Install
- npm registry
- Local checkout
Quick setup
1
Ensure plugin is available
Install
@openclaw/mattermost with the command above, then restart the Gateway if it is already running.2
Create a Mattermost bot
Create a Mattermost bot account, copy the bot token, and add the bot to the teams and channels it should read.
3
Copy the base URL
Copy the Mattermost base URL (e.g.,
https://chat.example.com). A trailing /api/v4 is stripped automatically.4
Configure OpenClaw and start the gateway
Minimal config:Non-interactive alternative:
Self-hosted Mattermost on a private/LAN/tailnet address: outbound Mattermost API requests pass through an SSRF guard that blocks private and internal IPs by default. Opt in with
channels.mattermost.network.dangerouslyAllowPrivateNetwork: true (per account: channels.mattermost.accounts.<id>.network.dangerouslyAllowPrivateNetwork).Native slash commands
Native slash commands are opt-in. When enabled, OpenClaw registersoc_* slash commands on every team the bot is a member of and receives callback POSTs on the gateway HTTP server.
/oc_status, /oc_model, /oc_models, /oc_new, /oc_help, /oc_think, /oc_reasoning, /oc_verbose, /oc_queue. With nativeSkills: true, skill commands are also registered as /oc_<skill>.
Behavior notes
Behavior notes
nativeandnativeSkillsdefault to"auto", which resolves to disabled for Mattermost. Set them totrueexplicitly.callbackPathdefaults to/api/channels/mattermost/command.- If
callbackUrlis omitted, OpenClaw deriveshttp://<gateway.customBindHost or localhost>:<gateway.port, default 18789><callbackPath>. Wildcard bind hosts (0.0.0.0,::) fall back tolocalhost. - For multi-account setups,
commandscan be set at the top level or underchannels.mattermost.accounts.<id>.commands(account values override top-level fields). - Existing slash commands with the same trigger created by other integrations are left untouched (registration skips them); commands the bot created are updated or recreated when the callback URL drifts.
- Command callbacks are validated with the per-command tokens returned by Mattermost when OpenClaw registers
oc_*commands. - OpenClaw refreshes current Mattermost command registration before accepting each callback, so stale tokens from deleted or regenerated slash commands stop being accepted without a gateway restart.
- Callback validation fails closed if the Mattermost API cannot confirm the command is still current; failed validations are cached briefly, concurrent lookups are coalesced, and fresh lookup starts are rate-limited per command to bound replay pressure.
- Slash callbacks fail closed when registration failed, startup was partial, or the callback token does not match the resolved command’s registered token (a token valid for one command cannot reach upstream validation for a different command).
- Accepted callbacks are acknowledged with an ephemeral “Processing…” reply; the real answer arrives as a normal message.
Reachability requirement
Reachability requirement
The callback endpoint must be reachable from the Mattermost server.
- Do not set
callbackUrltolocalhostunless Mattermost runs on the same host/network namespace as OpenClaw. - Do not set
callbackUrlto your Mattermost base URL unless that URL reverse-proxies/api/channels/mattermost/commandto OpenClaw. - A quick check is
curl https://<gateway-host>/api/channels/mattermost/command; a GET should return405 Method Not Allowedfrom OpenClaw, not404.
Mattermost egress allowlist
Mattermost egress allowlist
If your callback targets private/tailnet/internal addresses, set Mattermost
ServiceSettings.AllowedUntrustedInternalConnections to include the callback host/domain.Use host/domain entries, not full URLs.- Good:
gateway.tailnet-name.ts.net - Bad:
https://gateway.tailnet-name.ts.net
Environment variables (default account)
Set these on the gateway host if you prefer env vars:MATTERMOST_BOT_TOKEN=...MATTERMOST_URL=https://chat.example.com
Env vars apply only to the default account (
default). Other accounts must use config values.MATTERMOST_URL cannot be set from a workspace .env; see Workspace .env files.Chat modes
Mattermost responds to DMs automatically. Channel behavior is controlled bychatmode:
- oncall (default)
- onmessage
- onchar
Respond only when @mentioned in channels.
