Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green. Closes #100141
17 KiB
summary, read_when, title
| summary | read_when | title | ||
|---|---|---|---|---|
| CLI reference for `openclaw migrate` (import state from another agent system) |
|
Migrate |
openclaw migrate
Import state from another agent system through a plugin-owned migration provider. Bundled providers cover Claude, Codex CLI, and Hermes; plugins can register additional providers.
For user-facing walkthroughs, see [Migrating from Claude](/install/migrating-claude) and [Migrating from Hermes](/install/migrating-hermes). The [migration hub](/install/migrating) lists all paths.Commands
openclaw migrate list
openclaw migrate claude --dry-run
openclaw migrate codex --dry-run
openclaw migrate codex --skill gog-vault77-google-workspace
openclaw migrate codex --plugin google-calendar --dry-run
openclaw migrate codex --plugin google-calendar --verify-plugin-apps --dry-run
openclaw migrate hermes --dry-run
openclaw migrate hermes
openclaw migrate apply codex --yes --skill gog-vault77-google-workspace
openclaw migrate apply codex --yes --plugin google-calendar
openclaw migrate apply codex --yes
openclaw migrate apply claude --yes
openclaw migrate apply hermes --yes
openclaw migrate apply hermes --include-secrets --yes
openclaw onboard --flow import
openclaw onboard --import-from claude --import-source ~/.claude
openclaw onboard --import-from hermes --import-source ~/.hermes
Running openclaw migrate <provider> with no other flags plans, previews, and (in a TTY) prompts before applying. openclaw migrate plan <provider> and openclaw migrate apply <provider> split preview and apply into separate subcommands with the same flags.
Safety model
openclaw migrate is preview-first.
`openclaw migrate apply <provider>` previews the plan and prompts before changing state unless `--yes` is set. In non-interactive mode, apply requires `--yes`.
Apply creates and verifies an OpenClaw backup before applying the migration. If no local OpenClaw state exists yet, the backup step is skipped and the migration continues. To skip a backup when state exists, pass both `--no-backup` and `--force`.
Apply refuses to continue when the plan has conflicts. Review the plan, then rerun with `--overwrite` if replacing existing targets is intentional. Providers may still write item-level backups for overwritten files in the migration report directory.
Interactive apply asks whether to import detected auth credentials, with yes selected by default. Use `--no-auth-credentials` to skip them, or `--include-secrets` for unattended credential import with `--yes`.
Claude provider
The bundled Claude provider detects Claude Code state at ~/.claude by default. Use --from <path> to import a specific Claude Code home or project root.
What Claude imports
- Project
CLAUDE.mdand.claude/CLAUDE.mdinto the OpenClaw agent workspace (AGENTS.md). - User
~/.claude/CLAUDE.mdappended to workspaceUSER.md. - MCP server definitions from project
.mcp.json, Claude Code~/.claude.json(including its per-project entries), and Claude Desktopclaude_desktop_config.json. - Claude skill directories that include
SKILL.md(user~/.claude/skillsand project.claude/skills). - Claude command Markdown files (user
~/.claude/commandsand project.claude/commands) converted into OpenClaw skills with manual invocation only.
Archive and manual-review state
Claude hooks, permissions, environment defaults, project CLAUDE.local.md, .claude/rules, user and project agents/ directories, and project history (projects, cache, plans under ~/.claude) are preserved in the migration report or reported as manual-review items. OpenClaw does not execute hooks, copy broad allowlists, or import OAuth/Desktop credential state automatically.
Codex provider
The bundled Codex provider detects Codex CLI state at ~/.codex by default, or at CODEX_HOME when that environment variable is set. Use --from <path> to inventory a specific Codex home.
Use this provider when moving to the OpenClaw Codex harness and you want to promote useful personal Codex CLI assets deliberately. Local Codex app-server launches use a per-agent CODEX_HOME, so they do not read your personal ~/.codex by default. The normal process HOME is still inherited, so Codex can see shared $HOME/.agents/* skills/plugin marketplace entries and subprocesses can find user-home config and tokens.
