zeroclaw
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseZeroClaw — Complete Reference Skill
ZeroClaw — 完整参考指南
Comprehensive operational knowledge for ZeroClaw, the fast, small, fully autonomous AI assistant infrastructure built in Rust. Source: https://github.com/zeroclaw-labs/zeroclaw | Version: 0.1.0 | Last updated: 2026-02-18
这是关于ZeroClaw的全面运维知识,ZeroClaw是一款基于Rust构建的快速、轻量、完全自主的AI助手基础设施。 来源:https://github.com/zeroclaw-labs/zeroclaw | 版本:0.1.0 | 最后更新:2026-02-18
What Is ZeroClaw
什么是ZeroClaw
- Language: 100% Rust, single binary (~3.4-8.8MB release)
- Memory: <5MB RAM at runtime
- Startup: <10ms cold start
- Platforms: ARM, x86, RISC-V — runs on $10 hardware
- Architecture: Trait-driven, everything is swappable (providers, channels, tools, memory, tunnels, security)
- Config: (TOML format)
~/.zeroclaw/config.toml - Workspace: (SOUL.md, AGENTS.md, IDENTITY.md, USER.md, MEMORY.md, TOOLS.md, HEARTBEAT.md, BOOTSTRAP.md)
~/.zeroclaw/workspace/ - Identity: ZeroClaw introduces itself as ZeroClaw, never as ChatGPT/Claude/etc.
- 开发语言: 100% Rust,单二进制文件(发布版约3.4-8.8MB)
- 内存占用: 运行时内存<5MB
- 启动速度: 冷启动<10ms
- 支持平台: ARM、x86、RISC-V — 可在10美元级硬件上运行
- 架构: 基于Trait驱动,所有组件均可替换(提供商、渠道、工具、内存、隧道、安全模块)
- 配置文件: (TOML格式)
~/.zeroclaw/config.toml - 工作区: (包含SOUL.md、AGENTS.md、IDENTITY.md、USER.md、MEMORY.md、TOOLS.md、HEARTBEAT.md、BOOTSTRAP.md)
~/.zeroclaw/workspace/ - 身份标识: ZeroClaw会以ZeroClaw的身份自我介绍,绝不会自称ChatGPT/Claude等。
Installation
安装
bash
undefinedbash
undefinedOption A: Clone + build
选项A:克隆并构建
git clone https://github.com/zeroclaw-labs/zeroclaw.git
cd zeroclaw && ./bootstrap.sh
git clone https://github.com/zeroclaw-labs/zeroclaw.git
cd zeroclaw && ./bootstrap.sh
Option B: Remote one-liner
选项B:远程一键安装
Fresh machine (install Rust + system deps)
全新机器环境(安装Rust及系统依赖)
./bootstrap.sh --install-system-deps --install-rust
./bootstrap.sh --install-system-deps --install-rust
Quick onboard after install
安装后快速初始化
zeroclaw onboard --api-key "your-api-key" --provider openrouter
---zeroclaw onboard --api-key "your-api-key" --provider openrouter
---CLI Reference (All Commands)
CLI参考(所有命令)
Top-Level
顶级命令
| Command | Purpose |
|---|---|
| Initialize workspace/config (quick setup) |
| Full interactive wizard |
| Reconfigure channels only |
| Interactive AI chat |
| Single message mode |
| Override provider/model |
| Attach hardware peripheral |
| Start webhook/websocket gateway |
| Full autonomous runtime (gateway + channels + heartbeat + scheduler) |
| Show full system status |
| Run diagnostics |
| List 30 supported AI providers |
| 命令 | 用途 |
|---|---|
| 初始化工作区/配置(快速设置) |
| 完整交互式向导 |
| 仅重新配置交互渠道 |
| 交互式AI聊天 |
| 单消息模式 |
| 覆盖默认提供商/模型 |
| 连接硬件外设 |
| 启动webhook/websocket网关 |
| 完整自主运行时(网关+渠道+心跳+调度器) |
| 显示系统完整状态 |
| 运行诊断工具 |
| 列出30个支持的AI提供商 |
Service Management (launchd/systemd)
服务管理(launchd/systemd)
bash
zeroclaw service install # Install for auto-start
zeroclaw service start # Start service
zeroclaw service stop # Stop service
zeroclaw service status # Check status
zeroclaw service uninstall # Remove servicebash
zeroclaw service install # 安装为开机自启服务
zeroclaw service start # 启动服务
zeroclaw service stop # 停止服务
zeroclaw service status # 检查服务状态
zeroclaw service uninstall # 卸载服务Channel Management
渠道管理
bash
zeroclaw channel list # List all channels + status
zeroclaw channel start # Start all configured channels
zeroclaw channel doctor # Health check channels
zeroclaw channel add <type> <json> # Add channel (type + JSON config)
zeroclaw channel remove <name> # Remove channel
zeroclaw channel bind-telegram <IDENTITY> # Add Telegram user to allowlistNote: is not a full config mutator yet — prefer editing directly or using .
