✓ Verified
💻 Development
✓ Enhanced Data
Multi User Workspace
Multi-user workspace management with sandbox permissions, user profiles, and relationship networks.
- Rating
- 4.5 (141 reviews)
- Downloads
- 37,705 downloads
- Version
- 1.0.0
Overview
Multi-user workspace management with sandbox permissions, user profiles, and relationship networks.
Complete Documentation
View Source →
Friends
Configure per-user sessions with sandbox isolation, friend profiles, and relationship awareness.
Core Concepts
- UserId: Lowercase unique identifier (e.g.,
alice,bob). Used in session keys, filenames, and cross-references. - Session: One session per user, named
agent:where: mainKeytypically contains the userId. - Sandbox: Optional Docker isolation per session, configured in
openclaw.json. - FRIENDS/: User profile directory (one file per user, named
{userId}.md). - RELATIONS/: Relationship directory (files named
{userId1}-{userId2}.md, alphabetically sorted, can be mutiple users).
Example Workspace Structure
text
workspace/
├── USER.md # User registry with permissions
├── AGENTS.md # Multi-user guidance for assistant
├── FRIENDS/
│ ├── alice.md # alice's profile
│ └── bob.md # bob's profile
├── RELATIONS/
│ └── alice-bob.md # Relationship between alice and bob
├── private/ # Admin-only files (optional)
...USER.md
Registry of all users. The assistant reads this to identify users and extract userId and Name.
Format:
markdown
# User Registry
## Users
### alice
- UserId: alice
- Name: Alice
- Role: administrator
### bob
- UserId: bob
- Name: Bob
- Role: guestNote: userId is unique and in lower case. Use Role to determine sandbox configuration in openclaw.json.
FRIENDS/
User profiles. One Markdown file per user, named {userId}.md.
Content is flexible. Common sections include:
markdown
# Alice
## Info
- UserId: alice
- Name: Alice
- Role: administrator
- Emails: [email protected]
...
## Assistant Relationship
- How the user prefers to interact with the assistant
- Preferred communication style
- Ongoing projects or interests
## Notes
Free-form information about the user.RELATIONS/
Interpersonal relationships. Files named {userId1}-{userId2}.md (alphabetical order, can be mutiple users).
Content is flexible. Example:
markdown
# Alice & Bob
## Users
- **alice**: Alice
- **bob**: Bob
## Relationship
Friends who collaborate on projects.
## Information Sharing
- Can mention each other's public projects
- Do not share private details without askingAGENTS.md
Instructions for the assistant. Add this section:
markdown
## User Identification
When a session starts (after `/new`):
1. Get current session via `session_status`
2. Extract userId from the session key (e.g., `agent:main:alice` → `alice`)
3. Read `FRIENDS/{userId}.md` for user profile
4. Read `RELATIONS/*{userId}*.md` for all relationships involving this user
5. Greet the user by name
## Cross-User Boundaries
- Default: Information does not flow between users
- Exception: Only when explicitly defined in RELATIONS/Session Configuration
Each user gets an isolated session with configurable sandbox and tool permissions. Configure via openclaw.json.
Administrator Configuration
Full access, no sandbox restrictions:
json5
{
agents: {
defaults: {
workspace: "~/.openclaw/workspace",
},
list: [
{
id: "main",
// Administrator: no sandbox, all tools allowed
sandbox: { mode: "off" },
},
],
},
bindings: [
// Route admin sessions to main agent without sandbox
{ agentId: "main", match: { session: { regex: "alice$" } } },
],
}Guest Configuration
Sandboxed session with isolated workspace. Guest can read/write/execute in their own directory only:
json5
{
agents: {
defaults: {
workspace: "~/.openclaw/workspace",
},
list: [
{
id: "main",
// Guest: sandbox enabled, isolated directory
sandbox: {
mode: "all",
scope: "session",
workspaceAccess: "none", // Don't mount main workspace
docker: {
binds: [
// Mount guest's own directory as /workspace
"~/.openclaw/workspace/guests/bob:/workspace:rw"
]
}
},
tools: {
allow: ["read", "write", "edit", "exec", "process"],
deny: ["browser", "canvas", "nodes", "cron", "gateway"],
},
},
],
},
bindings: [
// Route guest sessions to sandboxed agent
{ agentId: "main", match: { session: { regex: "bob$" } } },
],
}Directory Setup:
bash
mkdir -p ~/.openclaw/workspace/guests/bobNotes:
- Guest sees
/workspaceas their root (isolated from main workspace) - Can read/write/execute freely within their directory
- Cannot access USER.md, FRIENDS/, RELATIONS/, or other guests' data
Configuration Options
Sandbox:
mode:"off"|"all"— Disable or enable sandboxscope:"session"— One container per user sessionworkspaceAccess:"none"|"ro"|"rw"— Workspace file access
allow: Array of permitted tool namesdeny: Array of prohibited tool names (overrides allow)
bindings[].match.session.regex: Match session key pattern (e.g.,alice$matches sessions ending with "alice")
Installation
Terminal bash
openclaw install multi-user-workspace
Copied!
💻Code Examples
...
.txt
## USER.md
Registry of all users. The assistant reads this to identify users and extract `userId` and `Name`.
**Format:**- Role: guest
--role-guest.txt
**Note:** `userId` is unique and in lower case. Use `Role` to determine sandbox configuration in `openclaw.json`.
## FRIENDS/
User profiles. One Markdown file per user, named `{userId}.md`.
Content is flexible. Common sections include:Free-form information about the user.
free-form-information-about-the-user.txt
## RELATIONS/
Interpersonal relationships. Files named `{userId1}-{userId2}.md` (alphabetical order, can be mutiple users).
Content is flexible. Example:- Do not share private details without asking
--do-not-share-private-details-without-asking.txt
## AGENTS.md
Instructions for the assistant. Add this section:- Exception: Only when explicitly defined in RELATIONS/
--exception-only-when-explicitly-defined-in-relations.txt
## Session Configuration
Each user gets an isolated session with configurable sandbox and tool permissions. Configure via `openclaw.json`.
### Administrator Configuration
Full access, no sandbox restrictions:}
.txt
### Guest Configuration
Sandboxed session with isolated workspace. Guest can read/write/execute in their own directory only:example.txt
workspace/
├── USER.md # User registry with permissions
├── AGENTS.md # Multi-user guidance for assistant
├── FRIENDS/
│ ├── alice.md # alice's profile
│ └── bob.md # bob's profile
├── RELATIONS/
│ └── alice-bob.md # Relationship between alice and bob
├── private/ # Admin-only files (optional)
...example.md
# User Registry
## Users
### alice
- UserId: alice
- Name: Alice
- Role: administrator
### bob
- UserId: bob
- Name: Bob
- Role: guestexample.md
# Alice
## Info
- UserId: alice
- Name: Alice
- Role: administrator
- Emails: [email protected]
...
## Assistant Relationship
- How the user prefers to interact with the assistant
- Preferred communication style
- Ongoing projects or interests
## Notes
Free-form information about the user.example.md
# Alice & Bob
## Users
- **alice**: Alice
- **bob**: Bob
## Relationship
Friends who collaborate on projects.
## Information Sharing
- Can mention each other's public projects
- Do not share private details without askingTags
#web_and-frontend-development
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author shun-dong
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install multi-user-workspace
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0