Give AI agents portable identity and personal data storage
Agent Interition is an OpenClaw Skill that gives your agents infrastructure they don't have out of the box:
- A WebID — a verifiable identity your agent uses to identify itself to other agents and services
- A Pod — personal storage your agent reads and writes via the Solid Protocol (W3C standard)
- Sharing — your agent can grant and revoke access to its data for other agents, using Web Access Control (WAC)
The agent is your OpenClaw instance. The WebID and Pod are infrastructure the agent uses — like a passport and a filing cabinet. The agent doesn't live in the Pod; it lives in OpenClaw.
For clarity we use a Docker architecture with OpenClaw and the Community Solid Server (CSS). For local testing the Docker configuration has both OpenClaw and CSS. This configuration is limited to local use. A second configuration is provided for use of an external CSS instance. The external CSS instance configuration is necessary if you want to share information with agents elsewhere.
┌─────────────────────────────────────────────────────────────┐
│ Docker │
│ │
│ ┌──────────────┐ ┌──────────────────────────────┐ │
│ │ OpenClaw │ curl │ Community Solid Server │ │
│ │ ─┼────────▶│ │ │
│ │ Reads │ Bearer │ /{name}/ │ │
│ │ SKILL.md │ tokens │ /profile/card ← WebID │ │
│ │ ─┼────────▶│ /memory/ ← private │ │
│ │ Runs │ │ /shared/ ← ACL │ │
│ │ scripts │ │ /conversations/← private │ │
│ └──────────────┘ └──────────────────────────────┘ │
│ │
│ Auth: client credentials → Bearer token via /.oidc/token │
│ Access control: WAC on .acl resources │
└──────────────────────────────────────────────────────────────┘
A Community Solid Server (CSS) runs in Docker alongside OpenClaw. The Skill gives OpenClaw shell scripts to provision WebIDs and Pods and get auth tokens. OpenClaw then uses standard HTTP (curl) with Bearer tokens for all Solid operations — reading, writing, deleting, and sharing data.
Docker profiles are available for local and remote CSS use:
- Local mode — runs CSS alongside OpenClaw in a shared network namespace
- Remote mode — connects OpenClaw to an external CSS (e.g.
solidcommunity.net) over HTTPS
See the Dogfooding Setup Guide for the full architecture, security hardening details, and gotchas.
- Docker Desktop
- An Anthropic API key (see note on API costs below)
- Node.js 20+ (to build the Skill)
A note on API costs. OpenClaw consumes significantly more API credits per interaction than other clients like Claude Code. During dogfooding we observed costs roughly 3–5x higher for equivalent tasks. We are investigating this with the OpenClaw community — it may relate to how OpenClaw manages context windows or tool-use loops. In the meantime, set a hard spend limit in the Anthropic console before starting. We used $5, which was sufficient for initial testing.
npm install
npm run skill:buildOutput goes to skill/solid-agent-storage/. This directory is mounted read-only into the OpenClaw container.
Clone OpenClaw and build its Docker image. Use a permanent location — you'll need the source directory to rebuild if the image gets pruned.
git clone https://github.com/openclaw/openclaw.git
cd OpenClaw
docker build -t openclaw:local .The image is ~2.8 GB. The first build takes a while; subsequent builds use cache.
Back in the agent-interition directory (local mode only):
ANTHROPIC_API_KEY=dummy INTERITION_PASSPHRASE=dummy \
docker compose -f docker/docker-compose.dogfood.yml build cssNote: Compose validates all env vars even when building a single service, so dummy values are needed here.
