vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-28 23:16:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb1dfd486bb9aca05055d88c51efe4fbc279a9fc
openclaw/docs/cli/migrate.md
Peter Steinberger bb46b79d3c refactor: internalize OpenClaw agent runtime (#85341) 
* refactor: extract agent core package

Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts.

* refactor: extract shared llm runtime

Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout.

* refactor: remove pi runtime internals

Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code.

* refactor: tighten agent session runtime

Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts.

* refactor: remove static model and pi auth paths

Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities.

* refactor: remove legacy provider compat paths

* docs: remove agent parity notes

* fix: skip provider wildcard metadata parsing

* refactor: share session extension sdk loading

* refactor: inline acpx proxy error formatter

* refactor: fold edit recovery into edit tool

* fix: accept extension batch separator

* test: align startup provider plugin expectations

* fix: restore provider-scoped release discovery

* test: align static asset packaging expectations

* fix: run static provider catalogs during scoped discovery

* fix: add provider entry catalogs for scoped live discovery

* fix: load lightweight provider catalog entries

* fix: refresh provider-scoped plugin metadata

* fix: keep provider catalog entries on release live path

* fix: keep static manifest models in release live checks

* fix: harden release model discovery

* fix: reduce OpenAI live cache probe reasoning

* fix: disable OpenAI cache probe reasoning

* ci: extend OpenAI gateway live timeout

* fix: extend live gateway model budget

* fix: stabilize release validation regressions

* fix: honor provider aliases in model rows

* fix: stabilize release validation lanes

* fix: stabilize release memory qa

* ci: stabilize release validation lanes

* ci: prefer ipv4 for live docker node calls

* fix: restore shared tool-call stream wrapper

* ci: remove legacy pi test shard alias

* fix: clean up embedded agent test drift

* fix: stabilize runtime alias status

* fix: clean up embedded agent ci drift

* fix: restore release ci invariants

* fix: clean up post-rebase runtime drift

* fix: restore release ci checks

* fix: restore release ci after rebase

* fix: remove stale pi runtime path

* test: align compaction runtime expectations

* test: update plugin prerelease expectations

* fix: handle claude live tool approvals

* fix: stabilize release validation gates

* fix: finish agent runtime import

* test: finish post-rebase agent runtime mocks

* fix: keep codex compaction native

* fix: stabilize codex app-server hook tests

* test: isolate codex diagnostic active run

* test: remove codex diagnostic completion race

# Conflicts:
#	extensions/codex/src/app-server/run-attempt.test.ts

* ci: fix full release manifest performance run id

* refactor: narrow llm plugin sdk boundary

* chore: drop generated google boundary stamps

* fix: repair rebase fallout

* fix: clean up rebased runtime references

* fix: decode codex jwt payloads as base64url

* fix: preserve shipped pi runtime alias

* fix: add scoped sdk virtual modules

* fix: decode llm codex oauth jwt as base64url

* fix: avoid stale vertex adc negative cache

* fix: harden tool arg decoding and codeql path

* fix: keep vertex adc negative checks live

* refactor: consolidate codex jwt and edit helpers

* fix: await codex oauth node runtime imports

* fix: preserve sdk tool and notice contracts

* fix: preserve shipped compat config boundaries

* fix: align codex oauth callback host

* fix: terminate agent-core loop streams on failure

* fix: keep codex oauth callback alive during fallback

* ci: include session tools in critical codeql scans

* fix: keep Cloudflare Anthropic provider auth header

* docs: redirect legacy pi runtime pages

* fix: honor bundled web provider compat discovery

* fix: protect session output spill files

* fix: keep legacy agent dir env blocked

* fix: contain auto-discovered skill symlinks

* fix: harden agent core sdk proxy surfaces

* fix: restore approval reaction sdk compat

* fix: keep live docker runs bounded

* fix: keep codex oauth redirect host aligned

* fix: resolve post-rebase agent runtime drift

* fix: redact anthropic oauth parse failures

* fix: preserve responses strict tool shaping

* fix: repair agent runtime rebase cleanup

* docs: redirect retired parity pages

* fix: bound auto-discovered resources to roots

* fix: repair post-rebase agent test drift

* fix: preserve bundled provider allowlist migration

* fix: preserve manifest-owned provider aliases

* fix: declare photon image dependency

* fix: keep provider headers out of proxy body

* fix: preserve shipped env aliases

* fix: refresh control ui i18n generated state

