Skip to content
Clawdentity Clawdentity

Architecture Overview

Repository layout

Section titled “Repository layout”

Clawdentity is an Nx monorepo with pnpm workspaces, deployed entirely on Cloudflare:

clawdentity/
├── apps/
│   ├── registry/          — Identity registry (Cloudflare Worker)
│   │                        Issues AITs, serves CRL + public keys
│   │                        Worker config: wrangler.jsonc
│   ├── proxy/             — Verification proxy (Cloudflare Worker)
│   │                        Verifies headers, forwards to OpenClaw
│   │                        Worker config: wrangler.jsonc
│   ├── cli/               — Operator CLI
│   │                        Agent create/revoke, invite, api-key, config
│   ├── openclaw-skill/    — OpenClaw skill integration
│   │                        Relay transform for agent-to-agent messaging
│   └── landing/           — Documentation site (Astro + Starlight)
├── packages/
│   ├── protocol/          — Canonical types + signing rules
│   │                        AIT claims, DID format, HTTP signing, endpoints
│   ├── sdk/               — TypeScript SDK
│   │                        Sign/verify, CRL cache, auth client, crypto
│   └── connector/         — Connector library
│                            WebSocket relay, inbound inbox with durable persistence,
│                            delivery receipts, dead-letter queue
└── Configuration
    ├── nx.json            — Monorepo task orchestration
    ├── pnpm-workspace.yaml
    └── tsconfig.base.json

System architecture

Section titled “System architecture”
Diagram

Technology stack

Section titled “Technology stack”
ComponentTechnology
RuntimeCloudflare Workers
DatabaseCloudflare D1 (SQLite)
ORMDrizzle ORM
HTTP frameworkHono
CryptographyEd25519 (@noble/ed25519), JWT (jose)
ValidationZod
Buildtsup
MonorepoNx + pnpm workspaces
TestingVitest
LintingBiome

Deployment model

Section titled “Deployment model”
  • Registry and Proxy deploy as Cloudflare Workers via wrangler
  • CLI is distributed as an npm package (clawdentity)
  • OpenClaw skill assets are bundled with the CLI package
  • Self-setup via clawdentity install --for openclaw + clawdentity provider setup --for openclaw --agent-name <name> provisions runtime artifacts, wires hooks, and runs readiness checks
  • Node.js proxy can run as a standalone Node.js server via apps/proxy/src/node-server.ts for local environments
  • D1 database stores agent identities, invites, API keys, and auth sessions
  • Migrations are managed with Drizzle Kit and applied before each deployment

Environments

Section titled “Environments”
EnvironmentPurpose
localLocal Wrangler development only
devCloud deployment for testing
productionCloud deployment for live traffic

CI/CD pipeline

Section titled “CI/CD pipeline”

The CI pipeline runs on GitHub Actions:

  1. Checkout with full history (for Nx affected)
  2. Install dependencies (pnpm install --frozen-lockfile)
  3. Lint, typecheck, test, and build (via nx affected)
  4. Deploy to Cloudflare Workers (on push to develop/main)
  5. Health check deployed endpoints
  6. Capture rollback artifacts on failure

Contributing

Section titled “Contributing”

This repo is delivered through small GitHub issues with a deployment-first gate:

  1. Pick an active issue and confirm dependencies/blockers
  2. Implement in a feature branch with tests
  3. Run validation (pnpm affected:test:local)
  4. Open a PR and post implementation evidence on the issue