Copy a template startup script and fill in your credentials:
cp template-start-local.sh start-local.sh # for local mode
cp template-start-remote.sh start-remote.sh # for remote modeEdit the copied file and set three values:
| Variable | What it is |
|---|---|
ANTHROPIC_API_KEY |
Your Anthropic API key (OpenClaw uses Claude as its LLM) |
INTERITION_PASSPHRASE |
Encrypts stored agent credentials (AES-256-GCM). Choose something strong and keep it secret. |
OPENCLAW_GATEWAY_TOKEN |
A shared secret that protects the Web UI. Generate one with openssl rand -hex 32. You'll paste this into the browser when you connect. |
Then start:
./start-local.sh # Local CSS
# or
./start-remote.sh # Remote CSS (e.g. solidcommunity.net)Go to http://localhost:18789 in your browser. Enter your gateway token when prompted — this is the OPENCLAW_GATEWAY_TOKEN you set in the start script.
Ask OpenClaw to use the Skill:
- "Create a WebID and Pod for an agent called alpha with display name Agent Alpha"
- "Write a note to alpha's memory"
- "Read alpha's memory"
- "Create a WebID and Pod for a second agent called beta, then grant beta read access to alpha's shared data"
OpenClaw reads the Skill's instructions and figures out which scripts to run and what curl commands to use.
Once the Skill is installed, OpenClaw can:
- Provision identity and storage — create a WebID, Pod, and credentials for a named agent
- Deprovision identity and storage — fully tear down an agent's CSS account and local credentials
- Store and retrieve data — write Turtle (RDF) or any content to Pods and read it back
- Share data — grant another agent read or write access to specific resources using WAC
- Revoke access — remove previously granted permissions
- Check status — list all agents with provisioned WebIDs and Pods
OpenClaw reads SKILL.md and the reference docs bundled in the Skill package. It uses the management scripts for provisioning/deprovisioning, gets Bearer tokens via the token helper, and uses curl for all standard Solid operations. See references/solid-http-reference.md in the Skill package for the full set of operations including containers, SPARQL PATCH, and WAC access control.
Two profiles in docker/docker-compose.dogfood.yml:
| Profile | What it does |
|---|---|
local |
Runs CSS in a container alongside OpenClaw (shared network namespace) |
remote |
Connects OpenClaw to an external CSS over HTTPS |
Security hardening applied in both modes:
- Read-only filesystem, non-root user, all capabilities dropped
- No Docker socket mount, no host filesystem mounts
- Outbound traffic restricted via Squid proxy (Anthropic API + Solid server only)
- Web UI bound to
127.0.0.1only - Gateway token required for authentication
See Dogfooding Setup Guide for full details.
Phase 1: Proof of Concept — Complete
- Basic CSS running in Docker
- WebID generation for agents
- Pod provisioning
- Demo: Two agents sharing data
Phase 2: OpenClaw Integration — Complete
- Package as OpenClaw Skill (
npm run skill:build) - Encrypted credentials store (AES-256-GCM)
- CLI commands + shell wrappers
- SKILL.md, SECURITY.md, reference docs
- Submit to ClawHub
- Tutorial: "Give your agents memory with Solid"
Phase 3: Dogfooding — Complete
- Hardened OpenClaw Docker setup (read-only, non-root, cap-drop ALL, Squid proxy)
- Local CSS profile (shared network namespace)
- Remote CSS profile (e.g. solidcommunity.net over HTTPS)
- Deprovision feature (full CSS account teardown with graceful degradation)
- Replace CRUD scripts with token helper + curl workflow
- Solid HTTP reference doc for OpenClaw
- Complete dogfood test plan (token-curl-test-plan.md)
- Feed findings back into Skill and README
Phase 4: Agent Discovery & Sharing Protocol — Complete
- Agent Directory — public registry at
/directory/agents.ttlwith auto-registration during provisioning - Inbox Notifications —
/inbox/container per agent using ActivityStreams vocabulary (W3C standard) - Share Orchestration —
shareResource()grants ACL access and sends inbox notification in one call - New CLI commands:
discover.sh,share.sh,inbox.sh - 64 unit tests passing
Phase 4.5: Multi-Agent Sharing Exercise — Complete
- Step-by-step exercise for two OpenClaw agents sharing data via Solid Pods
- Self-contained Docker Compose with Alpha (port 18789) and Beta (port 18790) against shared CSS
- Fix
--data-rawfor Turtle content in curl examples - Fix
/{name}/path convention (CSS default, not/agents/{name}/) - Language guide enforced — agent vs identity/storage distinction
Phase 5: Production Interition CSS
- Interition-hosted CSS with real domain and TLS
- Cloudflare Tunnel for public access
- Publicly resolvable WebIDs (agents verifiable from anywhere)
- Production configuration and monitoring
Phase 6: Multi-Server Federation
- Agents on different CSS instances sharing data across the open web
- Cross-origin WebID verification
- Federated access control (WAC across servers)
- Integration tests against multiple CSS instances
Phase 7: Real-World Agent Workflows
- Persistent agent memory patterns (structured recall, summarisation)
- Task handoff between agents via Pod-based protocols
- Shared knowledge bases with multi-agent read/write
- Reference implementations and documentation
For contributors and maintainers.