* fix: quote read fallback paths

* fix: preview edits through configured backend

* test: satisfy core test typecheck

* fix: preserve ZAI usage auth fallback

* test: repair codex diagnostic test

* fix: repair agent runtime rebase drift

* test: finish embedded runner import rename

* fix: repair agent runtime rebase integrations

* test: align compaction oauth fallback expectations

* fix: allow sdk-auth session models

* fix: update doctor tool schema import

* fix: preserve bedrock plugin region

* fix: stream harmony-like prose immediately

* ci: include session runtime in codeql shards

* fix: repair latest rebase integrations

* fix: honor explicit codex websocket transport

* fix: keep openai-compatible credentials provider-scoped

* fix: refresh sdk api baseline after rebase

* fix: route cli runtime aliases through openclaw harness

* test: rename stale harness mock expectation

* test: rename embedded agent overflow calls

* test: clean embedded auth test wording

* test: use openclaw stream types in deepinfra cache test

* fix: refresh sdk api baseline on latest main

* fix: honor bundled discovery compat allowlists

* fix: refresh sdk api baseline after latest rebase

* fix: remove stale rebase imports

* test: rename stale model catalog mock

* test: mock renamed doctor runtime modules

* fix: map canonical kimi env auth

* fix: use internal model registry in bench script

* fix: migrate deepinfra provider catalog entry

* fix: enforce builtin tool suppression

* fix: route compaction auth and proxy payloads safely

* refactor: prune unused llm registry leftovers

* test: update codex hooks session import

* test: fix model picker ci coverage

* test: align model picker auth mock types
2026-05-27 19:24:04 +01:00

16 KiB
Raw Blame History

summary, read_when, title
summary read_when title
CLI reference for `openclaw migrate` (import state from another agent system)
You want to migrate from Hermes or another agent system into OpenClaw
You are adding a plugin-owned migration provider
Migrate

openclaw migrate

Import state from another agent system through a plugin-owned migration provider. Bundled providers cover Codex CLI state, Claude, and Hermes; third-party plugins can register additional providers.

For user-facing walkthroughs, see [Migrating from Claude](/install/migrating-claude) and [Migrating from Hermes](/install/migrating-hermes). The [migration hub](/install/migrating) lists all paths.

Commands

openclaw migrate list
openclaw migrate claude --dry-run
openclaw migrate codex --dry-run
openclaw migrate codex --skill gog-vault77-google-workspace
openclaw migrate codex --plugin google-calendar --dry-run
openclaw migrate codex --plugin google-calendar --verify-plugin-apps --dry-run
openclaw migrate hermes --dry-run
openclaw migrate hermes
openclaw migrate apply codex --yes --skill gog-vault77-google-workspace
openclaw migrate apply codex --yes --plugin google-calendar
openclaw migrate apply codex --yes
openclaw migrate apply claude --yes
openclaw migrate apply hermes --yes
openclaw migrate apply hermes --include-secrets --yes
openclaw onboard --flow import
openclaw onboard --import-from claude --import-source ~/.claude
openclaw onboard --import-from hermes --import-source ~/.hermes
Name of a registered migration provider, for example `hermes`. Run `openclaw migrate list` to see installed providers. Build the plan and exit without changing state. Override the source state directory. Hermes defaults to `~/.hermes`. Import supported credentials without prompting. Interactive apply asks before importing detected auth credentials, with yes selected by default; non-interactive `--yes` requires `--include-secrets` to import them. Skip auth credential import, including the interactive prompt. Allow apply to replace existing targets when the plan reports conflicts. Skip the confirmation prompt. Required in non-interactive mode. Select one skill copy item by skill name or item id. Repeat the flag to migrate multiple skills. When omitted, interactive Codex migrations show a checkbox selector and non-interactive migrations keep all planned skills. Select one Codex plugin install item by plugin name or item id. Repeat the flag to migrate multiple Codex plugins. When omitted, interactive Codex migrations show a native Codex plugin checkbox selector and non-interactive migrations keep all planned plugins. This only applies to source-installed `openai-curated` Codex plugins discovered by the Codex app-server inventory. Codex only. Force a fresh source Codex app-server `app/list` traversal before planning native plugin activation. Off by default to keep migration planning fast. Skip the pre-apply backup. Requires `--force` when local OpenClaw state exists. Required alongside `--no-backup` when apply would otherwise refuse to skip backup. Print the plan or apply result as JSON. With `--json` and no `--yes`, apply prints the plan and does not mutate state.

