2025-12-18 22:40:46 +00:00
---
summary: "Browser-based control UI for the Gateway (chat, nodes, config)"
read_when:
- You want to operate the Gateway from a browser
- You want Tailnet access without SSH tunnels
---
# Control UI (browser)
2026-01-03 17:54:52 +01:00
The Control UI is a small **Vite + Lit** single-page app served by the Gateway:
2025-12-18 22:40:46 +00:00
2026-01-03 17:54:52 +01:00
- default: `http://<host>:18789/`
2026-01-04 14:32:47 +00:00
- optional prefix: set `gateway.controlUi.basePath` (e.g. `/clawdbot` )
2025-12-18 22:40:46 +00:00
It speaks **directly to the Gateway WebSocket** on the same port.
2026-01-07 00:41:31 +01:00
## Quick open (local)
If the Gateway is running on the same computer, open:
- http://127.0.0.1:18789/ (or http://localhost:18789/)
If the page fails to load, start the Gateway first: `clawdbot gateway` .
2025-12-21 00:34:39 +00:00
Auth is supplied during the WebSocket handshake via:
- `connect.params.auth.token`
2025-12-23 13:13:09 +00:00
- `connect.params.auth.password`
The dashboard settings panel lets you store a token; passwords are not persisted.
2026-01-11 01:51:07 +01:00
The onboarding wizard generates a gateway token by default, so paste it here on first connect.
2025-12-21 00:34:39 +00:00
2025-12-18 22:40:46 +00:00
## What it can do (today)
2026-01-16 00:28:43 +00:00
- Chat with the model via Gateway WS (`chat.history` , `chat.send` , `chat.abort` , `chat.inject` )
2026-01-03 20:37:57 +01:00
- Stream tool calls + live tool output cards in Chat (agent events)
2026-01-16 14:22:03 -06:00
- Channels: WhatsApp/Telegram status + QR login + per-channel config (`channels.status` , `web.login.*` , `config.patch` )
2025-12-21 00:34:39 +00:00
- Instances: presence list + refresh (`system-presence` )
- Sessions: list + per-session thinking/verbose overrides (`sessions.list` , `sessions.patch` )
- Cron jobs: list/add/run/enable/disable + run history (`cron.*` )
- Skills: status, enable/disable, install, API key updates (`skills.*` )
- Nodes: list + caps (`node.list` )
2026-01-18 15:23:36 +00:00
- Exec approvals: edit gateway or node allowlists + ask policy for `exec host=gateway/node` (`exec.approvals.*` )
2026-01-04 14:32:47 +00:00
- Config: view/edit `~/.clawdbot/clawdbot.json` (`config.get` , `config.set` )
2026-01-08 01:29:56 +01:00
- Config: apply + restart with validation (`config.apply` ) and wake the last active session
2026-01-15 04:05:01 +00:00
- Config writes include a base-hash guard to prevent clobbering concurrent edits
2026-01-16 14:22:03 -06:00
- Config schema + form rendering (`config.schema` , including plugin + channel schemas); Raw JSON editor remains available
2025-12-21 00:34:39 +00:00
- Debug: status/health/models snapshots + event log + manual RPC calls (`status` , `health` , `models.list` )
2026-01-08 03:43:46 +00:00
- Logs: live tail of gateway file logs with filter/export (`logs.tail` )
2026-01-08 01:29:56 +01:00
- Update: run a package/git update + restart (`update.run` ) with a restart report
2025-12-18 22:40:46 +00:00
2026-01-10 17:23:16 +01:00
## Chat behavior
- `chat.send` is **non-blocking** : it acks immediately with `{ runId, status: "started" }` and the response streams via `chat` events.
- Re-sending with the same `idempotencyKey` returns `{ status: "in_flight" }` while running, and `{ status: "ok" }` after completion.
2026-01-16 00:28:43 +00:00
- `chat.inject` appends an assistant note to the session transcript and broadcasts a `chat` event for UI-only updates (no agent run, no channel delivery).
2026-01-10 17:23:16 +01:00
- Stop:
- Click **Stop** (calls `chat.abort` )
2026-01-15 07:07:37 +00:00
- Type `/stop` (or `stop|esc|abort|wait|exit|interrupt` ) to abort out-of-band
2026-01-10 17:23:16 +01:00
- `chat.abort` supports `{ sessionKey }` (no `runId` ) to abort all active runs for that session
2025-12-18 22:40:46 +00:00
## Tailnet access (recommended)
2025-12-21 00:34:39 +00:00
### Integrated Tailscale Serve (preferred)
Keep the Gateway on loopback and let Tailscale Serve proxy it with HTTPS:
```bash
2026-01-04 14:32:47 +00:00
clawdbot gateway --tailscale serve
2025-12-21 00:34:39 +00:00
```
Open:
2026-01-03 17:54:52 +01:00
- `https://<magicdns>/` (or your configured `gateway.controlUi.basePath` )
2025-12-21 00:34:39 +00:00
2026-01-13 04:37:04 +00:00
By default, Serve requests can authenticate via Tailscale identity headers
(`tailscale-user-login` ) when `gateway.auth.allowTailscale` is `true` . Clawdbot
only accepts these when the request hits loopback with Tailscale’
`x-forwarded-*` headers. Set `gateway.auth.allowTailscale: false` (or force
`gateway.auth.mode: "password"` ) if you want to require a token/password even
for Serve traffic.
2025-12-21 00:34:39 +00:00
2026-01-11 01:51:07 +01:00
### Bind to tailnet + token
2025-12-18 22:40:46 +00:00
```bash
2026-01-04 14:32:47 +00:00
clawdbot gateway --bind tailnet --token "$(openssl rand -hex 32)"
2025-12-18 22:40:46 +00:00
```
Then open:
2026-01-03 17:54:52 +01:00
- `http://<tailscale-ip>:18789/` (or your configured `gateway.controlUi.basePath` )
2025-12-18 22:40:46 +00:00
2025-12-21 00:34:39 +00:00
Paste the token into the UI settings (sent as `connect.params.auth.token` ).
2025-12-18 22:40:46 +00:00
## Building the UI
The Gateway serves static files from `dist/control-ui` . Build them with:
```bash
2026-01-09 07:02:42 +00:00
pnpm ui:build # auto-installs UI deps on first run
2025-12-18 22:40:46 +00:00
```
2026-01-03 17:54:52 +01:00
Optional absolute base (when you want fixed asset URLs):
```bash
2026-01-06 23:48:22 +00:00
CLAWDBOT_CONTROL_UI_BASE_PATH=/clawdbot/ pnpm ui:build
2026-01-03 17:54:52 +01:00
```
2025-12-18 22:40:46 +00:00
For local development (separate dev server):
```bash
2026-01-09 07:02:42 +00:00
pnpm ui:dev # auto-installs UI deps on first run
2025-12-18 22:40:46 +00:00
```
Then point the UI at your Gateway WS URL (e.g. `ws://127.0.0.1:18789` ).
