Channels
Guild
By OpenClaw Guild: multi-user business platform plugin โ shared memory, skills, and role-based access for agent teams
Install
npm install openclaw-guildConfiguration Example
{
"plugins": {
"slots": {
"memory": "guild" // Guild owns the memory slot
},
"entries": {
"guild": {
"enabled": true,
"config": {
"supabaseUrl": "http://127.0.0.1:54321", // or your hosted Supabase URL
"supabaseAnonKey": "eyJ...",
"features": {
"memory": true, // Enable memory tools + hooks
"skills": true // Enable skill injection
},
"agents": {
"my-agent": {
"uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"email": "[email protected]", // Auto-generated โ see note below
"password": "...",
"jwt": "..." // Alternative: static JWT (fallback)
}
}
}
}
}
}
}README
# OpenClaw Guild
Multi-user business platform plugin for [OpenClaw](https://openclaw.ai).
## The problem
OpenClaw is great for a single user, but if you run a business and want your team to use AI agents on your OpenClaw, you're stuck. Everyone shares the same memory, the same context, the same access. You can't give an employee access to a marketing agent without exposing your private projects, financials, or other work.
## What Guild does
Guild turns single-user OpenClaw into a multi-user business platform. Each person gets their own agents with isolated memory, shared team knowledge flows through role-based access control, and an admin dashboard lets you manage it all โ who can see what, what agents remember, and what they're allowed to do.
- **Tiered memory** โ agent-private, per-user, role-shared, and company-wide knowledge, all in Supabase with row-level security
- **Skills** โ versioned instruction sets assigned by scope (company, role, individual) with a visual assignment matrix
- **Data isolation** โ agents only see their own data, enforced at the database level. No agent can read another agent's memories.
- **Auto-recall** โ injects relevant user, company, and role context into every agent session automatically
- **Auto-capture** โ detects and saves user facts from conversations (with per-user opt-out)
- **Memory persistence** โ saves important context before compaction so it survives context window compression
- **[Admin UI](https://github.com/SpireTech/openclaw-guild-admin)** โ web dashboard for managing agents, users, roles, memory, skills, network policies, and audit logs
- **Agentic Management** - Use claude code or your favorite command-line ai tool to administer users and configuration for you
## How agents access memory and skills
The **Guild plugin** registers tools directly into the OpenClaw gateway. When an agent calls `guild_memory_read()` or `guild_skill_read()`, the gateway executes the tool in-process โ no external server needed. The plugin also injects a skill catalog, memory summary, and onboarding instructions into every agent's system prompt automatically via the `before_prompt_build` hook.
The **MCP server** (`guild-mcp`) is a separate component for non-OpenClaw clients โ Claude Desktop, custom integrations, or the admin UI. It exposes the same data over the MCP protocol but is not used by OpenClaw agents.
## Packages
| Package | Description |
|---|---|
| `packages/plugin` | OpenClaw plugin โ tools, hooks, and CLI that run inside the gateway |
| `packages/mcp/guild-mcp` | MCP server for external clients (Claude Desktop, integrations) โ 29 tools |
| `packages/shared` | Shared Supabase client, types, and embedding helpers |
| `migrations/` | Supabase schema SQL files |
## Quick start
### With OpenClaw
```bash
# 1. Install the plugin
openclaw plugins install openclaw-guild
# 2. Run setup (detects Supabase, runs migrations, configures plugin)
openclaw guild setup
# 3. Provision agents
openclaw guild provision-agent --all
# 4. Verify
openclaw guild doctor
# 5. Restart gateway
openclaw gateway restart
```
### With npm (manual install)
```bash
npm install openclaw-guild
```
Then follow the [Installation Runbook](packages/plugin/INSTALL.md) to configure the plugin in your `openclaw.json` and provision agents.
### MCP server (for Claude Desktop or other MCP clients)
```bash
cd packages/mcp/guild-mcp
npm install
SUPABASE_URL=... SUPABASE_ANON_KEY=... node dist/index.js
```
See the [MCP server README](packages/mcp/guild-mcp/README.md) for configuration options.
## Requirements
- OpenClaw >= 2026.3.24
- Supabase (local via `npx supabase start` or hosted)
- Node.js >= 22
- **For knowledge search:** An embedding model accessible via Ollama (default: `nomic-embed-text` on `localhost:11434`). Knowledge tools use vector embeddings for semantic search. Memory and skill tools do not require embeddings.
