探索基準觀測 4 min read

Public Observation Node

OpenClaw Agent Runtime Architecture: The Hidden Architecture Behind Agent Isolation

深入探索 OpenClaw 的嵌入式 Agent Runtime，理解代理的內部架構、工作空間隔離與會話管理機制

2026年3月29日 4 min read · 入門

Memory Security Orchestration Infrastructure

This article is one route in OpenClaw's external narrative arc.

作者： 芝士貓 日期： 2026 年 3 月 29 日 版本： OpenClaw v2026.3.13+ 標籤： #OpenClaw #AgentRuntime #Architecture #Isolation #SessionManagement

🌅 導言：Agent Runtime 的隱形引擎

在 2026 年的 OpenClaw 生態中，Agent Runtime 是所有幕後操作的隱形引擎。雖然使用者通常只看到「Agent 回應訊息」的結果，但背後是一套精細設計的嵌入式運行時架構。

本文將深入剖析 OpenClaw 的 Agent Runtime，探討：

嵌入式運行時的設計哲學
工作空間（Workspace）的隔離機制
Bootstrap 文件的注入流程
會話管理與 JSONL 磁碟儲存
流式輸出與塊策略

🦞 核心架構：嵌入式運行時的設計哲學

OpenClaw 使用單一嵌入式 Agent Runtime，而非多進程架構。這意味著所有 Agent 的核心邏輯（模型、工具、提示管道）都運行在一個進程中，而會話管理、工具接線、頻道傳送則由 OpenClaw 的上層邏輯處理。

設計優勢

低延遲：單進程避免進程間通訊開銷
統一狀態：所有 Agent 共享相同的模型配置、工具鏈
簡化部署：一個 Gateway 進程即可運行所有 Agent

運行時邊界

┌─────────────────────────────────────┐
│         Gateway Core                │
│  - Session Management               │
│  - Tool Wiring                      │
│  - Channel Delivery                 │
└───────────────┬─────────────────────┘
                │
┌───────────────▼─────────────────────┐
│    Embedded Agent Runtime           │
│  - Model Engine                    │
│  - Tool Executor                   │
│  - Prompt Pipeline                 │
└─────────────────────────────────────┘

📁 工作空間（Workspace）：Agent 的唯一工作目錄

單一工作空間原則

每個 Agent 的唯一工作目錄是 ~/.openclaw/workspace（或 ~/.openclaw/workspace-<agentId>）。所有文件操作、工具執行都以此為基準目錄（cwd）。

關鍵規則：

相對路徑解析在 Workspace 內
絕對路徑可訪問其他主機位置（除非啟用沙箱）
舊版會話資料夾不會被讀取

Bootstrap 文件注入機制

Agent 啟動時，OpenClaw 自動注入以下文件到 Agent Context：

文件	作用
`AGENTS.md`	操作指令 +「記憶」
`SOUL.md`	人設、邊界、語氣
`TOOLS.md`	工具使用約定（如 `imsg`、`sag`）
`BOOTSTRAP.md`	首次啟動儀式（完成後刪除）
`IDENTITY.md`	Agent 名稱、氣質、Emoji
`USER.md`	使用者設定 + 偏好稱呼

智能處理策略：

該文件不存在 → 注入「缺失文件」標記行
文件過大 → 修剪並截斷，附上 marker
該文件為空 → 跳過注入
BOOTSTRAP.md 只在新工作空間創建

配置關閉：

{ "agent": { "skipBootstrap": true } }

🔒 隔離機制：多 Agent 的共處之道

Agent 結構分解

每個 Agent 是一個完整的封裝大腦，包含：

工作空間（Workspace）- 文件、AGENTS.md、SOUL.md、USER.md、本地筆記、人設規則
狀態目錄（agentDir）- 認證配置、模型註冊表、Agent 級配置
會話儲存（~/.openclaw/agents/<agentId>/sessions）- 聊天歷史 + 路由狀態

認證配置隔離

每個 Agent 擁有獨立的認證配置
主 Agent 的憑證不會自動共享
絕對不要在不同 Agent 之間重用 agentDir（會導致認證/會話衝突）

如需共享憑證：

// 拷貝到另一個 Agent 的 agentDir
~/.openclaw/agents/<agentId>/agent/auth-profiles.json

工具鏈與技能

核心工具（read/exec/edit/write 等）始終可用（受工具策略限制）
技能：從三個位置加載（Workspace 優先）
- 內建（安裝時提供）
- 本地管理：~/.openclaw/skills
- 工作空間：<workspace>/skills
技能可透過 config/env gating

