SynClaw logoSynClaw Docs
Sign inHome
OverviewHostingPublic WSSSelf-hostedModelFAQ
DocsHosting

Self-hosted: Configure OpenClaw + MCP

Connect gateway auth and MCP tooling to your workspace flow.

1) OpenClaw gateway setup

  1. Open Settings -> OpenClaw in target workspace.
  2. Default to Public WSS (`wss://`) using explicit protocol and no trailing spaces.
  3. Set auth token with least required scopes.
  4. Add Synclaw origin to OpenClaw allowedOrigins and approve device.
  5. Save and re-open settings page to confirm persistence.

Minimum values to verify

Gateway URL: https://<gateway-host>
Token: <workspace-scoped-token>
Scopes: <required scopes for your runtime>
Environment: <dev|staging|prod workspace target>

Method decision (security-first)

  • Public WSS is the recommended default for production.
  • Private Connector is advanced and meant for private-network operators.
  • Self-hosted Local is advanced and best only when app + OpenClaw are in same private environment.

2) MCP server setup

  1. Deploy MCP server with required tool providers.
  2. Ensure network reachability between runtime and MCP endpoint over your expected network path.
  3. Validate auth between OpenClaw runtime and MCP server.
  4. Confirm tool manifest and schemas are loaded as expected.

MCP readiness checklist

- Endpoint reachable from runtime host
- Auth secret/token valid
- Tool list discoverable
- Tool schema validation passes
- Timeout/retry policy defined

3) Verification run

  • Create an agent and trigger one deterministic task.
  • Confirm live activity events are emitted in app.
  • Confirm tool call output is structured and reviewable.
  • Check heartbeat and session update cadence.

Suggested verification task

Task: "Run one safe MCP tool call and summarize result"
Expected:
1) session starts
2) tool call logged
3) response persisted in activity/doc
4) no silent failure in UI

4) Failure patterns to check

  • Token/scope mismatch in gateway auth.
  • MCP endpoint unreachable or timed out.
  • Unexpected tool schema payload causing run failures.
  • Workspace-level config saved in wrong environment.

Diagnostic order

Check gateway auth first, then MCP connectivity, then tool schema compatibility. This avoids chasing downstream symptoms.

5) Production hardening

  • Use separate tokens and endpoints for dev/staging/prod.
  • Apply rate limiting and timeout caps on tool calls.
  • Log request identifiers for tool execution traces.
  • Document fallback behavior when MCP is degraded.