Skip to content
/
Tier B A6 Multi-agent orchestrator

HiClaw

hiclaw · agentscope-ai/HiClaw · ★ 4.7k · last commit 2026-05-26

Kubernetes-native multi-agent platform where Worker and Manager agents collaborate in a Matrix IM room with enterprise credential isolation via Higress AI gateway and shared MinIO storage.

Best whenMulti-agent collaboration is a Kubernetes control-plane problem; the orchestration bus should be a real IM protocol (Matrix); real API keys should never reac…
Skip ifCustom orchestration buses (use Matrix protocol instead), Credentials in agent containers (use gateway consumer tokens)
vs seeds
claude-flow(hierarchical multi-agent, SQLite memory, CLI-first), but HiClaw replaces every major architectural component: the MCP t…
Primitive shape 80008 total
Commands 5 Skills 80000 Subagents 3
00

Summary

HiClaw — Summary

HiClaw is a Kubernetes-native collaborative multi-agent runtime platform from the Higress/Alibaba ecosystem. It deploys a Manager-Workers architecture inside a Kubernetes cluster (or Docker Compose) where a Manager agent orchestrates multiple Worker agents in a Matrix protocol IM room. Workers can run OpenClaw, QwenPaw (QwenCopaw), or Hermes runtimes; the Manager can be any deterministic agent. A Higress AI gateway centralizes traffic management and hides real credentials from workers. MinIO provides a shared file system for inter-agent information exchange. A hiclaw Go CLI binary manages the cluster lifecycle; an Element Web frontend (Matrix protocol) serves as the IM-based human-agent UI.

HiClaw is architecturally unique in this batch: it is the only framework that treats multi-agent collaboration as a Kubernetes control plane problem, uses Matrix protocol for agent-agent and human-agent communication, and applies an AI gateway for credential protection. Compared to claude-flow (closest seed for orchestration depth), HiClaw replaces the MCP toolserver with a K8s-native controller, replaces SQLite with MinIO shared storage, and replaces CLI interaction with a Matrix IM room.

01

Overview

HiClaw — Overview

Origin

HiClaw is from the agentscope-ai organization (the Higress/Alibaba open-source ecosystem). 4,666 stars, 30 contributors. Apache-2.0 license. Go + Python. Active as of 2026-05-26.

Philosophy

README opening: "HiClaw is an open-source collaborative multi-agent runtime platform. It enables multiple Agents to collaborate in a controlled and auditable room, with full human visibility and intervention capabilities throughout the process."

Key design principles:

  • Manager-Workers Architecture: Manager orchestrates Workers; humans don't need to supervise individual Workers
  • Multi-Runtime Collaboration: Different Workers can run different runtimes (OpenClaw, QwenPaw, Hermes) in the same room
  • Enterprise Security: Workers see only consumer tokens; real API keys stay in the Higress AI gateway
  • Zero Configuration IM: Built-in Tuwunel (Matrix server) — no external bot approvals needed
  • Human-in-the-Loop by Default: Every Matrix room includes the human; full visibility + intervention anytime

Key Infrastructure

  • Higress AI Gateway: API proxy centralizing credentials; workers access LLMs without seeing API keys
  • Tuwunel: Self-hosted Matrix IM server (open-source alternative to DingTalk/Lark)
  • Element Web: Matrix client for human interaction
  • MinIO: Shared object storage for inter-agent file exchange

Kubernetes Native

HiClaw 1.1.0 (April 2026) became "Kubernetes-native": YAML declarative resource management (Worker, Team, Human), a Go controller using controller-runtime, and a Helm chart for production deployment.

02

Architecture

HiClaw — Architecture

Distribution

  • Primary: Docker Compose (one-command install) or Kubernetes Helm chart
  • CLI: hiclaw binary (Go)
  • Web UI: Element Web (Matrix protocol client) at http://127.0.0.1:18088

