openclaw/docs/start/onboarding.md

---
summary: "First-run onboarding flow for OpenClaw (macOS app)"
read_when:
  - Designing the macOS onboarding assistant
  - Implementing auth or identity setup
title: "Onboarding (macOS App)"
sidebarTitle: "Onboarding: macOS App"
---

# Onboarding (macOS App)

This doc describes the **current** first‑run onboarding flow. The goal is a
smooth “day 0” experience: pick where the Gateway runs, connect auth, run the
wizard, and let the agent bootstrap itself.
For a general overview of onboarding paths, see [Onboarding Overview](/start/onboarding-overview).

<Steps>
<Step title="Approve macOS warning">
<Frame>
<img src="/assets/macos-onboarding/01-macos-warning.jpeg" alt="" />
</Frame>
</Step>
<Step title="Approve find local networks">
<Frame>
<img src="/assets/macos-onboarding/02-local-networks.jpeg" alt="" />
</Frame>
</Step>
<Step title="Welcome and security notice">
<Frame caption="Read the security notice displayed and decide accordingly">
<img src="/assets/macos-onboarding/03-security-notice.png" alt="" />
</Frame>

Security trust model:

- By default, OpenClaw is a personal agent: one trusted operator boundary.
- Shared/multi-user setups require lock-down (split trust boundaries, keep tool access minimal, and follow [Security](/gateway/security)).
- Local onboarding now defaults new configs to `tools.profile: "coding"` so fresh local setups keep filesystem/runtime tools without forcing the unrestricted `full` profile.
- If hooks/webhooks or other untrusted content feeds are enabled, use a strong modern model tier and keep strict tool policy/sandboxing.

</Step>
<Step title="Local vs Remote">
<Frame>
<img src="/assets/macos-onboarding/04-choose-gateway.png" alt="" />
</Frame>

Where does the **Gateway** run?

- **This Mac (Local only):** onboarding can configure auth and write credentials
  locally.
- **Remote (over SSH/Tailnet):** onboarding does **not** configure local auth;
  credentials must exist on the gateway host.
- **Configure later:** skip setup and leave the app unconfigured.

<Tip>
**Gateway auth tip:**

- The wizard now generates a **token** even for loopback, so local WS clients must authenticate.
- If you disable auth, any local process can connect; use that only on fully trusted machines.
- Use a **token** for multi‑machine access or non‑loopback binds.

</Tip>
</Step>
<Step title="Permissions">
<Frame caption="Choose what permissions do you want to give OpenClaw">
<img src="/assets/macos-onboarding/05-permissions.png" alt="" />
</Frame>

Onboarding requests TCC permissions needed for:

- Automation (AppleScript)
- Notifications
- Accessibility
- Screen Recording
- Microphone
- Speech Recognition
- Camera
- Location

</Step>
<Step title="CLI">
  <Info>This step is optional</Info>
  The app can install the global `openclaw` CLI via npm/pnpm so terminal
  workflows and launchd tasks work out of the box.
</Step>
<Step title="Onboarding Chat (dedicated session)">
  After setup, the app opens a dedicated onboarding chat session so the agent can
  introduce itself and guide next steps. This keeps first‑run guidance separate
  from your normal conversation. See [Bootstrapping](/start/bootstrapping) for
  what happens on the gateway host during the first agent run.
</Step>
</Steps>
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
+								---
-												refactor: rename to openclaw

											
										
										
											2026-01-30 03:15:10 +01:00
+								summary: "First-run onboarding flow for OpenClaw (macOS app)"
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
+								read_when:
 								  - Designing the macOS onboarding assistant
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								  - Implementing auth or identity setup
-												Docs: streamline start and install docs (#9648)

* docs(start): streamline getting started flow

* docs(nav): reorganize start and install sections

* docs(style): move custom css to style.css

* docs(navigation): align zh-CN ordering

* docs(navigation): localize zh-Hans labels
											
										
										
											2026-02-05 10:09:45 -05:00
+								title: "Onboarding (macOS App)"
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								sidebarTitle: "Onboarding: macOS App"
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
+								---
-												chore: Run `pnpm format:fix`.