channel add/remove~/.zeroclaw/config.tomlzeroclaw onboardbash
zeroclaw channel list # 列出所有渠道及状态
zeroclaw channel start # 启动所有已配置渠道
zeroclaw channel doctor # 渠道健康检查
zeroclaw channel add <type> <json> # 添加渠道(类型+JSON配置)
zeroclaw channel remove <name> # 删除渠道
zeroclaw channel bind-telegram <IDENTITY> # 将Telegram用户添加至白名单注意: 目前并非完整的配置修改器 — 建议直接编辑 或使用 进行配置。
channel add/remove~/.zeroclaw/config.tomlzeroclaw onboardCron / Scheduling
定时任务 / 调度
bash
zeroclaw cron list # List tasks
zeroclaw cron add "<cron-expr>" "<command>" # Add recurring task
zeroclaw cron add --tz America/New_York "..." # With timezone
zeroclaw cron add-at <rfc3339> "<command>" # One-shot at timestamp
zeroclaw cron add-every <ms> "<command>" # Fixed interval
zeroclaw cron once <delay> "<command>" # One-shot delayed (e.g. "30m", "2h")
zeroclaw cron remove <id>
zeroclaw cron pause <id>
zeroclaw cron resume <id>bash
zeroclaw cron list # 列出所有任务
zeroclaw cron add "<cron-expr>" "<command>" # 添加周期性任务
zeroclaw cron add --tz America/New_York "..." # 指定时区添加任务
zeroclaw cron add-at <rfc3339> "<command>" # 在指定时间执行一次性任务
zeroclaw cron add-every <ms> "<command>" # 按固定间隔执行任务
zeroclaw cron once <delay> "<command>" # 延迟执行一次性任务(例如 "30m"、"2h")
zeroclaw cron remove <id>
zeroclaw cron pause <id>
zeroclaw cron resume <id>Models & Providers
模型与提供商
bash
zeroclaw providers # List all 30 providers
zeroclaw models refresh # Refresh model catalogs
zeroclaw models refresh --provider <ID> # Refresh specific provider
zeroclaw models refresh --force # Force refreshbash
zeroclaw providers # 列出所有30个提供商
zeroclaw models refresh # 刷新模型目录
zeroclaw models refresh --provider <ID> # 刷新指定提供商的模型
zeroclaw models refresh --force # 强制刷新模型Skills
技能扩展
bash
zeroclaw skills list # List installed skills
zeroclaw skills install <source> # Install from GitHub URL or local path
zeroclaw skills remove <name> # Remove skillbash
zeroclaw skills list # 列出已安装的技能
zeroclaw skills install <source> # 从GitHub URL或本地路径安装技能
zeroclaw skills remove <name> # 删除技能Integrations
集成功能
bash
zeroclaw integrations info <name> # Show integration detailsbash
zeroclaw integrations info <name> # 显示集成详情Examples: Telegram, Discord, Slack, iMessage, Matrix, Signal, WhatsApp, Email, DingTalk, Ollama
示例:Telegram、Discord、Slack、iMessage、Matrix、Signal、WhatsApp、Email、DingTalk、Ollama
undefinedundefinedAuth
身份认证
bash
zeroclaw auth login --provider <ID> # OAuth login (e.g. openai-codex)
zeroclaw auth login --provider <ID> --device-code # Device code flow
zeroclaw auth paste-token # Paste auth token (Anthropic)
zeroclaw auth setup-token # Alias for paste-token
zeroclaw auth refresh # Refresh OAuth token
zeroclaw auth logout # Remove auth profile
zeroclaw auth use --provider <ID> # Set active profile
zeroclaw auth list # List profiles
zeroclaw auth status # Show token expiry infobash
zeroclaw auth login --provider <ID> # OAuth登录(例如openai-codex)
zeroclaw auth login --provider <ID> --device-code # 设备码登录流程
zeroclaw auth paste-token # 粘贴认证令牌(Anthropic)
zeroclaw auth setup-token # paste-token的别名
zeroclaw auth refresh # 刷新OAuth令牌
zeroclaw auth logout # 删除认证配置文件
zeroclaw auth use --provider <ID> # 设置活跃认证配置
zeroclaw auth list # 列出所有认证配置
zeroclaw auth status # 显示令牌过期信息Hardware & Peripherals
硬件与外设
bash
zeroclaw hardware discover # Enumerate USB devices (VID/PID)
zeroclaw hardware introspect <path> # Introspect device
zeroclaw hardware info [--chip <name>] # Chip info via probe-rs
zeroclaw peripheral list # List configured boards
zeroclaw peripheral add <board> <path> # Add board (e.g. nucleo-f401re /dev/ttyACM0)
zeroclaw peripheral flash [--port <port>] # Flash Arduino firmware
zeroclaw peripheral setup-uno-q # Setup Arduino Uno Q Bridge
zeroclaw peripheral flash-nucleo # Flash Nucleo-F401RE firmwarebash
zeroclaw hardware discover # 枚举USB设备(VID/PID)
zeroclaw hardware introspect <path> # 检测设备详情
zeroclaw hardware info [--chip <name>] # 通过probe-rs获取芯片信息
zeroclaw peripheral list # 列出已配置的开发板
zeroclaw peripheral add <board> <path> # 添加开发板(例如nucleo-f401re /dev/ttyACM0)
zeroclaw peripheral flash [--port <port>] # 刷入Arduino固件
zeroclaw peripheral setup-uno-q # 配置Arduino Uno Q桥接器
zeroclaw peripheral flash-nucleo # 刷入Nucleo-F401RE固件Migration
迁移工具
bash
zeroclaw migrate openclaw [--source <path>] [--dry-run] # Import from OpenClawbash
zeroclaw migrate openclaw [--source <path>] [--dry-run] # 从OpenClaw导入数据Supported Providers (30 total)
支持的提供商(共30个)
| ID | Description |
|---|---|
| OpenRouter (default) |
| Anthropic |
| OpenAI |
| OpenAI Codex (OAuth) |
| Ollama [local] |
