Build a valid openclaw.json config visually. Configure every section โ gateway, models, agents, channels, cron, sandbox and logging โ with a live JSON preview and one-click download. Zero schema errors guaranteed.
all without a token exposes your gateway to the internet and leaks API keys.OPENCLAW_INSTALL_DOCKER_CLI=1 in your environment.~/.openclaw/openclaw.jsonopenclaw doctor --fixThe OpenClaw JSON Config Generator is a free visual tool that builds a complete, schema-valid openclaw.json configuration file for the OpenClaw AI agent gateway. Instead of manually writing JSON and risking the Zod schema validation errors that prevent the gateway from starting, you fill out a structured form and the tool generates correct, ready-to-use JSON in real time.
OpenClaw's config file controls every aspect of the system: the gateway port and binding, which LLM models to use with automatic fallback, agent workspace and context pruning settings, messaging channels like Telegram and Discord, cron job automation, Docker sandbox isolation and logging. All of these can be configured visually here and downloaded as a single file. [web:26]
Port, bind address, auth token and reload mode. Always use bind: loopback on a VPS to prevent internet exposure.
Primary LLM, fallback chain, API keys via ${ENV_VAR} references, and local model servers (Ollama, LM Studio).
Workspace path, concurrency limits, context pruning (prevents token overflow), compaction and heartbeat interval.
Telegram and Discord bot integration with DM policy control โ allowlist to restrict access to your account only.
DM scope (critical for privacy), session reset schedule and thread bindings. Use per-channel-peer to isolate users.
Enable scheduled automation tasks. Set maxConcurrentRuns low (2โ3) to avoid runaway retries burning your quota.
Docker isolation for subagents. Use non-main mode to sandbox cron jobs and subagents while keeping your main session on the host.
Log level, console log level and sensitive data redaction. Use redactSensitive: tools to keep API keys out of logs.
${ENV_VAR} syntax. Store actual keys in ~/.openclaw/.env or your system environment.openclaw doctor --fix after any manual edit โ it removes stale keys and adds required new fields after upgrades.cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bakclaude-opus) out of the primary slot โ use them only as fallbacks or per specific agentsclaude-haiku or gpt-5-mini for the heartbeat โ at 48 heartbeats/day the cost difference is $0.005/day vs $0.24/day [web:27]~/.openclaw/openclaw.json and controls the gateway port, LLM models, agent settings, messaging channels (Telegram, Discord), cron jobs, sandbox isolation, and logging. The file is validated by Zod at startup โ any unknown key causes the gateway to refuse to start.openclaw doctor --fix after every edit or upgrade. Use this generator to build a config from scratch with only schema-valid keys.${ENV_VAR} syntax in the JSON โ for example "apiKey": "${ANTHROPIC_API_KEY}" โ and store the actual key values in ~/.openclaw/.env or your system environment. This generator outputs environment variable placeholders by default. After editing, run openclaw security audit --deep to check for exposed credentials.gateway.port, gateway.bind, gateway.reload, gateway.remote, sandbox Docker image/network config, and plugin installation or removal. Most other settings โ model changes, agent config, channel policies, cron jobs, heartbeat intervals and logging โ hot-reload without a restart.bind: "loopback" (binds to 127.0.0.1 only) on VPS deployments. Setting bind: "all" exposes the gateway to the internet on 0.0.0.0. Exposed OpenClaw gateways have leaked API keys, OAuth tokens and full session histories. If you need external access, use a reverse proxy (nginx/Caddy) with HTTPS in front of the local gateway instead of binding directly.