Harbor — Persistent Memory & Credential Isolation for OpenClaw

You now have access to Harbor, agent infrastructure that gives you persistent memory across sessions, credential isolation (your skills never see raw API keys), and schema learning.

Security & data disclosure

Data storage

• Local-first: all data stored at ~/.harbor/ (memory, keychain, config). Works fully offline.
• Credentials: encrypted with AES-256-GCM (PBKDF2 key derivation, 100K iterations). OS keychain preferred, file-based keychain as fallback.

Network endpoints (only when cloud sync is enabled)

No other endpoints are contacted. No telemetry, no analytics, no tracking.

Cloud sync is opt-in

• Default: fully local, no network calls
• harbor cloud enable: provisions free account (50 memories) for cross-device sync
• harbor cloud disable: opts out permanently, deletes cloud config
• Plugin behavior: creates a cloud account on first load (for credential setup page to work), but no data is synced until you actively call harbor remember. The account alone does not transmit any user data.
• Zero-knowledge credentials: credentials are encrypted client-side (AES-256-GCM) before upload. Harbor Cloud stores only ciphertext — the server cannot decrypt or read your API keys, even if compromised.

Revoking access

harbor auth delete \x3Cname>          # Remove a credential (local + cloud)
harbor forget --topic \x3Ctopic>      # Delete memories by topic
harbor forget mem_\x3Cid>             # Delete specific memory
harbor cloud disable               # Disconnect from cloud entirely

Verification

• Source: github.com/oSEAItic/harbor (Apache 2.0)
• Install: go install builds from source (auditable, reproducible)
• Releases: signed tags on GitHub (git tag -v v0.4.9)
• Hosting: Harbor Cloud runs on Fly.io (Singapore region), DB on Neon (Postgres)

Setup

If harbor is not installed:

go install github.com/oseaitic/harbor/cmd/harbor@latest

Then configure Harbor as an MCP server for OpenClaw (add to openclaw.json):

{
  "mcpServers": {
    "harbor": {
      "command": "harbor",
      "args": ["mcp"]
    }
  }
}

If Harbor is already installed, skip to Using Harbor.

Using Harbor

Available tools

Credential isolation (harbor_http)

This is the key security feature for OpenClaw skills. Instead of storing API keys in environment variables where any skill can read them, Harbor holds credentials in its encrypted keychain. Your agent calls APIs through Harbor — never touching raw keys.

# Store a credential (one-time setup)
harbor auth github-pat
# Agent prompt: "Enter API key for github-pat:"

# Call API through Harbor — agent never sees the key
harbor fetch https://api.github.com/repos/oSEAItic/harbor --auth github-pat

Or via MCP tool:

{
  "url": "https://api.github.com/repos/oSEAItic/harbor",
  "auth": "github-pat",
  "auth_header": "Authorization: Bearer"
}

• auth — credential name in Harbor's keychain
• auth_header — how to inject the credential (default: Authorization: Bearer). For custom headers: "x-cg-pro-api-key", "X-API-Key", etc.
• Responses go through the full pipeline: memory, schema learning, context injection

Saving context (harbor_remember) — Topic-First

Notes are organized by topic, not connector. Connector is optional scope:

{
  "topic": "github-activity",
  "note": "Harbor repo has 247 stars, 12 open issues. Active development on auth-proxy and memory features.",
  "connector": "github",
  "author": "OpenClaw Agent",
  "refs": ["mem_abc123"]
}

Rules:

• Use descriptive topic keys — e.g. "ws-reconnect", "billing-logic", "market-trends"
• Always pass "OpenClaw Agent" as author — so other agents know who produced the analysis
• Write comprehensive summaries: what you analyzed, patterns found, conclusions
• Use refs to link to memory IDs your analysis builds upon — creates a knowledge graph
• Notes from the same session are auto-grouped by session_id

Recalling past context (harbor_recall)

{ "query": "github" }
{ "connector": "coingecko" }
{ "id": "mem_abc123" }

Usually you don't need this — Harbor auto-injects relevant context.

Teaching schemas (harbor_learn_schema)

When an API returns too many fields:

{
  "tool_name": "github_repos",
  "summary_fields": ["name", "stars", "language", "updated_at"],
  "summary_template": "{name} ({language}) - {stars} stars, updated {updated_at}"
}

Pick 3-6 fields. This is permanent — all future calls are curated.

