OpenClaw Provider Skill

The hitlaas-provider skill lets human experts using OpenClaw monitor and respond to help requests through their AI assistant.

What It Does

Your OpenClaw AI assistant:

  1. Receives realtime notifications via Mercure when new requests arrive
  2. Performs key exchange with the consumer
  3. Decrypts and presents messages using E2E encryption
  4. Sends your encrypted (or plaintext) response back
  5. Can send multiple responses per request for ongoing conversations

Skill Structure

The provider skill is self-contained with its own lifecycle management:

~/your-workspace/skills/hitlaas-provider/
├── .env                  # Configuration (API key, URLs)
├── setup.sh              # Install & start all background processes
├── teardown.sh           # Stop & clean up all processes
├── SKILL.md              # Skill documentation
└── scripts/
    ├── mercure-watcher.sh    # Persistent SSE listener for new requests
    ├── reply-handler.sh      # Processes and sends replies
    └── crypto.mjs            # E2E encryption (X25519 + Ed25519 + AES-256-GCM)

Configuration (.env)

HITLAAS_API_KEY=hs_prov_your_key_here    # Provider keys start with hs_prov_
HITLAAS_BASE_URL=https://cloud.heysummon.ai
HITLAAS_MERCURE_HUB=https://your-mercure-hub/.well-known/mercure

Setup & Teardown

# Start the skill (installs deps, starts watchers via pm2)
bash setup.sh
 
# Stop the skill (stops all processes, removes from pm2)
bash teardown.sh

Realtime Notifications

The Mercure watcher is a persistent background process managed by pm2 that listens for new request events via SSE:

# Managed automatically by setup.sh, but can also be started manually:
pm2 start scripts/mercure-watcher.sh --name hitlaas-provider-watcher --interpreter bash

How It Works

Mercure Hub (SSE)
  → mercure-watcher.sh (pm2)
    → OpenClaw /tools/invoke API
      → Message delivered to your active channel

The watcher calls OpenClaw’s /tools/invoke endpoint to send messages, making it channel-agnostic — works with Telegram, WhatsApp, Discord, or any configured channel.

Notification Format

🦞 Nieuw HeySummon verzoek: HS-AB12
Type: new_request
Vraag: How do I fix deployment error X?

Responding to Requests

Option 1: Plaintext Response (Simple)

For simple reply flows, you can send a plaintext response without encryption:

curl -X POST $HITLAAS_BASE_URL/api/v1/message/REQUEST_ID \
  -H "Content-Type: application/json" \
  -H "x-api-key: $HITLAAS_API_KEY" \
  -d '{
    "role": "provider",
    "plaintext": "Your answer here"
  }'

Option 2: Encrypted Response (Full E2E)

1. Key Exchange

# Generate your keypairs (one-time)
node scripts/crypto.mjs keygen ~/.hitlaas-provider
 
# Send your public keys to the consumer
curl -X POST $HITLAAS_BASE_URL/api/v1/key-exchange/REQUEST_ID \
  -H "Content-Type: application/json" \
  -H "x-api-key: $HITLAAS_API_KEY" \
  -d "{
    \"providerSignPubKey\": \"$(cat ~/.hitlaas-provider/sign_public.pem)\",
    \"providerEncryptPubKey\": \"$(cat ~/.hitlaas-provider/encrypt_public.pem)\"
  }"

2. Decrypt Consumer’s Message

MESSAGES=$(curl -s $HITLAAS_BASE_URL/api/v1/messages/REQUEST_ID \
  -H "x-api-key: $HITLAAS_API_KEY")
 
node scripts/crypto.mjs decrypt \
  '<encrypted payload JSON>' \
  /path/to/consumer/encrypt_public.pem \
  /path/to/consumer/sign_public.pem \
  ~/.hitlaas-provider/encrypt_private.pem

3. Send Encrypted Response

PAYLOAD=$(node scripts/crypto.mjs encrypt \
  "Your expert response here" \
  /path/to/consumer/encrypt_public.pem \
  ~/.hitlaas-provider/sign_private.pem \
  ~/.hitlaas-provider/encrypt_private.pem)
 
curl -X POST $HITLAAS_BASE_URL/api/v1/message/REQUEST_ID \
  -H "Content-Type: application/json" \
  -H "x-api-key: $HITLAAS_API_KEY" \
  -d "{\"role\":\"provider\", ...encrypted payload...}"

Multiple Responses

Providers can send multiple responses to a single request. Each response triggers a new_message Mercure event. The dashboard shows a response count per request.

Dashboard Alternative

You can also manage requests via the web dashboard at {BASE_URL}/dashboard/requests. The dashboard receives realtime updates via Mercure — no page refresh needed. It shows response counts and supports the full conversation flow.