openclaw/CONTRIBUTING.md

Contributing to OpenClaw

Welcome to the lobster tank! 🦞

Quick Links

• GitHub: https://github.com/openclaw/openclaw
• Vision: VISION.md
• Discord: https://discord.gg/qkhbAGHRBT
• X/Twitter: @steipete / @openclaw

Maintainers

• Peter Steinberger - Benevolent Dictator

  • GitHub: @steipete · X: @steipete

• Shadow - Discord subsystem, Discord admin, Clawhub, all community moderation

  • GitHub: @thewilloftheshadow · X: @4shad0wed

• Vignesh - Memory (QMD), formal modeling, TUI, IRC, and Lobster

  • GitHub: @vignesh07 · X: @_vgnsh

• Jos - Telegram, API, Nix mode

  • GitHub: @joshp123 · X: @jjpcodes

• Ayaan Zaidi - Telegram subsystem, iOS app

  • GitHub: @obviyus · X: @0bviyus

• Tyler Yust - Agents/subagents, cron, BlueBubbles, macOS app

  • GitHub: @tyler6204 · X: @tyleryust

• Mariano Belinky - iOS app, Security

  • GitHub: @mbelinky · X: @belimad

• Nimrod Gutman - iOS app, macOS app and crustacean features

  • GitHub: @ngutman · X: @theguti

• Vincent Koc - Agents, Telemetry, Hooks, Security

  • GitHub: @vincentkoc · X: @vincent_koc

• Val Alexander - UI/UX, Docs, and Agent DevX

  • GitHub: @BunsDev · X: @BunsDev

• Seb Slight - Docs, Agent Reliability, Runtime Hardening

  • GitHub: @sebslight · X: @sebslig

• Christoph Nakazawa - JS Infra

  • GitHub: @cpojer · X: @cnakazawa

• Gustavo Madeira Santana - Multi-agents, CLI, web UI

  • GitHub: @gumadeiras · X: @gumadeiras

• Onur Solmaz - Agents, dev workflows, ACP integrations, MS Teams

  • GitHub: @onutc, @osolmaz · X: @onusoz

• Josh Avant - Core, CLI, Gateway, Security, Agents

  • GitHub: @joshavant · X: @joshavant

• Jonathan Taylor - ACP subsystem, Gateway features/bugs, Gog/Mog/Sog CLI's, SEDMAT

  • Github @visionik · X: @visionik

• Josh Lehman - Compaction, Tlon/Urbit subsystem

  • Github @jalehman · X: @jlehman_

How to Contribute

1. Bugs & small fixes → Open a PR!
2. New features / architecture → Start a GitHub Discussion or ask in Discord first
3. Questions → Discord #help / #users-helping-users

Before You PR

• Test locally with your OpenClaw instance
• Run tests: pnpm build && pnpm check && pnpm test
• Ensure CI checks pass
• Keep PRs focused (one thing per PR; do not mix unrelated concerns)
• Describe what & why

Model Provider Contributions

OpenClaw aims to be extensible while keeping the core maintainable. Before opening a PR to add a new model provider, please review this guidance to help save time for both you and reviewers.

Note: Final decisions rest with maintainers, but these guidelines reflect what we generally look for.

When PRs Are Likely to Merge

Top-tier providers (straightforward review):

• Major providers with large user bases and dedicated APIs (Anthropic, OpenAI, Google, Mistral, etc.)
• Providers explicitly listed in VISION.md priorities
• Examples: Anthropic Claude, OpenAI GPT, Google Gemini

Mid-tier providers (needs community signal):

• Providers with dedicated OpenAI-compatible APIs but smaller user bases
• Must demonstrate demand beyond a single contributor wanting it
• Evidence can include:
  • GitHub issue with community votes (typically 12+ supporters)
  • Discord thread with multiple users requesting it
  • Regional or use-case necessity (e.g., Mistral for EU compliance)

When to Use Existing Solutions Instead

If a provider's models are already accessible via one of these paths, a dedicated integration is unlikely to merge:

• OpenRouter — aggregates 100+ providers with a single API
• vLLM — custom OpenAI-compatible endpoints
• Custom endpoint — OpenClaw's built-in custom provider

Why? Every new provider creates perpetual maintenance burden (API changes, auth flows, error handling, docs). If an alternative access path exists, that's the answer.

