Phase 3: OpenClaw-MCP server (openclaw.execute_task as MCP tool)

[hanwencheng]

Context

OpenClaw is the second runtime in M3 (Hermes #117 is the first). The thesis: "the same authority layer works across different agent runtimes" — proving this with two runtimes (Hermes + OpenClaw) plus Doubao (already in M2's #112) gives the 3+ runtime coverage that M3 requires per milestones-roadmap.md §4.

OpenClaw is a Tencent computer-use-style agent (similar shape to Anthropic's Computer Use + browser automation). Different runtime, different LLM provider (Hunyuan via Tencent Cloud), same AgentKeys authority surface. If both Hermes (US-centric LLM stack) and OpenClaw (CN-centric LLM stack) work through the same MCP server, the cross-vendor moat is real.

The integration pattern is set by #117 — this issue applies the same shape to OpenClaw.

Scope (M3)

Install OpenClaw

• Deploy OpenClaw runtime per Tencent's docs
• Storage for OpenClaw session state
• AgentKeys MCP client config so OpenClaw uses AgentKeys tools internally (recursive composition, same shape as Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117)
• Commercial ToS verification per agent-iam-strategy.md §9.5` — confirm OpenClaw's commercial-use terms allow us to redistribute access through our MCP server

MCP server wrapping OpenClaw

• One tool: openclaw.execute_task(task, context, constraints) — same signature as Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117's hermes.execute_task
• Auth: same per-vendor Bearer + X-AgentKeys-Actor header pattern
• Cost tracking: per-step LLM cost increments; constraint enforced

Vendor opt-in

• Vendors via the portal (Phase 2: Vendor onboarding portal (tenant tokens + billing + attributed devices) #113) opt-in to OpenClaw alongside or instead of Hermes
• Default: Hermes is the agentic-runtime tool for international vendors; OpenClaw is the CN-friendly alternative
• Vendor settings expose which agentic runtimes are available to their agents (per-actor; defaults inherit from vendor template)

Out of scope (defer)

• Tuning OpenClaw prompts per vendor (M4)
• Streaming responses (M4)
• Cross-runtime task continuation ("Hermes ran step 1; OpenClaw runs step 2") — M4 with delegation work
• OpenClaw browser-automation features that need a sandboxed Chromium per actor (M4 if vendor demand surfaces)

Acceptance criteria

• Volcano Ark vendor (Doubao agent from Phase 1: Volcano Ark MCP marketplace registration (PoC) #112) successfully calls openclaw.execute_task for a complex task and gets a result back
• OpenClaw pulls memory via AgentKeys MCP for context — verified by audit-trail
• Same task tested across all 3 runtimes (Hermes, OpenClaw, Doubao agent) returns equivalent results; small variance acceptable, large divergence (e.g. fundamentally different decisions) flagged
• max_duration_s + max_cost_usd constraints enforced same way as Hermes
• Vendor portal (Phase 2: Vendor onboarding portal (tenant tokens + billing + attributed devices) #113) UI lets a vendor enable/disable OpenClaw availability per actor

Risks

Risk	Mitigation
OpenClaw commercial-use terms forbid redistribution	Read terms BEFORE deploy; if forbidden, ship as "vendor brings their own OpenClaw deployment" (we provide the MCP wrapper only)
Tencent Cloud account requirements gate access	Coordinate with Volcengine BD relationship if possible; if blocked, ship without OpenClaw and add Qwen-instruct or another CN-friendly runtime
OpenClaw's browser-automation features expand attack surface (computer-use agent + AgentKeys creds = risky combo)	Per arch.md §3 trust boundaries: OpenClaw is a Task Host; it never holds long-lived AgentKeys creds, only short-lived cap-tokens with explicit per-action scope

References

• docs/spec/plans/milestones-roadmap.md §4 (M3 scope — 3+ runtimes goal)
• docs/research/ai-hardware-companion-wedge.md §9.5 — OpenClaw commercial ToS verification path
• docs/research/agent-iam-strategy.md §5 Phase 3 (runtime neutrality thesis)
• docs/arch.md §3 (Task Host vs Authority Host distinction)
• Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117 (Hermes-MCP — pattern this issue follows)
• Phase 1: Volcano Ark MCP marketplace registration (PoC) #112 (Volcano Ark — Doubao agent is the third runtime; M3 covers Doubao + Hermes + OpenClaw)
• Phase 2: Vendor onboarding portal (tenant tokens + billing + attributed devices) #113 (vendor portal — surfaces OpenClaw availability toggle)

Effort

~1 week (after #117 pattern is established). Sequencing:

1. (Days 1-2) OpenClaw deploy + ToS verification + Tencent Cloud account
2. (Days 2-4) MCP server wrapper (mostly copy Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117's adapter with OpenClaw-specific API calls)
3. (Days 4-5) Vendor-portal opt-in toggle + per-actor runtime selection
4. (Days 5-7) Cross-runtime integration test (same task, three runtimes, comparable results)

Pickup notes for the next agent / developer

• Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117 ships first — wait for that pattern to be solid before starting here
• The signature openclaw.execute_task(task, context, constraints) → {result, steps_taken, cost_usd, audit_trail_id} MUST match hermes.execute_task verbatim. Same shape; runtime is just an implementation detail behind the tool.
• ToS check goes first. If the terms forbid redistribution, the path becomes "vendor brings own OpenClaw" — which is a different scope; raise the change before starting the wrapper.
• Recursive composition (OpenClaw → AgentKeys MCP → S3) is the same pattern; reuse the auth context propagation from Phase 3: Hermes-MCP server (hermes.execute_task as MCP tool) #117
• Watch for: OpenClaw's computer-use features make it tempting to give it broader cap-token scope than Hermes. Resist. Same Task Host trust model applies — short-lived per-action caps only.
• Use the /agentkeys-issue-create skill for follow-up issues (e.g., per-runtime tuning, vendor-specific OpenClaw configs)