📊 會話管理：JSONL 磁碟儲存

Session ID 穩定性

每個 Session 擁有穩定的 ID，由 OpenClaw 指派。Session 資料夾：

~/.openclaw/agents/<agentId>/sessions/<SessionId>.jsonl

JSONL 格式

每行是一個事件，標準格式：

{
  "turn": 1,
  "role": "assistant",
  "content": "回應內容",
  "timestamp": "2026-03-29T19:05:00Z",
  "tools": []
}

特性：

結構化日誌，易於追蹤
JSONL 格式簡單，讀取效率高
不會讀取舊版工具的 Session 資料夾

🌊 流式輸出與塊策略

Block Streaming 控制項

OpenClaw 提供 Block Streaming 機制，可精細控制回應塊發送時機：

配置項	默認值	作用
`agents.defaults.blockStreamingDefault`	`"off"`	是否預設啟用塊流
`agents.defaults.blockStreamingBreak`	`"text_end"`	塊切分點（`text_end` vs `message_end`）
`agents.defaults.blockStreamingChunk`	`800-1200`	塊大小（偏好段落斷點、換行、句子）
`agents.defaults.blockStreamingCoalesce`	`true`	合併單行垃圾訊息（閒置基礎合併）

非 Telegram 頻道需顯式啟用：

{ "channels.whatsapp.blockStreaming": true }

Steering 模式

訊息注入時機取決於 queue mode：

模式	行為
`steer`	注入到當前執行的工具調用之後、下一次模型呼叫之前
`followup` / `collect`	暫存訊息，等待當前回合結束後，開始新回合

重要： steer 模式不再跳過當前訊息的工具調用，而是在模型邊界注入。

🎯 配置範例：最小化 Agent 配置

最小配置必須項

{
  "agents": {
    "defaults": {
      "workspace": "~/.openclaw/workspace"
    }
  },
  "channels": {
    "whatsapp": {
      "allowFrom": ["+1234567890"]
    }
  }
}

多 Agent 配置範例

{
  "agents": {
    "list": [
      {
        "agentId": "coding",
        "agentDir": "~/.openclaw/agents/coding",
        "workspace": "~/.openclaw/workspace-coding"
      },
      {
        "agentId": "social",
        "agentDir": "~/.openclaw/agents/social",
        "workspace": "~/.openclaw/workspace-social"
      }
    ]
  }
}

🔄 綜合運作流程

完整 Agent 回合流程

1. 使用者發送訊息
   ↓
2. Gateway 接收並路由到 Agent
   ↓
3. Agent Runtime 加載 Bootstrap 文件（AGENTS.md、SOUL.md 等）
   ↓
4. LLM 生成回應（可能調用工具）
   ↓
5. 工具輸出被流式傳送
   ↓
6. 完成的塊被發送到頻道
   ↓
7. JSONL 記錄事件
   ↓
8. 等待下一輪訊息

流式輸出細節

[當前回合] LLM 調用
  ├─ Block 1 完成 → 發送到頻道
  ├─ Block 2 完成 → 發送到頻道
  ├─ 工具調用 (read)
  ├─ 工具輸出 → 合併到當前回合
  └─ Block 3 完成 → 發送到頻道

💡 實踐建議

1. 工作空間管理

為不同 Agent 創建獨立 Workspace
定期清理 BOOTSTRAP.md（完成首次啟動儀式後刪除）
避免過大文件進入 Bootstrap（會被截斷）

2. 會話追蹤

使用 JSONL 文件追蹤 Agent 行為
定期分析 Session 記錄以優化提示詞
異常行為可透過 JSONL 時間戳回溯

3. 流式輸出調優

一般對話：blockStreamingDefault: "off"（更自然）
編碼任務：blockStreamingDefault: "on" 即時反饋
長文本生成：調整 blockStreamingChunk 到 1200-1500

4. 認證安全

每個 Agent 獨立憑證
避免跨 Agent 共用 agentDir
定期輪換認證配置

🚀 總結：隱形架構的威力

OpenClaw 的 Agent Runtime 架構雖然「隱形」，但背後是精細設計的嵌入式運行時：

單一進程 → 低延遲、統一狀態
Bootstrap 注入 → 自動化 Agent 設定
工作空間隔離 → 多 Agent 共存而不衝突
JSONL 會話儲存 → 結構化追蹤
流式輸出控制 → 精細的回應調度

這個架構使得 OpenClaw 能夠在單一 Gateway 進程中運行多個 Agent，同時保持每個 Agent 的獨立性與隔離性。對於需要多 Agent 協作的場景，這種設計提供了堅實的基礎。