| Google Gemini |
| Venice |
| Vercel AI Gateway |
| Cloudflare AI |
| Moonshot / Kimi |
| OpenCode Zen |
| Z.AI |
| GLM (Zhipu) |
| MiniMax |
| Amazon Bedrock |
| Qianfan (Baidu) |
| Qwen (DashScope) |
| Groq |
| Mistral |
| xAI (Grok) |
| DeepSeek |
| Together AI |
| Fireworks AI |
| Perplexity |
| Cohere |
| GitHub Copilot |
| LM Studio [local] |
| NVIDIA NIM |
| OVHcloud AI Endpoints |
| Any OpenAI-compatible endpoint |
| Any Anthropic-compatible endpoint |
| ID | 描述 |
|---|---|
| OpenRouter(默认) |
| Anthropic |
| OpenAI |
| OpenAI Codex(OAuth) |
| Ollama [本地] |
| Google Gemini |
| Venice |
| Vercel AI Gateway |
| Cloudflare AI |
| Moonshot / Kimi |
| OpenCode Zen |
| Z.AI |
| GLM(智谱) |
| MiniMax |
| Amazon Bedrock |
| 千帆(百度) |
| 通义千问(DashScope) |
| Groq |
| Mistral |
| xAI(Grok) |
| DeepSeek |
| Together AI |
| Fireworks AI |
| Perplexity |
| Cohere |
| GitHub Copilot |
| LM Studio [本地] |
| NVIDIA NIM |
| OVHcloud AI Endpoints |
| 任何兼容OpenAI的端点 |
| 任何兼容Anthropic的端点 |
Custom Provider Setup
自定义提供商配置
toml
undefinedtoml
undefinedOpenAI-compatible
兼容OpenAI的提供商
default_provider = "custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
default_provider = "custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
Anthropic-compatible
兼容Anthropic的提供商
default_provider = "anthropic-custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
---default_provider = "anthropic-custom:https://your-api.com"
api_key = "your-api-key"
default_model = "your-model"
---Channels (14 supported)
交互渠道(支持14种)
Channel Matrix
渠道矩阵
| Channel | Config Section | Access Control Field | Setup |
|---|---|---|---|
| CLI | always enabled | n/a | Built-in |
| Telegram | | | |
| Discord | | | |
| Slack | | | |
| Mattermost | | | Manual config |
| Webhook | | | Manual / onboard |
| iMessage | | | macOS only |
| Matrix | | | |
| Signal | | | Manual config |
| | | |
| | Manual config | |
| IRC | | | |
| Lark | | | Manual config |
| DingTalk | | | |
| 渠道 | 配置节 | 访问控制字段 | 设置方式 |
|---|---|---|---|
| CLI | 始终启用 | 无 | 内置 |
| Telegram | | | |
| Discord | | | |
| Slack | | | |
| Mattermost | | | 手动配置 |
| Webhook | | | 手动/向导配置 |
| iMessage | | | 仅支持macOS |
| Matrix | | | |
| Signal | | | 手动配置 |
| | | |
| | 手动配置 | |
| IRC | | | |
| Lark | | | 手动配置 |
| DingTalk | | | |
Deny-by-Default Allowlist Rules
默认拒绝的白名单规则
- (empty) = deny all
[] - = allow all (not recommended for production)
["*"] - = exact match only
["123456789", "username"]
- (空数组)= 拒绝所有
[] - = 允许所有(生产环境不推荐)
["*"] - = 仅精确匹配指定用户
["123456789", "username"]
Telegram Setup
Telegram配置
toml
[channels_config.telegram]
bot_token = "your-bot-token"
allowed_users = []bash
undefinedtoml
[channels_config.telegram]
bot_token = "your-bot-token"
allowed_users = []bash
undefined1. Get bot token from @BotFather on Telegram
1. 在Telegram的@BotFather处获取bot令牌
2. Add config above to ~/.zeroclaw/config.toml
2. 将上述配置添加到~/.zeroclaw/config.toml
3. Bind your user:
3. 绑定你的用户:
zeroclaw channel bind-telegram <USER_ID_OR_USERNAME>
zeroclaw channel bind-telegram <USER_ID_OR_USERNAME>
4. Start:
4. 启动服务:
zeroclaw daemon
**Important:** Telegram uses long-polling — no inbound port or public IP required. Only one poller per bot token allowed (don't run multiple daemons).zeroclaw daemon
**重要提示:** Telegram使用长轮询机制 — 无需入站端口或公网IP。每个bot令牌仅允许一个轮询器(不要运行多个daemon进程)。Discord Setup
Discord配置
- Go to https://discord.com/developers/applications
- Create app, enable Bot, copy token
- Enable MESSAGE CONTENT intent
- Run
zeroclaw onboard
- 访问https://discord.com/developers/applications
- 创建应用,启用Bot功能,复制令牌
- 启用MESSAGE CONTENT权限
- 运行
zeroclaw onboard
Slack Setup
Slack配置
- Go to https://api.slack.com/apps
- Create app, add Bot Token Scopes, install
- Run
zeroclaw onboard
- 访问https://api.slack.com/apps
- 创建应用,添加Bot令牌权限,完成安装
- 运行
zeroclaw onboard
Mattermost Setup
Mattermost配置
toml
[channels_config.mattermost]
url = "https://mm.your-domain.com"
bot_token = "your-bot-access-token"
channel_id = "your-channel-id"
allowed_users = ["user-id-1"]
thread_replies = true
mention_only = truetoml
[channels_config.mattermost]
url = "https://mm.your-domain.com"
bot_token = "your-bot-access-token"
channel_id = "your-channel-id"
allowed_users = ["user-id-1"]
thread_replies = true
mention_only = trueWhatsApp Setup
WhatsApp配置
toml
[channels_config.whatsapp]
access_token = "your-access-token"
phone_number_id = "your-phone-number-id"
verify_token = "your-verify-token"
allowed_numbers = ["+1234567890"]WhatsApp requires a public URL (webhook) — use a tunnel (Tailscale/ngrok/Cloudflare).
