local gateway port; loopback-only.
OpenClaw architecture snapshot
Current assistant system architecture
A visual explanation of how Kelik accesses OpenClaw today: Telegram remains the primary direct-message channel, while browser access is secured through a local SSH tunnel to the loopback-only OpenClaw gateway.
ssh myopenclaw-web then local OpenClaw dashboard via SSH tunnel.
openai-codex/gpt-5.4; gpt-5.5 has been added for testing.
System map
This diagram shows the active inbound routes, local gateway, model layer, memory/workspace layer, and secured browser tunnel.
Core OpenClaw runtime or UI component
Tenant-specific agent/session route
Secure access path controlled from Kelik's PC
Disabled or intentionally not exposed
Primary message flow
1. Telegram inbound: only allowlisted Telegram direct messages are accepted.
2. Route binding: OpenClaw maps each direct-message peer to the correct agent.
3. Agent runtime: the selected agent runs with the workspace, model config, tools, and memory context.
4. Reply delivery: OpenClaw sends the assistant response back through the same Telegram conversation.
Secure web access flow
- On Kelik's PC, run
ssh myopenclaw-web. - The SSH config opens
LocalForward 18789 local gateway port. - Keep the terminal open.
- Open
local OpenClaw dashboard via SSH tunnelin the browser. - Authenticate with the gateway token when required.
Security intent: the browser UI is not publicly published on chat.egsmyapps.biz.id. It is accessible only through the local SSH tunnel from Kelik's PC.
Component inventory
| Layer | Current state | Purpose |
|---|---|---|
| Gateway | local gateway port, loopback bind, token auth | Central local control plane for channels, sessions, UI, cron, and agent runs. |
| Telegram channel | Enabled, allowlist policy | Main production DM interface for Kelik and the second tenant route. |
| Agents | kelik, kelikrumpoko | Tenant-scoped assistants with separate direct-message routing. |
| Session isolation | dmScope: per-channel-peer | Keeps each user/channel peer in its own session context. |
| Models | openai-codex/gpt-5.4 default; gpt-5.5 added | Reasoning and execution backend for assistant responses. |
| Workspace | OpenClaw workspace | Shared project, docs, skills, scripts, and memory workspace. |
| Public domains | Nginx manages e2e, mcp, reports, md, lsscoach, staging | Separate public services; dashboard intentionally excluded from public exposure. |
| Tailscale Serve | Disabled for dashboard | Previously tested for private web access, then disabled to keep PC-only tunnel access. |
Security posture
- Strong: gateway binds only to loopback, not the public network.
- Strong: dashboard access requires SSH access to the VPS.
- Strong: Telegram channel is allowlisted.
- Watch: keep gateway tokens out of screenshots and shared notes.
- Watch: only enable public domains for services that truly need public reachability.
Operator quick commands
- Open dashboard tunnel:
ssh myopenclaw-web - Open dashboard browser:
local OpenClaw dashboard via SSH tunnel - Gateway health:
openclaw gateway status - Tailscale exposure check:
tailscale serve status