oncharstill responds to explicit @mentions.channels.mattermost.requireMentionis still honored, butchatmodeis preferred. Per-channelgroups.<channelId>.requireMentionsettings win over both.- After the bot sends a visible reply in a channel thread, later messages in that same thread are answered without a new @mention or
oncharprefix, so multi-turn thread conversations keep flowing. Participation is remembered for 7 days after the bot last replied in that thread and persists across gateway restarts. Threads the bot has only observed are unaffected; start a new top-level message to require an explicit mention again.
Threading and sessions
Usechannels.mattermost.replyToMode to control whether channel and group replies stay in the main channel or start a thread under the triggering post.
off(default): only reply in a thread when the inbound post is already in one.first: for top-level channel/group posts, start a thread under that post and route the conversation to a thread-scoped session.allandbatched: same behavior asfirstfor Mattermost today, because once Mattermost has a thread root, follow-up chunks and media continue in that same thread.- Direct messages default to
offeven whenreplyToModeis set.
channels.mattermost.replyToModeByChatType to override the mode for direct, group, or channel chats. Set direct to opt direct messages into threading:
off(default): direct messages stay non-threaded in one rolling session.first,all, orbatched: each top-level direct message starts a Mattermost thread backed by a fresh, independent session.
- Thread-scoped sessions use the triggering post id as the thread root.
firstandallare currently equivalent because once Mattermost has a thread root, follow-up chunks and media continue in that same thread.- Per-chat-type overrides take precedence over
replyToMode. Without adirectoverride, existing deployments keep flat, non-threaded DMs.
Access control (DMs)
- Default:
channels.mattermost.dmPolicy = "pairing"(unknown senders get a pairing code). Other values:allowlist,open,disabled. - Approve via:
openclaw pairing list mattermostopenclaw pairing approve mattermost <CODE>
- Public DMs:
channels.mattermost.dmPolicy="open"pluschannels.mattermost.allowFrom=["*"](the config schema enforces the wildcard). channels.mattermost.allowFromaccepts user ids (recommended) andaccessGroup:<name>entries. See Access groups.
Channels (groups)
- Default:
channels.mattermost.groupPolicy = "allowlist"(mention-gated). - Allowlist senders with
channels.mattermost.groupAllowFrom(user IDs recommended). channels.mattermost.groupAllowFromacceptsaccessGroup:<name>entries. See Access groups.- Per-channel mention overrides live under
channels.mattermost.groups.<channelId>.requireMentionorchannels.mattermost.groups["*"].requireMentionfor a default. @usernamematching is mutable and only enabled whenchannels.mattermost.dangerouslyAllowNameMatching: true.- Open channels:
channels.mattermost.groupPolicy="open"(mention-gated). - Resolution order:
channels.mattermost.groupPolicy, thenchannels.defaults.groupPolicy, then"allowlist". - Runtime note: if the
channels.mattermostsection is completely missing, runtime fails closed togroupPolicy="allowlist"for group checks (even ifchannels.defaults.groupPolicyis set) and logs a one-time warning.
Targets for outbound delivery
Use these target formats withopenclaw message send or cron/webhooks:
Outbound sends support at most one attachment per message; split multiple files into separate sends.
DM channel retry
When OpenClaw sends to a Mattermost DM target and needs to resolve the direct channel first, it retries transient direct-channel creation failures by default. Usechannels.mattermost.dmChannelRetry to tune that behavior globally for the Mattermost plugin, or channels.mattermost.accounts.<id>.dmChannelRetry for one account. Defaults:
- This applies only to DM channel creation (
/api/v4/channels/direct), not every Mattermost API call. - Retries use exponential backoff with jitter and apply to transient failures such as rate limits, 5xx responses, and network or timeout errors.
- 4xx client errors other than
429are treated as permanent and are not retried.
