agentgate: 带有 HITL 的安全 AI 智能体 API 网关 - Openclaw 技能
作者:互联网
2026-03-30
AI教程
什么是 agentgate?
agentgate 是 AI 智能体与敏感个人数据之间的保护层。通过集中访问 GitHub、Google 日历和 Home Assistant 等服务,它确保智能体在即时读取数据的同时,任何修改操作都必须经过明确的人工批准。此技能是 Openclaw 技能生态系统的重要补充,提供了一种安全优先的代理自动化方法,用户可以控制每一项写入操作。
该架构旨在将凭据与智能体的执行环境隔离。通过在独立的宿主机上运行 agentgate,您可以最大限度地降低凭据泄露风险,同时为智能体与物理和数字世界的交互保持无缝接口。
下载入口:https://github.com/openclaw/skills/tree/main/skills/monteslu/agentgate
安装与下载
1. ClawHub CLI
从源直接安装技能的最快方式。
npx clawhub@latest install agentgate
2. 手动安装
将技能文件夹复制到以下位置之一
全局模式~/.openclaw/skills/
工作区
/skills/ 优先级:工作区 > 本地 > 内置
3. 提示词安装
将此提示词复制到 OpenClaw 即可自动安装。
请帮我使用 Clawhub 安装 agentgate。如果尚未安装 Clawhub,请先安装(npm i -g clawhub)。
agentgate 应用场景
- 安全地允许智能体管理 GitHub 仓库,无需坚控即可防止意外提交。
- 在 Google 日历中安排会议,并在确认前进行最终人工审核。
- 通过受监管的队列发布到 Bluesky 或 Mastodon 等社交媒体平台。
- 使用安全的智能体间消息传递,跨多个 AI 智能体协调复杂的工作流。
- 通过持久化的 Mementos 存储和检索长期上下文。
- 智能体发起服务发现请求,以识别可用的集成和账户。
- 读取请求 (GET) 立即执行,允许智能体从连接的服务中收集上下文和信息。
- 写入请求 (POST/PUT/DELETE) 被发送到审批队列,人类用户通过管理界面审核意图和有效负载。
- 获得批准后,网关执行请求,智能体可以轮询更新的执行状态。
- 智能体还可以存储持久记忆或向同一生态系统内的其他智能体发送消息,以协调多步骤任务。
agentgate 配置指南
为了获得最大安全性,agentgate 服务器必须在与智能体不同的机器或容器上运行。服务器激活后,请配置环境变量以启用这些 Openclaw 技能:
export AGENT_GATE_URL="http://your-agentgate-host:3050"
export AGENT_GATE_TOKEN="your-api-key"
设置变量后,智能体可以调用 /api/agent_start_here 端点来发现可用服务以及针对您实例的特定 API 文档。
agentgate 数据架构与分类体系
agentgate 使用结构化的 API 响应格式进行服务发现和任务排队。数据按服务和账户名称进行逻辑组织。
| 组件 | 描述 |
|---|---|
| 队列请求 | 包含方法、路径、主体和解释智能体意图的强制性注释。 |
| 请求状态 | 跟踪生命周期状态:待处理、已批准、执行中、已完成或已拒绝。 |
| Mementos | 存储带有内容和可搜索关键字标签的持久笔记,用于长期记忆。 |
| 消息传递 | 用于点对点或广播智能体通信的标准 JSON 有效负载。 |
name: agentgate
description: "API gateway for personal data with human-in-the-loop write approval. Connects agents to GitHub, Bluesky, Google Calendar, Home Assistant, and more — all through a single API with safety controls."
homepage: "https://agentgate.org"
metadata: { "openclaw": { "emoji": "??", "primaryEnv": "AGENT_GATE_TOKEN", "requires": { "env": ["AGENT_GATE_TOKEN", "AGENT_GATE_URL"] } } }
agentgate
API gateway for AI agents to access personal data with human-in-the-loop write approval.
- Reads (GET) execute immediately
- Writes (POST/PUT/PATCH/DELETE) go through an approval queue
- Bypass mode available for trusted agents (writes execute immediately)
GitHub: https://github.com/monteslu/agentgate Docs: https://agentgate.org
Setup
agentgate server runs on a separate machine from OpenClaw. This is by design — your agent should not have direct access to the server holding your credentials. Install and run agentgate on a different computer (or VPS/container on a different host). See https://agentgate.org for setup instructions.
Once agentgate is running, configure these environment variables for your OpenClaw agent:
AGENT_GATE_URL— agentgate base URL (e.g.,http://your-agentgate-host:3050)AGENT_GATE_TOKEN— your agent's API key (create in the agentgate Admin UI → API Keys)
Authentication
All requests require the API key in the Authorization header:
Authorization: Bearer $AGENT_GATE_TOKEN
First Steps — Service Discovery
After connecting, discover what's available on your instance:
GET $AGENT_GATE_URL/api/agent_start_here
Authorization: Bearer $AGENT_GATE_TOKEN
Returns your agent's config, available services, accounts, and full API documentation.