Component Stack

┌─────────────────────────────────────────────────────┐
│  Element Web (Matrix IM client) @ :18088             │
│  Human + Manager + Workers in shared room            │
└──────────────────┬──────────────────────────────────┘
                   │ Matrix protocol
┌──────────────────▼──────────────────────────────────┐
│  Tuwunel (Matrix IM server)                          │
└──────────────────┬──────────────────────────────────┘
                   │
┌──────────────────▼──────────────────────────────────┐
│  HiClaw Controller (Go, K8s controller-runtime)      │
│  Manages: Worker, Team, Human K8s resources          │
└──────────┬────────────────────┬─────────────────────┘
           │                    │
┌──────────▼──────┐  ┌──────────▼──────────────────────┐
│ Higress AI GW   │  │ MinIO (shared file system)       │
│ (credential mgr)│  │ (inter-agent info exchange)      │
└─────────────────┘  └──────────────────────────────────┘
           │
┌──────────▼──────────────────────────────────────────┐
│  Worker containers                                   │
│  (openclaw | qwenpaw/copaw | hermes runtimes)        │
└──────────────────────────────────────────────────────┘

Repo Structure

HiClaw/
├── hiclaw-controller/    # Go K8s controller (CLI + API + controller)
├── manager/              # Manager agent (OpenClaw / QwenPaw runtimes)
├── copaw/                # QwenPaw (CoPaw) Worker runtime (Python)
├── worker/               # Worker containers
├── hermes/               # Hermes Worker runtime
├── openclaw-base/        # OpenClaw base
├── install/              # Install scripts (curl | bash)
├── helm/                 # Helm chart for K8s deployment
├── hack/                 # Development scripts
└── AGENTS.md

Required Runtime

  • Docker (primary) or Kubernetes 1.24+ (Helm)
  • 2 CPU + 4 GB RAM minimum
  • Helm 3.7+ (for K8s deployment)
  • Default StorageClass (for MinIO + Tuwunel PVCs)

Config Files

  • YAML manifests (Worker, Team, Human — K8s-style declarative)
  • helm install values
03

Components

HiClaw — Components

CLI (hiclaw)

Command Purpose
Install script `curl
hiclaw binary Kubernetes controller binary (manages Worker/Team/Human resources)

Runtime Agents (Workers)

Runtime Purpose
OpenClaw Primary Worker runtime (deterministic, preferred for Leader role)
QwenPaw (CoPaw) Qwen-based Worker runtime; can serve as Manager
Hermes Autonomous coding Worker runtime

Infrastructure Components

Component Purpose
Higress AI Gateway API proxy; hides real API keys from Workers; centralized traffic management
Tuwunel Self-hosted Matrix IM server
Element Web Matrix web client at :18088; human-agent UI
MinIO Shared object storage for inter-agent file exchange

Kubernetes Resources (Declarative YAML)

Resource Purpose
Worker Defines a Worker agent with runtime, model config
Team Groups Workers
Human Defines human participants in rooms

Skills Registry

Workers pull from skills.sh (80,000+ community skills) on demand. Skills fetched at runtime, not bundled.

Helm Chart

Full Helm chart bundling Higress AI Gateway, Tuwunel, MinIO, and HiClaw controller.

05

Prompts

HiClaw — Prompts & Instructions

Worker Runtime Prompts

Each Worker runtime ships with a built-in system prompt appropriate to its role:

OpenClaw (Preferred for Manager / Leader)

  • Deterministic reasoning emphasis
  • Instruction-following orientation: "complete the assigned subtask and report back"
  • Explicitly told which Matrix room to operate in
  • Credentials injected by HiClaw controller at spawn time (Higress endpoint, room ID)

QwenPaw / CoPaw (Manager or Worker)

  • Qwen-model-tuned instructions
  • Similar structure to OpenClaw but adapted for Qwen tokenizer and system prompt format
  • Can serve as Manager agent

Hermes (Autonomous Coding Worker)

  • Autonomous coding orientation
  • Minimal human supervision assumed
  • Likely carries tool use instructions (file read/write, shell execution)

AGENTS.md / CLAUDE.md

The HiClaw repo ships an AGENTS.md at the repo root. This file describes how AI coding assistants should interact with the HiClaw codebase itself — not the runtime system prompts for deployed Workers.

Skill Prompts (skills.sh)

Workers pull skills from skills.sh at runtime. Each skill is a self-contained prompt fragment or script. Workers incorporate the skill text into their active context when the skill is invoked. This means Worker prompt content is dynamic and not fully known at deploy time.

No User-Facing Prompt Editor

HiClaw has no built-in prompt editor UI. System prompts live inside the runtime container images (OpenClaw, QwenPaw, Hermes). Modifying Worker behavior requires:

  • Changing the runtime image
  • Passing custom env vars to the Worker container
  • Writing a custom skill and pushing it to the skills.sh registry

Credential Abstraction

Workers receive a Higress-issued consumer token, not a raw API key. The Higress gateway's route configuration maps the consumer token to a real LLM provider. This abstraction keeps sensitive credentials out of Worker prompts and container env vars that Workers can read.

