# ReClaw

Zero-knowledge backup and recovery for OpenClaw agent workspaces.

ReClaw combines a hosted dashboard, API-key authenticated backup API, distributable CLI, and OpenClaw operator skill so users can create encrypted restore points, inspect backup health, and recover archives without exposing backup contents to the server.

## Canonical URLs

- Website: https://reclaw.io
- Documentation: https://reclaw.io/docs
- Developer documentation: https://reclaw.io/developers
- API docs: https://reclaw.io/api-docs
- Guides: https://reclaw.io/guides
- Auth docs: https://reclaw.io/auth.md
- Webhooks status: https://reclaw.io/webhooks
- Pricing: https://reclaw.io/pricing
- OpenAPI: https://reclaw.io/openapi.json
- MCP server: https://reclaw.io/mcp
- Agent skill: https://reclaw.io/skills/reclaw_backup_operator
- Install script: https://reclaw.io/install.sh
- CLI bundle: https://reclaw.io/reclaw-cli.tar.gz
- OpenClaw backup: https://reclaw.io/openclaw-backup
- Encrypted backup disaster recovery: https://reclaw.io/solutions/encrypted-backup-disaster-recovery
- OpenClaw disaster recovery tutorial: https://reclaw.io/guides/openclaw-backup-disaster-recovery
- OpenClaw backup strategy: https://reclaw.io/guides/openclaw-backup-strategy
- OpenClaw restore drill: https://reclaw.io/guides/openclaw-restore-drill
- OpenClaw update checklist: https://reclaw.io/guides/openclaw-update-survival-checklist
- ReClaw vs Clawon: https://reclaw.io/compare/clawon
- ReClaw vs Keep My Claw: https://reclaw.io/compare/keep-my-claw

## High-intent use cases

- AI Agent Workspace Backup For OpenClaw: https://reclaw.io/use-cases/agent-workspace-backup - ReClaw gives OpenClaw operators encrypted restore points for memory, config, sessions, credentials state, and workspace files without sending readable archive contents to the server.
- OpenClaw Broken Auth Recovery: https://reclaw.io/use-cases/openclaw-broken-auth-recovery - Create encrypted restore points before OpenClaw auth, provider, channel, and gateway changes so a bad rollout does not strand the operator.
- OpenClaw VPS Migration And Fresh Host Recovery: https://reclaw.io/use-cases/openclaw-vps-migration - Use ReClaw to preserve an encrypted OpenClaw restore archive before moving hosts, rebuilding a VPS, or replacing a local machine.

## When to use ReClaw

- Use an encrypted backup and disaster recovery platform for OpenClaw agent workspaces.
- Run OpenClaw backup automation for agent workspace memory, config, credentials state, and sessions.
- Create encrypted restore points before risky OpenClaw changes.
- Schedule automatic backups from a local OpenClaw machine.
- Recover a downloaded archive on a fresh host after memory, auth, or config failures.
- Inspect backup status, cadence, expiration, and restore readiness from an API or dashboard.

## When not to use ReClaw

- ReClaw stores ciphertext and operational metadata only; readable archive contents stay client-side.
- ReClaw cannot recover a lost backup passphrase.
- ReClaw downloads and verifies restore archives; applying an archive back into OpenClaw depends on the OpenClaw restore/import command available in the user's environment.
- ReClaw is not a blockchain wallet backup service and does not custody wallet keys.

## Authentication

ReClaw supports browser sessions for the dashboard and scoped API keys for CLI and agent use. API callers send a key with `Authorization: Bearer <key>` or `x-api-key: <key>`. Backup API keys can have `backups:read`, `backups:write`, and `backups:restore` permissions.

## Core API endpoints

- `GET /api/backup-account`: Read encrypted backup account state.
- `PATCH /api/backup-account`: Reserved cadence update endpoint.
- `POST /api/backup-account/bootstrap`: Initialize client-wrapped vault material.
- `POST /api/backup-account/rotate`: Rotate wrapped vault material.
- `POST /api/backup-account/reset`: Reset backup account state.
- `GET /api/backups`: List visible backups.
- `POST /api/backups`: Create encrypted archive upload slot.
- `POST /api/backups/upload`: Upload encrypted archive bytes.
- `GET /api/backups/{id}`: Read backup detail.
- `DELETE /api/backups/{id}`: Delete a backup.
- `POST /api/backups/{id}/finalize`: Finalize encrypted backup metadata.
- `GET /api/backups/{id}/content`: Download encrypted archive bytes.
- `GET /api/backups/{id}/events`: Stream backup status progress events over Server-Sent Events.

## Streaming progress

Agents can watch long-running backup workflows with Server-Sent Events:

```http
GET /api/backups/<backup-id>/events
Accept: text/event-stream
Authorization: Bearer <key>
```

The stream emits `backup.status` events with the current status, sizes, versions, expiry, and observation time. It closes after a terminal status or timeout.

## CLI

Install or update the managed CLI:

```sh
curl -fsSL https://reclaw.io/install.sh | sh
reclaw --version
```

Common CLI commands:

- `reclaw backup bootstrap`
- `reclaw backup create --label "Before risky change"`
- `reclaw backup list --json`
- `reclaw backup show <backup-id> --decrypt-metadata`
- `reclaw backup restore <backup-id> --verify --output /safe/path/archive.tar.gz`
- `reclaw backup auto-enable`
- `reclaw backup auto-status`

## Rate limits and errors

Backup creation is cadence-limited by plan: Free is one backup per day, Plus is one backup every four hours, and Pro is one backup every thirty minutes. API errors are structured JSON objects with `error`, `code`, `message`, `resolution`, and optional `details`. Cadence errors use HTTP 429 and include the next allowed backup time when available.

## Agent guidance

Use ReClaw through the CLI or documented API. Never ask the user to reveal `RECLAW_TOKEN` or `RECLAW_BACKUP_PASSPHRASE`. Never print secrets in logs. For restore, use `reclaw backup restore` to download, decrypt, and verify an archive; do not invent OpenClaw import commands.