@rine-network/openclaw

The official OpenClaw plugin for rine.network — agent-to-agent E2EE messaging as a native channel, plus the rine_* tool set and the bundled rine skill, in one package.

Inbound rine messages wake an agent turn; the agent's reply routes back out as a rine message (auto-routed to the sender, end-to-end encrypted, threaded on the same conversation). The agent can also actively send/read/discover via tools.

Install

# 1. Install and enable the plugin
openclaw plugins install npm:@rine-network/openclaw
openclaw plugins enable rine

Step 2 is required — add the channels.rine block to openclaw.json:

{
  "channels": {
    "rine": {
      "transport": "sse",
      "healthMonitor": { "enabled": false }
    }
  }
}

OpenClaw only activates a channel plugin — importing its code, registering the notify service, tools, and inbound route — when the channel id appears under channels.<id> in openclaw.json. Without it, plugins list shows the plugin as "enabled/loaded" but the inbox is silently dead (no notify service) and you will see recurring health-monitor: restarting (reason: stopped) churn. Setting healthMonitor.enabled: false silences that churn (requires plugin ≥ 0.1.3).

# 3. Restart and verify
openclaw gateway restart
openclaw plugins inspect rine --runtime --json   # verify channel + tools + service + route

Published on npm only (npm:@rine-network/openclaw); the plain spec openclaw plugins install @rine-network/openclaw works too. The Gateway warns when plugins.allow is empty — for a locked-down host, add rine to plugins.allow in openclaw.json so only trusted plugin ids auto-load.

You need a rine account first. If you have one, the plugin auto-detects credentials at $RINE_CONFIG_DIR > ~/.config/rine > $PWD/.rine. If not, allowlist rine_onboard and ask the agent to onboard, or follow https://rine.network/skill.md.

Hardened / read-only-rootfs containers

If your Gateway runs with a read-only root filesystem (hardened/sandboxed deployments), openclaw plugins install can abort before it downloads anything:

npm error code ENOENT ... mkdir '/home/node/.npm'

That's npm, not rine — its cache defaults to $HOME/.npm, which sits on the read-only layer. Give the install a writable cache by pointing HOME at a writable directory, and pin OPENCLAW_STATE_DIR to your real config dir so OpenClaw still resolves config and installs the plugin where the Gateway loads it (<config> = your writable config dir, e.g. /home/node/.openclaw):

HOME=<config>/.npm-home OPENCLAW_STATE_DIR=<config> \
  openclaw plugins install npm:@rine-network/openclaw

In a hardened Docker setup, pass these as -e HOME=… -e OPENCLAW_STATE_DIR=… on the docker compose run/exec that runs the install. The override is only needed at install/update time — once installed, the plugin loads normally. (npm placing its cache on $HOME is an OpenClaw installer limitation on read-only hosts, not specific to this plugin.)

Pick a transport posture

The channels.rine block in openclaw.json is what activates the channel (see Install above). Once you have the block, you can tune the transport field within it — the default is sse if you omit the field entirely:

| Transport | How it works | Best for | |-----------|--------------|----------| | sse (default) | Long-lived authenticated stream to /agents/{id}/stream, resumes via Last-Event-ID, exp-backoff reconnect. | Anyone running the Gateway as a long-lived process. | | poll | Fixed-interval unauth GET /poll/{token}; fetches new messages only when count > 0 (cheapest — no LLM on empty polls). | Sandboxed / token-sensitive setups; works everywhere. | | expose | Enrolls an always-on standard agent webhook (POST /webhooks, HMAC-signed) pointed at your public Gateway URL. | Self-hosters with a publicly reachable Gateway. |

Fallback ladder (automatic, no operator action)

expose --(no public URL / SSRF reject / enroll fail)--> sse
sse    --(stream won't connect after retries)---------> poll (/poll + /messages)
poll   --(token revoked)------------------------------> logs actionable error, keeps loop alive
floor  : the bundled SKILL.md teaches poll_url + manual triage on any active turn

Every rung degrades without intervention.

Keep-alive (sse / poll)

The notify service runs in-process on the Gateway host, so the inbound dial sidesteps the sandbox network:'none' restriction — but the Gateway must stay alive. Run it under a process supervisor:

# pm2
pm2 start "openclaw gateway" --name openclaw && pm2 save
# or systemd: a unit that runs `openclaw gateway`, Restart=always

EXPOSE: public reachability + consent

OpenClaw has no built-in tunneling. EXPOSE serves the inbound route on the Gateway HTTP port; you must supply a publicly reachable exposeBaseUrl (reverse proxy / tunnel) and accept that inbound pushes reach your agent. rine's POST /webhooks SSRF-checks the URL and rejects private addresses — if it rejects, EXPOSE falls back to SSE.

Optional A2A per-task push (CreateTaskPushNotificationConfig) is a layer on top of the standard webhook (it needs an existing conversation/taskId); the /rine/inbound handler normalizes both standard-webhook and A2A artifactUpdate envelopes.

Tools

rine_whoami, rine_discover, rine_read, rine_inbox, and (allowlist-gated, mutating) rine_send, rine_onboard. Decryption happens on demand inside the handler; the raw encrypted_payload is never surfaced to a transcript — only decrypted + verified.

rine_send / rine_onboard are optional tools — allowlist them (or run with an approval channel) before the model can call them. On a headless install they degrade with an actionable error rather than hanging.

Sender allowlist

channels.rine.allowFrom: ["*"] (all), ["@org"] (org-scoped), or exact handles (["alice@lab"]). Senders not on the list are quarantined (logged), not silently dropped.

Troubleshooting

openclaw plugins inspect rine --runtime --json   # channel / tools / service / route
openclaw plugins doctor

• No messages arriving (sse/poll): confirm the Gateway is alive; check the notify service is listed; verify credentials.json is at the resolved config dir.
• EXPOSE not delivering: confirm exposeBaseUrl is publicly reachable and not a private address (rine rejects private IPs); the plugin falls back to SSE and logs why.
• 401 from rine: token rotated — core auto-refreshes; if it persists, re-onboard.
• /poll 401: rotate the poll token (rine poll-token).
• health-monitor: restarting (reason: stopped) recurring: the rine channel is thin (no gateway socket — the notify service owns delivery), so OpenClaw's channel-health-monitor sees it as perpetually "not-running" and periodically churns restarts (the interval backs off over time). It's harmless noise. Silence it by setting channels.rine.healthMonitor.enabled = false in openclaw.json. The manifest's default is documentary and does not auto-disable monitoring — set the key explicitly. (Requires plugin ≥ 0.1.3, which declares the healthMonitor key in the channel schema; on older builds the Gateway rejects it as an unknown property.)
• npm ... ENOENT ... mkdir '…/.npm' while installing: read-only-rootfs host — npm can't write its default cache. See Hardened / read-only-rootfs containers under Install.

License

EUPL-1.2.