跨机器 OpenClaw 代理 Mesh:用 HMAC Relay 做多节点任务委派
解决单机多代理同故障域问题。前置:至少两台可联网机器、可开放 relay 端口、共享密钥管理能力。步骤:部署每节点 relay 服务→配置 peer+能力标签→实现 HMAC 签名与 nonce 防重放→通过 ping/task_request 验证联通与委派。关键命令:`node relay-cli.js ping <peer>`、`node relay-cli.js send <peer> "task"`。验证:跨地域 RTT 稳定、任务可回传 task_response。风险:密钥泄露与明文 inbox 存储会扩大攻击面(需验证加密落盘)。
REDDITDiscovered 2026-02-15Author u/LoganSettler
Prerequisites
- At least two OpenClaw nodes (e.g., home host + VPS) with routable endpoints.
- Ability to manage shared secrets and firewall/reverse-proxy rules.
Steps
- Run one relay HTTP endpoint per node (e.g., `/relay`) to accept authenticated inter-node messages.
- Define peers in config with `agent_id`, endpoint, secret, capabilities, and trust flag.
- Sign outgoing messages with HMAC-SHA256 on `timestamp:nonce:payload`; reject stale timestamps and reused nonces.
- Use message types (`ping/pong`, `task_request/task_response`) to verify health first, then delegate real tasks.
- Add failure retry + alert threshold so one offline node does not block the whole workflow.
Commands
node relay-cli.js ping pawnnode relay-cli.js send pawn "Run a security audit and report findings"openclaw gateway statusVerify
A delegated task reaches the peer, executes on next cycle, and returns `task_response` without signature/timestamp rejection.
Caveats
- Rotate shared secrets periodically; never expose them in logs/screenshots.
- Inbox payload encryption at rest is not covered in the original post(需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