| name | openclaw-dashboard | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| description | Real-time operations dashboard for OpenClaw. Monitors sessions, costs, cron jobs, and gateway health. Use when installing the dashboard, starting the server, adding features, updating backend routes, or changing frontend tabs. Includes language toggle (EN/中文), watchdog 24h uptime bar, and cost analysis. | |||||||||||||||||||||||||||||||||||
| version | 2.0.0 | |||||||||||||||||||||||||||||||||||
| metadata |
|
Tell OpenClaw: "Install the openclaw-dashboard skill." The agent will handle the installation and configuration automatically.
clawhub install openclaw-dashboardKeep this repository public-safe and easy to run. Prioritize:
- Secret sanitization
- Minimal setup steps
- Stable API/UI behavior
The dashboard uses a modular backend + tab-based frontend architecture.
Backend entry point: backend/server.js
Business logic: backend/providers/ — one file per data domain
Frontend: frontend/tabs/ + frontend/shared/ — one JS file per tab
Runtime data: stored in ~/.openclaw/dashboard/ (outside skill dir, not Git-tracked)
| Provider | Routes | Responsibility |
|---|---|---|
sessions.js |
/ops/sessions, /api/sessions |
Session stats + model |
ledger.js |
/ops/ledger/*, /api/cost/* |
SQLite token/cost data |
cron.js |
/ops/cron, /ops/cron-costs, /cron/today |
Cron jobs + run history + cost breakdown |
watchdog.js |
/ops/watchdog |
Watchdog state + timeline |
spark.js |
/ops/dgx-status, /api/spark/* |
DGX Spark inference node |
system.js |
/ops/system |
Host metrics (CPU/RAM/disk) |
ground-truth.js |
/api/ground-truth/*, /ops/models |
Model registry + colors |
tasks.js |
/tasks, /tasks/:id |
Task CRUD + notes |
config.js |
/ops/config, /files, /skills |
Config viewer + file editor |
ops-legacy.js |
/ops/* (remaining) |
Audit, channels, model switch, restart |
| Tab | File | Key functions |
|---|---|---|
| Overview | tabs/overview.js |
loadSessions(), loadTasks() |
| Cost | tabs/cost.js |
loadOpsChannels(), loadOpsAlltime() |
| Cron | tabs/cron.js |
loadCronEnhanced(), loadCronCosts(), loadCronRuns() |
| Health | tabs/health.js |
renderAgentMonitor(), loadSystemInfo(), renderWatchdogStatus() |
| Config | tabs/config.js |
loadConfig(), loadSkills(), loadFileList() |
| Shared | shared/api.js |
Auth, apiFetch(), watchdog renderers, toast, markdown |
| Shared | shared/ui-utils.js |
timeSince(), task state |
| Shared | shared/boot.js |
Init, week nav, chart renderers, confirm dialog |
Use this skill for:
- Dashboard feature requests (sessions, cost, cron, watchdog, operations)
- Backend route additions/fixes in
backend/providers/ - Frontend behavior updates in
frontend/tabs/orfrontend/shared/ - README, setup, and environment simplification
- Public release checks for accidental sensitive data
- No duplicate function definitions across
api.jsandui-utils.js. Shared utilities belong inapi.js(loaded first).ui-utils.jsonly holdstimeSince()and task state. - Cross-tab function calls are implicit — JS shares the same
windowscope. Keep shared helpers inshared/files. - Runtime data goes to
~/.openclaw/dashboard/, not skill root. Path is set inbackend/lib/config.jsviaOPENCLAW_DASHBOARD_TASKSenv or default. /ops/modelsreturns{ registry: {...object...}, colors, displayNames, models }—registrymust be an object keyed by alias, not an array./ops/cron-costsreturns{ summary, jobs, dailyTrend, review, rows }— all five keys required for Cron tab to render correctly.hideStalequery param on/ops/sessionsfilters sessions with no activity for 7+ days.
- Never hardcode tokens, API keys, cookies, or host-specific secrets.
- Never commit machine-specific absolute paths.
- Prefer
process.env.*and safe defaults based onHOME. - Keep examples as placeholders (
your_token_here,/path/to/...). - If uncertain, redact first and ask the user before exposing details.
- Keep sensitive behaviors opt-in (do not silently load local secret files).
The bundled server can access local OpenClaw files for dashboard views:
- Sessions, cron runs, watchdog state under
~/.openclaw/... - Local workspace files under
OPENCLAW_WORKSPACE - Task data in
~/.openclaw/dashboard/tasks.json - Task attachments in
~/.openclaw/dashboard/attachments/
High-sensitivity features are disabled by default and require explicit env flags:
OPENCLAW_LOAD_KEYS_ENV=1to loadkeys.envOPENCLAW_ENABLE_PROVIDER_AUDIT=1to call OpenAI/Anthropic org APIsOPENCLAW_ENABLE_CONFIG_ENDPOINT=1to expose/ops/configOPENCLAW_ALLOW_ATTACHMENT_FILEPATH_COPY=1for absolute-path attachment copyOPENCLAW_ENABLE_MUTATING_OPS=1to enable model-switch, backup, update ops
Network security:
- CORS restricted to loopback by default.
- Auth via HttpOnly cookie (
ds) orAuthorization: Bearerheader. - Set
DASHBOARD_CORS_ORIGINS(comma-separated) for external origins.
- Identify which provider or tab file owns the feature.
- Implement the smallest change that preserves behavior.
- Check: does any other tab/shared file also define the same function? If yes, deduplicate.
- Run a sensitive-string scan before finalizing.
- Ensure docs match the actual runtime defaults.
Before final response, scan for:
token=,OPENCLAW_AUTH_TOKEN,OPENCLAW_HOOK_TOKENAPI_KEY,SECRET,PASSWORD,COOKIE- absolute paths like
/Users/,C:\\, machine names, personal emails
If found: replace with env-based values or placeholders, and mention what was sanitized.
backend/providers/*.js— server behavior and API routesfrontend/tabs/*.js— tab-specific UI logicfrontend/shared/api.js— auth, fetch, shared renderersbackend/lib/config.js— path and env configurationREADME.md— quick start and operator docsenv.example— public-safe environment template