Configuration

RemoteClaw reads an optional JSON5 config from ~/.remoteclaw/remoteclaw.json.

If the file is missing, RemoteClaw uses safe defaults. Common reasons to add a config:

Connect channels and control who can message the bot
Set models, tools, sandboxing, or automation (cron, hooks)
Tune sessions, media, networking, or UI

See the full reference for every available field.

New to configuration? Start with remoteclaw onboard for interactive setup, or check out the Configuration Examples guide for complete copy-paste configs.

Minimal config

{
  agents: { defaults: { workspace: "~/.remoteclaw/workspace" } },
  channels: { whatsapp: { allowFrom: ["+15555550123"] } },
}

Editing config

remoteclaw onboard       # full setup wizard
remoteclaw configure     # config wizard

remoteclaw config get agents.defaults.workspace
remoteclaw config set agents.defaults.heartbeat.every "2h"
remoteclaw config unset tools.web.search.apiKey

Edit ~/.remoteclaw/remoteclaw.json directly. The Gateway watches the file and applies changes automatically (see hot reload).

Strict validation

RemoteClaw only accepts configurations that fully match the schema. Unknown keys, malformed types, or invalid values cause the Gateway to refuse to start. The only root-level exception is $schema (string), so editors can attach JSON Schema metadata.

When validation fails:

The Gateway does not boot
Only diagnostic commands work (remoteclaw doctor, remoteclaw logs, remoteclaw health, remoteclaw status)
Run remoteclaw doctor to see exact issues
Run remoteclaw doctor --fix (or --yes) to apply repairs

Common tasks

Set up a channel (WhatsApp, Telegram, Discord, etc.)

Each channel has its own config section under channels.<provider>. See the dedicated channel page for setup steps:

WhatsApp — channels.whatsapp
Telegram — channels.telegram
Discord — channels.discord
Slack — channels.slack
Signal — channels.signal
iMessage — channels.imessage
Google Chat — channels.googlechat
Mattermost — channels.mattermost
MS Teams — channels.msteams

All channels share the same DM policy pattern:

{
  channels: {
    telegram: {
      enabled: true,
      botToken: "123:abc",
      dmPolicy: "pairing",   // pairing | allowlist | open | disabled
      allowFrom: ["tg:123"], // only for allowlist/open
    },
  },
}

Choose and configure models

Set the primary model and optional fallbacks:

{
  agents: {
    defaults: {
      model: {
        primary: "anthropic/claude-sonnet-4-5",
        fallbacks: ["openai/gpt-5.2"],
      },
      models: {
        "anthropic/claude-sonnet-4-5": { alias: "Sonnet" },
        "openai/gpt-5.2": { alias: "GPT" },
      },
    },
  },
}

agents.defaults.models defines the model catalog and acts as the allowlist for /model.
Model refs use provider/model format (e.g. anthropic/claude-opus-4-6).
agents.defaults.imageMaxDimensionPx controls transcript/tool image downscaling (default 1200); lower values usually reduce vision-token usage on screenshot-heavy runs.
See Model providers for switching models in chat and Model Failover for auth rotation and fallback behavior.
For custom/self-hosted providers, see Custom providers in the reference.

Control who can message the bot

DM access is controlled per channel via dmPolicy:

"pairing" (default): unknown senders get a one-time pairing code to approve
"allowlist": only senders in allowFrom (or the paired allow store)
"open": allow all inbound DMs (requires allowFrom: ["*"])
"disabled": ignore all DMs

For groups, use groupPolicy + groupAllowFrom or channel-specific allowlists.

See the full reference for per-channel details.

Set up group chat mention gating

Group messages default to require mention. Configure patterns per agent:

{
  agents: {
    list: [
      {
        id: "main",
        groupChat: {
          mentionPatterns: ["@remoteclaw", "remoteclaw"],
        },
      },
    ],
  },
  channels: {
    whatsapp: {
      groups: { "*": { requireMention: true } },
    },
  },
}

Metadata mentions: native @-mentions (WhatsApp tap-to-mention, Telegram @bot, etc.)
Text patterns: regex patterns in mentionPatterns
See full reference for per-channel overrides and self-chat mode.

