ClawHub
Code Pluginsource linked

OpenClaw Tenant Bridgev2026.4.16

OpenClaw multi-tenant shared memory bridge plugin

@abdullah4ai/openclaw-tenant-bridge·runtime tenant-bridge·by @abdullah4ai
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@abdullah4ai/openclaw-tenant-bridge
Latest release: v2026.4.16Download zip

Capabilities

Tags
executes-codekind:context-engine
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
context-engine
Runtime ID
tenant-bridge

Compatibility

Built With Open Claw Version
2026.4.9
Min Gateway Version
2026.4.9
Plugin Api Range
>=2026.4.9
Plugin Sdk Version
2026.4.9
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (tenant bridge, HTTP endpoints, context engine, optional S3/Postgres) match the included files and config schema. Declared features (service tokens, local-file or Postgres storage, optional S3 artifact storage, QMD materialization) are implemented or exposed in the plugin schema and code.
Instruction Scope
SKILL.md instructions are limited to cloning, installing node deps, linking the plugin into OpenClaw, and configuring plugin settings. The runtime instructions and HTTP handler code only accept authenticated requests, validate tenant IDs, and operate on plugin storage; they do not instruct the agent to read unrelated system files or environment variables.
Install Mechanism
There is no automatic download/install spec in the registry metadata — install is manual (linking or via ClawHub). Source files are included so behavior can be inspected. No external, untrusted URLs or archive extraction steps are present in the install instructions.
Credentials
The skill requests no environment variables via the registry metadata, which matches SKILL.md. The plugin config schema does allow storing credentials (Postgres databaseUrl, S3 accessKeyId/secretAccessKey, and serviceTokens). This is expected for optional artifact storage and HTTP auth, but it means secrets are placed in plugin configuration (not environment variables) and should be managed carefully.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. The plugin writes its own state (local JSON store or Postgres) and can materialize markdown/QMD files when enabled — behavior consistent with its purpose and implemented within its own files rather than modifying other plugins or system-wide settings.
Assessment
This package appears to do what it says: provide a tenant-aware context engine and authenticated HTTP bridge with optional local/Postgres storage and optional S3 artifact storage. Before installing: 1) Limit allowedApps and use strong, unique serviceTokens in your plugin config; 2) If you enable S3, grant the plugin only the minimal S3 permissions needed and point it to trusted endpoints; 3) If using file-backed storage or QMD materialization, configure the storage paths (qmdRelativeDir / file path) to a directory you control and that cannot overwrite sensitive system files; 4) Provide Postgres credentials with least privilege if using a database; 5) Review runtime.ts and storage.ts for your deployment-specific concerns (persistence location, retention, and cleanup policies); and 6) Run the included tests locally to verify behavior in your environment. Overall the package is internally consistent, but secrets stored in plugin config and file writes are normal risks to manage with standard operational controls.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/Abdullah4AI/openclaw-tenant-bridge
Commit
5fda7d1849ac
Tag
refs/heads/main
Provenance
No
Scan status
clean

Tags

latest
2026.4.16

OpenClaw Tenant Bridge

@abdullah4ai/openclaw-tenant-bridge is a plugin-first shared-memory bridge for OpenClaw. It adds a custom context engine plus authenticated HTTP endpoints so external apps such as Codex or Claude Code can write curated memory deltas and retrieve permission-filtered recall.

Install for local -l usage

Clone this repository, install dependencies, then link it into your OpenClaw gateway:

git clone <your-repo-url> openclaw-tenant-bridge
cd openclaw-tenant-bridge
corepack pnpm install

openclaw plugins install -l /absolute/path/to/openclaw-tenant-bridge

Restart the gateway after linking.

Because --link reuses the source path, this repository must keep its own node_modules directory. Run corepack pnpm install in the plugin repo before starting OpenClaw.

Install from ClawHub

After publishing, users can install it directly with:

openclaw plugins install @abdullah4ai/openclaw-tenant-bridge

What it provides

  • tenant-bridge context engine via api.registerContextEngine(...)
  • HTTP bridge routes under /plugins/tenant-bridge/v1
  • Service-token auth per external app id
  • Local-file or Postgres-backed metadata storage
  • Optional S3-compatible artifact storage
  • Optional markdown/QMD materialization for shared durable memory

Minimal config

Set plugin config under plugins.entries.tenant-bridge.config:

{
  plugins: {
    slots: {
      contextEngine: "tenant-bridge"
    },
    entries: {
      "tenant-bridge": {
        enabled: true,
        config: {
          tenantId: "tenant-acme",
          bridge: {
            allowedApps: ["codex"],
            serviceTokens: {
              codex: "replace-me"
            }
          },
          recall: {
            defaultSurfaces: ["episodic", "durable", "artifact"]
          },
          sync: {
            materializeQmd: false,
            includeTranscripts: false
          }
        }
      }
    }
  }
}

HTTP routes

  • POST /plugins/tenant-bridge/v1/context-deltas
  • POST /plugins/tenant-bridge/v1/retrieve
  • POST /plugins/tenant-bridge/v1/memory/promote
  • POST /plugins/tenant-bridge/v1/access-grants

Local development

corepack pnpm install
corepack pnpm test
corepack pnpm typecheck