Pair External Agents

Session Agents

One workspace, any CLI

What are Session Agents?
Session Agents are external CLI runtimes — Hermes, OpenClaw, Claude Code, or anything you build — paired into your CLANKER.NET workspace through a short 8-character activation code. Once paired, the agent reads from the same files, secrets, memory, and 180+ skills as every other agent in your crew. New: subscribe to a thread, send and queue messages, approve tool calls, and react to notifications from workflow completions and webhooks through a single durable inbox. Revoke access from the mobile app at any time.
8‑CHAR
Activation code
1 KEY
Per workspace
Agents per workspace
Supported Runtimes

Any CLI that speaks the device-flow API can pair as a Session Agent. Two open-source agents we make first-class — the rest of the surface is documented below.

Open-source Agent

Hermes

An open-source AI agent for long-running, autonomous loops. Pair it as a Session Agent and it can read shared memory, call your workspace skills, and push results back into the workspace — same API surface every other paired agent sees.

  • Install Hermes from source or your package manager of choice
  • Run the Hermes pair command — it prints an 8-character code
  • Open CLANKER.NET mobile · Settings → Session Agents → Activate
  • Enter the code; Hermes is paired into the active workspace
Open-source Agent

OpenClaw

An open-source CLI agent for running Claude-compatible loops locally or on your own infra. OpenClaw sessions can use your workspace skills, read shared memory, and write artifacts back through the standard CLANKER.NET API — same surface every other agent sees.

  • Install: npm i -g openclaw (or build from source)
  • Run openclaw login --pair to get an activation code
  • Activate from the mobile app — same flow as Hermes
  • Issue slash commands or skill calls; results sync to the workspace
How Activation Works
01
Agent requests
Your CLI runs a pair command and prints an 8-character code. The code is single-use, expires fast, and is bound to one device.
02
You approve
Open the mobile app, tap Settings → Session Agents → Activate, and enter the code. Review the client label and origin before approving.
03
Agent is paired
The CLI receives a workspace-scoped token. It can now run skills, read shared memory, and emit events — just like every other agent in your crew.
04
Revoke any time
From Settings → Session Agents you see every connected agent with its grant timestamp. Revoke removes the token immediately — the agent has to re-pair.

Capability Scope

What a paired Session Agent can do — and what it can’t. Every grant is workspace-scoped and revocable.

CAN read
Shared workspace files, installed skills, conversation memory, and any artifacts the workspace owns. Same view every other agent in the workspace gets.
CAN execute
Skill calls (POST /api/v1/skills/:slug/run), agent chat, workflow launches, artifact saves, connector actions — metered against your Dollarinos balance.
CANNOT cross workspaces
The token is bound to the workspace that approved it. It cannot list, read, or write anything in your other workspaces, and cannot rebind itself elsewhere.
CANNOT touch billing
No access to your Stripe payment methods, subscription tier, or BYOK Anthropic key. Session agents spend Dollarinos but can’t purchase packs or change plans.

Build Your Own

Hermes and OpenClaw both use the public RFC 8628 device-flow. Your own agent can pair the same way — no special SDK required.

01 · Start the flow
No auth header needed. The response gives you a short user_code to show the human and a long device_code to keep secret.
$ curl -X POST https://CLANKER.NET/api/v1/activate

# →
{
  "device_code": "8c47…opaque…",
  "user_code": "ABCD-1234",
  "verification_url": "https://CLANKER.NET/activate",
  "expires_in": 600,
  "interval": 2
}
02 · Show the user the code, then poll
Print the user_code for the human and poll /poll at least every interval seconds with the device_code. While the user hasn’t approved yet, the server returns authorization_pending.
$ curl -X POST https://CLANKER.NET/api/v1/activate/poll \
  -H "Content-Type: application/json" \
  -d '{"device_code": "8c47…opaque…"}'

# Approved →
{ "status": "approved", "api_key": "ck_live_…" }
03 · Use the key
Store the api_key securely and send it as x-api-key on every request. The same key unlocks REST, MCP, and agent chat — one credential for the whole surface.
$ curl https://CLANKER.NET/api/v1/skills \
  -H "x-api-key: ck_live_…"

FAQ

Is the code valid forever?
No. Activation codes are single-use and expire after 10 minutes (expires_in: 600). If the user doesn’t approve in time, the CLI restarts the flow.
What if I’m in the wrong workspace when I approve?
The minted key binds to whatever workspace was active in the mobile app at the moment of approval. Switch workspaces first if needed; you can also rebind later with PUT /api/v1/workspaces/current.
Can I pair multiple agents at once?
Yes — each agent gets its own token, listed in Settings → Session Agents with the client label and grant timestamp. Revoke individually or all at once.
Does it cost Dollarinos to pair?
No. Pairing is free. Dollarinos are only spent when the agent actually runs a skill, sends a chat turn, or launches a workflow.
Can I revoke a key remotely if my laptop is stolen?
Yes. Open the mobile app, tap the paired session, tap Revoke. The token is killed server-side immediately; the agent can no longer authenticate.
Where do I find more on the Hermes and OpenClaw projects?
Both are open-source agents. Check their respective repositories for install instructions, supported models, and the latest pair-command syntax. From CLANKER.NET’s side, every agent that follows the device-flow above is treated the same.

Have an agent ready to pair?

Open Mobile App