OpenClaw Build and Operations (4/5) — OpenClaw to Claude Code Bridge
coding-agent SKILL + --permission-mode bypassPermissions --print + process monitoring, verbatim
ํต์ฌ ์์ฝ
- Audience: OpenClaw basics are in place (#9, #10) and you also use Claude Code. You want messenger → Claude Code execution as a real pipeline.
- What you'll get: The official
coding-agentSKILL pattern, Claude Code's--permission-mode bypassPermissions --printverbatim usage, background +sessionIdmonitoring via the 8processactions (list/poll/log/write/submit/send-keys/paste/kill), a channel response loop, and the official 8 critical rules. - Prerequisite: OpenClaw gateway running, Claude Code installed,
coding-agentskill enabled. - Important: The "bridge" isn't a separate product — it's a pattern via the coding-agent skill. The source is
openclaw/openclaw/skills/coding-agent/in the official repo.
1. Architecture
Discord / Slack / Telegram user
↓ (message received)
OpenClaw Gateway (~/.openclaw/workspace/)
↓ (bindings resolve the agent)
Agent session (main or sub)
↓ (coding-agent SKILL fires)
bash tool invokes Claude Code
└─ `claude --permission-mode bypassPermissions --print "task"`
↓ (returns sessionId for background)
process tool monitors progress
↓ (collect results)
Agent sends a reply back to the channel
Key idea: Claude Code is called directly via OpenClaw's bash tool. No separate IPC or MCP server — just standard CLI flags.
2. Claude Code invocation rules
The official coding-agent SKILL states Claude Code's special requirement:
"For Claude Code (
claudeCLI), use--print --permission-mode bypassPermissionsinstead" of PTY mode.
| Agent | Invocation |
|---|---|
| Codex / Pi / OpenCode | pty: true (allocate an interactive terminal) |
| Claude Code | --permission-mode bypassPermissions --print (no PTY) |
Using PTY with Claude Code: "PTY can exit after the confirmation dialog," per the docs. Do not deviate.
2.1 Foreground execution (instant reply)
Inside an OpenClaw session:
bash workdir:~/project command:"claude --permission-mode bypassPermissions --print 'summarize the folder structure'"
Claude Code runs → stdout captured → agent relays to the channel.
2.2 Background execution (long tasks)
bash workdir:~/project background:true command:"claude --permission-mode bypassPermissions --print 'add email validation to login form'"
background: true returns a sessionId. Monitor via the process tool.
3. bash tool parameters — all
Per the coding-agent SKILL's bash schema:
| Param | Type | Purpose |
|---|---|---|
command |
string | Shell command to run |
pty |
boolean | Allocate a pseudo-terminal for interactive CLIs |
workdir |
string | Working directory for the spawned process |
background |
boolean | Returns a sessionId for async monitoring |
timeout |
number | Kill after N seconds |
elevated |
boolean | Run on host vs. sandbox |
Important: elevated: true = host full access. Don't enable that for shared-channel flows.
4. process tool — 8 actions
To control background sessions.
| Action | Effect |
|---|---|
list |
Show running / recent sessions |
poll |
Check liveness |
log |
Fetch session output (offset/limit options) |
write |
Send raw stdin bytes |
submit |
Send data + newline (simulates typing + Enter) |
send-keys |
Send key tokens or hex bytes |
paste |
Insert text (bracketed-paste option) |
kill |
Terminate the session |
Example:
process action:log sessionId:abc123
process action:submit sessionId:abc123 data:"yes"
process action:poll sessionId:abc123
process action:kill sessionId:abc123
5. Workflow pattern — Spawn → Monitor → Collect
5.1 Step 1: spawn background
bash workdir:~/project background:true \
command:"claude --permission-mode bypassPermissions --print 'add email validation to login form'"
Returns: sessionId: s-a7f92c
5.2 Step 2: monitor progress
process action:log sessionId:s-a7f92c
Check what files are being edited, whether any errors surfaced.
5.3 Step 3: inject input if needed
With --permission-mode bypassPermissions --print, approval prompts are skipped, so input injection is rare. Differs from Codex.
If an external command (e.g., git push) asks for confirmation:
process action:submit sessionId:s-a7f92c data:"y"
5.4 Step 4: collect results, reply to channel
process action:log sessionId:s-a7f92c
Agent summarizes and posts back.
5.5 Keep the user informed
Per the official rule:
"When you spawn coding agents in the background, keep the user in the loop" with brief status updates on milestones, questions, errors, and completion.
Long silence breaks the UX.
6. The 8 official rules
The coding-agent SKILL mandates:
- Execution mode matching — Codex/Pi/OpenCode use
pty:true; Claude Code uses--print --permission-mode bypassPermissions. - Respect tool choice — if the user asked for Codex, use Codex. Don't hand-code patches instead of delegating.
- Session patience — don't kill sessions prematurely just because they feel slow.
- Monitor with
process:log— observe, don't interfere. --full-autovs vanilla — use--full-autofor building (auto-approves); vanilla for review work.- Parallel allowed — multiple background agents for batch work is fine.
- State directory off-limits — "NEVER start Codex inside your OpenClaw state directory" (risks polluting org context).
- Protect live instance — "NEVER checkout branches in ~/Projects/openclaw/" (the active production instance).
7. End-to-end example — Discord → code edit
7.1 User message (Discord)
@ClawBot add rate limiting to src/auth/login.ts.
Use Claude Code.
