Feature Request: Multi-user permission management with role-based access control

[rainbow-boy-max]

Description

Currently, OpenClaw does not support multi-user permission management. All users with access to the system can view and modify sensitive information like API keys, credentials, and configurations.

Problem Statement

Use case:

• Primary user wants to share OpenClaw with family members/colleagues
• Different users should have different permission levels
• Sensitive credentials (API keys, OSS endpoints, etc.) should be protected
• Only admins should be able to view/modify sensitive configurations

Proposed Solution

Implement a role-based access control (RBAC) system with the following features:

User Roles

• Admin: Full access to all features, can view/modify sensitive configs (API keys, credentials)
• Standard User: Can use basic features but cannot access sensitive information
• Guest: Limited access, only allowed features

Sensitive Information Protection

• API keys stored in encrypted format
• Configurations with different visibility levels
• Audit logging for admin actions
• Environment variable isolation per user

Implementation Suggestions

1. Role-Based Access Control (RBAC)

   • Define user roles in configuration
   • Implement permission checks before sensitive operations
   • Support for custom role definitions

2. Credential Management

   • Store sensitive data in environment variables
   • Support for external secrets managers (Vault, AWS Secrets Manager, etc.)
   • Configuration file permissions (chmod 600)

3. Per-User Configuration

   • Separate config files or sections per user
   • User-specific environment variable sets
   • Session-based access tokens

4. Authentication & Authorization

   • Support multiple auth modes (token, OAuth, etc.)
   • Implement session management
   • Rate limiting per user

Use Case Examples

# Admin can see and modify everything
$ openclaw config get credentials.openai.api_key
sk-xxx...  # Full access

# Standard user cannot access sensitive info
$ openclaw config get credentials.openai.api_key
[Hidden - Insufficient permissions]

Priority

High - This is a security requirement for multi-user deployments.

Additional Context

This feature is essential for:

1. Family sharing (different members have different needs)
2. Team collaboration (role separation)
3. Security compliance (protect API keys)
4. Audit requirements (track who did what)

---

Thank you for considering this feature!

[rainbow-boy-max]

📊 Feature Request: Automatic Token usage tracking and real-time cost display

Related Feature

This is related to and expands on the multi-user permission management feature in Issue #8081.

Proposed Implementation

1. Built-in Token Usage Tracking

• Automatically capture token usage from API responses
• Store in structured JSONL format
• Support multiple models with different cost rates

2. Real-time Cost Display
Display after each message:

📊 **Token Usage**
├─ Model: MiniMax-M2.1
├─ Input: 1,500 tokens
├─ Output: 800 tokens
├─ Total: 2,300 tokens
└─ Cost: ¥0.003100

3. Daily/Weekly/Monthly Reports

• Auto-generated at configurable time (default: 10 PM)
• Sent via configured channels (Feishu, Slack, etc.)
• Summary by model

4. Channel Integration

• Feishu DM for daily reports
• Realtime cost display in messages
• User-specific or shared reports

Implementation Phases

Phase 1: Basic Tracking

• Capture token usage from model API responses
• Store in JSONL format
• Basic CLI for viewing stats

Phase 2: Reports & Display

• Generate daily/weekly/monthly reports
• Display usage after each message
• Basic channel integration (Feishu)

Phase 3: Advanced Features

• Multiple currency support
• Custom rate configurations
• Export functionality
• Usage predictions/alerts

Configuration Example

{
  "usage": {
    "enabled": true,
    "daily_report_time": "22:00",
    "timezone": "Asia/Shanghai",
    "channels": {
      "feishu": {
        "enabled": true,
        "daily_report": true,
        "realtime_display": true
      }
    }
  },
  "models": {
    "MiniMax-M2.1": {
      "input_cost_per_1k": 0.001,
      "output_cost_per_1k": 0.002
    }
  }
}

Priority

High - Essential for cost management and budget control.

---

This feature would enhance OpenClaw with automatic token tracking, real-time cost display, and scheduled usage reports via configured channels.

[onionrings29]

I agree. Having this would ideal. It would be easier to create agents for other users as well, honestly even more ideal is auto creating agents and provisioning with preset user configs, based on this multi-user permission management

For now though, you can approximate this by configuring per-agent sandboxing and tool policies (with separate credentials per agent), which gets you part of the way there. See: https://docs.openclaw.ai/multi-agent-sandbox-tools#multi-agent-sandbox-and-tools

[onionrings29]

This feels pretty high level though, and a lot of it can already be done via configs, so not sure if it’ll be implemented anytime soon. Hope someone do.

[jingyugao]

Sometimes, multiple users work in the same chat group. If OpenClaw uses per-user configuration, it may be difficult for OpenClaw to determine which configuration to apply.
If OpenClaw can behave like a real staff member and understands the organization's structure and RBAC policies, it may be able to make the correct decision about whether a configuration can be used in the current session.
I think OpenClaw should maintain a per-user memory of each user's profile, such as role, identity, personality, and preferences.

[clemenshelm]

I've been working on a project that tackles most of what's described here. Pinchy is an open-source (AGPL) web layer on top of OpenClaw that adds multi-user auth (Auth.js v5, bcrypt, JWT), role-based access (admin/user), invite-based onboarding, and an HMAC-signed audit trail. API keys are encrypted at rest (AES-256-GCM), regular users never see them. Runs via Docker Compose alongside the OpenClaw Gateway.

Still early, but multi-user with role separation works today. Happy to hear feedback or collaborate.

[med-amiine]

Funny timing I was actually talking with our team about implementing something like this.
Once we start sharing OpenClaw across a team, security becomes a real concern pretty quickly. Things like API keys and credentials definitely shouldn’t be visible to everyone by default.

We’re looking at encrypting sensitive configs at rest, isolating them per user/session with password-based access, and only decrypting them for authorized roles during active sessions.

[ChenKuanSun]

We ran into this exact problem when deploying OpenClaw for our engineering team (~50 people). Ended up building an open-source solution around it.

Architecture we settled on:

• Each user gets their own isolated ECS Fargate container running unmodified OpenClaw
• AWS Cognito handles auth — employees sign up with company email, domain allowlist controls access
• A sidecar proxy sits between OpenClaw and the AI providers, injecting credentials from AWS Secrets Manager
• API keys never touch the OpenClaw process — the sidecar strips the fake key and replaces it with the real one
• Per-user EFS mount for session persistence, SOUL.md, and skills

For RBAC specifically:

• Admin panel (separate Angular app) manages users, teams, and containers
• Team-level configuration via a config hierarchy: global → team → user (deep merge)
• SOUL.md layering lets admins set system-level instructions that users can't override

The whole thing is deployed via AWS CDK (4 stacks) and wraps OpenClaw with zero source modification — when a new version drops, we just update the version in the Dockerfile.

Open-sourced it here if anyone wants to look at the architecture: https://github.com/ChenKuanSun/teamclaw (Apache 2.0)

Happy to answer any architecture questions.