Instance-Specific Skills
agentgate generates additional skills tailored to your instance with your specific accounts and endpoints. See the agentgate skills documentation for details on how to install and update them.
Supported Services
agentgate supports many services out of the box. Common ones include:
- Code: GitHub, Jira
- Social: Bluesky, Mastodon, LinkedIn
- Search: Brave Search, Google Search
- Personal: Google Calendar, YouTube, Fitbit
- IoT: Home Assistant
- Messaging: Twilio, Plivo
New services are added regularly. Check GET /api/agent_start_here for what's configured on your instance.
Reading Data
GET $AGENT_GATE_URL/api/{service}/{accountName}/{path}
Authorization: Bearer $AGENT_GATE_TOKEN
Example: GET $AGENT_GATE_URL/api/github/myaccount/repos/owner/repo
Writing Data
Writes go through the approval queue:
POST $AGENT_GATE_URL/api/queue/{service}/{accountName}/submit
Authorization: Bearer $AGENT_GATE_TOKEN
Content-Type: application/json
{
"requests": [
{
"method": "POST",
"path": "/the/api/path",
"body": { "your": "payload" }
}
],
"comment": "Explain what you are doing and why"
}
Always include a clear comment explaining your intent. Include links to relevant resources.
Check write status
GET $AGENT_GATE_URL/api/queue/{service}/{accountName}/status/{id}
Authorization: Bearer $AGENT_GATE_TOKEN
Statuses: pending → approved → executing → completed (or rejected/failed/withdrawn)
Withdraw a pending request
DELETE $AGENT_GATE_URL/api/queue/{service}/{accountName}/status/{id}
Authorization: Bearer $AGENT_GATE_TOKEN
Content-Type: application/json
{ "reason": "No longer needed" }
Binary uploads
For binary data (images, files), set binaryBase64: true in the request body:
{
"method": "POST",
"path": "com.atproto.repo.uploadBlob",
"binaryBase64": true,
"headers": { "Content-Type": "image/jpeg" },
"body": ""
}
Inter-Agent Messaging
Agents can message each other through agentgate for multi-agent coordination.
Send a message
POST $AGENT_GATE_URL/api/agents/message
Authorization: Bearer $AGENT_GATE_TOKEN
Content-Type: application/json
{ "to_agent": "agent_name", "message": "Hello!" }
Read messages
GET $AGENT_GATE_URL/api/agents/messages?unread=true
Authorization: Bearer $AGENT_GATE_TOKEN
Mark as read
POST $AGENT_GATE_URL/api/agents/messages/{id}/read
Authorization: Bearer $AGENT_GATE_TOKEN
Broadcast to all agents
POST $AGENT_GATE_URL/api/agents/broadcast
Authorization: Bearer $AGENT_GATE_TOKEN
Content-Type: application/json
{ "message": "Team announcement" }
Discover agents
GET $AGENT_GATE_URL/api/agents/messageable
Authorization: Bearer $AGENT_GATE_TOKEN
Messaging modes (configured by admin): off, supervised (requires approval), open (immediate delivery).
Mementos (Persistent Memory)
Store and retrieve notes across sessions using keyword tags.
Store a memento
POST $AGENT_GATE_URL/api/agents/memento
Authorization: Bearer $AGENT_GATE_TOKEN
Content-Type: application/json
{ "content": "Important info to remember", "keywords": ["project", "notes"] }
Search by keyword
GET $AGENT_GATE_URL/api/agents/memento/search?keywords=project&limit=10
Authorization: Bearer $AGENT_GATE_TOKEN
Fetch full content by IDs
GET $AGENT_GATE_URL/api/agents/memento/42,38
Authorization: Bearer $AGENT_GATE_TOKEN
List your keywords
GET $AGENT_GATE_URL/api/agents/memento/keywords
Authorization: Bearer $AGENT_GATE_TOKEN
Important Notes
- Always include clear comments on write requests
- Be patient with writes — approval requires human action
- Use
GET /api/agent_start_hereto discover available services - See agentgate docs for instance-specific skill setup
相关推荐
专题
+ 收藏
+ 收藏
+ 收藏
+ 收藏
+ 收藏
最新数据
相关文章
韩国发票:自动化估价单与税务发票 - Openclaw Skills
小红书文案教练:爆款笔记生成器 - Openclaw Skills
慕尼黑 MVG & S-Bahn 实时追踪命令行工具 - Openclaw Skills
Reddit 研究技能:自动化社群洞察 - Openclaw Skills
豆包聊天:带有联网搜索功能的免费 AI 对话 - Openclaw Skills
NightPatch:自动化工作流优化 - Openclaw 技能
国产 AI 视频生成器:Wan2.6 与可灵集成 - Openclaw Skills
Sonos Announce:智能音频状态恢复 - Openclaw Skills
Hypha Payment:P2P 代理协作与 USDT 结算 - Openclaw Skills
Cashu Emoji:隐藏代币编解码 - Openclaw Skills
AI精选