Running openclaw migrate codex in an interactive terminal previews the full plan, then opens checkbox selectors before the final apply confirmation. Skill copy items are prompted first. Use Toggle all on or Toggle all off for bulk selection. Press Space to toggle rows, or Enter to activate the highlighted row and continue. Planned skills start checked, conflict skills start unchecked, and Skip for now skips skill copies for this run while still continuing to plugin selection. When source-installed curated Codex plugins are migratable and --plugin was not supplied, migration then prompts for native Codex plugin activation by plugin name. Plugin items start checked unless the target OpenClaw Codex plugin config already has that plugin. Existing target plugins start unchecked and show a conflict hint such as conflict: plugin exists; choose Toggle all off to migrate no native Codex plugins in that run, or Skip for now to stop before applying.
For scripted or exact runs, select one or more skills or plugins explicitly:
openclaw migrate codex --dry-run --skill gog-vault77-google-workspace
openclaw migrate apply codex --yes --skill gog-vault77-google-workspace
openclaw migrate codex --dry-run --plugin google-calendar
openclaw migrate apply codex --yes --plugin google-calendar
What Codex imports
- Codex CLI skill directories under
$CODEX_HOME/skills, excluding Codex's.systemcache. - Personal AgentSkills under
$HOME/.agents/skills, copied into the current OpenClaw agent workspace for per-agent ownership. - Source-installed
openai-curatedCodex plugins discovered through Codex app-serverplugin/list. Planning readsplugin/readfor each enabled installed plugin.
App-backed plugin migration has extra gates:
- App-backed plugins require the source Codex app-server account to be a ChatGPT subscription account. Non-ChatGPT or missing account responses are skipped with
codex_subscription_required. - By default, migration does not call source
app/list, so app-backed plugins that pass the account gate are planned without source app-accessibility verification, and account-lookup transport failures skip withcodex_account_unavailable. - Pass
--verify-plugin-appsto force a fresh sourceapp/listsnapshot and require every owned app to be present, enabled, and accessible before planning native activation. In that mode, account-lookup transport failures fall through to source app-inventory verification. The snapshot is kept in memory for the current process only; it is never written to migration output or target config.
Disabled plugins, unreadable plugin details, subscription-gated source accounts, and (when --verify-plugin-apps is set) missing, disabled, or inaccessible apps become manual skipped items with typed reasons instead of target config entries. Apply calls app-server plugin/install for each selected eligible plugin, even if the target app-server already reports that plugin as installed and enabled. Migrated Codex plugins are usable only in sessions that select the native Codex harness; they are not exposed to OpenClaw provider runs, ACP conversation bindings, or other harnesses.
Manual-review Codex state
Codex config.toml, native hooks/hooks.json, non-curated marketplaces, cached plugin bundles that are not source-installed curated plugins, and source-installed plugins that fail the source subscription gate are not activated automatically. When --verify-plugin-apps is set, plugins that fail the source app-inventory gate are also skipped. All of these are copied or reported in the migration report for manual review.
For migrated source-installed curated plugins, apply writes:
plugins.entries.codex.enabled: trueplugins.entries.codex.config.codexPlugins.enabled: trueplugins.entries.codex.config.codexPlugins.allow_destructive_actions: true- one explicit plugin entry with
marketplaceName: "openai-curated"andpluginNamefor each selected plugin
Migration never writes plugins["*"] and never stores local marketplace cache paths.
Skipped plugins are not written to target config. Source-side subscription failures are reported on manual items with typed reasons: codex_subscription_required, codex_account_unavailable, plugin_disabled, or plugin_read_unavailable. With --verify-plugin-apps, source app-inventory failures can also appear as app_inaccessible, app_disabled, app_missing, or app_inventory_unavailable. Target-side auth-required installs are reported on the affected plugin item with status: "skipped", reason: "auth_required", and sanitized app identifiers; their explicit config entries are written disabled until you reauthorize and enable them. Other install failures are item-scoped error results.
If Codex app-server plugin inventory is unavailable during planning, migration falls back to cached bundle advisory items instead of failing the whole migration.