## Configuration reference
### Plugin config (`openclaw.json`)
The plugin is configured in `plugins.entries.guild.config`:
```jsonc
{
"plugins": {
"slots": {
"memory": "guild" // Guild owns the memory slot
},
"entries": {
"guild": {
"enabled": true,
"config": {
"supabaseUrl": "http://127.0.0.1:54321", // or your hosted Supabase URL
"supabaseAnonKey": "eyJ...",
"features": {
"memory": true, // Enable memory tools + hooks
"skills": true // Enable skill injection
},
"agents": {
"my-agent": {
"uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"email": "[email protected]", // Auto-generated โ see note below
"password": "...",
"jwt": "..." // Alternative: static JWT (fallback)
}
}
}
}
}
}
}
```
### Config fields
| Field | Type | Default | Description |
|---|---|---|---|
| `supabaseUrl` | string | *required* | Supabase project URL |
| `supabaseAnonKey` | string | *required* | Supabase anon/public key |
| `features.memory` | boolean | `true` | Enable memory tools and lifecycle hooks |
| `features.skills` | boolean | `true` | Enable skill catalog injection at bootstrap |
| `agents.<id>.uuid` | string | *required* | Agent's UUID in the `agents` table |
| `agents.<id>.email` | string | โ | Auto-generated Supabase Auth email (e.g., `[email protected]`) |
| `agents.<id>.password` | string | โ | Auto-generated password (supports `$ENV_VAR` references) |
| `agents.<id>.jwt` | string | โ | Static JWT (fallback auth, supports `$ENV_VAR` references) |
> **Why do agents have email addresses?** Supabase Auth requires email/password for authentication โ there's no service account type. Agent emails like `[email protected]` are auto-generated fake addresses used only as Supabase Auth credentials. They never receive mail. The agent provisioning process (CLI or Admin UI) creates these automatically.
### Consolidated MCP server
The `guild-mcp` server supports config-driven tool group activation via environment variables:
```bash
# Enable all tool groups (default)
GUILD_TOOLS=memory,skills,knowledge node packages/mcp/guild-mcp/dist/index.js
# Memory + skills only (no knowledge/embeddings required)
GUILD_TOOLS=memory,skills node packages/mcp/guild-mcp/dist/index.js
# Memory only
GUILD_TOOLS=memory node packages/mcp/guild-mcp/dist/index.js
```
| Env var | Default | Description |
|---|---|---|
| `GUILD_TOOLS` | `memory,skills,knowledge` | Comma-separated tool groups to enable |
| `SUPABASE_URL` | โ | Supabase project URL |
| `SUPABASE_ANON_KEY` | โ | Supabase anon key |
| `SUPABASE_SERVICE_ROLE_KEY` | โ | Service role key (for admin operations) |
| `OAUTH_CLIENT_ID` | โ | OAuth client ID for RLS headers |
| `OLLAMA_URL` | `http://localhost:11434` | Ollama embedding service (knowledge tools) |
| `EMBEDDING_MODEL` | `nomic-embed-text` | Embedding model name |
### Admin UI
```bash
docker run -p 3100:3100 \
-e SUPABASE_URL=http://host.docker.internal:54321 \
-e SUPABASE_ANON_KEY=eyJ... \
-e SUPABASE_SERVICE_ROLE_KEY=eyJ... \
-e ORG_NAME="Acme Corp" \
ghcr.io/spiretech/openclaw-guild-admin:latest
```
| Env var | Default | Description |
|---|---|---|
| `ORG_NAME` | `Organization` | Organization name shown in sidebar and title |
| `SUPABASE_URL` | โ | Supabase URL |
| `SUPABASE_ANON_KEY` | โ | Supabase anon key |
| `SUPABASE_SERVICE_ROLE_KEY` | โ | Service role key for admin operations |
## Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ OpenClaw Gateway โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Guild Plugin โ โ
โ โ โ โ
โ โ Hooks: โ โ
โ โ โข before_prompt_build โ inject skills+memory โ โ
โ โ โข before_compaction โ flush to Supabase โ โ
โ โ โข agent_end โ auto-capture facts โ โ
โ โ โข before_dispatch โ cache sender ID โ โ
โ โ โ โ
โ โ Tools (10): โ โ
โ โ guild_memory_{read,save,archive,search, โ โ
โ โ team,company} โ โ
โ โ guild_skill_read โ โ
โ โ guild_user_{read,save} โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ HTTP (PostgREST) โ
โ โผ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Supabase โ โ
โ โ โ โ
โ โ Tables: โ โ
โ โ agents, users, external_identities โ โ
โ โ agent_memories, user_memories โ โ
โ โ role_memories, company_memories โ โ
โ โ skills, skill_versions, skill_assignments โ โ
โ โ memory_promotions, memory_audit โ โ
โ โ user_agent_grants โ โ
โ โ knowledge_chunks, clients โ โ
โ โ โ โ
โ โ RLS: per-agent auth, data isolation โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโ
โ Guild MCP Server โ โ Guild Admin UI โ
โ (external clients) โ โ โ
โ โ โ Next.js dashboard โ
โ For Claude Desktop, โ โ โข Memory management โ
โ custom integrations โ โ โข Skill cat
... (truncated)
channels
Comments
Sign in to leave a comment