toml
[channels_config.whatsapp]
access_token = "your-access-token"
phone_number_id = "your-phone-number-id"
verify_token = "your-verify-token"
allowed_numbers = ["+1234567890"]WhatsApp需要公网URL(webhook)— 可使用隧道工具(Tailscale/ngrok/Cloudflare)。
Signal Setup
Signal配置
toml
[channels_config.signal]
http_url = "http://127.0.0.1:8686"
account = "+1234567890"
allowed_from = ["+1987654321"]
ignore_attachments = true
ignore_stories = truetoml
[channels_config.signal]
http_url = "http://127.0.0.1:8686"
account = "+1234567890"
allowed_from = ["+1987654321"]
ignore_attachments = true
ignore_stories = trueLark Setup
Lark配置
toml
[channels_config.lark]
app_id = "your-app-id"
app_secret = "your-app-secret"
allowed_users = ["your-user-id"]
receive_mode = "websocket" # or "webhook"toml
[channels_config.lark]
app_id = "your-app-id"
app_secret = "your-app-secret"
allowed_users = ["your-user-id"]
receive_mode = "websocket" # 或 "webhook"In-Chat Commands (Telegram/Discord)
聊天内命令(Telegram/Discord)
While channel server is running, users can execute:
- — show available providers
/models - — switch provider (sender-scoped)
/models <provider> - — show current model
/model - — switch model (sender-scoped)
/model <model-id>
Switching clears that sender's conversation history to avoid cross-model contamination.
渠道服务器运行时,用户可执行以下命令:
- — 显示可用提供商
/models - — 切换提供商(仅对当前发送者生效)
/models <provider> - — 显示当前使用的模型
/model - — 切换模型(仅对当前发送者生效)
/model <model-id>
切换模型会清除该发送者的对话历史,避免跨模型污染。
Config Reference (~/.zeroclaw/config.toml
)
~/.zeroclaw/config.toml配置参考(~/.zeroclaw/config.toml
)
~/.zeroclaw/config.tomlCore
核心配置
| Key | Default | Notes |
|---|---|---|
| | Provider ID or alias |
| | Model routed through provider |
| | 0.0-2.0 |
| 键 | 默认值 | 说明 |
|---|---|---|
| | 提供商ID或别名 |
| | 通过提供商路由的模型 |
| | 取值范围0.0-2.0 |
Gateway
网关配置
| Key | Default | Purpose |
|---|---|---|
| | Bind address |
| | Listen port |
| | Require pairing for auth |
| | Block accidental public exposure |
| 键 | 默认值 | 用途 |
|---|---|---|
| | 绑定地址 |
| | 监听端口 |
| | 要求配对认证 |
| | 阻止意外公网暴露 |
Memory
内存配置
| Key | Default | Purpose |
|---|---|---|
| | |
| | Auto-persist |
| | |
| | Hybrid search vector weight |
| | Hybrid search keyword weight |
| 键 | 默认值 | 用途 |
|---|---|---|
| | 可选值: |
| | 自动持久化 |
| | 可选值: |
| | 混合搜索的向量权重 |
| | 混合搜索的关键词权重 |
Autonomy / Security
自主性 / 安全配置
| Key | Default | Purpose |
|---|---|---|
| | |
| | Restrict to workspace |
| | Whitelisted commands |
| | Rate limit |
| | Cost cap |
| 键 | 默认值 | 用途 |
|---|---|---|
| | 可选值: |
| | 限制访问工作区 |
| | 白名单命令 |
| | 速率限制 |
| | 每日成本上限(单位:美分) |
Agent
Agent配置
| Key | Default |
|---|---|
| |
| |
| |
| 键 | 默认值 |
|---|---|
| |
| |
| |
Browser Control
浏览器控制配置
| Key | Default | Purpose |
|---|---|---|
| | Enable browser tools |
| | Domain allowlist ( |
| | |
| | Headless mode for rust_native backend |
| | WebDriver endpoint for rust_native |
| (auto) | Optional explicit Chrome binary path |
| | Computer-use sidecar endpoint |
| | Per-action timeout |
| | Only allow localhost sidecar |
| 键 | 默认值 | 用途 |
|---|---|---|
| | 启用浏览器工具 |
| | 域名白名单( |
| | 可选值: |
| | rust_native后端的无头模式 |
| | rust_native后端的WebDriver端点 |
| 自动检测 | 可选的Chrome二进制文件路径 |
| | Computer-use侧车服务器端点 |
| | 每个操作的超时时间 |
| | 仅允许本地侧车端点 |
HTTP Requests
HTTP请求配置
| Key | Default | Purpose |
|---|---|---|
| | Enable HTTP request tool |
| | Domain allowlist ( |
| | Max response bytes (0 = unlimited) |
| | Request timeout (0 = unlimited) |
| 键 | 默认值 | 用途 |
|---|---|---|
| | 启用HTTP请求工具 |
| | 域名白名单( |
| | 最大响应字节数(0表示无限制) |
| | 请求超时时间(0表示无限制) |
Other Notable Sections
其他重要配置节
- — native or docker sandbox
[runtime] - — provider retries, backoff, fallback
[reliability] - — task scheduling (max 64 tasks, 4 concurrent)
[scheduler] - — periodic check-ins (disabled by default)
[heartbeat] - — cron scheduling
[cron] - — provider:
[tunnel],none,tailscale,ngrokcloudflare - — Composio integration (250+ app integrations)
[composio] - — encrypted secrets
[secrets] - — DuckDuckGo by default
[web_search] - — HTTP proxy support
[proxy] - — daily/monthly limits, per-model pricing
[cost] - — hardware boards
[peripherals]
- — 原生或Docker沙箱
[runtime] - — 提供商重试、退避、降级策略
[reliability] - — 任务调度(最多64个任务,4个并发)
[scheduler] - — 周期性检查(默认禁用)
[heartbeat] - — 定时任务调度
[cron] - — 隧道提供商:
[tunnel]、none、tailscale、ngrokcloudflare - — Composio集成(支持250+应用)
[composio] - — 加密密钥存储
[secrets] - — 默认使用DuckDuckGo
[web_search] - — HTTP代理支持
[proxy] - — 每日/每月限额、按模型定价
[cost] - — 硬件开发板配置
[peripherals]
Browser Control Setup
浏览器控制设置
Browser Backends
浏览器后端
| Backend | Mechanism | Runtime Requirement | Build Requirement |
