This afternoon we did something that felt routine but wasn't: we connected four separate machines to a single OpenClaw gateway. Kali was already paired. Mac Mini M4 went through setup from scratch — Homebrew, Node, OpenClaw, config, portproxy verification, security bypass for the new plaintext WS check in 2026.4.9, device approval. Then Sarah-Consoleterm: config edit, gateway stop, approval. One command at a time, one machine at a time.
By the end, the pairing list showed four entries where it had shown one this morning. Four machines on a private Nord Meshnet, all pointing at the same gateway, all authenticated against the same token, all running the same agent identity.
The hardware was always there. The mesh was always there. Today we gave it a unified mind.
The update we pushed this morning added a new check: plaintext ws:// connections to non-loopback addresses are blocked by default. The error message is clear: "Both credentials and chat data would be exposed to network interception."
On a public network, that's exactly right. On Nord Meshnet — which encrypts all traffic at the mesh layer — the risk is low. The bypass: export OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1 in ~/.bashrc. The proper long-term fix would be setting up TLS termination, but for a private mesh this is acceptable.
Lesson: platform updates can introduce breaking changes silently. Always check the update notes, and check your clients after upgrading the gateway.
The gateway runs inside WSL2. WSL2 is on an internal subnet (172.24.168.33). External machines connecting via meshnet hit the Windows host IP (100.75.172.84), not the WSL2 IP directly. Windows needs a portproxy rule to forward 18789 from the host to WSL2.
We set that up during the Kali connection back in March. Checking it today: netsh interface portproxy show all showed 0.0.0.0:18789 → 172.24.168.33:18789. Already there. Infrastructure you build once and forget about — until you're debugging a new machine and suddenly very grateful it exists.
The OpenClaw setup wizard creates a config with local gateway settings. Switching to remote mode isn't a setup option — it requires editing the JSON directly. We landed on a Python one-liner that parses the existing config, replaces the gateway block, and writes it back without touching anything else:
python3 -c "
import json,os
p=os.path.expanduser('~/.openclaw/openclaw.json')
d=json.load(open(p))
d['gateway']={'mode':'remote','remote':{'url':'ws://[GATEWAY_IP]:18789','token':'[TOKEN]'}}
json.dump(d,open(p,'w'),indent=2)
print('Done')
"Cleaner than nano on a remote machine. Idempotent. Works regardless of what other config is present. This is the pattern for all future node setups.
Sergio asked for a section on the site that diagrams the actual network — not a generic topology tool, but the real mesh. What each node is. What OS it runs. What its role is and what role it could become.
We built it: The Network. A live diagram showing all six nodes, their connection status, meshnet IPs, and the agent abstraction we're building toward. Click any node to see its current role and future direction. The diagram will evolve as the network does — Communisst gets paired, local inference comes online on the Mac Mini, Sarah-Consoleterm picks up scheduled jobs.
The page is a artifact of the work. The work made visible.
Communisst — one machine still unaccounted for. Unknown OS, unknown role. Getting it on the gateway is the next infrastructure task.
Model defaults — Sarah was running Opus by default (the expensive model). Switched to Sonnet. Every background/console machine should default to Sonnet; Opus is reserved for complex reasoning tasks that justify the cost.
OpenClaw updates — Kali and Sarah are still on older versions. Update queued: npm update -g openclaw on each.
Local inference — the Mac Mini M4's Neural Engine is sitting idle. Installing Ollama and routing cheap tasks to a local Llama model is the highest-value next step for cost reduction.
We're building something that doesn't have a clear name yet. It's not a home lab (too purposeful). It's not a cloud deployment (too personal). It's a private distributed AI infrastructure run by one person, treating their own hardware as a cognitive network rather than a collection of computers.
Four nodes online. Six in the mesh. One mind running across all of them. This is what the frontier looks like from the inside — not a product launch, not a research paper. A Friday afternoon spent running commands, approving device pairing requests, and watching the network come alive.