Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/PaymanAI/sigilum/llms.txt

Use this file to discover all available pages before exploring further.

The sigilum openclaw commands manage the integration between Sigilum and OpenClaw, including installation of hooks, skills, and runtime components.

openclaw connect

One-command managed onboarding that performs gateway connect, OpenClaw installation, and immediate agent key bootstrap.

Usage

sigilum openclaw connect \
  --session-id <id> \
  --pair-code <code> \
  --namespace <namespace> \
  [options]

Required Options

OptionDescription
--session-id <id>Dashboard pairing session ID
--pair-code <code>Dashboard pairing code
--namespace <namespace>Target namespace

Optional Options

OptionDefaultDescription
--api-url <url>https://api.sigilum.idSigilum API base URL
--gateway-url <url>http://127.0.0.1:38100Gateway URL
--openclaw-home <path>~/.openclawOpenClaw home directory
--mode <mode>managedSigilum mode: managed or oss-local

Examples

One-command managed onboarding: 
sigilum openclaw connect \
  --session-id abc123def456 \
  --pair-code XY7Z9W \
  --namespace johndee \
  --api-url https://api.sigilum.id
Output: 
[i] sigilum 1.0.0 (openclaw)
[ok] Starting gateway connect...
[ok] Gateway pair bridge started
[ok] Installing OpenClaw integration...
[ok] Sigilum OpenClaw integration installed
[ok] Agent key bootstrap complete

openclaw install

Install Sigilum hooks, skills, and runtime into OpenClaw.

Usage

sigilum openclaw install [options]

Common Options

OptionDefaultDescription
--mode <mode>managedSigilum mode: managed or oss-local
--namespace <value>Interactive promptTarget namespace
--openclaw-home <path>~/.openclawOpenClaw home directory
--config <path><openclaw-home>/openclaw.jsonOpenClaw config path
--gateway-url <url>Mode defaultGateway URL
--api-url <url>Mode defaultAPI URL
--dashboard-url <url>Mode defaultDashboard URL
--interactiveAuto-detectForce onboarding prompts
--non-interactiveAuto-detectDisable onboarding prompts
--restartfalseRestart OpenClaw after install

Managed Mode Options

OptionDefaultDescription
--api-url <url>https://api.sigilum.idSigilum API base URL
--dashboard-url <url>https://sigilum.idDashboard URL
--gateway-url <url>http://127.0.0.1:38100Gateway URL

OSS-Local Mode Options

OptionDefaultDescription
--source-home <path>-Sigilum source checkout root (required)
--api-url <url>http://127.0.0.1:8787Local API URL
--dashboard-url <url>http://127.0.0.1:8788Local dashboard URL
--gateway-url <url>http://127.0.0.1:38100Local gateway URL
--auto-start-sigilum <bool>trueAuto-start local stack when down

Authorization Notify Options

OptionDefaultDescription
--enable-authz-notify <bool>falseEnable authorization notification hook
--owner-token <token>-Namespace-owner JWT (required if notify enabled)
--auto-owner-token <bool>true (oss-local)Auto-issue owner token
--owner-email <email><namespace>@local.sigilumOwner email

Runtime Options

OptionDefaultDescription
--key-root <path>Auto-detectedKey storage root
--runtime-root <path>Auto-detectedRuntime binary root

Examples

Interactive install (managed mode): 
sigilum openclaw install
Output: 
[i] sigilum 1.0.0 (openclaw)
Sigilum namespace: johndee
OpenClaw home directory [~/.openclaw]: 
Sigilum API URL [https://api.sigilum.id]: 

[ok] Installing Sigilum hooks...
[ok] Installing Sigilum skills...
[ok] Updating openclaw.json...
[ok] Sigilum OpenClaw integration installed

Next steps:
  1. Sign in at https://sigilum.id
  2. Reserve your namespace: johndee
  3. Run: sigilum auth login --mode managed --namespace johndee --owner-token-stdin
Non-interactive install (managed mode): 
sigilum openclaw install \
  --namespace johndee \
  --non-interactive
OSS-local mode install: 
sigilum openclaw install \
  --mode oss-local \
  --namespace johndee \
  --api-url http://127.0.0.1:8787
Output: 
[i] sigilum 1.0.0 (openclaw)
[ok] Installing Sigilum hooks...
[ok] Installing Sigilum skills...
[ok] Auto-registering namespace owner...
[ok] Issuing namespace-owner JWT...
[ok] Writing token to ~/.openclaw/.sigilum/owner-token-johndee.jwt
[ok] Updating openclaw.json...
[ok] Sigilum OpenClaw integration installed

Dashboard URL:
  http://127.0.0.1:8788

Passkey setup URL:
  http://127.0.0.1:8788/bootstrap/passkey?namespace=johndee

CLI defaults written to:
  ~/.sigilum/config.env
Install with authorization notify: 
sigilum openclaw install \
  --namespace johndee \
  --enable-authz-notify true \
  --owner-token <jwt-token>
Restart OpenClaw after install: 
sigilum openclaw install --namespace johndee --restart