|---|---|---|---|
| Calls Vercel's | | None (default build) |
| In-process WebDriver via fantoccini | ChromeDriver running | |
| HTTP POST to sidecar for OS-level mouse/keyboard/screen | Computer-use sidecar server | None |
| Auto-detects best available backend | Depends on what's installed | None |
| 后端 | 实现机制 | 运行时要求 | 构建要求 |
|---|---|---|---|
| 调用Vercel的 | | 无(默认构建包含) |
| 通过fantoccini进程内调用WebDriver | ChromeDriver需运行 | |
| 通过HTTP POST请求侧车服务实现系统级鼠标/键盘/屏幕控制 | 需运行Computer-use侧车服务器 | 无 |
| 自动检测最佳可用后端 | 取决于已安装的组件 | 无 |
Recommended Setup: agent_browser
with Visible Chrome Window
agent_browser推荐配置:agent_browser
+ 可见Chrome窗口
agent_browserThis gives you a visible Chrome window that pops up on your desktop (like OpenClaw) — you can watch the AI browse, log into sites, and the profile persists cookies/sessions.
这种配置会在桌面弹出可见的Chrome窗口(类似OpenClaw)— 你可以观察AI浏览网页、登录站点,且配置文件会持久化Cookie和会话。
Step 1: Install agent-browser
步骤1:安装agent-browser
bash
npm install -g agent-browserbash
npm install -g agent-browserVerify:
验证安装:
agent-browser --version
undefinedagent-browser --version
undefinedStep 2: Configure agent-browser for headed mode
步骤2:配置agent-browser为可视模式
Create :
~/.agent-browser/config.jsonjson
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}CRITICAL: The is required for headed (visible) mode. By default, agent-browser uses Playwright's bundled Chromium () which ignores the flag and always runs headless. Pointing to your real Google Chrome install fixes this.
executablePath~/Library/Caches/ms-playwright/chromium-*/headedCommon Chrome paths:
- macOS:
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome - Linux: or
/usr/bin/google-chrome/usr/bin/chromium - Windows:
C:\Program Files\Google\Chrome\Application\chrome.exe
The path gives you persistent cookies/logins across sessions.
profile创建:
~/.agent-browser/config.jsonjson
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}关键提示: 是启用可视模式的必要配置。默认情况下,agent-browser使用Playwright捆绑的Chromium(),它会忽略标志并始终以无头模式运行。指向你本地安装的Google Chrome可修复此问题。
executablePath~/Library/Caches/ms-playwright/chromium-*/headed常见Chrome路径:
- macOS:
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome - Linux: 或
/usr/bin/google-chrome/usr/bin/chromium - Windows:
C:\Program Files\Google\Chrome\Application\chrome.exe
profileStep 3: Configure ZeroClaw
步骤3:配置ZeroClaw
In :
~/.zeroclaw/config.tomltoml
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"在中添加:
~/.zeroclaw/config.tomltoml
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"Step 4: Start daemon with headed env var (belt and suspenders)
步骤4:使用可视环境变量启动daemon
bash
AGENT_BROWSER_HEADED=true zeroclaw daemonOr for service install, export the env var in your shell profile first.
bash
AGENT_BROWSER_HEADED=true zeroclaw daemon如果是作为服务安装,可先在shell配置文件中导出该环境变量。
agent-browser CLI Reference
agent-browser CLI参考
bash
agent-browser open <url> # Navigate to URL
agent-browser click <selector> # Click element
agent-browser type <sel> <text> # Type into element
agent-browser fill <sel> <text> # Clear and fill
agent-browser screenshot [path] # Take screenshot
agent-browser snapshot # Accessibility tree with @refs (for AI)
agent-browser eval <js> # Run JavaScript
agent-browser close # Close browser
agent-browser --headed open <url> # Force visible window
agent-browser --session <name> ... # Isolated session
agent-browser --profile <path> ... # Persistent browser profilebash
agent-browser open <url> # 导航至指定URL
agent-browser click <selector> # 点击元素
agent-browser type <sel> <text> # 在元素中输入文本
agent-browser fill <sel> <text> # 清空并填充元素
agent-browser screenshot [path] # 截图
agent-browser snapshot # 获取可访问性树(供AI使用)
agent-browser eval <js> # 运行JavaScript
agent-browser close # 关闭浏览器
agent-browser --headed open <url> # 强制启用可视窗口
agent-browser --session <name> ... # 隔离会话
agent-browser --profile <path> ... # 持久化浏览器配置文件agent-browser Environment Variables
agent-browser环境变量
| Var | Purpose |
|---|---|
| Show browser window (not headless) |
| Session name |
| Auto-save/restore state persistence |
| Persistent browser profile path |
| Custom browser binary |
| Proxy server URL |
| Path to config file |
| Auto-discover running Chrome |
| WebSocket streaming port |
| 变量 | 用途 |
|---|---|
| 显示浏览器窗口(非无头模式) |
| 会话名称 |
| 自动保存/恢复状态 |
| 持久化浏览器配置文件路径 |
| 自定义浏览器二进制文件路径 |
| 代理服务器URL |
| 配置文件路径 |
| 自动发现运行中的Chrome |
| WebSocket流端口 |
Browser Security Model
浏览器安全模型
- All URLs pass through which enforces
validate_url()allowed_domains - scheme is blocked (prevents local file exfiltration)
file:// - Private/reserved IP ranges are rejected