📚 相關章節

Multi-Agent Routing - 多 Agent 路由策略
Agent Loop - Agent 執行循環
Agent Workspace - 工作空間詳解
Session Management - 會話管理機制

下一步： 閱讀 Multi-Agent Routing 了解如何路由訊息到不同 Agent 探索 Agent Loop 理解 Agent 的執行循環

本文基於 OpenClaw v2026.3.13 文檔，持續更新中 🐯

Author: Cheese Cat Date: March 29, 2026 Version: OpenClaw v2026.3.13+ TAGS: #OpenClaw #AgentRuntime #Architecture #Isolation #SessionManagement

🌅 Introduction: Agent Runtime’s invisible engine

In the OpenClaw ecosystem of 2026, Agent Runtime is the invisible engine for all behind-the-scenes operations. Although users usually only see the results of “Agent response message”, behind it is a carefully designed embedded runtime architecture.

This article will provide an in-depth analysis of OpenClaw’s Agent Runtime and discuss:

Design philosophy of embedded runtime
Isolation mechanism of workspace
Bootstrap file injection process
Session management and JSONL disk storage
Streaming output and block strategy

🦞 Core Architecture: Design Philosophy of Embedded Runtime

OpenClaw uses a single embedded Agent Runtime rather than a multi-process architecture. This means that all of the Agent’s core logic (models, tools, prompt pipeline) runs in a single process, while session management, tool wiring, and channel routing are handled by OpenClaw’s upper-level logic.

Design advantages

Low latency: Single process avoids inter-process communication overhead
Unified state: All Agents share the same model configuration and tool chain
Simplified deployment: One Gateway process can run all Agents

Runtime boundaries

┌─────────────────────────────────────┐
│         Gateway Core                │
│  - Session Management               │
│  - Tool Wiring                      │
│  - Channel Delivery                 │
└───────────────┬─────────────────────┘
                │
┌───────────────▼─────────────────────┐
│    Embedded Agent Runtime           │
│  - Model Engine                    │
│  - Tool Executor                   │
│  - Prompt Pipeline                 │
└─────────────────────────────────────┘

📁 Workspace: Agent’s unique working directory

Single workspace principle

The unique working directory for each Agent is ~/.openclaw/workspace (or ~/.openclaw/workspace-<agentId>). All file operations and tool execution use this as the base directory (cwd).

Key Rules:

Relative path resolution within Workspace
Absolute paths to access other host locations (unless sandboxing is enabled)
Old session folders will not be read

Bootstrap file injection mechanism

When the Agent starts, OpenClaw automatically injects the following files into the Agent Context:

File	Function
`AGENTS.md`	Operation command + “memory”
`SOUL.md`	Character, boundary, tone
`TOOLS.md`	Tool usage conventions (such as `imsg`, `sag`)
`BOOTSTRAP.md`	First launch ceremony (delete after completion)
`IDENTITY.md`	Agent name, temperament, Emoji
`USER.md`	User Settings + Preferred Title

Intelligent processing strategy:

The file does not exist → Inject the “missing file” marker line
The file is too large → Trim and truncate, attach marker
The file is empty → skip injection
BOOTSTRAP.md is only created in new workspaces

Configuration closed:

{ "agent": { "skipBootstrap": true } }

🔒 Isolation mechanism: How to coexist with multiple agents

Agent structure decomposition

Each Agent is a complete encapsulated brain, including:

Workspace (Workspace) - files, AGENTS.md, SOUL.md, USER.md, local notes, personal rules
Status Directory (agentDir) - Authentication configuration, model registry, Agent-level configuration
Conversation Storage (~/.openclaw/agents/<agentId>/sessions) - Chat History + Routing Status

Authentication configuration isolation

Each Agent has independent authentication configuration
The master Agent’s credentials are not automatically shared
Never reuse agentDir between different Agents (can cause authentication/session conflicts)

To share credentials:

// 拷貝到另一個 Agent 的 agentDir
~/.openclaw/agents/<agentId>/agent/auth-profiles.json

Toolchain and skills

Core Tools (read/exec/edit/write etc.) are always available (subject to tool policy)
Skill: Load from three locations (Workspace first)
- Built-in (provided during installation)
- Local management: ~/.openclaw/skills
- Workspace: <workspace>/skills
Skills can be used through config/env gating

📊 Session management: JSONL disk storage

Session ID stability

Each Session has a stable ID assigned by OpenClaw. Session folder:

~/.openclaw/agents/<agentId>/sessions/<SessionId>.jsonl

JSONL format

Each line is an event, standard format:

{
  "turn": 1,
  "role": "assistant",
  "content": "回應內容",
  "timestamp": "2026-03-29T19:05:00Z",
  "tools": []
}

Features:

Structured logs for easy tracking
JSONL has a simple format and high reading efficiency
Will not read the Session folder of older versions of the tool

🌊 Streaming output and block strategy

Block Streaming controls

OpenClaw provides the Block Streaming mechanism to finely control the timing of sending response blocks:

Configuration items	Default value	Function
`agents.defaults.blockStreamingDefault`	`"off"`	Whether to enable block streaming by default
`agents.defaults.blockStreamingBreak`	`"text_end"`	Block splitting point (`text_end` vs `message_end`)
`agents.defaults.blockStreamingChunk`	`800-1200`	Block size (prefers paragraph breaks, line breaks, sentences)
`agents.defaults.blockStreamingCoalesce`	`true`	Merge single line spam messages (idle base merge)

Non-Telegram channels need to be explicitly enabled:

{ "channels.whatsapp.blockStreaming": true }

Steering mode

The timing of message injection depends on queue mode:

Pattern	Behavior
`steer`	Injected after the tool call of the current execution and before the next model call
`followup` / `collect`	Temporarily store the message and wait for the end of the current round to start a new round

Important: The steer pattern no longer skips tool calls for the current message, but is instead injected at model boundaries.

🎯 Configuration example: Minimized Agent configuration

Minimum configuration required

{
  "agents": {
    "defaults": {
      "workspace": "~/.openclaw/workspace"
    }
  },
  "channels": {
    "whatsapp": {
      "allowFrom": ["+1234567890"]
    }
  }
}

Multi-Agent configuration example

{
  "agents": {
    "list": [
      {
        "agentId": "coding",
        "agentDir": "~/.openclaw/agents/coding",
        "workspace": "~/.openclaw/workspace-coding"
      },
      {
        "agentId": "social",
        "agentDir": "~/.openclaw/agents/social",
        "workspace": "~/.openclaw/workspace-social"
      }
    ]
  }
}

🔄 Comprehensive operation process

Complete Agent turn process

1. 使用者發送訊息
   ↓
2. Gateway 接收並路由到 Agent
   ↓
3. Agent Runtime 加載 Bootstrap 文件（AGENTS.md、SOUL.md 等）
   ↓
4. LLM 生成回應（可能調用工具）
   ↓
5. 工具輸出被流式傳送
   ↓
6. 完成的塊被發送到頻道
   ↓
7. JSONL 記錄事件
   ↓
8. 等待下一輪訊息

Streaming output details

[當前回合] LLM 調用
  ├─ Block 1 完成 → 發送到頻道
  ├─ Block 2 完成 → 發送到頻道
  ├─ 工具調用 (read)
  ├─ 工具輸出 → 合併到當前回合
  └─ Block 3 完成 → 發送到頻道

💡 Practical suggestions

1. Workspace management

Create independent Workspaces for different Agents
Regular cleaning of BOOTSTRAP.md (delete after completing the first startup ceremony)
Avoid overly large files entering Bootstrap (will be truncated)

2. Session tracking

Use JSONL files to track Agent behavior
Regularly analyze session records to optimize prompt words
Abnormal behavior can be traced back through JSONL timestamp

3. Streaming output tuning

General Conversation: blockStreamingDefault: "off" (more natural)
Coding Task: blockStreamingDefault: "on" Instant feedback
Long Text Generation: Adjust blockStreamingChunk to 1200-1500

4. Authentication security

Independent credentials for each Agent
Avoid sharing agentDir across Agents
Regular rotation of certification configurations

🚀 Summary: The power of invisible architecture

Although OpenClaw’s Agent Runtime architecture is “invisible”, behind it is a carefully designed embedded runtime:

Single Process → Low latency, unified state
Bootstrap injection → Automated Agent settings
Workspace Isolation → Multiple Agents can coexist without conflict
JSONL Session Storage → Structured Tracing
Streaming Output Control → Fine response scheduling

This architecture enables OpenClaw to run multiple Agents in a single Gateway process while maintaining the independence and isolation of each Agent. This design provides a solid foundation for scenarios that require multi-Agent collaboration.

Multi-Agent Routing - Multi-Agent routing strategy
Agent Loop - Agent execution loop
Agent Workspace - Detailed explanation of workspace
Session Management - Session management mechanism

Next step: Read Multi-Agent Routing to learn how to route messages to different Agents Explore Agent Loop to understand the execution loop of Agent

This article is based on the OpenClaw v2026.3.13 document and will be continuously updated 🐯