Preview streaming
Mattermost streams thinking, tool activity, and partial reply text into a draft preview post that finalizes in place when the final answer is safe to send. Inpartial mode the preview updates on the same post id instead of spamming the channel with per-chunk messages. In block mode the preview rotates between completed text and tool-activity blocks, so earlier blocks stay visible as their own posts instead of being overwritten by the next one. Media/error finals cancel pending preview edits and use normal delivery instead of flushing a throwaway preview post.
Preview streaming is on by default in partial mode. Configure via channels.mattermost.streaming.mode (legacy scalar/boolean streaming values are migrated by openclaw doctor --fix):
Streaming modes
Streaming modes
partial(default): one preview post that is edited as the reply grows, then finalized with the complete answer.blockrotates the preview between completed text and tool-activity blocks, so each block stays visible as its own post instead of being overwritten in place. Parallel and consecutive tool updates share the current tool-activity post.progressshows a status preview while generating and only posts the final answer at completion.offdisables preview streaming. Withstreaming.block.enabled: true, completed assistant blocks are still delivered as normal block replies (separate posts) rather than a single coalesced final post.
Streaming behavior notes
Streaming behavior notes
- If the stream cannot be finalized in place (for example the post was deleted mid-stream), OpenClaw falls back to sending a fresh final post so the reply is never lost.
- Thinking-only payloads are suppressed from channel posts, including text that arrives as a
> Thinkingblockquote. Set/reasoning onto see thinking in other surfaces; the Mattermost final post keeps the answer only. - See Streaming for the channel-mapping matrix.
Reactions (message tool)
- Use
message action=reactwithchannel=mattermost. messageIdis the Mattermost post id.emojiaccepts names likethumbsupor:+1:(colons are optional).- Set
remove=true(boolean) to remove a reaction. - Reaction add/remove events are forwarded as system events to the routed agent session, subject to the same DM/group policy checks as messages.
channels.mattermost.actions.reactions: enable/disable reaction actions (default true).- Per-account override:
channels.mattermost.accounts.<id>.actions.reactions.
Interactive buttons (message tool)
Send messages with clickable buttons. When a user clicks a button, the agent receives the selection and can respond. Buttons come from the semanticpresentation payload (in normal agent replies and in message action=send). OpenClaw renders value buttons as Mattermost interactive buttons, keeps URL buttons visible in the message text, and downgrades select menus to readable text.
Display label (alias:
text).Value sent back on click, used as the action ID (aliases:
callback_data, callbackData). Required for a clickable button unless url is set.Link button; rendered as
label: url text in the message body instead of an interactive button.Button style. Mattermost applies default styling to values it does not support.
inlineButtons to the channel capabilities:
1
Access check
The clicker must pass the same DM/group policy checks as a message sender; unauthorized clicks get an ephemeral notice and are ignored.
2
Buttons replaced with confirmation
All buttons are replaced with a confirmation line (e.g., ”✓ Yes selected by @user”).
3
Agent receives the selection
The agent receives the selection as an inbound message (plus a system event) and responds.
Implementation notes
Implementation notes
- Button callbacks use HMAC-SHA256 verification (automatic, no config needed).
- The whole attachment block is replaced on click, so all buttons are removed together - partial removal is not possible.
- Action IDs containing hyphens or underscores are sanitized automatically (Mattermost routing limitation).
- Clicks whose
action_iddoes not match an action on the original post are rejected with403(“Unknown action”).