- For : coordinate validation, endpoint must be localhost unless
computer_useallow_remote_endpoint = true
- 所有URL都会通过验证,确保符合
validate_url()规则allowed_domains - 阻止协议(防止本地文件泄露)
file:// - 拒绝私有/保留IP范围
- 对于:会进行协同验证,除非
computer_use,否则仅允许本地端点allow_remote_endpoint = true
Troubleshooting Browser
浏览器故障排除
| Problem | Solution |
|---|---|
| Browser opens but invisible (headless) | Set |
| "domain not in allowed list" | Set |
| agent-browser not found | |
| Browser closes immediately | Check |
| Stale session | |
| 问题 | 解决方案 |
|---|---|
| 浏览器打开但不可见(无头模式) | 在 |
| "domain not in allowed list" | 在ZeroClaw配置中设置 |
| agent-browser未找到 | 执行 |
| 浏览器立即关闭 | 检查 |
| 会话过期 | 执行 |
Full Autonomy Setup (Max Power Mode)
完全自主模式设置(最大权限)
To unlock all capabilities and remove all restrictions:
要解锁所有功能并移除所有限制,请按以下配置设置:
Config (~/.zeroclaw/config.toml
)
~/.zeroclaw/config.toml配置文件(~/.zeroclaw/config.toml
)
~/.zeroclaw/config.tomltoml
[autonomy]
level = "full"
workspace_only = false
allowed_commands = ["*"]
forbidden_paths = []
max_actions_per_hour = 200
max_cost_per_day_cents = 5000
require_approval_for_medium_risk = false
block_high_risk_commands = false
auto_approve = [
"shell",
"file_read",
"file_write",
"memory_store",
"memory_recall",
"memory_forget",
]
always_ask = []
[agent]
compact_context = false
max_tool_iterations = 50
max_history_messages = 200
parallel_tools = true
tool_dispatcher = "auto"
[scheduler]
enabled = true
max_tasks = 128
max_concurrent = 8
[heartbeat]
enabled = true
interval_minutes = 30
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"
[http_request]
enabled = true
allowed_domains = ["*"]
max_response_size = 10485760
timeout_secs = 30
[composio]
enabled = true
entity_id = "default"
[web_search]
enabled = true
provider = "duckduckgo"
max_results = 5
timeout_secs = 15toml
[autonomy]
level = "full"
workspace_only = false
allowed_commands = ["*"]
forbidden_paths = []
max_actions_per_hour = 200
max_cost_per_day_cents = 5000
require_approval_for_medium_risk = false
block_high_risk_commands = false
auto_approve = [
"shell",
"file_read",
"file_write",
"memory_store",
"memory_recall",
"memory_forget",
]
always_ask = []
[agent]
compact_context = false
max_tool_iterations = 50
max_history_messages = 200
parallel_tools = true
tool_dispatcher = "auto"
[scheduler]
enabled = true
max_tasks = 128
max_concurrent = 8
[heartbeat]
enabled = true
interval_minutes = 30
[browser]
enabled = true
allowed_domains = ["*"]
backend = "agent_browser"
[http_request]
enabled = true
allowed_domains = ["*"]
max_response_size = 10485760
timeout_secs = 30
[composio]
enabled = true
entity_id = "default"
[web_search]
enabled = true
provider = "duckduckgo"
max_results = 5
timeout_secs = 15External Dependencies for Full Power
完全自主模式的外部依赖
bash
undefinedbash
undefinedBrowser control (visible Chrome window)
浏览器控制(可视Chrome窗口)
npm install -g agent-browser
npm install -g agent-browser
agent-browser config (~/.agent-browser/config.json)
agent-browser配置(~/.agent-browser/config.json)
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}
{
"headed": true,
"profile": "~/.agent-browser/profile",
"executablePath": "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
}
Start daemon with headed browser
启动带可视浏览器的daemon
AGENT_BROWSER_HEADED=true zeroclaw daemon
undefinedAGENT_BROWSER_HEADED=true zeroclaw daemon
undefinedWhat Each Setting Unlocks
各配置项解锁的功能
| Setting | What it does |
|---|---|
| No approval needed for any action |
| Can access files anywhere on system |
| Can run any shell command |
| No path restrictions |
| Destructive commands allowed |
| All tools run without confirmation |
| 5x more tool calls per task |
| Run multiple tools simultaneously |
| Browser automation active |
| Can browse any website |
| Can make HTTP requests to any domain |
| 250+ app integrations (Gmail, Calendar, GitHub, etc.) |
| Proactive background checks every 30 min |
| 8 parallel scheduled tasks |
| 配置项 | 功能说明 |
|---|---|
| 任何操作无需审批 |
| 可访问系统内所有文件 |
| 可运行任何Shell命令 |
| 无路径限制 |
| 允许执行高风险命令 |
| 所有工具无需确认即可运行 |
| 每个任务最多可调用50次工具(默认是10次) |
| 可同时运行多个工具 |
| 启用浏览器自动化 |
| 可浏览任何网站 |
| 可向任何域名发送HTTP请求 |
| 支持250+应用集成(Gmail、Calendar、GitHub等) |
| 每30分钟进行一次主动后台检查 |
| 最多可同时运行8个定时任务 |
Security Warning
安全警告
Full autonomy mode removes all guardrails. The agent can:
- Run any command on your system
- Read/write any file
- Browse any website with your Chrome profile (cookies, logins)
- Make HTTP requests to any domain
- Execute shell commands without approval
Only use this on trusted, personal machines. For shared/production use, keep mode with explicit allowlists.