Safety model

openclaw migrate is preview-first.

The provider returns an itemized plan before anything changes, including conflicts, skipped items, and sensitive items. JSON plans, apply output, and migration reports redact nested secret-looking keys such as API keys, tokens, authorization headers, cookies, and passwords. 
`openclaw migrate apply <provider>` previews the plan and prompts before changing state unless `--yes` is set. In non-interactive mode, apply requires `--yes`.
Apply creates and verifies an OpenClaw backup before applying the migration. If no local OpenClaw state exists yet, the backup step is skipped and the migration can continue. To skip a backup when state exists, pass both `--no-backup` and `--force`. Apply refuses to continue when the plan has conflicts. Review the plan, then rerun with `--overwrite` if replacing existing targets is intentional. Providers may still write item-level backups for overwritten files in the migration report directory. Interactive apply asks whether to import detected auth credentials, with yes selected by default. Use `--no-auth-credentials` to skip them, or use `--include-secrets` for unattended credential import with `--yes`.

Claude provider

The bundled Claude provider detects Claude Code state at ~/.claude by default. Use --from <path> to import a specific Claude Code home or project root.

For a user-facing walkthrough, see [Migrating from Claude](/install/migrating-claude).

What Claude imports

  • Project CLAUDE.md and .claude/CLAUDE.md into the OpenClaw agent workspace.
  • User ~/.claude/CLAUDE.md appended to workspace USER.md.
  • MCP server definitions from project .mcp.json, Claude Code ~/.claude.json, and Claude Desktop claude_desktop_config.json.
  • Claude skill directories that include SKILL.md.
  • Claude command Markdown files converted into OpenClaw skills with manual invocation only.

Archive and manual-review state

Claude hooks, permissions, environment defaults, local memory, path-scoped rules, subagents, caches, plans, and project history are preserved in the migration report or reported as manual-review items. OpenClaw does not execute hooks, copy broad allowlists, or import OAuth/Desktop credential state automatically.

Codex provider

The bundled Codex provider detects Codex CLI state at ~/.codex by default, or at CODEX_HOME when that environment variable is set. Use --from <path> to inventory a specific Codex home.

Use this provider when moving to the OpenClaw Codex harness and you want to promote useful personal Codex CLI assets deliberately. Local Codex app-server launches use a per-agent CODEX_HOME, so they do not read your personal ~/.codex by default. The normal process HOME is still inherited, so Codex can see shared $HOME/.agents/* skills/plugin marketplace entries and subprocesses can find user-home config and tokens.