09

Uniqueness

HiClaw — Uniqueness

Defining Characteristic

HiClaw is the only framework in this batch (and likely the entire corpus) that treats multi-agent collaboration as a Kubernetes control plane problem. Every other framework ships a CLI wrapper, a custom orchestrator, or a desktop app. HiClaw ships a Kubernetes controller with CRDs (Worker, Team, Human), a reconciler loop, and a Helm chart. This means HiClaw's operational model is: desired-state YAML → controller reconciler → running containers — the same pattern used to manage databases, message queues, and microservices in production.

The Matrix Protocol Bet

Using Matrix protocol (Tuwunel + Element Web) as the agent communication bus is a deliberate architectural choice:

  • Agent-to-agent and human-to-agent communication use the same protocol
  • Any Matrix client works as a UI (not locked to a custom frontend)
  • Room history is the audit log
  • Standard Matrix features (federation, encryption, threads) become available to agent teams

No other framework in the batch or the seed list uses a real IM protocol as its orchestration bus.

Credential Architecture

The Higress AI Gateway pattern — where Workers receive consumer tokens and never see raw API keys — is an enterprise security feature not present in any other framework in the batch. Claude-flow, aperant, agent-deck, eigent all pass API keys directly to agents. HiClaw's gateway-mediated approach enables:

  • Centralized key rotation without touching agent containers
  • Per-worker rate limiting and cost attribution
  • Auditable LLM traffic at the gateway layer

Dynamic Skills at Runtime

Workers pull from skills.sh (80,000+ community skills) at execution time. This is the only framework in the batch that delegates skill extensibility to a community registry rather than bundling tools/skills into the framework itself.

What HiClaw Is Not

  • It is not a coding assistant wrapper (unlike aperant, open-claude-cowork)
  • It is not a desktop Electron app (unlike eigent, aperant, multica, hola-os)
  • It is not a simple CLI orchestrator (unlike agent-deck, tinyagi)
  • It is not aimed at individual developers — it targets teams running agents at scale in Kubernetes

Tradeoffs

The K8s-native approach creates significant operational overhead: you need a running Kubernetes cluster, a StorageClass, and familiarity with Helm + kubectl. The 2 CPU + 4 GB RAM minimum is low, but a real production deployment is substantially heavier than any other framework in this batch. In exchange, HiClaw gains production-grade lifecycle management, horizontal scaling, and credential isolation that no other batch member approaches.

04

Workflow

HiClaw — Workflow

Deployment Phase

  1. Install with curl | bash (Docker Compose) or helm install (Kubernetes)
  2. All infrastructure containers start: Tuwunel, Element Web, Higress AI Gateway, MinIO, HiClaw controller
  3. Human accesses Element Web at http://127.0.0.1:18088

Configuration Phase

  1. Human writes YAML manifests declaring Worker, Team, and Human Kubernetes resources
  2. hiclaw apply -f team.yaml — controller reconciles desired state
  3. Controller creates Worker containers with assigned runtime (OpenClaw / QwenPaw / Hermes)
  4. Controller configures Higress gateway with LLM provider credentials (workers never see raw keys)
  5. Controller creates Matrix room(s) in Tuwunel, invites all participants

Execution Phase

  1. Human sends task message to Matrix room via Element Web
  2. Manager agent receives the message (connected to the room via Tuwunel)
  3. Manager decomposes task and assigns subtasks to Workers (Matrix messages)
  4. Each Worker receives its subtask via Matrix room message
  5. Worker calls LLM through Higress AI Gateway (consumer token, not raw API key)
  6. Workers pull skills from skills.sh on demand as needed
  7. Workers exchange files through MinIO shared object storage
  8. Workers post results back to Matrix room
  9. Manager aggregates results and synthesizes final output
  10. Human monitors all messages in real time; can intervene at any point

Human Intervention

  • Human sees every message in the Matrix room (full visibility by design)
  • Human can send correction messages at any time; Manager re-routes
  • Human can modify YAML resources (add/remove Workers) mid-execution
  • hiclaw CLI can be used to scale or restart workers

Lifecycle Management

Command Action
hiclaw apply Create/update Worker, Team, Human resources
hiclaw get workers List running worker agents
hiclaw delete Remove resources and stop containers
hiclaw logs <worker> Stream worker logs

File Exchange Pattern

Workers write outputs to MinIO; downstream workers read from MinIO. Matrix messages carry MinIO object references (URLs or keys) rather than raw file content, keeping Matrix messages lightweight.