											
										
										
											2026-01-31 21:13:13 +09:00
-												Docs: streamline start and install docs (#9648)

* docs(start): streamline getting started flow

* docs(nav): reorganize start and install sections

* docs(style): move custom css to style.css

* docs(navigation): align zh-CN ordering

* docs(navigation): localize zh-Hans labels
											
										
										
											2026-02-05 10:09:45 -05:00
+								# Onboarding (macOS App)
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								This doc describes the **current** first‑run onboarding flow. The goal is a
 								smooth “day 0” experience: pick where the Gateway runs, connect auth, run the
 								wizard, and let the agent bootstrap itself.
-												feat(onboard): add custom/local API configuration flow (#11106)

* feat(onboard): add custom/local API configuration flow

* ci: retry macos check

* fix: expand custom API onboarding (#11106) (thanks @MackDing)

* fix: refine custom endpoint detection (#11106) (thanks @MackDing)

* fix: streamline custom endpoint onboarding (#11106) (thanks @MackDing)

* fix: skip model picker for custom endpoint (#11106) (thanks @MackDing)

* fix: avoid allowlist picker for custom endpoint (#11106) (thanks @MackDing)

* Onboard: reuse shared fetch timeout helper (#11106) (thanks @MackDing)

* Onboard: clarify default base URL name (#11106) (thanks @MackDing)

---------

Co-authored-by: OpenClaw Contributor <contributor@openclaw.ai>
Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com>
											
										
										
											2026-02-10 20:31:02 +08:00
+								For a general overview of onboarding paths, see [Onboarding Overview](/start/onboarding-overview).
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								<Steps>
 								<Step title="Approve macOS warning">
 								<Frame>
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								<img src="/assets/macos-onboarding/01-macos-warning.jpeg" alt="" />
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Frame>
 								</Step>
 								<Step title="Approve find local networks">
 								<Frame>
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								<img src="/assets/macos-onboarding/02-local-networks.jpeg" alt="" />
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Frame>
 								</Step>
 								<Step title="Welcome and security notice">
 								<Frame caption="Read the security notice displayed and decide accordingly">
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								<img src="/assets/macos-onboarding/03-security-notice.png" alt="" />
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Frame>
-												docs: clarify personal-by-default onboarding security notice

											
										
										
											2026-02-26 02:59:10 +01:00
 								Security trust model:
 								- By default, OpenClaw is a personal agent: one trusted operator boundary.
 								- Shared/multi-user setups require lock-down (split trust boundaries, keep tool access minimal, and follow [Security](/gateway/security)).
-												fix: default local onboarding tools profile to coding

											
										
										
											2026-03-07 16:40:51 +00:00
+								- Local onboarding now defaults new configs to `tools.profile: "coding"` so fresh local setups keep filesystem/runtime tools without forcing the unrestricted `full` profile.
-												docs(security)!: document messaging-only onboarding default and hook/model risk

											
										
										
											2026-03-02 18:15:43 +00:00
+								- If hooks/webhooks or other untrusted content feeds are enabled, use a strong modern model tier and keep strict tool policy/sandboxing.
-												docs: fix onboarding markdown list spacing

											
										
										
											2026-02-26 05:23:30 +01:00
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Step>
 								<Step title="Local vs Remote">
 								<Frame>
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								<img src="/assets/macos-onboarding/04-choose-gateway.png" alt="" />
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Frame>
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								Where does the **Gateway** run?
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
-												refactor(macos): remove anthropic oauth onboarding flow

											
										
										
											2026-02-26 00:17:03 +01:00
+								- **This Mac (Local only):** onboarding can configure auth and write credentials
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								  locally.
-												refactor(macos): remove anthropic oauth onboarding flow

											
										
										
											2026-02-26 00:17:03 +01:00
+								- **Remote (over SSH/Tailnet):** onboarding does **not** configure local auth;
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								  credentials must exist on the gateway host.
 								- **Configure later:** skip setup and leave the app unconfigured.
-												docs: add onboarding spec