Running openclaw migrate codex in an interactive terminal previews the full plan, then opens checkbox selectors before the final apply confirmation. Skill copy items are prompted first. Use Toggle all on or Toggle all off for bulk selection. Press Space to toggle rows, or press Enter to activate the highlighted row and continue. Planned skills start checked, conflict skills start unchecked, and Skip for now skips skill copies for this run while still continuing to plugin selection. When source-installed curated Codex plugins are migratable and --plugin was not supplied, migration then prompts for native Codex plugin activation by plugin name. Plugin items start checked unless the target OpenClaw Codex plugin config already has that plugin. Existing target plugins start unchecked and show a conflict hint such as conflict: plugin exists; choose Toggle all off to migrate no native Codex plugins in that run, or Skip for now to stop before applying. For scripted or exact runs, pass --skill <name> once per skill, for example:

openclaw migrate codex --dry-run --skill gog-vault77-google-workspace
openclaw migrate apply codex --yes --skill gog-vault77-google-workspace

Use --plugin <name> to limit native Codex plugin migration non-interactively to one or more source-installed curated plugins:

openclaw migrate codex --dry-run --plugin google-calendar
openclaw migrate apply codex --yes --plugin google-calendar

What Codex imports

  • Codex CLI skill directories under $CODEX_HOME/skills, excluding Codex's .system cache.
  • Personal AgentSkills under $HOME/.agents/skills, copied into the current OpenClaw agent workspace when you want per-agent ownership.
  • Source-installed openai-curated Codex plugins discovered through Codex app-server plugin/list. Planning reads plugin/read for each enabled installed plugin. App-backed plugins require the source Codex app-server account response to be a ChatGPT subscription account; non-ChatGPT or missing account responses are skipped with codex_subscription_required. By default, migration does not call source app/list, so app-backed plugins that pass the account gate are planned without source app accessibility verification, and account lookup transport failures skip with codex_account_unavailable. Pass --verify-plugin-apps when you want migration to force a fresh source app/list snapshot and require every owned app to be present, enabled, and accessible before planning native activation. In that mode, account lookup transport failures fall through to source app inventory verification. The source app inventory snapshot is kept in memory for the current process; it is not written to migration output or target config. Disabled plugins, unreadable plugin details, subscription-gated source accounts, and, when verification is requested, missing apps, disabled apps, inaccessible apps, or source app inventory failures become manual skipped items with typed reasons instead of target config entries. Apply calls app-server plugin/install for each selected eligible plugin, even if the target app-server already reports that plugin as installed and enabled. Migrated Codex plugins are usable only in sessions that select the native Codex harness; they are not exposed to OpenClaw provider runs, ACP conversation bindings, or other harnesses.

Manual-review Codex state

Codex config.toml, native hooks/hooks.json, non-curated marketplaces, cached plugin bundles that are not source-installed curated plugins, and source-installed plugins that fail the source subscription gate are not activated automatically. When --verify-plugin-apps is set, plugins that fail the source app-inventory gate are also skipped. They are copied or reported in the migration report for manual review.

For migrated source-installed curated plugins, apply writes:

  • plugins.entries.codex.enabled: true
  • plugins.entries.codex.config.codexPlugins.enabled: true
  • plugins.entries.codex.config.codexPlugins.allow_destructive_actions: true
  • one explicit plugin entry with marketplaceName: "openai-curated" and pluginName for each selected plugin

Migration never writes plugins["*"] and never stores local marketplace cache paths. Source-side subscription failures are reported on manual items with typed reasons such as codex_subscription_required, codex_account_unavailable, plugin_disabled, or plugin_read_unavailable. With --verify-plugin-apps, source app-inventory failures can also appear as app_inaccessible, app_disabled, app_missing, or app_inventory_unavailable. Skipped plugins are not written to target config. Target-side auth-required installs are reported on the affected plugin item with status: "skipped", reason: "auth_required", and sanitized app identifiers. Their explicit config entries are written disabled until you reauthorize and enable them. Other install failures are item-scoped error results.

If Codex app-server plugin inventory is unavailable during planning, migration falls back to cached bundle advisory items instead of failing the whole migration.

Hermes provider

The bundled Hermes provider detects state at ~/.hermes by default. Use --from <path> when Hermes lives elsewhere.

