OpenClaw

Local-first Feishu/Lark assistant workspace, memory, command, and cloud runtime toolkit for cc-connect.

中文 README · Linux install · Windows install

Keywords: Feishu bot, Lark bot, Codex assistant, cc-connect, personal assistant, group workspace, local memory, command router, heartbeat, OpenAI Codex, 飞书机器人, Lark 机器人, 本地个人助理, 群聊工作区, 记忆管理。

openclaw packages the local workspace layer around a Feishu/Lark Codex assistant:

• isolated private and group workspaces;
• memory capture, curation, recall, indexing, and health checks;
• deterministic prompt-only commands for /help, /files, /memfind, /knowledge, /tasks, /task, /workspace-info, /status-index, /health-openclaw, and Chinese aliases such as /查找, /文件, /记忆, /待办, /健康, and /帮助;
• ordinary-user private workspaces with safe /help panels, task/reminder/course/file/memory helpers, deliverable file return, and heavy-job guards;
• heartbeat sensing for intentions, deadlines, group action items, and runtime health;
• plugin manifests for command search, memory, task routing, runtime checks, health, and file ingestion;
• Linux cloud bootstrap and Windows one-click scripts for Codex, cc-connect, lark-cli, prompt-only command registration, personal Feishu/Lark setup, startup, backups, and health checks.

This public repository contains code, templates, and documentation only. It does not contain real Feishu app secrets, OpenAI-compatible keys, user IDs, group IDs, private chat memory, local logs, generated cc-connect configs, or personal workspace files.

Why This Exists

Most bot repos stop at the connector. A useful assistant also needs local state:

Layer	Job
Workspace rules	Scope private and group behavior safely
Memory	Capture useful facts without storing secrets
Commands	Answer common file, task, status, and recall queries deterministically
Heartbeat	Surface reminders and health risks without noisy chatter
Runtime	Keep the cloud service deployable, observable, and recoverable

OpenClaw is that workspace/runtime layer.

Architecture

flowchart LR
    A[Feishu/Lark chats] --> B[cc-connect]
    B --> C[Codex projects]
    C --> D[OpenClaw workspace]
    D --> E[memory + local_files]
    D --> F[deterministic commands]
    D --> G[plugins + manifests]
    D --> H[heartbeat + health checks]
    H --> I[systemd / cloud runtime]

Loading

Features

• Private assistant and group workspace boundaries.
• Workspace-local memory with inbox, daily notes, facts, tasks, people, project state, and search indexes.
• Redacted event capture and compact evidence packets for recall and maintenance workflows.
• Natural-language task agent for previewing and safely executing low-risk reminder/task state updates.
• Public bot command-surface lockdown helpers: keep /new, safe custom /help, and platform image commands available while keeping admin commands such as /shell, /provider, /restart, and /config unavailable to normal users.
• Platform-level image command integration for /画图, /生图, /img, /image2, and image2, routed through scripts/generate-image.js without making the agent reason through direct image requests.
• Ordinary-user private helpers for safe user workspace initialization, lightweight memory/task/course/file commands, and returning generated deliverables as chat attachments.
• Ordinary-user image2 helper and /help image panel for generated capability posters, user-scoped image output, and guarded attachment return.
• Deterministic command router and plugin metadata exporter, including prompt-only cc-connect command blocks that return plain text instead of cards, images, or attachments.
• File metadata, local indexing, help/manifest/memory/file health checks, and run-log redaction.
• Feishu/Lark helper scripts for event capture, downloads, health checks, and guarded reminder operations.
• Linux installer for apt dependencies, Node.js 22, Codex, cc-connect, lark-cli, optional swap, backups, systemd service, and safe config templates.
• Windows installer, personal config wizard, Feishu/Lark bot linking, lark-cli user login, Startup launcher, and local hidden-process start script.
• Release-ready validation scripts and GitHub CI.

Requirements

• Windows 10/11 with PowerShell, or Ubuntu 22.04/24.04 with bash/systemd
• Python 3.10+
• Node.js and npm
• cc-connect
• Optional: @larksuite/cli for calendar/task/doc integrations
• Feishu/Lark custom apps configured outside this repository

Install runtime tools manually:

npm install -g @openai/codex cc-connect @larksuite/cli
cc-connect --version

Quick Start

Beginner Windows setup:

Set-ExecutionPolicy -Scope Process Bypass -Force
iwr https://raw.githubusercontent.com/GitLaughs/openclaw/main/scripts/start-here.ps1 -OutFile $env:TEMP\openclaw-start-here.ps1
powershell.exe -NoProfile -ExecutionPolicy Bypass -File $env:TEMP\openclaw-start-here.ps1