Config and reachability
Config and reachability
channels.mattermost.capabilities: array of capability strings. Add"inlineButtons"to enable the buttons tool description in the agent system prompt.channels.mattermost.interactions.callbackBaseUrl: optional external base URL for button callbacks (for examplehttps://gateway.example.com). Use this when Mattermost cannot reach the gateway at its bind host directly.- In multi-account setups, you can also set the same field under
channels.mattermost.accounts.<id>.interactions.callbackBaseUrl. - If
interactions.callbackBaseUrlis omitted, OpenClaw derives the callback URL fromgateway.customBindHost+gateway.port(default 18789), then falls back tohttp://localhost:<port>. The callback path is/mattermost/interactions/<accountId>. - Reachability rule: the button callback URL must be reachable from the Mattermost server.
localhostonly works when Mattermost and OpenClaw run on the same host/network namespace. channels.mattermost.interactions.allowedSourceIps: source-IP allowlist for button callbacks. Without it, only loopback sources (127.0.0.1,::1) are accepted, so a remote Mattermost server must be allowlisted here or its clicks are rejected with403. Behind a reverse proxy, also setgateway.trustedProxiesso the real client IP is derived from forwarded headers.- If your callback target is private/tailnet/internal, add its host/domain to Mattermost
ServiceSettings.AllowedUntrustedInternalConnections.
Direct API integration (external scripts)
External scripts and webhooks can post buttons directly via the Mattermost REST API instead of going through the agent’smessage tool. Prefer OpenClaw’s message tool. For direct integrations, import buildButtonAttachments from @openclaw/mattermost/api.js; if posting raw JSON, follow these rules:
Payload structure:
1
Derive the secret from the bot token
HMAC-SHA256(key="openclaw-mattermost-interactions", data=botToken), hex-encoded.2
Build the context object
Build the context object with all fields except
_token.3
Serialize with sorted keys
Serialize with recursively sorted keys and no spaces (the gateway canonicalizes nested objects too and produces compact JSON).
4
Sign the payload
HMAC-SHA256(key=secret, data=serializedContext)5
Add the token
Add the resulting hex digest as
_token in the context.Common HMAC pitfalls
Common HMAC pitfalls
- Python’s
json.dumpsadds spaces by default ({"key": "val"}). Useseparators=(",", ":")to match JavaScript’s compact output ({"key":"val"}). - Always sign all context fields (minus
_token). The gateway strips_tokenthen signs everything remaining. Signing a subset causes silent verification failure. - Use
sort_keys=True- the gateway sorts keys before signing, and Mattermost may reorder context fields when storing the payload. - Derive the secret from the bot token (deterministic), not random bytes. The secret must be the same across the process that creates buttons and the gateway that verifies.
Directory adapter
The Mattermost plugin includes a directory adapter that resolves channel and user names via the Mattermost API. This enables#channel-name and @username targets in openclaw message send and cron/webhook deliveries.
No configuration is needed - the adapter uses the bot token from the account config.
Multi-account
Mattermost supports multiple accounts underchannels.mattermost.accounts:
channels.mattermost.defaultAccount picks which account is used when none is specified.
Troubleshooting
No replies in channels
No replies in channels
Ensure the bot is in the channel and mention it (oncall), use a trigger prefix (onchar), or set
chatmode: "onmessage".Auth or multi-account errors
Auth or multi-account errors
- Check the bot token, base URL, and whether the account is enabled.
- Multi-account issues: env vars only apply to the
defaultaccount. - Private/LAN Mattermost hosts need
network.dangerouslyAllowPrivateNetwork: true(the SSRF guard blocks private IPs by default).
Native slash commands fail
Native slash commands fail
Unauthorized: invalid command token.: OpenClaw did not accept the callback token. Typical causes:- slash command registration failed or only partially completed at startup
- the callback is hitting the wrong gateway/account
- Mattermost still has old commands pointing at a previous callback target
- the gateway restarted without reactivating slash commands
- If native slash commands stop working, check logs for
mattermost: failed to register slash commandsormattermost: native slash commands enabled but no commands could be registered. - If
callbackUrlis omitted and logs warn that the callback resolved to a loopback URL likehttp://localhost:18789/..., that URL is probably only reachable when Mattermost runs on the same host/network namespace as OpenClaw. Set an explicit externally reachablecommands.callbackUrlinstead.
Related
- Channel Routing - session routing for messages
- Channels Overview - all supported channels
- Groups - group chat behavior and mention gating
- Pairing - DM authentication and pairing flow
- Security - access model and hardening