acp
Run the Agent Client Protocol (ACP) bridge that talks to a OpenClaw Gateway. This command speaks ACP over stdio for IDEs and forwards prompts to the Gateway over WebSocket. It keeps ACP sessions mapped to Gateway session keys.openclaw acp is a Gateway-backed ACP bridge, not a full ACP-native editor
runtime. It focuses on session routing, prompt delivery, and basic streaming
updates.
Compatibility Matrix
Known Limitations
loadSessionreplays stored user and assistant text history, but it does not reconstruct historic tool calls, system notices, or richer ACP-native event types.- If multiple ACP clients share the same Gateway session key, event and cancel
routing are best-effort rather than strictly isolated per client. Prefer the
default isolated
acp:<uuid>sessions when you need clean editor-local turns. - Gateway stop states are translated into ACP stop reasons, but that mapping is less expressive than a fully ACP-native runtime.
- Initial session controls currently surface a focused subset of Gateway knobs: thought level, tool verbosity, reasoning, usage detail, and elevated actions. Model selection and exec-host controls are not yet exposed as ACP config options.
session_info_updateandusage_updateare derived from Gateway session snapshots, not live ACP-native runtime accounting. Usage is approximate, carries no cost data, and is only emitted when the Gateway marks total token data as fresh.- Tool follow-along data is best-effort. The bridge can surface file paths that appear in known tool args/results, but it does not yet emit ACP terminals or structured file diffs.
Usage
ACP client (debug)
Use the built-in ACP client to sanity-check the bridge without an IDE. It spawns the ACP bridge and lets you type prompts interactively.- Auto-approval is allowlist-based and only applies to trusted core tool IDs.
readauto-approval is scoped to the current working directory (--cwdwhen set).- Unknown/non-core tool names, out-of-scope reads, and dangerous tools always require explicit prompt approval.
- Server-provided
toolCall.kindis treated as untrusted metadata (not an authorization source).
How to use this
Use ACP when an IDE (or other client) speaks Agent Client Protocol and you want it to drive a OpenClaw Gateway session.- Ensure the Gateway is running (local or remote).
- Configure the Gateway target (config or flags).
- Point your IDE to run
openclaw acpover stdio.
Selecting agents
ACP does not pick agents directly. It routes by the Gateway session key. Use agent-scoped session keys to target a specific agent:acp:<uuid> session unless you override
the key or label.
Per-session mcpServers are not supported in bridge mode. If an ACP client
sends them during newSession or loadSession, the bridge returns a clear
error instead of silently ignoring them.
Use from acpx (Codex, Claude, other ACP clients)
If you want a coding agent such as Codex or Claude Code to talk to your
OpenClaw bot over ACP, use acpx with its built-in openclaw target.
Typical flow:
- Run the Gateway and make sure the ACP bridge can reach it.
- Point
acpx openclawatopenclaw acp. - Target the OpenClaw session key you want the coding agent to use.
acpx openclaw to target a specific Gateway and session key every
time, override the openclaw agent command in ~/.acpx/config.json:
Zed editor setup
Add a custom ACP agent in~/.config/zed/settings.json (or use Zed’s Settings UI):
Session mapping
By default, ACP sessions get an isolated Gateway session key with anacp: prefix.
To reuse a known session, pass a session key or label:
--session <key>: use a specific Gateway session key.--session-label <label>: resolve an existing session by label.--reset-session: mint a fresh session id for that key (same key, new transcript).
Options
--url <url>: Gateway WebSocket URL (defaults to gateway.remote.url when configured).--token <token>: Gateway auth token.--token-file <path>: read Gateway auth token from file.--password <password>: Gateway auth password.--password-file <path>: read Gateway auth password from file.--session <key>: default session key.--session-label <label>: default session label to resolve.--require-existing: fail if the session key/label does not exist.--reset-session: reset the session key before first use.--no-prefix-cwd: do not prefix prompts with the working directory.--verbose, -v: verbose logging to stderr.
--tokenand--passwordcan be visible in local process listings on some systems.- Prefer
--token-file/--password-fileor environment variables (OPENCLAW_GATEWAY_TOKEN,OPENCLAW_GATEWAY_PASSWORD). - Gateway auth resolution follows the shared contract used by other Gateway clients:
- local mode: env (
OPENCLAW_GATEWAY_*) ->gateway.auth.*->gateway.remote.*fallback whengateway.auth.*is unset - remote mode:
gateway.remote.*with env/config fallback per remote precedence rules --urlis override-safe and does not reuse implicit config/env credentials; pass explicit--token/--password(or file variants)
- local mode: env (
- ACP runtime backend child processes receive
OPENCLAW_SHELL=acp, which can be used for context-specific shell/profile rules. openclaw acp clientsetsOPENCLAW_SHELL=acp-clienton the spawned bridge process.
acp client options
--cwd <dir>: working directory for the ACP session.--server <command>: ACP server command (default:openclaw).--server-args <args...>: extra arguments passed to the ACP server.--server-verbose: enable verbose logging on the ACP server.--verbose, -v: verbose client logging.