Direct Windows bootstrap:

Set-ExecutionPolicy -Scope Process Bypass -Force
iwr https://raw.githubusercontent.com/GitLaughs/openclaw/main/scripts/bootstrap-windows.ps1 -OutFile $env:TEMP\bootstrap-openclaw.ps1
powershell.exe -NoProfile -ExecutionPolicy Bypass -File $env:TEMP\bootstrap-openclaw.ps1 -CheckoutDir "$env:LOCALAPPDATA\OpenClaw" -ConfigurePersonal -Interactive -LinkFeishuBot -LarkLogin

Clone on Linux:

git clone https://github.com/GitLaughs/openclaw.git
cd openclaw
sudo bash ./scripts/install-openclaw-linux.sh --root /opt/openclaw

Or bootstrap from a fresh Ubuntu server:

curl -fsSL https://raw.githubusercontent.com/GitLaughs/openclaw/main/scripts/bootstrap-linux.sh -o /tmp/bootstrap-openclaw.sh
sudo bash /tmp/bootstrap-openclaw.sh --checkout-dir /opt/openclaw

Before starting production, create server-local runtime files. Do not commit them:

/etc/openclaw.env
/root/.codex/auth.json
/root/.cc-connect/config.toml

The installer writes safe templates and injects OpenClaw command blocks into /root/.cc-connect/config.toml.example, or into an existing /root/.cc-connect/config.toml with a timestamped backup. Then start:

sudo systemctl restart cc-connect
sudo /opt/openclaw/scripts/openclaw-feishu-selfcheck.sh --json

After startup, try /帮助 or /健康 in Feishu/Lark.

Update From Package

sudo bash scripts/install-openclaw-linux.sh \
  --source-tgz /tmp/openclaw-update.tgz \
  --root /opt/openclaw \
  --start

The installer backs up the existing root to /opt/openclaw-backups/, writes only safe templates, and never creates real secrets.

Main Paths

• scripts/install-openclaw-linux.sh: Ubuntu installer and update importer.
• scripts/bootstrap-linux.sh: fresh-server clone/bootstrap helper.
• scripts/start-here.ps1: beginner-friendly Windows terminal wizard.
• scripts/bootstrap-windows.ps1: fresh Windows checkout/bootstrap helper.
• scripts/install-openclaw-windows.ps1: Windows installer and update importer.
• scripts/configure-openclaw-windows.ps1: personal Feishu/Lark config, bot linking, and lark-cli login wizard.
• scripts/start-openclaw-windows.ps1: Windows cc-connect launcher.
• scripts/update-cc-connect-commands.py: replaces cc-connect [[commands]] blocks with OpenClaw prompt-only commands.
• scripts/openclaw-command.py: deterministic command router.
• scripts/openclaw-help-router.py: safe /help router for group and ordinary-user workspaces.
• scripts/openclaw-user-command.py: ordinary-user helper commands.
• scripts/openclaw-user-private-hook.py: per-user private workspace initializer.
• scripts/openclaw-return-files.py: guarded attachment return helper for ordinary-user deliverables.
• scripts/openclaw-user-image2.py: ordinary-user image generation helper for capability posters and generated visual deliverables.
• scripts/task-agent.py: natural-language task classifier and guarded executor.
• scripts/openclaw-index.py: workspace indexing and search.
• scripts/memory-curator.py / .ps1: memory promotion and redaction-aware curation.
• scripts/openclaw-heartbeat-sense.py / .ps1: private intentions, task, and group signal sensing.
• scripts/openclaw-group-sense.py / .ps1: group action item and topic extraction.
• scripts/openclaw-healthcheck.sh: cloud runtime health report.
• scripts/audit-secrets.ps1: release secret/local-data scanner.
• plugins/: capability manifests.
• config/plugins.example.json: safe plugin configuration example.
• docs/: implementation notes and install guidance.

Validation

powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\scripts\test.ps1
git diff --check

Linux parser checks:

bash ./scripts/test-linux.sh

Expected:

• PowerShell, Python, and bash parser checks pass where the runtimes exist.
• Secret/local-data audit passes.
• Focused command, task-agent, ordinary-user, memory, plugin, and health tests pass.

Public Data Boundary

Keep these out of releases:

• real app_id, app_secret, open_id, chat_id, provider keys, bearer tokens, and auth.json;
• private memory, inboxes, run logs, downloaded files, QR codes, screenshots, and generated configs;
• machine-specific paths except generic examples such as /opt/openclaw.

Attribution

OpenClaw is a workspace/runtime layer around cc-connect, which is MIT licensed.