mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-07 18:10:01 +08:00
Source-grounded rewrite of 529 published docs pages with per-unit information-loss verification: 1,713 factual corrections cited to src/**, generated surfaces regenerated, frontmatter titles preserved for i18n, release notes pages untouched. All docs gates green. Closes #100141
4.0 KiB
4.0 KiB
summary, read_when, title
| summary | read_when | title | ||
|---|---|---|---|---|
| CLI reference for `openclaw daemon` (legacy alias for gateway service management) |
|
Daemon |
openclaw daemon
Legacy alias for Gateway service management. openclaw daemon ... maps to the same service-control commands as openclaw gateway .... Prefer openclaw gateway for current docs and examples.
Usage
openclaw daemon status
openclaw daemon install
openclaw daemon start
openclaw daemon stop
openclaw daemon restart
openclaw daemon uninstall
Subcommands and options
| Subcommand | Options |
|---|---|
status |
--url, --token, --password, --timeout, --no-probe, --require-rpc, --deep, --json |
install |
--port, --runtime <node|bun>, --token, --wrapper <path>, --force, --json |
uninstall |
--json |
start |
--json |
stop |
--json, --disable (launchd only: persistently suppress KeepAlive/RunAtLoad until next start) |
restart |
--force, --safe, --skip-deferral, --wait <duration>, --json |
status: shows service install state (launchd/systemd/schtasks) and probes Gateway health.install: installs the service;--forcereinstalls/overwrites an existing install.restart --safe: asks the running Gateway to preflight active work and schedule one coalesced restart after work drains, bounded bygateway.reload.deferralTimeoutMs(default 300000ms/5 minutes; set to0to wait indefinitely). When that budget expires, the restart is forced anyway. Plainrestartuses the service manager directly;--forceis the immediate override.restart --safe --skip-deferral: bypasses the active-work deferral gate so the Gateway restarts immediately even when blockers are reported. Requires--safe.
Notes
statusresolves configured auth SecretRefs for probe auth when possible. If a required SecretRef is unresolved,status --jsonreportsrpc.authWarning; pass--token/--passwordexplicitly or resolve the secret source first. Unresolved-auth warnings are suppressed once the probe otherwise succeeds.status --deepadds a best-effort system-level scan for other gateway-like services (prints cleanup hints; one Gateway per machine is still the recommendation) and runs config validation in plugin-aware mode, surfacing plugin manifest warnings that the fast default path skips.- On Linux systemd installs, token-drift checks inspect both
Environment=andEnvironmentFile=unit sources. - Token-drift checks resolve
gateway.auth.tokenSecretRefs using merged runtime env (service command env first, then process env). If token auth is not effectively active (gateway.auth.modeofpassword/none/trusted-proxy, or unset with password able to win), config token resolution is skipped. installvalidates a SecretRef-managedgateway.auth.tokenis resolvable but never persists the resolved value into service environment metadata; if it can't resolve, install fails closed.- If both
gateway.auth.tokenandgateway.auth.passwordare configured andgateway.auth.modeis unset,installblocks until you set the mode explicitly. - On macOS,
installkeeps LaunchAgent plists and the generated env file/wrapper owner-only (mode0600/0700) instead of embedding secrets inEnvironmentVariables. - Running multiple Gateways on one host: isolate ports, config/state, and workspaces. See Multiple gateways.