06

Memory Context

HiClaw — Memory & Context

Shared File System (MinIO)

MinIO is the primary inter-agent memory store. Workers write intermediate artifacts (files, structured data) to MinIO buckets. Downstream Workers read from those buckets. This gives durable, cross-container shared memory without coupling Workers to each other directly.

  • All Workers have the same MinIO endpoint and credentials
  • Objects are addressable by key; Workers pass keys via Matrix messages
  • Persists across Worker restarts (durable storage)

Matrix Room History (Tuwunel)

Every Matrix room maintained by Tuwunel stores a full message history. Workers and the Manager can scroll back through room history to recover context on task progress. Humans can also review room history.

  • Room history is the implicit conversation log
  • Workers joining mid-task can read prior messages to onboard
  • No explicit summarization step; full history is always accessible

Kubernetes Resource State (etcd)

The HiClaw controller stores declarative state (Worker, Team, Human resource specs) in Kubernetes etcd. This is configuration state, not runtime memory — it records what should exist, not what agents said.

No Vector Store

HiClaw does not include a vector database or semantic search layer. Memory is flat: Matrix message history (time-ordered) + MinIO object storage (key-addressable). There is no RAG pipeline or embedding-based retrieval.

Context Window Management

Each Worker manages its own LLM context. When a Worker calls the LLM via Higress:

  • The Worker constructs its own prompt from Matrix room messages + MinIO content
  • The HiClaw platform does not manage context compression or summarization
  • Workers running Hermes or OpenClaw may have their own internal context handling

Skills as Dynamic Context

Workers pull skills from skills.sh at runtime. A fetched skill injects additional text into the Worker's active context. This is the primary mechanism for extending Worker capability without modifying container images.

Cross-Session Continuity

  • MinIO objects persist between sessions (unless explicitly deleted)
  • Matrix room history persists in Tuwunel
  • Kubernetes resource state persists in etcd
  • Workers restart with fresh LLM context windows; they recover prior context by re-reading Matrix room history and MinIO
07

Orchestration

HiClaw — Orchestration

Manager-Workers Architecture

HiClaw uses a strict two-tier hierarchy:

Human
  └── Manager (1)
        ├── Worker A (OpenClaw)
        ├── Worker B (QwenPaw)
        └── Worker C (Hermes)

The Manager is itself a Worker container running a specific runtime (OpenClaw preferred for determinism). The Manager's role is to decompose tasks and delegate subtasks to Workers.

Communication via Matrix Protocol

All orchestration happens through Matrix room messages (Tuwunel server). This is the defining pattern: the orchestration bus is a real IM protocol, not an in-process message queue or API call.

  • Manager sends subtask messages to Workers in the shared room
  • Workers post results back to the same room
  • Manager reads results and synthesizes the final response
  • Human observes every message; can inject corrections at any point

Kubernetes Controller (hiclaw-controller)

The Go controller manages the lifecycle of Worker, Team, and Human resources:

  • Reconciler loop: continuously ensures desired state (YAML spec) matches actual state (running containers)
  • Worker creation: spawns Worker containers with correct runtime image and config
  • Team management: groups Workers for scoped task routing
  • Human registration: creates Matrix room invites for human participants

Controller uses controller-runtime (same pattern as Kubernetes operators).

Higress AI Gateway as Orchestration Boundary

The Higress gateway enforces credential isolation. Each Worker has a consumer token scoped to specific LLM models. The gateway:

  • Routes Worker LLM calls to the correct provider
  • Enforces rate limits and quotas per Worker
  • Hides real API keys (enterprise security boundary)

Workers cannot directly call LLM APIs — all LLM traffic flows through Higress.

Multi-Runtime Collaboration

A single Team can mix runtimes:

  • OpenClaw Worker for deterministic reasoning tasks
  • QwenPaw Worker for tasks that benefit from Qwen's strengths
  • Hermes Worker for autonomous coding tasks

The Manager decides which Worker to route each subtask to based on capability.

