docs/gateway/cli-backends.md
OpenClaw can run a local AI CLI as a text-only fallback when API providers are down, rate-limited, or misbehaving. It is intentionally conservative:
bundleMcp: true can receive gateway tools through a loopback MCP bridge.Use it as a safety net for "always works" text responses, not a primary path. For a full harness runtime with ACP session controls, background tasks, thread/conversation binding, and persistent external coding sessions, use ACP Agents instead; CLI backends are not ACP.
<Tip> Building a new backend plugin? See [CLI backend plugins](/plugins/cli-backend-plugins). This page covers configuring and operating an already-registered backend. </Tip>The bundled Anthropic plugin registers a default claude-cli backend, so it works with no config beyond having Claude Code installed and logged in:
openclaw agent --agent main --message "hi" --model claude-cli/claude-sonnet-4-6
main is the default agent id when no explicit agent list is configured; swap in your own agent id otherwise.
If the gateway runs under launchd/systemd with a minimal PATH, point at the binary explicitly:
{
agents: {
defaults: {
cliBackends: {
"claude-cli": {
command: "/opt/homebrew/bin/claude",
},
},
},
},
}
If you use a bundled CLI backend as the primary message provider on a gateway host, OpenClaw auto-loads the owning bundled plugin when your config references that backend in a model ref or under agents.defaults.cliBackends.
Add the CLI backend to your fallback list so it only runs when primary models fail:
{
agents: {
defaults: {
model: {
primary: "anthropic/claude-opus-4-6",
fallbacks: ["claude-cli/claude-sonnet-4-6"],
},
models: {
"anthropic/claude-opus-4-6": { alias: "Opus" },
"claude-cli/claude-sonnet-4-6": {},
},
},
},
}
If you use agents.defaults.models as an allowlist, include your CLI backend models there too. When the primary provider fails (auth, rate limits, timeouts), OpenClaw tries the CLI backend next.
All CLI backends live under agents.defaults.cliBackends, keyed by provider id (e.g. claude-cli, my-cli). The provider id becomes the left side of the model ref: <provider>/<model>.
{
agents: {
defaults: {
cliBackends: {
"my-cli": {
command: "my-cli",
args: ["--json"],
output: "json",
input: "arg",
modelArg: "--model",
modelAliases: {
"claude-opus-4-6": "opus",
"claude-sonnet-4-6": "sonnet",
},
sessionArg: "--session",
sessionMode: "existing",
sessionIdFields: ["session_id", "conversation_id"],
systemPromptArg: "--system",
// Dedicated prompt-file flag:
// systemPromptFileArg: "--system-file",
// Codex-style config-override flag instead:
// systemPromptFileConfigArg: "-c",
// systemPromptFileConfigKey: "model_instructions_file",
systemPromptWhen: "first",
imageArg: "--image",
imageMode: "repeat",
// Opt in only if this backend may reseed invalidated sessions from
// bounded raw OpenClaw transcript history before compaction.
reseedFromRawTranscriptWhenUncompacted: true,
serialize: true,
},
},
},
},
}
claude-cli/...).claude-cli backend keeps a Claude stdio process alive per OpenClaw session and sends follow-up turns over stream-json stdin.The bundled claude-cli backend prefers Claude Code's native skill resolver. When the current skills snapshot has at least one selected skill with a materialized path, OpenClaw passes a temporary Claude Code plugin via --plugin-dir and omits the duplicate OpenClaw skills catalog from the appended system prompt. Without a materialized plugin skill, OpenClaw keeps the prompt catalog as a fallback. Skill env/API key overrides still apply to the child process environment for the run.
Claude CLI has its own noninteractive permission mode; OpenClaw maps that to the existing exec policy instead of adding Claude-specific config. For OpenClaw-managed Claude live sessions, the effective exec policy is authoritative: YOLO (tools.exec.security: "full" and tools.exec.ask: "off") launches Claude with --permission-mode bypassPermissions, while a restrictive policy launches it with --permission-mode default. Per-agent agents.list[].tools.exec settings override the global tools.exec for that agent. Raw backend args may still include --permission-mode, but live Claude launches normalize that flag to match the effective policy.
The backend also maps OpenClaw /think levels to Claude Code's native --effort flag: minimal/low -> low, adaptive/medium -> medium, and high/xhigh/max pass through directly. Other CLI backends need their owning plugin to declare an equivalent argv mapper before /think affects the spawned CLI.
