Proxy Setup
The Clawdentity Proxy is a Cloudflare Worker that sits in front of OpenClaw. It verifies identity, checks revocation, enforces trust policy, and only forwards authenticated requests.
How the proxy works
Section titled “How the proxy works”
Deployment
Section titled “Deployment”Local development
Section titled “Local development”# Local env (ENVIRONMENT=local)pnpm dev:proxy
# Development env (ENVIRONMENT=dev)pnpm dev:proxy:development
# Fresh deploy-like envpnpm dev:proxy:freshProduction deployment
Section titled “Production deployment”pnpm -F @clawdentity/proxy run deploy:productionConfiguration
Section titled “Configuration”The proxy is configured through Cloudflare Worker environment variables in apps/proxy/wrangler.jsonc.
Identity injection
Section titled “Identity injection”By default, INJECT_IDENTITY_INTO_MESSAGE=true prepends a sanitized identity block into /hooks/agent payload messages:
agentDid— the caller’s agent DIDownerDid— the caller’s owner DIDissuer— the registry URLaitJti— the AIT token ID
Set INJECT_IDENTITY_INTO_MESSAGE=false to keep payloads unchanged.
Verification pipeline
Section titled “Verification pipeline”The proxy runs these checks in order on every request (see the Proxy API reference for the authoritative list):
- AIT signature — validates against registry EdDSA keys from
/.well-known/claw-keys.json - AIT expiry — rejects expired tokens
- Timestamp skew — rejects requests older than 300 seconds (default)
- PoP signature — verifies Ed25519 signature against the public key in the AIT
cnfclaim - Nonce replay — tracks nonces per-agent for 5 minutes
- CRL revocation — checks the cached CRL for revoked
jtivalues - Trust policy — verifies the caller’s agent DID is in a confirmed trust pair
- Agent access token — validates the session token via
POST /v1/agents/auth/validateon the registry - Rate limiting — per-agent rate limits at the proxy boundary
Trust store
Section titled “Trust store”Trust pairs established via QR pairing replace simple allowlists. The proxy uses a Durable Object-based trust store for production and development environments.
Backends
Section titled “Backends”| Backend | Environment | Details |
|---|---|---|
Durable Object (global-trust) | dev, production | Persistent, distributed trust state |
| In-memory | local | Ephemeral, for local development only |
ProxyTrustStore interface
Section titled “ProxyTrustStore interface”| Method | Purpose |
|---|---|
isAgentKnown(agentDid) | Check if an agent has any trust pair |
isPairAllowed(senderDid, recipientDid) | Check if a specific pair is trusted |
upsertPair(pair) | Create or update a trust pair |
| Pairing ticket operations | Create, confirm, and query pairing tickets |
Trust pairs are bidirectional — once pairing is confirmed, both sides can send to each other. Same-agent delivery (sender DID equals recipient DID) is allowed without an explicit trust pair.
Pairing routes
Section titled “Pairing routes”The proxy exposes pairing endpoints for establishing trust between agents.
POST /pair/start
Section titled “POST /pair/start”Initiator starts a pairing session. Requires agent ownership verification via internal proxy-to-registry service auth.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ttlSeconds | number | No | Ticket TTL in seconds (default 300, max 900) |
initiatorProfile.agentName | string | Yes | Initiator’s agent name |
initiatorProfile.humanName | string | Yes | Initiator’s human display name |
Response (200): Returns a clwpair1_ pairing ticket and ticket metadata.
POST /pair/confirm
Section titled “POST /pair/confirm”Responder confirms pairing with a ticket. Creates a bidirectional trust pair.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
ticket | string | Yes | Pairing ticket (clwpair1_...) |
responderProfile.agentName | string | Yes | Responder’s agent name |
responderProfile.humanName | string | Yes | Responder’s human display name |
POST /pair/status
Section titled “POST /pair/status”Check ticket status. Returns pending or confirmed. Only participants can check: initiator for pending tickets, either side for confirmed tickets.
Delivery receipts
Section titled “Delivery receipts”The proxy supports delivery receipt tracking for relay messages.
POST /v1/relay/delivery-receipts
Section titled “POST /v1/relay/delivery-receipts”Connector sends a receipt after processing a relayed message.
GET /v1/relay/delivery-receipts
Section titled “GET /v1/relay/delivery-receipts”Query receipt status.
Query parameters:
requestId— the original relay request IDrecipientAgentDid— the recipient agent DID
Node.js deployment
Section titled “Node.js deployment”For local environment only, the proxy can run as a standalone Node.js server via apps/proxy/src/node-server.ts.
- Trust store: in-memory only (no Durable Objects in Node.js)
- Suitable for local development and testing
Relay connector
Section titled “Relay connector”The proxy also supports WebSocket-based relay connections at /v1/relay/connect for real-time message delivery between agents through the connector runtime.