7.2 What the agent infers
- User said "Use Claude Code" → use Claude Code path
- Task may take a while → background
- workdir = project root
7.3 Actual call
bash workdir:~/Projects/my-app background:true \
command:"claude --permission-mode bypassPermissions --print \
'add rate limiting to src/auth/login.ts. add tests. show diff after 100% pass.'"
Returns: sessionId: s-38df2e
7.4 Channel ack
@user Started. Claude Code session s-38df2e.
Status updates every 2 minutes.
7.5 Monitoring loop (agent internal)
Every 2 minutes:
process action:log sessionId:s-38df2e
If output shows "Adding rate-limit middleware...", summarize to channel:
@user Progress: rate-limit middleware added, writing 4 tests now
7.6 On completion
@user Done. Change summary:
- src/auth/login.ts: +18 -3
- src/auth/rate-limit.ts: new (42 lines)
- tests/auth/rate-limit.test.ts: new (5 tests, all PASS)
Attach the diff here?
8. Security — what this bridge opens
This pipeline lets a messenger user run Claude Code on the host. Implications:
--permission-mode bypassPermissionsskips every permission prompt. Whatever the agent approves runs.- Default OpenClaw:
mainsession = host full access. - Inbound messenger traffic = prompt injection surface.
Minimum defense line:
8.1 Force sandbox.mode: "non-main"
{
agents: {
defaults: {
sandbox: { mode: "non-main" }
}
}
}
8.2 DM Policy "allowlist"
{
channels: {
discord: {
dmPolicy: "allowlist",
allowFrom: ["discord:<YOUR_ID>"]
}
}
}
No arbitrary user can send coding commands.
8.3 Block dangerous operations in Claude Code hooks
Install Claude Code hooks that block rm -rf, git push --force, etc., at PreToolUse. A defense layer the bridge cannot bypass.
8.4 Respect the coding-agent off-limits paths
Rules 7 & 8: don't start Codex in the OpenClaw state dir; don't checkout branches in the live openclaw directory. Apply the same to Claude Code calls — always set workdir to the intended project root.
9. Alternatives — when the bridge is overkill
- Solo local work → Just use Claude Code in a terminal. The bridge is over-engineering.
- You only need simple scripts → OpenClaw's own bash tool is enough; no need to pass through Claude Code.
- MCP already covers your workflow → Call MCP from inside Claude Code. No OpenClaw layer needed.
- Team-shared codebases →
bypassPermissionsis risky for audit-heavy teams. Use Claude Code plan mode for human final approval instead.
10. Debugging — when the bridge doesn't work
10.1 Verify Claude Code binary path
The shell OpenClaw uses must see claude.
which claude
If missing, it's a PATH issue. The PATH in launchd/systemd user service often differs from interactive shells.
Linux systemd user service:
[Service]
Environment="PATH=/usr/local/bin:/home/myuser/.local/bin:/usr/bin"
macOS launchd plist:
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/usr/local/bin:/Users/myuser/.local/bin:/usr/bin</string>
</dict>
10.2 Check Claude Code auth
claude auth status --text
If the token expired, background runs will hang on the login prompt (not visible to the user).
10.3 Track session IDs
Use process action:list to watch live sessions. Kill stale ones.
10.4 OpenClaw doctor
openclaw doctor
Confirms the coding-agent skill is loaded and tool access works.
11. Honest limitations
- No PTY: interactive Claude Code features (slash-command sessions, confirmation dialogs) aren't available through the bridge.
--printis one-shot. - Large stdout accumulation: big diffs/logs on stdout load the agent's context. Save to file and send the path instead.
- No interactive approvals: running Claude Code without
bypassPermissionshangs on the first prompt. That's why the docs mandatebypassPermissions. - Cost: the bridge bills both OpenClaw agent + Claude Code tokens. For short questions, calling Claude Code directly is cheaper.
12. Expansion ideas
Once the basic bridge works:
- Batch execution: fan out across files, call Claude Code in parallel. Aligns with rule #6.
- Scheduled triggers: OpenClaw's
cronsection — every morning have Claude Code summarize the changelog and post to Discord. - Review bot: GitHub webhook → OpenClaw hook → Claude Code
/review→ PR comment. - Layered with Claude Code hooks: Claude Code hooks inside the bridged session add a second enforcement layer.
13. Counter-scenarios — when the bridge isn't a fit
- Security-sensitive corporate messengers → messenger → host-command pipelines may violate policy.
- Directly piping user input as commands → prompt-injection vector. The agent must re-interpret input at least once.
- You need agents beyond Claude Code → coding-agent supports Codex / Pi / OpenCode. Don't fix on Claude Code only.
- Fast reply to short questions → background + 2-min polling is overkill. Use
--printforeground synchronously.
14. What's next
OpenClaw part ends here. Next up: Hermes Agent.
- Hermes Agent install complete guide + first SOUL.md (coming soon)
- OpenClaw production ops — 24/7 operations environment.
- Claude Code hooks complete guide — bridge defense layer.
References
- coding-agent SKILL (official)
- openclaw/openclaw GitHub
- Claude Code CLI reference —
--permission-mode,--printdetails - OpenClaw Gateway Configuration
This is post 11/15 in the "AI Coding CLI Entry Guide" series. OpenClaw part ends here; the next post starts the Hermes Agent part.
last verified: 2026-04-25 (per openclaw/openclaw/skills/coding-agent/SKILL.md + Claude Code official CLI docs).
Series overview: Series index
๋๊ธ
๋๊ธ ์ฐ๊ธฐ