Configure sessions and resets

Sessions control conversation continuity and isolation:

{
  session: {
    dmScope: "per-channel-peer",  // recommended for multi-user
    threadBindings: {
      enabled: true,
      ttlHours: 24,
    },
    reset: {
      mode: "daily",
      atHour: 4,
      idleMinutes: 120,
    },
  },
}

dmScope: main (shared) | per-peer | per-channel-peer | per-account-channel-peer
threadBindings: global defaults for thread-bound session routing (Discord supports /focus, /unfocus, /agents, and /session ttl).
See Session Management for scoping, identity links, and send policy.
See full reference for all fields.

Enable sandboxing

Run agent sessions in isolated Docker containers:

{
  agents: {
    defaults: {
      sandbox: {
        mode: "non-main",  // off | non-main | all
        scope: "agent",    // session | agent | shared
      },
    },
  },
}

Build the image first: scripts/sandbox-setup.sh

See full reference for all options.

Set up heartbeat (periodic check-ins)

{
  agents: {
    defaults: {
      heartbeat: {
        every: "30m",
        target: "last",
      },
    },
  },
}

every: duration string (30m, 2h). Set 0m to disable.
target: last | whatsapp | telegram | discord | none (DM-style user:<id> heartbeat delivery is blocked)
See Heartbeat for the full guide.

Configure cron jobs

{
  cron: {
    enabled: true,
    maxConcurrentRuns: 2,
    sessionRetention: "24h",
    runLog: {
      maxBytes: "2mb",
      keepLines: 2000,
    },
  },
}

sessionRetention: prune completed isolated run sessions from sessions.json (default 24h; set false to disable).
runLog: prune cron/runs/<jobId>.jsonl by size and retained lines.
See Cron jobs for feature overview and CLI examples.

Set up webhooks (hooks)

Enable HTTP webhook endpoints on the Gateway:

{
  hooks: {
    enabled: true,
    token: "shared-secret",
    path: "/hooks",
    defaultSessionKey: "hook:ingress",
    allowRequestSessionKey: false,
    allowedSessionKeyPrefixes: ["hook:"],
    mappings: [
      {
        match: { path: "gmail" },
        action: "agent",
        agentId: "main",
        deliver: true,
      },
    ],
  },
}

See full reference for all mapping options and Gmail integration.

Configure multi-agent routing

Run multiple isolated agents with separate workspaces and sessions:

{
  agents: {
    list: [
      { id: "home", default: true, workspace: "~/.remoteclaw/workspace-home" },
      { id: "work", workspace: "~/.remoteclaw/workspace-work" },
    ],
  },
  bindings: [
    { agentId: "home", match: { channel: "whatsapp", accountId: "personal" } },
    { agentId: "work", match: { channel: "whatsapp", accountId: "biz" } },
  ],
}

See Multi-Agent and full reference for binding rules and per-agent access profiles.

Split config into multiple files ($include)

Use $include to organize large configs:

{
  gateway: { port: 18789 },
  agents: { $include: "./agents.json5" },
  broadcast: {
    $include: ["./clients/a.json5", "./clients/b.json5"],
  },
}

Single file: replaces the containing object
Array of files: deep-merged in order (later wins)
Sibling keys: merged after includes (override included values)
Nested includes: supported up to 10 levels deep
Relative paths: resolved relative to the including file
Error handling: clear errors for missing files, parse errors, and circular includes

Config hot reload

The Gateway watches ~/.remoteclaw/remoteclaw.json and applies changes automatically — no manual restart needed for most settings.

Reload modes

Mode	Behavior
`hybrid` (default)	Hot-applies safe changes instantly. Automatically restarts for critical ones.
`hot`	Hot-applies safe changes only. Logs a warning when a restart is needed — you handle it.
`restart`	Restarts the Gateway on any config change, safe or not.
`off`	Disables file watching. Changes take effect on the next manual restart.