Hermes provider
The bundled Hermes provider detects state at ~/.hermes by default. Use --from <path> when Hermes lives elsewhere.
What Hermes imports
- Default model configuration from
config.yaml. - Configured model providers and custom OpenAI-compatible endpoints from
providersandcustom_providers. - MCP server definitions from
mcp_serversormcp.servers. SOUL.mdandAGENTS.mdinto the OpenClaw agent workspace.memories/MEMORY.mdandmemories/USER.mdappended to workspace memory files.- Memory config defaults for OpenClaw file memory, plus archive or manual-review items for external memory providers such as Honcho.
- Skills that include a
SKILL.mdfile underskills/<name>/. - Per-skill config values from
skills.config. - OpenCode OpenAI OAuth credentials from OpenCode
auth.jsonwhen interactive credential migration is accepted, or when--include-secretsis set. Hermesauth.jsonOAuth entries are legacy state reported for manual OpenAI reauth or doctor repair. - Supported API keys and tokens from Hermes
.envand OpenCodeauth.jsonwhen interactive credential migration is accepted, or when--include-secretsis set.
Supported .env keys
AI_GATEWAY_API_KEY, ALIBABA_API_KEY, ANTHROPIC_API_KEY, ARCEEAI_API_KEY, CEREBRAS_API_KEY, CHUTES_API_KEY, CLOUDFLARE_AI_GATEWAY_API_KEY, COPILOT_GITHUB_TOKEN, DASHSCOPE_API_KEY, DEEPINFRA_API_KEY, DEEPSEEK_API_KEY, FIREWORKS_API_KEY, GEMINI_API_KEY, GH_TOKEN, GITHUB_TOKEN, GLM_API_KEY, GOOGLE_API_KEY, GROQ_API_KEY, HF_TOKEN, HUGGINGFACE_HUB_TOKEN, KILOCODE_API_KEY, KIMICODE_API_KEY, KIMI_API_KEY, MINIMAX_API_KEY, MINIMAX_CODING_API_KEY, MISTRAL_API_KEY, MODELSTUDIO_API_KEY, MOONSHOT_API_KEY, NVIDIA_API_KEY, OPENAI_API_KEY, OPENCODE_API_KEY, OPENCODE_GO_API_KEY, OPENCODE_ZEN_API_KEY, OPENROUTER_API_KEY, QIANFAN_API_KEY, QWEN_API_KEY, TOGETHER_API_KEY, VENICE_API_KEY, XAI_API_KEY, XIAOMI_API_KEY, ZAI_API_KEY, Z_AI_API_KEY.
Archive-only state
Hermes state that OpenClaw cannot safely interpret is copied into the migration report for manual review, but it is not loaded into live OpenClaw config or credentials. This preserves opaque or unsafe state without pretending OpenClaw can execute or trust it automatically: plugins/, sessions/, logs/, cron/, mcp-tokens/, state.db.
After applying
openclaw doctor
Plugin contract
Migration sources are plugins. A plugin declares its provider ids in openclaw.plugin.json:
{
"contracts": {
"migrationProviders": ["hermes"]
}
}
At runtime the plugin calls api.registerMigrationProvider(...). The provider implements detect, plan, and apply. Core owns CLI orchestration, backup policy, prompts, JSON output, and conflict preflight. Core passes the reviewed plan into apply(ctx, plan), and providers may rebuild the plan only when that argument is absent for compatibility.
Provider plugins can use openclaw/plugin-sdk/migration for item construction and summary counts, plus openclaw/plugin-sdk/migration-runtime for conflict-aware file copies, archive-only report copies, cached config-runtime wrappers, and migration reports.
Onboarding integration
Onboarding can offer migration when a provider detects a known source. Both openclaw onboard --flow import and openclaw setup --wizard --import-from hermes use the same plugin migration provider and still show a preview before applying.
Related
- Migrating from Hermes: user-facing walkthrough.
- Migrating from Claude: user-facing walkthrough.
- Migrating: move OpenClaw to a new machine.
- Doctor: health check after applying a migration.
- Plugins: plugin install and registration.