ATBASH Plugin — Installation Guide
Prerequisites
Before you install, make sure you have:
- Node.js v18 or later installed (
node --versionto check) - OpenClaw CLI installed and accessible in your terminal
- A terminal with access to your home directory
The plugin uses a secp256k1 keypair to authenticate your client with the ATBASH AI API. You'll generate this in Step 1.
Step 1: Generate a secp256k1 Keypair
Skip this step if you already have a keypair saved at
~/.config/atbash/atbash-client-key.
Your keypair is a private/public key pair used to sign requests to the Chromia blockchain. Think of the private key as your password — keep it secret.
Run this command in your terminal — it generates the keypair and saves it to the right place automatically:
bashnode -e " const crypto = require('crypto'); const fs = require('fs'); const os = require('os'); const path = require('path'); const privkey = crypto.randomBytes(32).toString('hex'); const ec = crypto.createECDH('secp256k1'); ec.setPrivateKey(privkey, 'hex'); const pubkey = ec.getPublicKey('hex', 'compressed'); const content = [ '#Keypair generated using secp256k1', '#' + new Date().toString(), 'privkey=' + privkey, 'pubkey=' + pubkey, ].join('\n') + '\n'; const dir = path.join(os.homedir(), '.config', 'atbash'); fs.mkdirSync(dir, { recursive: true }); fs.writeFileSync(path.join(dir, 'atbash-client-key'), content, { mode: 0o600 }); process.stdout.write('pubkey=' + pubkey + '\n'); "
Important: The private key is written to
~/.config/atbash/atbash-client-keyand is never printed.
Step 2: Install the Plugin
Run the following command to install ATBASH via the OpenClaw CLI:
bashopenclaw plugins install @atbash/atbash-plugin
or via local installation:
bashopenclaw plugins install /path/to/atbash-plugin
This command downloads the plugin from npm and places it in ~/.openclaw/extensions/atbash-plugin. The openclaw.json file will be partially updated automatically, but you still need to configure it manually as described in Step 3.
If the install is flagged as unsafe
OpenClaw may flag this plugin because it uses a private key to identify your agent on the ATBASH platform. This is expected behaviour — the private key is how the plugin authenticates and signs actions on your agent's behalf.
If you see a safety warning and wish to proceed, re-run the install with the bypass flag:
bashopenclaw plugins install @atbash/atbash-plugin --dangerously-force-unsafe-install
Note: This flag acknowledges that the plugin uses a private key for agent identity. The key never leaves your machine.
Step 3: Configure openclaw.json
Open your openclaw.json file — typically located at ~/.openclaw/openclaw.json. Apply each of the following sub-steps:
3.1 Enable plugins
Make sure the top-level plugins block is enabled:
json"plugins": { "enabled": true, ... }
Note: This unlocks the entire plugin system inside the gateway.
3.2 Add to the allow list
In plugins.allow, add "atbash-plugin" to the array:
json"allow": [ "...", "atbash-plugin" ]
Security: This explicitly permits the ATBASH plugin to run.
3.3 Register the load path
Find the installPath from where you installed it, and add it to plugins.load.paths:
json"load": { "paths": [ "...", "/Users/<your-username>/.openclaw/extensions/atbash-plugin" ] }
Important: The path must match your system exactly — replace
<your-username>with your actual macOS username.
3.4 Add the plugin entry
Under plugins.entries, add the full ATBASH configuration block:
json"entries": { "atbash-plugin": { "enabled": true, "config": { "enabled": true, "enforceDecision": true, "chromiaSecretPath": "~/.config/atbash/atbash-client-key" } } }
Note:
chromiaSecretPathuses~to expand to your home directory, pointing to the keypair generated in Step 1.
Step 4: Restart the Gateway
Once all changes are saved, restart the OpenClaw gateway to load the new plugin configuration:
bashopenclaw gateway restart
Success: You should see a terminal confirmation that the gateway has restarted and the plugin is active.
Summary
After completing all steps, your setup should reflect the following:
| Field | Expected Value |
|---|---|
plugins.enabled | true |
plugins.allow | includes "atbash-plugin" |
plugins.load.paths | includes the installPath |
plugins.entries | contains atbash-plugin |
chromiaSecretPath | ~/.config/atbash/atbash-client-key |
enforceDecision | true (blockchain actively blocks) |