											
										
										
											2025-12-14 03:59:24 +00:00
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								<Tip>
 								**Gateway auth tip:**
-												docs: fix onboarding markdown list spacing

											
										
										
											2026-02-26 05:23:30 +01:00
-												fix: update gateway auth docs and clients

											
										
										
											2026-01-11 01:51:07 +01:00
+								- The wizard now generates a **token** even for loopback, so local WS clients must authenticate.
 								- If you disable auth, any local process can connect; use that only on fully trusted machines.
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								- Use a **token** for multi‑machine access or non‑loopback binds.
-												docs: fix onboarding markdown list spacing

											
										
										
											2026-02-26 05:23:30 +01:00
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Tip>
 								</Step>
 								<Step title="Permissions">
 								<Frame caption="Choose what permissions do you want to give OpenClaw">
-												docs: restructure Get Started tab and improve onboarding flow (#9950)

* docs: restructure Get Started tab and improve onboarding flow

- Flatten nested Onboarding group into linear First Steps flow
- Add 'What is OpenClaw?' narrative section to landing page
- Split wizard.md into streamlined overview + full reference (reference/wizard.md)
- Move Pairing to Channels > Configuration
- Move Bootstrapping to Agents > Fundamentals
- Move macOS app onboarding to Platforms > macOS companion app
- Move Lore to Help > Community
- Remove duplicate install instructions from openclaw.md
- Mirror navigation changes in zh-CN tabs
- No content deleted — all detail preserved or relocated

* docs: move deployment pages to install/, fix Platforms tab routing, clarify onboarding paths

- Move deployment guides (fly, hetzner, gcp, macos-vm, exe-dev, railway, render,
  northflank) from platforms/ and root to install/
- Add 'Hosting and deployment' group to Install tab
- Slim Gateway & Ops 'Remote access and deployment' down to 'Remote access'
- Swap Platforms tab before Gateway & Ops to fix path-prefix routing
- Move macOS app onboarding into First steps (parallel to CLI wizard)
- Rename sidebar titles to 'Onboarding: CLI' / 'Onboarding: macOS App'
- Add redirects for all moved paths
- Update all internal links (en + zh-CN)
- Fix img tag syntax in onboarding.md
											
										
										
											2026-02-05 17:45:01 -05:00
+								<img src="/assets/macos-onboarding/05-permissions.png" alt="" />
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								</Frame>
-												docs: update auth docs

											
										
										
											2026-01-05 06:46:20 +01:00
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								Onboarding requests TCC permissions needed for:
-												docs: update auth docs

											
										
										
											2026-01-05 06:46:20 +01:00
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								- Automation (AppleScript)
-												docs: refresh and simplify docs

											
										
										
											2026-01-08 23:06:56 +01:00
+								- Notifications
 								- Accessibility
 								- Screen Recording
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								- Microphone
 								- Speech Recognition
 								- Camera
 								- Location
-												docs: fix onboarding rendering issues

											
										
										
											2026-02-05 12:14:45 -05:00
 								</Step>
 								<Step title="CLI">
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								  <Info>This step is optional</Info>
 								  The app can install the global `openclaw` CLI via npm/pnpm so terminal
 								  workflows and launchd tasks work out of the box.
-												docs: fix onboarding rendering issues

											
										
										
											2026-02-05 12:14:45 -05:00
+								</Step>
 								<Step title="Onboarding Chat (dedicated session)">
-												docs(onboarding): add bootstrapping page (#9767)


											
										
										
											2026-02-05 12:08:35 -05:00
+								  After setup, the app opens a dedicated onboarding chat session so the agent can
 								  introduce itself and guide next steps. This keeps first‑run guidance separate
 								  from your normal conversation. See [Bootstrapping](/start/bootstrapping) for
 								  what happens on the gateway host during the first agent run.
-												docs: fix onboarding rendering issues

											
										
										
											2026-02-05 12:14:45 -05:00
+								</Step>
 								</Steps>