prevents context sharing between different people
- Ideal for multi-user setups – must be explicitly enabled
Why is This Important?
In enterprise environments, data isolation is critical. Imagine an agent answering questions from different employees:
- Without session isolation: Employee A could accidentally see information from Employee B
- With session isolation: Each employee has their own context – no cross-contamination
OpenClaw offers a conscious design choice here: In default mode, all DMs share one context – convenient for single users. For enterprise environments, the Secure DM Mode should be enabled, which provides true isolation.
OpenClaw vs. Chatbot: Key Differences
What distinguishes OpenClaw from a simple ChatGPT wrapper?
| Aspect | Classic Chatbot | OpenClaw |
|---|---|---|
| Input | Only chat messages | Chat, timers, webhooks, system events |
| State | Often stateless or only conversation history | Persistent sessions with full context |
| Actions | Text responses | Browser, shell, files, APIs, cron jobs |
| Deployment | Cloud-hosted | Self-hosted, local-first |
| Privacy | Data goes to third parties | All data stays local |
| LLM Flexibility | Fixed | Switch between remote/local with one config change |
OpenClaw is not a chatbot – it’s a programmable workflow engine with AI at its core. For a deeper comparison between traditional workflows and AI agents, see our analysis: Digital Workflows vs. AI Agents
AI Agents in the Enterprise: Use Cases and GDPR
From a technical perspective, OpenClaw is impressive. But what does this mean for your business?
Use Cases:
1. Internal Process Automation
- Automatic system monitoring
- Notifications for anomalies
- Ticket creation for problems
- Daily report summaries
2. Multi-Channel Customer Service
- One agent responding on WhatsApp, Telegram, and Slack simultaneously
- Consistent responses across all channels
- Context sharing (where desired) or isolation (where needed)
3. Personal Assistants for Executives
- Email triage and summarization
- Calendar management
- Meeting preparation
- Research tasks
4. Developer Productivity
- Code review assistance
- Documentation generation
- Bug triage
- Automated tests
The Self-Hosted Philosophy
A crucial point for German companies: GDPR compliance. Since OpenClaw runs self-hosted, all data remains in your own data center.
Important: GDPR compliance only applies as long as the LLM is also operated locally (e.g., via Ollama or DeepSeek). As soon as a remote LLM like Claude or GPT-4 is configured, prompt data flows to the respective provider – with all data protection implications. Companies should carefully weigh local vs. remote processing.
This is not just a compliance advantage – it also gives you full control over:
- What data is processed
- How long data is stored
- Who has access to which sessions
- Which LLM is used (local vs. remote)
Technical Challenges: Event Ordering, State and LLM Integration
OpenClaw solves several non-trivial engineering problems:
1. Multi-Platform Messaging
Challenge: Each messaging platform has its own API, authentication, and quirks.
Solution: Abstraction layer with modular adapters. New platforms can be added as plugins without changing core code.
2. Event Ordering and Race Conditions
Challenge: Events can arrive simultaneously from different sources.
Solution: Queue-based serialization of event processing (one event is fully processed before the next begins), single-writer pattern for sessions, sequence numbers (seq) for traceability.
3. State Management
Challenge: How to persist state reliably without sacrificing performance?
Solution: JSONL files for sessions (append-only), memory cache for frequently used sessions, lazy loading.
4. LLM Flexibility
Challenge: Different LLMs have different APIs, token limits, capabilities.
Solution: Abstraction layer that uniformly addresses OpenAI, Anthropic, local models (Ollama, DeepSeek).
OpenClaw Plugin System: Skills and Extensibility
OpenClaw is extensible by design. The plugin system (“Skills”) enables:
- Hot-reload during development
- Growing community marketplace
- Type-safe skill definitions
Examples of available skills:
- Web scraping – Extract content from websites
- Email – Gmail/Outlook integration
- Calendar – Google Calendar, Outlook Calendar
- GitHub – Issues, PRs, code review
This extensibility makes OpenClaw a platform, not just a tool.
AI Agent Security: Best Practices for Enterprises
With great power comes great responsibility. OpenClaw can execute shell commands, modify files, send emails – this carries risks. For a deeper security analysis, see our article OpenClaw: When AI Agents Get Full System Access.
Security Measures in OpenClaw:
- Self-Hosted: No third-party access
- Session Isolation: Prevents unwanted context sharing
- Token Auth: Only authorized clients can connect
- Prompt Injection Awareness: Documented best practices and recommendations for hardening
- Skill Execution in Gateway Process: Plugins run directly in the gateway – access control via configuration and policies
- Audit CLI: All agent actions are logged and can be traced
Best Practices for Enterprises:
- Never run OpenClaw with admin privileges
- Separate agents for different sensitivity levels
- Regular reviews of executed actions
- Clear policies on which skills may be activated
- Network segmentation: OpenClaw only in defined network zones
OpenClaw Foundation: Open Source Over Vendor Lock-in
Peter Steinberger’s move to OpenAI and the transfer to a foundation model show: OpenClaw is more than a side project. It’s a statement on how AI agents should be built:
- Open Source instead of vendor lock-in
- Privacy-First instead of cloud-only
- Community-Driven instead of corporate-controlled
- Extensible instead of monolithic
OpenClaw demonstrates that “autonomous” agents are not magic – it’s good engineering. The architecture is well thought out, modular, and scalable.
Conclusion: OpenClaw Architecture – Engineering Over Magic
OpenClaw feels “alive” because it:
- Has many input sources (not just chat)
- Manages persistent state across sessions
- Can execute real actions (not just respond)
- Works event-driven (proactive instead of reactive)
- Runs locally (always available, no API limits)
Technically speaking, it’s a highly optimized state machine with LLM integration – but that’s exactly what makes modern AI agents.
For decision-makers, the core question is: How can we integrate these architectural principles into our own systems?
OpenClaw shows the way:
- Event-driven instead of request-response
- Multi-channel instead of single-channel
- Self-hosted instead of cloud-dependent
- Extensible instead of monolithic
The future of enterprise AI doesn’t lie in closed SaaS solutions, but in open, self-hosted platforms that seamlessly integrate into existing infrastructures.
OpenClaw is the proof of concept. The next step is yours.
About the Author
Tobias Jonas is Co-CEO of innFactory AI Consulting GmbH and expert in AI architectures and cloud systems. He advises companies on the strategic integration of AI agents into existing IT landscapes.
Want to understand how AI agents like OpenClaw can be deployed in your company? Contact us for a no-obligation consultation – or learn more about our AI Strategy Consulting and our GDPR-compliant product CompanyGPT.