Release Downloads
May 12, 2026 ยท View on GitHub
OpenClaw.NET's low-friction desktop path is the desktop bundle published on GitHub Releases. It bundles:
- Companion
- the NativeAOT gateway
- the NativeAOT CLI
Users should start with the desktop bundle for their platform instead of GitHub Actions artifacts.
| Asset | Audience |
|---|---|
openclaw-desktop-win-x64.zip | Windows desktop users |
openclaw-desktop-osx-arm64.zip | Apple Silicon macOS desktop users |
openclaw-desktop-linux-x64.zip | Linux desktop users |
openclaw-gateway-aot-*.zip | Operators who want the NativeAOT gateway with native default and optional Runtime.Orchestrator=maf |
openclaw-cli-aot-*.zip | CLI-only installs and scripting |
Each archive has a matching .sha256 checksum file.
Gateway artifacts now include the Microsoft Agent Framework adapter in the normal build. Runtime.Orchestrator=native remains the default in every artifact; set OpenClaw:Runtime:Orchestrator=maf only when you want the supported MAF runtime path.
User First Run
- Download the desktop bundle from the latest GitHub Release.
- Extract the archive.
- Launch Companion from the
companionfolder. - Use the Setup tab to enter a provider, model, workspace, and provider key.
- Click Set Up and Start.
Companion writes the normal local OpenClaw config, starts the bundled gateway on 127.0.0.1, and connects to it. If a config already exists, Companion can auto-start the local gateway on launch.
Current Signing State
The release workflow builds Windows and macOS archives and has optional signing/notarization hooks. Assets are unsigned unless the required repository secrets are configured.
- Windows archives are unsigned until Authenticode signing secrets are configured. Some users may see SmartScreen warnings.
- macOS archives are unsigned and not notarized until Apple Developer ID signing secrets are configured. Users may need to right-click Open or remove quarantine for local testing.
Release-grade onboarding requires these secrets:
| Secret | Used for |
|---|---|
WINDOWS_SIGNING_CERT_BASE64 | Base64-encoded Authenticode .pfx |
WINDOWS_SIGNING_CERT_PASSWORD | Authenticode certificate password |
APPLE_DEVELOPER_ID_CERT_BASE64 | Base64-encoded Apple Developer ID .p12 |
APPLE_DEVELOPER_ID_CERT_PASSWORD | Apple certificate password |
APPLE_CODESIGN_IDENTITY | Developer ID Application identity |
APPLE_ID | Apple ID for notarization |
APPLE_TEAM_ID | Apple team ID for notarization |
APPLE_APP_SPECIFIC_PASSWORD | App-specific password for notarization |
Installer polish is still a follow-up: .exe/.msix for Windows and .dmg for macOS.
Maintainer Flow
Tagged releases build and publish assets automatically:
git tag v0.1.0
git push origin v0.1.0
Maintainers can also run the Release workflow manually. Manual runs can create or update a draft release when a tag is supplied.
The workflow currently builds:
linux-x64onubuntu-latestwin-x64onwindows-latestosx-arm64onmacos-15
The macOS runner label is intentionally ARM-native for the osx-arm64 artifact. Add an Intel macOS row only if you want to support older Intel Macs and have a runner that can NativeAOT publish that RID reliably.
Companion Release Smoke
Before publishing a public desktop release, run this manual smoke on at least one desktop bundle:
- Extract the desktop archive into a clean directory.
- Launch Companion from the
companionfolder. - Use Setup with a temporary workspace and either a local Ollama model or a throwaway provider key.
- Confirm Companion writes config, starts the bundled gateway on
127.0.0.1, and shows a connected state. - Stop the managed gateway, start it again, and confirm Companion reconnects.
- Delete or corrupt the temporary config and confirm setup surfaces a clear recoverable error.
- Close Companion and confirm the managed gateway process exits.
macOS NativeAOT Linker Note
The gateway project currently opts into Apple's classic linker for osx-arm64 NativeAOT publishes because the new macOS arm64 linker can fail with an ld::Fixup assertion on the gateway binary. This may print a -ld_classic is deprecated warning during gateway publish. The CLI does not use this fallback by default. Scheduled/manual CI probes the gateway with -p:OpenClawUseClassicMacLd=false; remove the gateway opt-in when the Apple/.NET toolchain links the gateway reliably without it.
CI Artifacts vs Releases
Actions artifacts are useful for validating a commit, but they are not a user-friendly distribution channel. They can expire, may require GitHub access, and are harder for users to find. GitHub Releases are the supported download surface for normal users.