Compatibility Guide

May 15, 2026 ยท View on GitHub

This is the canonical compatibility matrix for OpenClaw.NET. It covers runtime modes, upstream SKILL.md reuse, plugin compatibility, channel operator parity, and the current limitations you should plan around.

Status Legend

  • Supported: intended production path, backed by automated tests
  • Supported with caveats: works today, but there are important scope limits or mode requirements
  • Not supported: fails fast with explicit diagnostics instead of loading partially

Runtime Modes

  • OpenClaw:Runtime:Mode=auto resolves to jit when dynamic code is available and aot when it is not.
  • OpenClaw:Runtime:Mode=aot forces the strict trim-safe lane even on a JIT-capable build.
  • OpenClaw:Runtime:Mode=jit enables the expanded plugin and dynamic-native lane.

Upstream Skill Compatibility

SurfaceStatusNotes
Standalone SKILL.md packagesSupportedThis is the cleanest upstream reuse path. No bridge is required.
ClawHub skill install flowSupportedUse openclaw clawhub install <slug> with workspace or managed skill locations.
Plugin-packaged skills (manifest.skills[])SupportedSkills load into the normal precedence chain: extra < bundled < managed < plugin < workspace.
Workspace / managed / bundled skill precedenceSupportedWorkspace overrides remain the highest-priority operator-controlled layer.
Runtime reload expectationsSupported with caveatsNewly installed skills are picked up on restart; do not assume hot-reload for every deployment shape.

Plugin Package Compatibility

OpenClaw.NET keeps plugin compatibility explicit by runtime mode. The goal is to support the mainstream tool-and-skill path in aot, then offer a broader compatibility lane in jit without pretending the two modes are equivalent.

SurfaceStatusNotes
api.registerTool()SupportedAvailable in both aot and jit. Covered by hermetic bridge tests.
api.registerService()SupportedAvailable in both aot and jit, including start / stop lifecycle coverage.
api.registerChannel()Supported with caveatsjit only. aot fails fast with jit_mode_required.
api.registerCommand()Supported with caveatsjit only. Registered as dynamic chat commands.
api.on(...)Supported with caveatsjit only. tool:before / tool:after hooks are bridged with timeout protections.
api.registerProvider()Supported with caveatsjit only. Plugin-provided LLMs are wired through the dynamic provider seam.
OpenClaw.Providers.MicrosoftExtensionsAISupported with caveatsjit only through native dynamic plugins. Use this to bring an arbitrary IChatClient; AOT users should use built-in providers or OpenAI-compatible endpoints.
Standalone .js, .mjs, .ts in .openclaw/extensionsSupported with caveats.ts requires local jiti.
Manifest/package discovery via Plugins:Load:PathsSupportedIncludes openclaw.plugin.json and package.json openclaw.extensions.
openclaw plugins install --dry-run trust inspectionSupportedPrints trust level, declared surface, diagnostics, and blocks install when compatibility errors are present.
Plugin config validationSupported with caveatsValidated against the documented JSON Schema subset below before startup.
Plugin diagnostics in /doctorSupportedDiscovery, load, config, and compatibility failures are reported explicitly.
Plugin bridge runtime budgetsSupportedOpenClaw:Plugins:RuntimeBudget can auto-quarantine bridge plugins by restart count, working set, and compatibility error thresholds.
Plugins:Transport:Mode=stdioSupportedJSON-RPC over child process stdin/stdout.
Plugins:Transport:Mode=socketSupportedLocal IPC with authenticated handshake and private runtime socket directories.
Plugins:Transport:Mode=hybridSupportedinit over stdio, then runtime RPC/notifications over the local IPC socket transport.
Native dynamic .NET pluginsSupported with caveatsjit only through OpenClaw:Plugins:DynamicNative. AOT fails fast before load.
Upstream/TypeScript payment plugin live executionNot supportedNative OpenClaw.NET payment runtime owns live payment secrets. Bridge plugins named/providing payment are diagnostic/test-only unless explicitly sandboxed; live execution routes through the native payment tool.

Unsupported Today

These APIs are not bridged. If a plugin uses them, initialization fails fast with structured diagnostics instead of loading partially:

SurfaceStatusFailure code
api.registerGatewayMethod()Not supportedunsupported_gateway_method
api.registerCli()Not supportedunsupported_cli_registration

Canvas and A2UI Compatibility

OpenClaw.NET ships a Canvas/A2UI workspace for websocket clients. The supported target is local Canvas content, A2UI v0.8 JSONL compatibility, and A2UI v0.9 structured surfaces with catalog negotiation; remote webpage Canvas control remains intentionally unsupported. See CANVAS_A2UI.md.