Before OpenClaw can use claude-cli, Claude Code itself must be logged in on the same host:
claude auth login
claude auth status --text
openclaw models auth login --provider anthropic --method cli --set-default
Docker installs need Claude Code installed and logged in inside the persisted container home, not only on the host; see Claude CLI backend in Docker.
Set agents.defaults.cliBackends.claude-cli.command only when the claude binary is not already on PATH.
sessionArg (e.g. --session-id), or sessionArgs (placeholder {sessionId}) when the id needs to land in multiple flags.resumeArgs (replaces args when resuming) and optionally resumeOutput for non-JSON resumes.sessionMode:
always: always send a session id (new UUID if none stored).existing: only send a session id if one was stored before.none: never send a session id.claude-cli defaults to liveSession: "claude-stdio", output: "jsonl", and input: "stdin", so follow-up turns reuse the live Claude process while it is active, including for custom configs that omit transport fields. If the gateway restarts or the idle process exits, OpenClaw resumes from the stored Claude session id. Stored session ids are verified against a readable project transcript before resume; a missing transcript clears the binding (logged as reason=transcript-missing) instead of silently starting a fresh session under --resume.agents.defaults.cliBackends.claude-cli.reliability.outputLimits.maxTurnRawChars and maxTurnLines; OpenClaw clamps those settings to 64 MiB and 100,000 lines./reset and explicit session.reset policies still do.reseedFromRawTranscriptWhenUncompacted: true. Raw transcript reseed stays bounded and limited to safe invalidations, such as a missing CLI transcript, an orphaned tool-use tail, message-policy/system-prompt/cwd/MCP changes, or a session-expired retry; auth profile or credential-epoch changes never reseed raw transcript history.Serialization: serialize: true keeps same-lane runs ordered (most CLIs serialize on one provider lane). OpenClaw also drops stored CLI session reuse when the selected auth identity changes, including a changed auth profile id, static API key, static token, or OAuth account identity when the CLI exposes one; OAuth access/refresh token rotation alone does not cut the session. If a CLI has no stable OAuth account id, OpenClaw lets that CLI enforce its own resume permissions.
When a claude-cli attempt fails over to a non-CLI candidate in agents.defaults.model.fallbacks, OpenClaw seeds the next attempt with a context prelude harvested from Claude Code's local JSONL transcript (under ~/.claude/projects/, keyed per workspace). Without this seed the fallback provider starts cold, since OpenClaw's own session transcript is empty for claude-cli runs.
/compact summary or compact_boundary marker, then appends the most recent post-boundary turns up to a char budget. Pre-boundary turns are dropped because the summary already represents them.(tool call: name) and (tool result: …) hints to keep the prompt budget honest; an oversized summary is truncated and labeled (truncated).claude-cli to claude-cli fallbacks rely on Claude's own --resume and skip the prelude.If your CLI accepts image paths, set imageArg:
imageArg: "--image",
imageMode: "repeat"
OpenClaw writes base64 images to temp files. If imageArg is set, those paths are passed as CLI args; if not, OpenClaw appends the file paths to the prompt (path injection), which works for CLIs that auto-load local files from plain paths.
output: "text" (default) treats stdout as the final response.output: "json" tries to parse JSON and extract text plus a session id.output: "jsonl" parses a JSONL stream and extracts the final agent message plus session identifiers when present.response and usage from stats when usage is missing or empty. The bundled Gemini CLI default uses stream-json; old --output-format json overrides still use the JSON parser.Input modes:
input: "arg" (default) passes the prompt as the last CLI arg.input: "stdin" sends the prompt via stdin.maxPromptArgChars is set, stdin is used instead.CLI backend defaults are part of the plugin surface:
api.registerCliBackend(...).id becomes the provider prefix in model refs.agents.defaults.cliBackends.<id> still overrides the plugin default.normalizeConfig hook.Anthropic owns claude-cli and Google owns google-gemini-cli. OpenAI Codex agent runs use the Codex app-server harness through openai/*; OpenClaw no longer registers a bundled codex-cli backend.