Before Opening a PR

1. Check if it's already accessible:
   • Search OpenRouter's model list
   • Test with OpenClaw's custom provider if the API is OpenAI-compatible
2. Gather community signal:
   • Open a GitHub Discussion or post in #feature-requests on Discord
   • Link to the discussion in your PR description
3. Show unique value:
   • What does this provider offer that OpenRouter/vLLM can't provide?
   • Is there a regional compliance, pricing, or feature advantage?

Maintainer Discretion

These are guidelines, not hard rules. Maintainers may approve PRs that don't meet every criterion if there's a compelling reason, or decline PRs that technically qualify if timing or scope isn't right.

Goal: Ship what users need, not everything possible.

Control UI Decorators

The Control UI uses Lit with legacy decorators (current Rollup parsing does not support accessor fields required for standard decorators). When adding reactive fields, keep the legacy style:

@state() foo = "bar";
@property({ type: Number }) count = 0;

The root tsconfig.json is configured for legacy decorators (experimentalDecorators: true) with useDefineForClassFields: false. Avoid flipping these unless you are also updating the UI build tooling to support standard decorators.

AI/Vibe-Coded PRs Welcome! 🤖

Built with Codex, Claude, or other AI tools? Awesome - just mark it!

Please include in your PR:

• Mark as AI-assisted in the PR title or description
• Note the degree of testing (untested / lightly tested / fully tested)
• Include prompts or session logs if possible (super helpful!)
• Confirm you understand what the code does

AI PRs are first-class citizens here. We just want transparency so reviewers know what to look for.

Current Focus & Roadmap 🗺

We are currently prioritizing:

• Stability: Fixing edge cases in channel connections (WhatsApp/Telegram).
• UX: Improving the onboarding wizard and error messages.
• Skills: For skill contributions, head to ClawHub — the community hub for OpenClaw skills.
• Performance: Optimizing token usage and compaction logic.

Check the GitHub Issues for "good first issue" labels!

Maintainers

We're selectively expanding the maintainer team. If you're an experienced contributor who wants to help shape OpenClaw's direction — whether through code, docs, or community — we'd like to hear from you.

Being a maintainer is a responsibility, not an honorary title. We expect active, consistent involvement — triaging issues, reviewing PRs, and helping move the project forward.

Still interested? Email contributing@openclaw.ai with:

• Links to your PRs on OpenClaw (if you don't have any, start there first)
• Links to open source projects you maintain or actively contribute to
• Your GitHub, Discord, and X/Twitter handles
• A brief intro: background, experience, and areas of interest
• Languages you speak and where you're based
• How much time you can realistically commit

We welcome people across all skill sets — engineering, documentation, community management, and more. We review every human-only-written application carefully and add maintainers slowly and deliberately. Please allow a few weeks for a response.

Report a Vulnerability

We take security reports seriously. Report vulnerabilities directly to the repository where the issue lives:

• Core CLI and gateway — openclaw/openclaw
• macOS desktop app — openclaw/openclaw (apps/macos)
• iOS app — openclaw/openclaw (apps/ios)
• Android app — openclaw/openclaw (apps/android)
• ClawHub — openclaw/clawhub
• Trust and threat model — openclaw/trust

For issues that don't fit a specific repo, or if you're unsure, email security@openclaw.ai and we'll route it.

Required in Reports

1. Title
2. Severity Assessment
3. Impact
4. Affected Component
5. Technical Reproduction
6. Demonstrated Impact
7. Environment
8. Remediation Advice

Reports without reproduction steps, demonstrated impact, and remediation advice will be deprioritized. Given the volume of AI-generated scanner findings, we must ensure we're receiving vetted reports from researchers who understand the issues.