What Hermes imports

  • Default model configuration from config.yaml.
  • Configured model providers and custom OpenAI-compatible endpoints from providers and custom_providers.
  • MCP server definitions from mcp_servers or mcp.servers.
  • SOUL.md and AGENTS.md into the OpenClaw agent workspace.
  • memories/MEMORY.md and memories/USER.md appended to workspace memory files.
  • Memory config defaults for OpenClaw file memory, plus archive or manual-review items for external memory providers such as Honcho.
  • Skills that include a SKILL.md file under skills/<name>/.
  • Per-skill config values from skills.config.
  • Supported OAuth credentials from Hermes auth.json and OpenCode OpenAI OAuth credentials from OpenCode auth.json when interactive credential migration is accepted, or when --include-secrets is set.
  • Supported API keys and tokens from Hermes .env and OpenCode auth.json when interactive credential migration is accepted, or when --include-secrets is set.

Supported .env keys

  • AI_GATEWAY_API_KEY
  • ALIBABA_API_KEY
  • ANTHROPIC_API_KEY
  • ARCEEAI_API_KEY
  • CEREBRAS_API_KEY
  • CHUTES_API_KEY
  • CLOUDFLARE_AI_GATEWAY_API_KEY
  • COPILOT_GITHUB_TOKEN
  • DASHSCOPE_API_KEY
  • DEEPINFRA_API_KEY
  • DEEPSEEK_API_KEY
  • FIREWORKS_API_KEY
  • GEMINI_API_KEY
  • GH_TOKEN
  • GITHUB_TOKEN
  • GLM_API_KEY
  • GOOGLE_API_KEY
  • GROQ_API_KEY
  • HF_TOKEN
  • HUGGINGFACE_HUB_TOKEN
  • KILOCODE_API_KEY
  • KIMICODE_API_KEY
  • KIMI_API_KEY
  • MINIMAX_API_KEY
  • MINIMAX_CODING_API_KEY
  • MISTRAL_API_KEY
  • MODELSTUDIO_API_KEY
  • MOONSHOT_API_KEY
  • NVIDIA_API_KEY
  • OPENAI_API_KEY
  • OPENCODE_API_KEY
  • OPENCODE_GO_API_KEY
  • OPENCODE_ZEN_API_KEY
  • OPENROUTER_API_KEY
  • QIANFAN_API_KEY
  • QWEN_API_KEY
  • TOGETHER_API_KEY
  • VENICE_API_KEY
  • XAI_API_KEY
  • XIAOMI_API_KEY
  • ZAI_API_KEY
  • Z_AI_API_KEY

Archive-only state

Hermes state that OpenClaw cannot safely interpret is copied into the migration report for manual review, but it is not loaded into live OpenClaw config or credentials. This preserves opaque or unsafe state without pretending OpenClaw can execute or trust it automatically:

  • plugins/
  • sessions/
  • logs/
  • cron/
  • mcp-tokens/
  • state.db

After applying

openclaw doctor

Plugin contract

Migration sources are plugins. A plugin declares its provider ids in openclaw.plugin.json:

{
  "contracts": {
    "migrationProviders": ["hermes"]
  }
}

At runtime the plugin calls api.registerMigrationProvider(...). The provider implements detect, plan, and apply. Core owns CLI orchestration, backup policy, prompts, JSON output, and conflict preflight. Core passes the reviewed plan into apply(ctx, plan), and providers may rebuild the plan only when that argument is absent for compatibility.

Provider plugins can use openclaw/plugin-sdk/migration for item construction and summary counts, plus openclaw/plugin-sdk/migration-runtime for conflict-aware file copies, archive-only report copies, cached config-runtime wrappers, and migration reports.

Onboarding integration

Onboarding can offer migration when a provider detects a known source. Both openclaw onboard --flow import and openclaw setup --wizard --import-from hermes use the same plugin migration provider and still show a preview before applying.

Onboarding imports require a fresh OpenClaw setup. Reset config, credentials, sessions, and the workspace first if you already have local state. Backup-plus-overwrite or merge imports are feature-gated for existing setups.

Related

Reference in New Issue View Git Blame Copy Permalink