Questions This Page Answers
- What is the fastest way to connect OpenClaw to OrgX reliably?
- When should I use browser pairing vs manual API key fallback?
- How do I verify the plugin is actually healthy after pairing?
- What unique capabilities does the OpenClaw plugin add vs hosted MCP alone?
60-Second Setup
Confirm on web
Sign in at useorgx.com and approve the OpenClaw
connection.
How Pairing Works
- OpenClaw requests a short-lived pairing session from OrgX.
- OrgX opens a secure browser confirmation page tied to that session.
- After confirmation, OrgX provisions a plugin-scoped key for that installation.
- OpenClaw receives the key, stores it locally with restricted file permissions, then acknowledges receipt.
Manual Key Fallback
If browser pairing is blocked, use Use API key instead in onboarding.Step-by-step (With Screenshots)
- Open OrgX settings and go to API keys:
https://www.useorgx.com/settings#security
- Generate a new API key (keep it private).
- In OpenClaw onboarding, choose Use API key instead.
- Paste the
oxk_...key and submit.
- On success, onboarding should show Connected and first sync should start automatically.
Manual key fallback is for auth recovery, not for forcing a GitHub or Linear
dependency. OrgX can still orchestrate through direct provider APIs with your
own supported model credentials when hosted Claude pairing is not the active
path.
First-Run Validation Checklist
Onboarding status changes to Connected
The dashboard loads live sessions/activity without restart
orgx_status returns OrgX workspace data from the plugin toolsFirst sync completes within your first minute on healthy network
Troubleshooting Matrix
| Symptom | Likely Cause | Action |
|---|---|---|
| Pairing never completes | Browser tab not confirmed | Re-open connect URL and approve |
| Pairing expired | Session timeout | Start pairing again from dashboard |
| Connected then reconnect prompt | Key revoked/invalid | Run browser pairing again or paste a new manual key |
| Manual key validation fails | Wrong/expired key | Generate a fresh API key and retry |
| Dashboard shows partial data | OrgX API transient issue | Refresh status and retry sync |
Rotate, Revoke, Reconnect
- Revoke plugin credentials from OrgX API key settings when rotating access.
- In OpenClaw onboarding, click disconnect (or clear and reconnect).
- Run browser pairing again to mint a fresh installation-scoped credential.
Security Notes
- The plugin stores credentials in
~/.config/useorgx/openclaw-plugin/auth.json. - Directory and file permissions are restricted to local user access.
- Browser pairing avoids copy/paste secret handling on the primary path.
What the Plugin Enables
The OpenClaw plugin gives you more than onboarding:| Capability | Source of truth in code | What you get |
|---|---|---|
Local MCP bridge (/orgx/mcp) | orgx-openclaw-plugin/src/mcp-http-handler.ts | Call OrgX tools without separate hosted MCP OAuth setup |
Domain-scoped MCP endpoints (/orgx/mcp/{domain}) | ORGX_MCP_ALLOWED_TOOLS_BY_SCOPE | Safer default tool exposure by domain |
Live dashboard (/orgx/live) | orgx-openclaw-plugin/src/http/index.ts | Activity feed, mission control, decisions, run controls |
| Health + diagnostics | orgx-openclaw-plugin/src/http/routes/health.ts | Connection, outbox, replay, and runtime status checks |
Local MCP Bridge Endpoints
| Endpoint | Purpose |
|---|---|
http://127.0.0.1:18789/orgx/mcp | Full plugin MCP tool surface |
http://127.0.0.1:18789/orgx/mcp/engineering (and other domains) | Domain-scoped subset |