supervised完全自主模式会移除所有安全防护。Agent可以:
- 在你的系统上运行任何命令
- 读取/写入任何文件
- 使用你的Chrome配置文件浏览任何网站(包含Cookie、登录状态)
- 向任何域名发送HTTP请求
- 无需审批即可执行Shell命令
仅在可信的个人设备上使用此模式。对于共享/生产环境,请保持模式并使用明确的白名单。
supervisedOperations Runbook
运维手册
Runtime Modes
运行模式
| Mode | Command | When |
|---|---|---|
| Foreground runtime | | Local debugging |
| Gateway only | | Webhook testing |
| User service | | Persistent runtime |
| 模式 | 命令 | 使用场景 |
|---|---|---|
| 前台运行 | | 本地调试 |
| 仅网关 | | Webhook测试 |
| 用户服务 | | 持久化运行 |
Operator Checklist
运维检查清单
bash
zeroclaw status # Check config
zeroclaw doctor # Run diagnostics
zeroclaw channel doctor # Check channel health
zeroclaw daemon # Start runtimebash
zeroclaw status # 检查配置
zeroclaw doctor # 运行诊断
zeroclaw channel doctor # 检查渠道健康状态
zeroclaw daemon # 启动运行时Safe Config Change Flow
安全配置变更流程
- Backup
~/.zeroclaw/config.toml - Apply one logical change
- Run
zeroclaw doctor - Restart daemon/service
- Verify with +
statuschannel doctor
- 备份
~/.zeroclaw/config.toml - 应用一个逻辑变更
- 运行
zeroclaw doctor - 重启daemon/服务
- 使用+
status验证channel doctor
Logs
日志位置
- macOS/Windows: ,
~/.zeroclaw/logs/daemon.stdout.logdaemon.stderr.log - Linux systemd:
journalctl --user -u zeroclaw.service -f
- macOS/Windows: ,
~/.zeroclaw/logs/daemon.stdout.logdaemon.stderr.log - Linux systemd:
journalctl --user -u zeroclaw.service -f
Network Deployment
网络部署
Telegram/Discord/Slack (No Port Needed)
Telegram/Discord/Slack(无需端口)
These use long-polling — outbound only. Works behind NAT, on RPi, in home labs.
bash
zeroclaw daemon --host 127.0.0.1 --port 3000这些渠道使用长轮询 — 仅需出站连接。可在NAT后、树莓派、家庭实验室中运行。
bash
zeroclaw daemon --host 127.0.0.1 --port 3000Webhook Channels (WhatsApp, etc.)
Webhook渠道(WhatsApp等)
Need a public URL. Options:
- — Tailscale Funnel
[tunnel] provider = "tailscale" - — ngrok tunnel
[tunnel] provider = "ngrok" - Cloudflare Tunnel
需要公网URL。可选方案:
- — Tailscale Funnel
[tunnel] provider = "tailscale" - — ngrok隧道
[tunnel] provider = "ngrok" - Cloudflare Tunnel
LAN Access
LAN访问
toml
[gateway]
host = "0.0.0.0"
allow_public_bind = truetoml
[gateway]
host = "0.0.0.0"
allow_public_bind = trueHardware Peripherals
硬件外设
Supported Boards
支持的开发板
| Board | Transport | Path |
|---|---|---|
| nucleo-f401re | serial | /dev/ttyACM0 |
| arduino-uno | serial | /dev/ttyACM0, /dev/cu.usbmodem* |
| arduino-uno-q | bridge | (IP) |
| rpi-gpio | native | native |
| esp32 | serial | /dev/ttyUSB0 |
| 开发板 | 传输方式 | 路径 |
|---|---|---|
| nucleo-f401re | 串口 | /dev/ttyACM0 |
| arduino-uno | 串口 | /dev/ttyACM0, /dev/cu.usbmodem* |
| arduino-uno-q | 桥接 | (IP地址) |
| rpi-gpio | 原生 | native |
| esp32 | 串口 | /dev/ttyUSB0 |
Adding a Board
添加开发板
bash
zeroclaw peripheral add nucleo-f401re /dev/ttyACM0Or in config:
toml
[peripherals]
enabled = true
datasheet_dir = "docs/datasheets"
[[peripherals.boards]]
board = "nucleo-f401re"
transport = "serial"
path = "/dev/ttyACM0"
baud = 115200bash
zeroclaw peripheral add nucleo-f401re /dev/ttyACM0或在配置文件中添加:
toml
[peripherals]
enabled = true
datasheet_dir = "docs/datasheets"
[[peripherals.boards]]
board = "nucleo-f401re"
transport = "serial"
path = "/dev/ttyACM0"
baud = 115200Two Operation Modes
两种操作模式
- Edge-Native: ZeroClaw runs directly on device (ESP32, RPi) with local GPIO/I2C/SPI
- Host-Mediated: ZeroClaw on host (Mac/Linux) connects to device via USB/J-Link for development/debugging
- 边缘原生: ZeroClaw直接在设备上运行(ESP32、树莓派),支持本地GPIO/I2C/SPI
- 主机中介: ZeroClaw在主机(Mac/Linux)上运行,通过USB/J-Link连接设备进行开发/调试
Troubleshooting Quick Reference
故障排除速查
| Problem | Solution |
|---|---|
| |
| |
| Gateway unreachable | Check |
Telegram | Stop extra daemon/channel processes — only one poller per token |
| Channel unhealthy | |
| Service not running | |
| Config world-readable warning | |
| Browser opens headless (invisible) | Set |
| "domain not in allowed list" for browser | Set |
