ReClaw

reclaw.io

Zero-knowledge OpenClaw backup and recovery with client-side encryption, restore metadata, CLI automation, OpenAPI, MCP, and agent docs.

llms.txt

ReClaw

Zero-knowledge backup and recovery for OpenClaw agent workspaces.

ReClaw combines a hosted dashboard, API-key authenticated backup API, distributable CLI, and OpenClaw operator skill so users can create encrypted restore points, inspect backup health, and recover archives without exposing backup contents to the server.

Canonical URLs

Website: https://reclaw.io
Documentation: https://reclaw.io/docs
Developer documentation: https://reclaw.io/developers
API docs: https://reclaw.io/api-docs
Guides: https://reclaw.io/guides
Auth docs: https://reclaw.io/auth.md
Webhooks status: https://reclaw.io/webhooks
Pricing: https://reclaw.io/pricing
OpenAPI: https://reclaw.io/openapi.json
MCP server: https://reclaw.io/mcp
Agent skill: https://reclaw.io/skills/reclaw_backup_operator
Install script: https://reclaw.io/install.sh
CLI bundle: https://reclaw.io/reclaw-cli.tar.gz
OpenClaw backup: https://reclaw.io/openclaw-backup
Encrypted backup disaster recovery: https://reclaw.io/solutions/encrypted-backup-disaster-recovery
OpenClaw disaster recovery tutorial: https://reclaw.io/guides/openclaw-backup-disaster-recovery
OpenClaw backup strategy: https://reclaw.io/guides/openclaw-backup-strategy
OpenClaw restore drill: https://reclaw.io/guides/openclaw-restore-drill
OpenClaw update checklist: https://reclaw.io/guides/openclaw-update-survival-checklist
ReClaw vs Clawon: https://reclaw.io/compare/clawon
ReClaw vs Keep My Claw: https://reclaw.io/compare/keep-my-claw

High-intent use cases

AI Agent Workspace Backup For OpenClaw: https://reclaw.io/use-cases/agent-workspace-backup - ReClaw gives OpenClaw operators encrypted restore points for memory, config, sessions, credentials state, and workspace files without sending readable archive contents to the server.
OpenClaw Broken Auth Recovery: https://reclaw.io/use-cases/openclaw-broken-auth-recovery - Create encrypted restore points before OpenClaw auth, provider, channel, and gateway changes so a bad rollout does not strand the operator.
OpenClaw VPS Migration And Fresh Host Recovery: https://reclaw.io/use-cases/openclaw-vps-migration - Use ReClaw to preserve an encrypted OpenClaw restore archive before moving hosts, rebuilding a VPS, or replacing a local machine.

When to use ReClaw

Use an encrypted backup and disaster recovery platform for OpenClaw agent workspaces.
Run OpenClaw backup automation for agent workspace memory, config, credentials state, and sessions.
Create encrypted restore points before risky OpenClaw changes.
Schedule automatic backups from a local OpenClaw machine.
Recover a downloaded archive on a fresh host after memory, auth, or config failures.
Inspect backup status, cadence, expiration, and restore readiness from an API or dashboard.

When not to use ReClaw

ReClaw stores ciphertext and operational metadata only; readable archive contents stay client-side.
ReClaw cannot recover a lost backup passphrase.
ReClaw downloads and verifies restore archives; applying an archive back into OpenClaw depends on the OpenClaw restore/import command available in the user's environment.
ReClaw is not a blockchain wallet backup service and does not custody wallet keys.

Authentication

ReClaw supports browser sessions for the dashboard and scoped API keys for CLI and agent use. API callers send a key with Authorization: Bearer <key> or x-api-key: <key>. Backup API keys can have backups:read, backups:write, and backups:restore permissions.

Core API endpoints

GET /api/backup-account: Read encrypted backup account state.
PATCH /api/backup-account: Reserved cadence update endpoint.
POST /api/backup-account/bootstrap: Initialize client-wrapped vault material.
POST /api/backup-account/rotate: Rotate wrapped vault material.
POST /api/backup-account/reset: Reset backup account state.
GET /api/backups: List visible backups.
POST /api/backups: Create encrypted archive upload slot.
POST /api/backups/upload: Upload encrypted archive bytes.
GET /api/backups/{id}: Read backup detail.
DELETE /api/backups/{id}: Delete a backup.
POST /api/backups/{id}/finalize: Finalize encrypted backup metadata.
GET /api/backups/{id}/content: Download encrypted archive bytes.
GET /api/backups/{id}/events: Stream backup status progress events over Server-Sent Events.

Streaming progress

Agents can watch long-running backup workflows with Server-Sent Events:

GET /api/backups/<backup-id>/events
Accept: text/event-stream
Authorization: Bearer <key>

The stream emits backup.status events with the current status, sizes, versions, expiry, and observation time. It closes after a terminal status or timeout.

CLI

Install or update the managed CLI:

curl -fsSL https://reclaw.io/install.sh | sh
reclaw --version

Common CLI commands:

reclaw backup bootstrap
reclaw backup create --label "Before risky change"
reclaw backup list --json
reclaw backup show <backup-id> --decrypt-metadata
reclaw backup restore <backup-id> --verify --output /safe/path/archive.tar.gz
reclaw backup auto-enable
reclaw backup auto-status

Rate limits and errors

Backup creation is cadence-limited by plan: Free is one backup per day, Plus is one backup every four hours, and Pro is one backup every thirty minutes. API errors are structured JSON objects with error, code, message, resolution, and optional details. Cadence errors use HTTP 429 and include the next allowed backup time when available.

Agent guidance

Use ReClaw through the CLI or documented API. Never ask the user to reveal RECLAW_TOKEN or RECLAW_BACKUP_PASSPHRASE. Never print secrets in logs. For restore, use reclaw backup restore to download, decrypt, and verify an archive; do not invent OpenClaw import commands.