SurfaceStatusNotes
Canvas present/hide/snapshot commandsSupportedTyped websocket envelopes routed through the session-scoped broker. Snapshots can target a specific surfaceId.
Local Canvas navigationSupported with caveatsabout:blank is supported. Inline local HTML is supported in webchat via sandboxed srcdoc; Companion reports an unsupported diagnostic without a native WebView.
Remote webpage Canvas navigation/evalNot supportedhttp: and https: URLs are rejected; use the browser tool for remote pages.
A2UI v0.8 JSONL renderingSupportedWebchat and Companion render text, markdown, card, button, input, select, checklist, table, image, progress, and simple chart frames through a2ui_push.
A2UI v0.9 structured surfacesSupporteda2ui_create_surface, a2ui_update_components, a2ui_update_data_model, a2ui_delete_surface, and a2ui_sync_ui_to_data are capability-gated on a2ui.v0_9.
A2UI catalog negotiationSupportedClients advertise supportedCatalogIds; the broker chooses or validates the requested catalog and locks it per senderId + sessionId + surfaceId.
A2UI interaction feedbackSupportedv0.8 client events return as a2ui_event; v0.9 surface actions return as a2ui_action session turns.
A2UI evalSupported with caveatsThe gateway tool is capability-gated, but no first-party client advertises a2ui.eval; webchat and Companion return unsupported diagnostics.
Advanced AGenUI componentsSupported with caveatsWebchat and Companion render native subsets and use conservative placeholders/diagnostics for media, carousel, web, or unsupported advanced components.

Channel Compatibility

The messaging channels below now share the same operator model for DM policy, recent senders, diagnostics, and dynamic allowlist administration.

ChannelStatusOperator surface
TelegramSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
Twilio SMSSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
WhatsAppSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
TeamsSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
SlackSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
DiscordSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics, including slash-command ingress parity
SignalSupportedDM policy, dynamic allowlists, recent senders, readiness and diagnostics
EmailSupported with caveatsEmail is an inbound transport, but it does not use the same sender-allowlist model as the chat channels above. Treat it as a separate operational surface.
Generic webhooksSupported with caveatsWebhooks support authenticated inbound triggers, but they are not a DM-policy / allowlist channel.

TypeScript Requirements

TypeScript plugins are supported when jiti is available in the plugin dependency tree.

Install it in the plugin directory or its parent workspace:

npm install jiti

If jiti is missing, plugin load fails with an actionable error instead of falling back silently.

Supported Config Schema Subset

openclaw.plugin.json configSchema is validated before the bridge starts. Supported keywords:

  • type
  • properties
  • required
  • additionalProperties
  • items
  • enum
  • const
  • minLength
  • maxLength
  • minimum
  • maximum
  • minItems
  • maxItems
  • pattern
  • oneOf
  • anyOf
  • documentation-only fields such as title, description, and default

Unsupported schema keywords are rejected with unsupported_schema_keyword.

Operator Trust Workflow

  • Plugin install candidates are classified as first-party, upstream-compatible, or untrusted at install time.
  • Operators can promote a loaded plugin to third-party-reviewed from the admin UI or POST /admin/plugins/{id}/review.
  • GET /admin/plugins exposes trust level, compatibility status, declared surface, diagnostics counts, runtime restart/memory data, budget violations, review notes, and source paths.
  • GET /admin/skills exposes the loaded skill inventory with trust level, host requirements, dispatch metadata, and source location.
  • Local SKILL.md folders or .tgz bundles can be inspected and installed with openclaw skills inspect and openclaw skills install.

Public-bind and CI surfaces

  • OpenClaw:Security:StrictPublicBindProfile=true applies the hardened Internet-facing preset over approvals, raw secret refs, plugin bridge exposure, and unsafe local tool execution.
  • GET /api/integration/compatibility/export and GET /admin/compatibility/export emit the machine-readable compatibility snapshot used by CI and deployment validation.

Tested Catalog

OpenClaw.NET now ships the pinned public compatibility catalog used by the smoke lane itself.

  • openclaw compatibility catalog
  • openclaw compatibility catalog --status compatible --kind npm-plugin
  • GET /admin/compatibility/catalog
  • GET /api/integration/compatibility/catalog

The catalog is scenario-based rather than marketing-based:

  • positive scenarios show pinned packages expected to load successfully
  • negative scenarios show pinned configs or packages expected to fail with explicit diagnostics
  • each entry includes install guidance, required config examples where relevant, and expected tools, skills, or diagnostics

Known Limitations

  • Public-bind setup defaults intentionally disable bridge plugins and shell until you opt into the relevant trust settings.
  • JIT-only capabilities remain JIT-only; aot does not attempt partial dynamic fallback.
  • TypeScript plugin loading depends on jiti; OpenClaw.NET does not bundle a TypeScript runtime automatically.
  • Out-of-root plugin entry files, manifests, and native dynamic assemblies fail explicitly instead of being resolved elsewhere on disk.
  • Tool-name collisions are deterministic: the first tool wins, later duplicates are skipped and reported.

Automated Proof

The compatibility claim is backed by automated validation in src/OpenClaw.Tests:

  • PluginBridgeIntegrationTests.cs
    • .js, .mjs, .ts loading
    • jiti success and failure paths
    • registerService()
    • aot vs jit capability gating
    • registerChannel() / registerCommand() / registerProvider() / api.on(...)
    • plugin-packaged skills
    • config validation, including oneOf
    • unsupported-surface failure modes
  • NativeDynamicPluginHostTests.cs
    • JIT-mode in-process plugin loading
    • command and service lifecycle
    • plugin-packaged skills
    • AOT rejection before load
  • PublicCompatibilitySmokeTests.cs
    • pinned ClawHub skill package
    • pinned JS plugin package
    • pinned TS + jiti plugin package
    • pinned config-schema rejection case
    • pinned unsupported-surface plugin case

The nightly/manual CI smoke lane runs those public packages with OPENCLAW_PUBLIC_SMOKE=1.