{
  gateway: {
    reload: { mode: "hybrid", debounceMs: 300 },
  },
}

What hot-applies vs what needs a restart

Most fields hot-apply without downtime. In hybrid mode, restart-required changes are handled automatically.

Category	Fields	Restart needed?
Channels	`channels.*`, `web` (WhatsApp) — all built-in and extension channels	No
Agent & models	`agent`, `agents`, `models`, `routing`	No
Automation	`hooks`, `cron`, `agent.heartbeat`	No
Sessions & messages	`session`, `messages`	No
Tools & media	`tools`, `browser`, `skills`, `audio`, `talk`	No
UI & misc	`ui`, `logging`, `identity`, `bindings`	No
Gateway server	`gateway.*` (port, bind, auth, tailscale, TLS, HTTP)	Yes
Infrastructure	`discovery`, `canvasHost`, `plugins`	Yes

gateway.reload and gateway.remote are exceptions — changing them does not trigger a restart.

Config RPC (programmatic updates)

Control-plane write RPCs (config.apply, config.patch, update.run) are rate-limited to 3 requests per 60 seconds per deviceId+clientIp. When limited, the RPC returns UNAVAILABLE with retryAfterMs.

config.apply (full replace)

Validates + writes the full config and restarts the Gateway in one step.

config.apply replaces the entire config. Use config.patch for partial updates, or remoteclaw config set for single keys.

Params:

raw (string) — JSON5 payload for the entire config
baseHash (optional) — config hash from config.get (required when config exists)
sessionKey (optional) — session key for the post-restart wake-up ping
note (optional) — note for the restart sentinel
restartDelayMs (optional) — delay before restart (default 2000)

Restart requests are coalesced while one is already pending/in-flight, and a 30-second cooldown applies between restart cycles.

remoteclaw gateway call config.get --params '{}'  # capture payload.hash
remoteclaw gateway call config.apply --params '{
  "raw": "{ agents: { defaults: { workspace: \"~/.remoteclaw/workspace\" } } }",
  "baseHash": "<hash>",
  "sessionKey": "agent:main:whatsapp:dm:+15555550123"
}'

config.patch (partial update)

Merges a partial update into the existing config (JSON merge patch semantics):

Objects merge recursively
null deletes a key
Arrays replace

Params:

raw (string) — JSON5 with just the keys to change
baseHash (required) — config hash from config.get
sessionKey, note, restartDelayMs — same as config.apply

Restart behavior matches config.apply: coalesced pending restarts plus a 30-second cooldown between restart cycles.

remoteclaw gateway call config.patch --params '{
  "raw": "{ channels: { telegram: { groups: { \"*\": { requireMention: false } } } } }",
  "baseHash": "<hash>"
}'

Environment variables

RemoteClaw reads env vars from the parent process plus:

.env from the current working directory (if present)
~/.remoteclaw/.env (global fallback)

Neither file overrides existing env vars. You can also set inline env vars in config:

{
  env: {
    OPENROUTER_API_KEY: "sk-or-...",
    vars: { GROQ_API_KEY: "gsk-..." },
  },
}

Shell env import (optional)

If enabled and expected keys aren’t set, RemoteClaw runs your login shell and imports only the missing keys:

{
  env: {
    shellEnv: { enabled: true, timeoutMs: 15000 },
  },
}

Env var equivalent: REMOTECLAW_LOAD_SHELL_ENV=1

Env var substitution in config values

Reference env vars in any config string value with ${VAR_NAME}:

{
  gateway: { auth: { token: "${REMOTECLAW_GATEWAY_TOKEN}" } },
  models: { providers: { custom: { apiKey: "${CUSTOM_API_KEY}" } } },
}

Rules:

Only uppercase names matched: [A-Z_][A-Z0-9_]*
Missing/empty vars throw an error at load time
Escape with $${VAR} for literal output
Works inside $include files
Inline substitution: "${BASE}/v1" → "https://api.example.com/v1"

See Environment for full precedence and sources.

Full reference

For the complete field-by-field reference, see Configuration Reference.