The bundled Anthropic plugin registers for claude-cli:
| Key | Value |
|---|---|
command | claude |
args | -p --output-format stream-json --include-partial-messages --verbose --setting-sources user --allowedTools mcp__openclaw__* --disallowedTools ScheduleWakeup,CronCreate,Bash(run_in_background:true),Monitor |
output | jsonl |
input | stdin |
modelArg | --model |
sessionArg | --session-id |
sessionMode | always |
imageArg | @ |
imagePathScope | workspace |
systemPromptFileArg | --append-system-prompt-file |
systemPromptMode | append |
The bundled Google plugin registers for google-gemini-cli:
| Key | Value |
|---|---|
command | gemini |
args | --skip-trust --approval-mode auto_edit --output-format stream-json --prompt {prompt} |
resumeArgs | same, with --resume {sessionId} |
output / resumeOutput | jsonl |
jsonlDialect | gemini-stream-json |
imageArg | @ |
imagePathScope | workspace |
modelArg | --model |
sessionMode | existing |
sessionIdFields | ["session_id", "sessionId"] |
Prerequisite: the local Gemini CLI must be installed and on PATH as gemini (brew install gemini-cli or npm install -g @google/gemini-cli).
Gemini CLI output notes:
stream-json parser reads assistant message events, tool events, final result usage, and fatal Gemini error events.--output-format json, OpenClaw normalizes that backend back to output: "json" and reads reply text from the JSON response field.stats when usage is absent or empty; stats.cached normalizes into OpenClaw cacheRead, and if stats.input is missing, input tokens derive from stats.input_tokens - stats.cached.Override defaults only if needed (most commonly an absolute command path).
Plugins that need small prompt/message compatibility shims can declare bidirectional text transforms without replacing a provider or CLI backend:
api.registerTextTransforms({
input: [{ from: /red basket/g, to: "blue basket" }],
output: [{ from: /blue basket/g, to: "red basket" }],
});
input rewrites the system prompt and user prompt passed to the CLI. output rewrites streamed assistant text and parsed final text before OpenClaw handles its own control markers and channel delivery; for provider-backed model calls it also restores string values inside structured tool-call arguments after stream repair and before tool execution. Raw provider JSON fragments are left unchanged; consumers should use the structured partial, end, or result payload.
For CLIs that emit provider-specific JSONL events, set jsonlDialect on that backend's config: claude-stream-json for Claude Code-compatible streams, gemini-stream-json for Gemini CLI stream-json events.
Some CLI backends run an agent that compacts its own transcript, so OpenClaw must not run its safeguard summarizer against them — doing so fights the backend's own compaction and can hard-fail the turn.
claude-cli has no harness endpoint (Claude Code compacts internally), so it declares ownsNativeCompaction: true and OpenClaw's compaction path returns the session entry unchanged. Native-harness sessions such as Codex keep routing to their harness compaction endpoint instead.
api.registerCliBackend({ id: "my-cli", ownsNativeCompaction: true /* ... */ });
Only declare ownsNativeCompaction for a backend that genuinely owns compaction: it must reliably bound its own transcript near the context window and persist a resumable session (e.g. --resume / --session-id), or a deferred session can stay over budget.
CLI backends do not receive OpenClaw tool calls directly, but a backend can opt into a generated MCP config overlay with bundleMcp: true. Current bundled behavior:
claude-cli: generated strict MCP config file.google-gemini-cli: generated Gemini system settings file.When bundle MCP is enabled, OpenClaw:
OPENCLAW_MCP_TOKEN);If no MCP servers are enabled, OpenClaw still injects a strict config when a backend opts into bundle MCP, so background runs stay isolated.
Session-scoped bundled MCP runtimes are cached for reuse within a session, then reaped after mcp.sessionIdleTtlMs milliseconds of idle time (default 10 minutes; set 0 to disable). One-shot embedded runs such as auth probes, slug generation, and active-memory recall request cleanup at run end so stdio children and Streamable HTTP/SSE streams do not outlive the run.
When a fresh CLI session is seeded from a prior OpenClaw transcript (for example after a session_expired retry), the rendered <conversation_history> block is capped to keep reseed prompts from exploding. The default is 12,288 characters (about 3,000 tokens).
Claude CLI backends scale this cap with the resolved Claude context window instead: larger context windows get a larger prior-history slice, up to a fixed ceiling; other CLI backends keep the conservative default. This cap only governs the reseed prompt's prior-history block — live-session output limits are tuned separately under reliability.outputLimits (see Sessions).
bundleMcp: true.| Symptom | Fix |
|---|---|
| CLI not found | Set command to a full path. |
| Wrong model name | Use modelAliases to map provider/model to the CLI's model id. |
| No session continuity | Ensure sessionArg is set and sessionMode is not none. |
| Images ignored | Set imageArg and verify the CLI supports file paths. |