Watch Layer — Connector
Connect runtime monitoring
in 3 minutes.
The @gitopenclaw/connect package connects your running OpenClaw instance to GitOpenClaw. Once connected, every agent action is monitored, classified, and logged. Threats trigger instant alerts. The kill switch becomes active.
Requirements
Node.js
18 or higher
GitOpenClaw plan
Teams or Business
OpenClaw
Any version
Quick setup
Get your API key
Sign in to GitOpenClaw and go to your account page. Your API key is shown there. Teams and Business plans are required for connector access.
Go to Account page →Install the connector
Requires Node.js 18+. Installs a lightweight CLI globally.
npm install -g @gitopenclaw/connectConnect to GitOpenClaw
Replace YOUR_API_KEY with the key from your account page. The connector starts listening to your local OpenClaw agent sessions.
gitopenclaw-connect --key YOUR_API_KEYVerify it's working
Should print: Connected · Monitoring · Plan: Teams (or Business)
gitopenclaw-connect statusWhat happens after you connect
Every file read, network call, and process exec is captured
Credential access (SSH keys, .aws, .env files) triggers an instant critical alert
Suspicious network requests (undocumented domains) are flagged automatically
The kill switch on your Watch dashboard becomes active
All events flow into the Trace audit trail (Business plan)
Spend tracking begins — see your AI API costs per session
Alternative: wrap any command
Use --wrap to monitor a specific OpenClaw session without leaving the connector running globally.
Before
openclaw run web-browser-agentAfter
gitopenclaw-connect --key YOUR_API_KEY --wrap "openclaw run web-browser-agent"Direct API — send events yourself
If you have a custom agent framework, you can POST events directly to our API. Auth via x-api-key header.
POST /api/runtime-eventscurl -X POST https://gitopenclaw.com/api/runtime-events \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"session_id": "session-abc123",
"agent_name": "my-agent",
"event_type": "file_read",
"action": "Read file",
"detail": "/Users/me/Documents/report.pdf",
"occurred_at": "2026-04-08T14:22:05Z"
}'Or send a batch of up to 500 events at once:
POST /api/runtime-events — batchcurl -X POST https://gitopenclaw.com/api/runtime-events \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '[
{ "session_id": "s1", "agent_name": "agent", "event_type": "file_read", "action": "Read ~/.aws/credentials", "detail": "~/.aws/credentials" },
{ "session_id": "s1", "agent_name": "agent", "event_type": "network_request", "action": "GET", "detail": "https://api.openai.com/v1/chat" }
]'Response
{
"saved": 2,
"flagged": 1,
"alerts": 1
}Event types reference
file_readAgent reads a file from disk
variesfile_writeAgent writes or creates a file
infonetwork_requestHTTP request made by the agent
variescredential_accessAgent accesses credentials, SSH keys, tokens
criticalenv_readAgent reads environment variables
warningprocess_execAgent executes a shell command
warningSeverity is auto-classified based on event type and the detail field (credential paths, suspicious domains, etc).
Privacy — what leaves your machine
Only structured event summaries are sent — never raw file contents
Secrets, tokens, and key values are redacted before transmission
File paths and action descriptions are sent — not file contents
Your actual files, code, or credentials never leave your machine
Troubleshooting
Error: Unauthorized (401)
Your API key is wrong or you're on the Free or Pro plan. Runtime monitoring requires Teams or Business. Grab your key from the Account page.
Error: Forbidden (403)
Your account plan doesn't include runtime monitoring. Upgrade to Teams ($99/mo) to enable the Watch layer.
No events appearing in Watch dashboard
Run `gitopenclaw-connect status` to verify the connection. Events take ~5 seconds to appear after transmission. Make sure your OpenClaw agent session is actually running.
How do I monitor agents running in Docker?
Use the --wrap mode to wrap your OpenClaw command, or POST events directly from your Docker container to the API. The API key goes in x-api-key header.
Ready to monitor?
Teams plan required. Cancel anytime.