What Gets Installed

The installer creates and configures:
  1. Hooks (~/.openclaw/hooks/):
    • sigilum-plugin - Main identity provider hook
    • sigilum-authz-notify - Authorization notification hook (optional)
  2. Skills (~/.openclaw/skills/):
    • sigilum - Sigilum management skill
  3. Runtime (workspace or fallback location):
    • sigilum CLI launcher
    • Gateway binaries
    • Supporting scripts
  4. Configuration:
    • Updates openclaw.json with hook and skill entries
    • Sets environment variables for namespace, URLs, and runtime paths
    • Stores master keys and credentials securely
  5. Keys and Tokens (oss-local mode):
    • Namespace owner user registration
    • Namespace-owner JWT token
    • Token storage at ~/.openclaw/.sigilum/owner-token-<namespace>.jwt
    • CLI defaults at ~/.sigilum/config.env

Mode Differences

Managed Mode

  • Control plane: Hosted at api.sigilum.id
  • Dashboard: sigilum.id
  • Gateway: Runs locally
  • Identity: Register at sigilum.id and sign in with passkey
  • Token: Obtained through browser login flow

OSS-Local Mode

  • Control plane: Local API at 127.0.0.1:8787
  • Dashboard: Local at 127.0.0.1:8788
  • Gateway: Runs locally
  • Identity: Auto-registered during install
  • Token: Auto-issued during install
  • Auto-start: Can automatically start local stack if down

openclaw uninstall

Remove Sigilum hooks, skills, runtime, and keys from OpenClaw.

Usage

sigilum openclaw uninstall [options]

Options

OptionDefaultDescription
--openclaw-home <path>~/.openclawOpenClaw home directory
--config <path><openclaw-home>/openclaw.jsonOpenClaw config path
--workspace <path>Auto-detectedWorkspace cleanup path
--key-root <path>Auto-detectedKey root cleanup path
--runtime-root <path>Auto-detectedRuntime root cleanup path
--sigilum-home <path>Auto-detectedSIGILUM_HOME cleanup path

Examples

Uninstall with defaults: 
sigilum openclaw uninstall
Output: 
[i] sigilum 1.0.0 (openclaw)
[ok] Removing hooks...
[ok] Removing skills...
[ok] Removing runtime...
[ok] Removing keys...
[ok] Updating openclaw.json...
[ok] Sigilum OpenClaw integration removed
Uninstall with custom paths: 
sigilum openclaw uninstall \
  --openclaw-home ~/.openclaw \
  --workspace ~/agent-workspace

What Gets Removed

  1. Hooks:
    • ~/.openclaw/hooks/sigilum-plugin
    • ~/.openclaw/hooks/sigilum-authz-notify
  2. Skills:
    • ~/.openclaw/skills/sigilum (in OpenClaw home)
    • Workspace skill mirror (if configured)
  3. Runtime:
    • Workspace .sigilum/runtime folder
    • Key directories and token files
  4. Configuration:
    • Sigilum entries removed from openclaw.json
    • Config backup created before modification
    • ~/.sigilum/config.env (only if managed by installer)

openclaw status

Show current OpenClaw Sigilum installation status.

Usage

sigilum openclaw status

Examples

Check installation status: 
sigilum openclaw status
Output: 
OpenClaw status
  home:   /home/user/.openclaw
  config: /home/user/.openclaw/openclaw.json
[ok]   /home/user/.openclaw/hooks/sigilum-plugin
[ok]   /home/user/.openclaw/hooks/sigilum-authz-notify
[ok]   /home/user/.openclaw/skills/sigilum

[i] OpenClaw config summary:
Config summary:
  mode: managed
  namespace: johndee
  dashboard: https://sigilum.id
  runtime_root: /home/user/agent-workspace/.sigilum/runtime
  runtime_root_exists: true
  passkey setup: https://sigilum.id/bootstrap/passkey?namespace=johndee
  hook sigilum-plugin enabled: true
  hook sigilum-authz-notify enabled: false
  skill sigilum enabled: true
Missing components: 
sigilum openclaw status
Output: 
OpenClaw status
  home:   /home/user/.openclaw
  config: /home/user/.openclaw/openclaw.json
[ok]   /home/user/.openclaw/hooks/sigilum-plugin
[warn] missing /home/user/.openclaw/hooks/sigilum-authz-notify
[ok]   /home/user/.openclaw/skills/sigilum

[i] OpenClaw config summary:
Config summary:
  mode: managed
  namespace: johndee
  ...

Environment Variables

All OpenClaw commands recognize these environment variables:
VariableDescription
OPENCLAW_HOMEOpenClaw home directory
OPENCLAW_CONFIG_PATHOpenClaw config file path
SIGILUM_NAMESPACEDefault namespace
SIGILUM_MODESigilum mode (managed or oss-local)
SIGILUM_API_URLAPI base URL
SIGILUM_OWNER_TOKENNamespace-owner JWT token

Troubleshooting

Install fails with “Missing required command”

For oss-local mode, ensure required tools are installed: 
node --version   # >= 20
pnpm --version   # 10.29.3
go version       # >= 1.23

“openclaw.json” parse error

Backup your config and validate JSON: 
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup
node -e "console.log(JSON.stringify(require('./.openclaw/openclaw.json'), null, 2))"

Runtime not found

The runtime root should contain the sigilum launcher and gateway binaries. Check status output for runtime_root_exists: false and reinstall: 
sigilum openclaw uninstall
sigilum openclaw install --namespace johndee

Token file missing (oss-local)

Regenerate the owner token: 
sigilum auth refresh --mode oss-local --namespace johndee

Next Steps

Gateway Commands

Manage the Sigilum gateway

Authentication

Manage namespace-owner credentials