| Command | Description |
|---|---|
npm run css:start |
Start Community Solid Server on port 3000 |
npm run bootstrap -- --name <n> |
Provision a WebID and Pod (dev workflow) |
npm run demo |
Run the two-agent sharing demo |
npm test |
Run unit tests |
CSS_URL=http://localhost:3000 npm test |
Run unit + integration tests |
npm run build |
Compile TypeScript |
npm run skill:build |
Build OpenClaw Skill package |
npm run clean |
Remove dist/, .solid-data/, and skill/ |
npm install
npm run css:start # Start CSS locally
npm run bootstrap -- --name alpha --displayName "Agent Alpha"
curl http://localhost:3000/alpha/profile/card # Verify WebID
npm run demo # Run two-agent sharing demoThe demo provisions two agents and walks through a full sharing lifecycle:
# Make sure CSS is running first (npm run css:start or docker compose up)
npm run demoOutput:
1. Create WebID + Pod for Agent Alpha and Agent Beta
2. Alpha writes greeting.ttl to /shared/
3. Beta tries to read → 403 (no access)
4. Alpha grants Beta read access via WAC
5. Beta reads → 200 (success!)
6. Alpha revokes access
7. Beta tries again → 403 (revoked)
The library exports provisionAgent, getAuthenticatedFetch, grantAccess, and revokeAccess for use in demos and tests. These are not part of the Skill interface — end users interact through OpenClaw, not through TypeScript imports.
agent-interition/
├── src/
│ ├── bootstrap/ # Agent provisioning (account, pod, WebID, containers)
│ ├── auth/ # Client credentials → Bearer token auth
│ ├── sharing/ # WAC access control (library, used by demos/tests)
│ ├── cli/ # CLI commands: provision, deprovision, get-token, status
│ └── demo/ # Two-agent sharing demo
├── skill-src/ # OpenClaw Skill source (SKILL.md, scripts, reference docs)
├── scripts/ # Build scripts
├── css-config/ # Community Solid Server configuration
├── docker/ # Dockerfiles, compose (dev + dogfooding), proxy configs
├── docs/ # Strategy, tutorial, setup guides, test plans
└── tests/
├── bootstrap/ # Unit tests for provisioning
├── sharing/ # Unit tests for ACL management
├── cli/ # Unit tests for CLI + credentials
├── skill/ # Skill package validation
└── integration/ # E2E two-agent sharing tests
- Strategy & Architecture — Full technical decisions and roadmap
- Dogfooding Setup — Hardened OpenClaw + CSS Docker setup guide
- Tutorial — "Give your agents memory with Solid"
- Token + Curl Test Plan — End-to-end dogfood test plan
- Deprovision Test Plan — Deprovision feature test plan
This is an open source project. Security is critical in the agent ecosystem — we welcome reviews, audits, and contributions.
Apache 2.0 — see LICENSE.
- Interition — The team behind this
- Solid Project — The protocol
- OpenClaw — The agent framework
- Community Solid Server — The server implementation