Concurrency Model

  • Workers run as separate containers (parallel by default)
  • Matrix room messages are async; Workers can work concurrently
  • Manager waits for Worker responses before synthesizing
  • No explicit barrier/checkpoint primitives; Manager implements its own sequencing via message logic

Skills Registry

Workers can dynamically pull capabilities from skills.sh (80,000+ community skills). Skills expand what a Worker can do without requiring a new container image or controller restart. The Manager can instruct a Worker to fetch a specific skill before executing a subtask.

08

Ui Cli Surface

HiClaw — UI & CLI Surface

Element Web (Matrix Client) — Primary Human Interface

  • URL: http://127.0.0.1:18088
  • Technology: Element Web (standard Matrix web client)
  • Protocol: Matrix protocol via Tuwunel self-hosted server

Element Web is the human-agent interaction surface. The human joins the same Matrix room as the Manager and Workers. Every agent message appears as a chat message. Human participation is first-class — not an observer panel or separate dashboard but a full participant in the shared room.

Features available through Element Web:

  • Real-time message stream from all agents + human
  • Full room history scrollback
  • Human can type and send messages at any time (interventions, corrections, new tasks)
  • File sharing via Matrix file attachment (alongside MinIO for inter-agent files)
  • Standard Matrix features: reactions, threads, read receipts

This is the most distinctive UI pattern in the batch: the human-agent UI is a real Matrix IM client, not a custom-built web dashboard.

hiclaw CLI — Cluster Lifecycle Management

The hiclaw binary is a Go CLI for managing the Kubernetes control plane:

Command Purpose
hiclaw apply -f <yaml> Create/update Worker, Team, Human resources
hiclaw get workers List running Worker agents
hiclaw get teams List Teams
hiclaw delete -f <yaml> Remove resources
hiclaw logs <worker-name> Stream worker container logs
hiclaw install Deploy the full stack (Helm or Docker Compose)

The CLI is infrastructure-facing (kubectl-like), not task-facing. Users don't interact with agent tasks through the CLI — that happens in Element Web.

Install Script

curl -fsSL https://install.hiclaw.io | bash

One-liner that deploys: Tuwunel, Element Web, Higress AI Gateway, MinIO, HiClaw controller. Docker Compose variant for local; Helm chart for production Kubernetes.

No Custom Dashboard

HiClaw deliberately reuses Element Web as its UI rather than building a custom dashboard. There is no separate monitoring panel, no workflow visualization, no progress bars. All visibility into agent activity is through the Matrix room message stream.

Comparison to Batch Peers

Framework Human-agent interface
agent-deck Bubble Tea TUI in terminal
eigent Electron desktop app with custom panels
aperant Electron kanban board
tinyagi Next.js TinyOffice web portal
open-claude-cowork Electron chat window
multica Next.js web + Electron + React Native
hola-os macOS Electron (workspace model)
hiclaw Element Web (Matrix IM) at :18088
lobehub Electron desktop + Next.js web
paperclip React+Vite web dashboard

HiClaw is the only framework in this batch that uses a pre-existing IM client (Element Web) as its primary UI rather than a custom-built web or desktop app. This is architecturally significant: the UI is decoupled from the platform — any Matrix client can be used to interact with HiClaw agents.

Related frameworks

same archetype · same primary tool · same memory type

Claude-Flow / Ruflo ★ 55k
A6 Multi-agent orchestrator

Eliminates single-agent context limits and sequential bottlenecks by orchestrating fault-tolerant swarms of specialized AI agents…

Hermes Agent (NousResearch) ★ 168k
A6 Multi-agent orchestrator

Self-improving personal AI agent with closed learning loop, 7 terminal backends, and messaging gateway — not tied to any AI…

OpenCode ★ 165k
A6 Multi-agent orchestrator

Terminal-first AI coding agent with multi-model routing, native desktop app, and a typed .opencode/ configuration system for…

OpenHands ★ 75k
A6 Multi-agent orchestrator

Open-source AI software development platform (open-source Devin alternative) with Docker sandbox isolation, 77.6% SWE-bench…

DeerFlow ★ 70k
A6 Multi-agent orchestrator

Long-horizon superagent that researches, codes, and creates by orchestrating parallel sub-agents with isolated contexts in Docker…

oh-my-openagent (omo) ★ 60k
A6 Multi-agent orchestrator

Multi-provider AI agent orchestration for OpenCode: escape vendor lock-in by routing Sisyphus (Claude/Kimi/GLM) and Hephaestus…