| Agent claims domain restrictions that don't exist | The LLM is hallucinating — tell it "allowed_domains is wildcard, browse it now" |
| |
| 问题 | 解决方案 |
|---|---|
| 执行 |
| 执行 |
| 网关无法访问 | 检查配置中的 |
Telegram提示 | 停止多余的daemon/渠道进程 — 每个令牌仅允许一个轮询器 |
| 渠道状态异常 | 执行 |
| 服务未运行 | 执行 |
| 配置文件全局可读警告 | 执行 |
| 浏览器以无头模式打开(不可见) | 在 |
| 浏览器提示"domain not in allowed list" | 在配置中设置 |
| Agent声称存在不存在的域名限制 | LLM产生了幻觉 — 告知它"allowed_domains是通配符,现在可以浏览" |
| 执行 |
Diagnostic Commands
诊断命令
bash
zeroclaw --version
zeroclaw status
zeroclaw doctor
zeroclaw channel doctor
zeroclaw channel listbash
zeroclaw --version
zeroclaw status
zeroclaw doctor
zeroclaw channel doctor
zeroclaw channel listWorkspace Files
工作区文件
| File | Purpose |
|---|---|
| Agent personality, identity, communication style |
| Session protocol, memory system, safety rules |
| Name, creature type, vibe, emoji |
| User profile, preferences, work context |
| Long-term curated memories (auto-injected in main session) |
| Local notes — SSH hosts, device names, environment specifics |
| Periodic tasks (empty = skip heartbeat) |
| First-run onboarding (delete after initial setup) |
| 文件 | 用途 |
|---|---|
| Agent的性格、身份、沟通风格 |
| 会话协议、内存系统、安全规则 |
| 名称、角色类型、风格、表情符号 |
| 用户资料、偏好、工作背景 |
| 长期整理的记忆(会自动注入主会话) |
| 本地笔记 — SSH主机、设备名称、环境细节 |
| 周期性任务(空文件表示跳过心跳检查) |
| 首次运行引导(初始设置后可删除) |
Memory System
内存系统
- Daily notes: — raw logs (on-demand via tools)
memory/YYYY-MM-DD.md - Long-term: — curated, auto-injected each session
MEMORY.md - Tools: ,
memory_store,memory_recallmemory_forget
- 每日笔记: — 原始日志(可通过工具按需访问)
memory/YYYY-MM-DD.md - 长期记忆: — 整理后的记忆,每次会话都会自动注入
MEMORY.md - 工具:、
memory_store、memory_recallmemory_forget
Security Model
安全模型
- Deny-by-default channel allowlists
- Gateway pairing required by default
- Public bind disabled by default
- Workspace-scoped filesystem access
- Command allowlist for shell execution
- Rate limiting (actions/hour, cost/day)
- Encrypted secrets storage
- Pluggable sandboxing (Landlock, Firejail, Bubblewrap, Docker — feature-gated)
- Audit logging (proposal/roadmap — HMAC-signed tamper-evident logs)
- 默认拒绝的渠道白名单
- 默认要求网关配对
- 默认禁用公网绑定
- 工作区范围的文件系统访问
- Shell执行的命令白名单
- 速率限制(每小时操作数、每日成本)
- 加密密钥存储
- 可插拔沙箱(Landlock、Firejail、Bubblewrap、Docker — 需启用对应特性)
- 审计日志(规划中 — 基于HMAC签名的防篡改日志)
LangGraph / Python Integration
LangGraph / Python集成
zeroclaw-toolsbash
pip install zeroclaw-toolspython
from zeroclaw_tools import create_agent, shell, file_read, file_write
agent = create_agent(tools=[shell, file_read, file_write], model="glm-5", api_key="your-api-key", base_url="your-base-url")zeroclaw-toolsbash
pip install zeroclaw-toolspython
from zeroclaw_tools import create_agent, shell, file_read, file_write
agent = create_agent(tools=[shell, file_read, file_write], model="glm-5", api_key="your-api-key", base_url="your-base-url")Open Skills Integration
Open Skills集成
ZeroClaw integrates with Open Skills (https://github.com/besoeasy/open-skills) — pre-built execution playbooks that reduce token usage by 95-98%.
Skills are synced to and installed via:
~/.zeroclaw/workspace/skills/bash
zeroclaw skills install <github-url-or-local-path>ZeroClaw支持与Open Skills(https://github.com/besoeasy/open-skills)集成 — 预构建的执行剧本可将令牌使用量减少95-98%。
技能会同步到,可通过以下命令安装:
~/.zeroclaw/workspace/skills/bash
zeroclaw skills install <github-url-or-local-path>Key Design Principles
核心设计原则
- Zero overhead — <5MB RAM, <10ms startup, ~3.4MB binary
- Zero compromise — full security without sacrificing performance
- 100% Rust — single binary, no runtime dependencies
- 100% Agnostic — swap providers, channels, tools, memory, tunnels at will
- Trait-driven — every subsystem is a trait, making everything pluggable
- Secure by default — pairing, scoping, allowlists, encrypted secrets
- 零开销 — 内存<5MB,启动<10ms,二进制文件约3.4MB
- 零妥协 — 兼顾完整安全性与高性能
- 100% Rust实现 — 单二进制文件,无运行时依赖
- 100% 无绑定 — 可随意替换提供商、渠道、工具、内存、隧道
- Trait驱动 — 每个子系统都是Trait,所有组件均可插拔
- 默认安全 — 配对认证、范围限制、白名单、加密密钥