Decision tree

Received data from Harbor?
├── Has meta.context? → Read it first, it's previous analysis
├── Has [Harbor:] hint? → Call harbor_learn_schema (pick 3-6 fields)
├── No meta.context? → After your analysis, call harbor_remember
└── Has errors[]? → Check error code, see troubleshooting below

CLI fallback

If MCP tools aren't available, use the CLI:

harbor fetch \x3Curl> --auth \x3Ccredential-name>              # Auth-proxy HTTP
harbor get \x3Cconnector.resource> --param key=value         # Connector fetch
harbor remember \x3Ctopic> "Your analysis summary"             # Save context
harbor remember --connector \x3Cname> \x3Ctopic> "summary"       # Scoped to connector
harbor forget mem_xxx                                      # Delete memory
harbor recall --search "keyword"                          # Search memory
harbor auth \x3Cname>                                        # Store credential
harbor auth get \x3Cname>                                    # Retrieve credential (stdout)
harbor auth sync                                          # Sync cloud → local
harbor doctor --json                                      # Diagnostics

Troubleshooting

OpenClaw Plugin (recommended)

For deeper integration, install the Harbor OpenClaw plugin:

openclaw plugins install github.com/oSEAItic/harbor/plugins/harbor-openclaw --link

The plugin:

• Registers harbor_remember + harbor_recall as native OpenClaw agent tools
• Syncs Harbor context to your workspace on session start (auto-indexed by OpenClaw)
• Captures context before compaction (prevents memory loss)
• Creates a cloud account on first load (enables credential setup page). No data synced until you call harbor remember. Opt out: harbor cloud disable

Build Tools with Harbor (for skill/plugin authors)

Use harbor fetch as your HTTP layer — get credential isolation, memory, and schema learning for free. Your tool code never touches raw API keys.

Harbor provides two ways to use credentials in tools:

Example: Tavily search (key in body — use harbor auth get)

export const tavily_search = {
  name: "tavily_search",
  description: "Web search via Tavily (credential-isolated through Harbor)",
  parameters: {
    type: "object",
    required: ["query"],
    properties: { query: { type: "string" } },
  },
  async execute({ query }: { query: string }) {
    const { execSync } = require("node:child_process");
    const key = execSync("harbor auth get tavily", { encoding: "utf-8" });
    const res = await fetch("https://api.tavily.com/search", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ api_key: key, query, max_results: 5 }),
    });
    return res.json();
  },
};

Example: GitHub API (key in header — use harbor fetch)

export const github_repos = {
  name: "github_repos",
  description: "List GitHub repos (credential-isolated)",
  parameters: { type: "object", properties: {} },
  async execute() {
    const { execSync } = require("node:child_process");
    return JSON.parse(execSync(
      "harbor fetch https://api.github.com/user/repos --auth github-pat",
      { encoding: "utf-8" },
    ));
  },
};

Example: Stripe (key in header, custom format)

export const stripe_balance = {
  name: "stripe_balance",
  description: "Check Stripe balance (credential-isolated)",
  parameters: { type: "object", properties: {} },
  async execute() {
    const { execSync } = require("node:child_process");
    const key = execSync("harbor auth get stripe", { encoding: "utf-8" });
    const res = await fetch("https://api.stripe.com/v1/balance", {
      headers: { Authorization: `Bearer ${key}` },
    });
    return res.json();
  },
};

User setup (one-time): harbor auth \x3Cname> → paste key → done.

Why use Harbor for credentials?

Pattern for any API

# 1. User stores credential (once)
harbor auth \x3Cname>

# 2. Tool retrieves key (any injection format)
harbor auth get \x3Cname>              # raw key to stdout

# 3. Or let Harbor inject into header automatically
harbor fetch \x3Curl> --auth \x3Cname>    # header-based APIs

Why Harbor for OpenClaw

OpenClaw skills currently access API keys via environment variables — any installed skill can read any credential. Harbor fixes this:

1. Credential isolation — API keys live in Harbor's encrypted keychain, not env vars. Skills call harbor fetch and never see raw keys.
2. Cross-session memory — Your analysis persists. Next time you (or another skill) access the same data source, previous conclusions are auto-injected.
3. Schema learning — APIs return 47 fields, you use 3. Harbor learns and curates permanently.
4. Tool platform — Any developer can build credential-isolated tools with harbor fetch. One pattern, any API.