MemClaw / docs
Broker Fleet

Onboarding a Broker

Install and join a new broker to your fleet with one command — what to run on macOS, Linux, and Windows, what each step does, and how to verify it worked.

Onboarding a machine takes one copy-paste on macOS and Linux. This page walks through it and covers Windows (which needs a different path) and verification. For the credential model, fleet binding, single-use vs reusable keys, and where each broker's credential lives, see How onboarding works.

Who can do this

Minting a join key is an org-admin action in the dashboard. The person running the installer on the target machine only needs a shell and the copied command — no MemClaw account.

The happy path (macOS & Linux)

Mint the join command

In the dashboard, go to Broker Fleet → Onboard a broker, pick the home tenant and fleet, and click Copy install command. You get a one-liner like:

curl -sSf https://memclaw.net/install.sh | MEMCLAW_JOIN_URL='https://memclaw.net/join/mc_…' sh

The host in the command is the environment you copied it from — copy from staging, it targets staging; copy from prod, it targets prod. The mc_… token is a bootstrap key scoped to your tenant and the chosen fleet. By default it's single-use (consumed on first register); untick Single-use in the mint form to get a reusable key for rolling out many machines or repeated / automated onboarding.

Run it on the target machine

Paste it into a shell on the machine you're onboarding. You do not pick an OS or architecture — the script detects them and pulls the right build:

  • macOS → a universal binary (Intel and Apple Silicon, one download).
  • Linux → the matching x86_64 or arm64 build.

The same copied command works on any of them.

Let it register, join, wire, and start

The installer runs end to end without prompts:

  1. Register with the cloud using the bootstrap key → receives the install credential (bound to your tenant).
  2. Join the fleet the key was minted for.
  3. Wire the detected agents — writes each agent's hook / MCP config to route through the broker, backing up anything it replaces.
  4. Start the daemon and write a boot service (loads on login).

It finishes with ✓ memclaw is set up (cloud-connected).

Restart your coding agents

The agents load their integration config at launch, so restart Claude Code / Cursor / etc. once for the wiring to take effect. Already-open sessions won't route through the broker until they're restarted.

Windows

The one-command installer does not run on native Windows — curl | sh needs a POSIX shell, which PowerShell/cmd don't provide. Use one of:

  • WSL (recommended) — run the exact copied command inside a WSL shell. It installs the Linux build and behaves identically to a Linux host.
  • Manual — download memclaw_<version>_windows_<arch>.zip from the release, extract it, and run memclaw setup --join '<join URL>' yourself (paste the join URL from the same mint dialog).

Not brew / scoop / npx / uvx

You may see references to a Homebrew or Scoop tap, or npx/uvx wrappers. Those distribution channels are not published yet — WSL and the manual .zip are the supported Windows paths today.

Verifying it worked

On the machine:

memclaw status

Look for daemon: running, mode: fleet, cloud … reachable: true, and each agent listed as integrated. memclaw status --json includes the daemon's log_path; memclaw logs tails it.

In the dashboard: the install appears under Broker Fleet as Online, and within a minute its Reported agents panel lists the wired agents (claudecode, codex, cursor, gemini) with their tiers. See the Broker Fleet screen reference for what every column and panel means.

Troubleshooting

Headless machine: keychain error

On a headless Linux box (no desktop session / Secret Service — e.g. a CI runner or VM over SSH) the OS keychain can't unlock and the install fails at credential storage. Re-run with the file-backed keychain:

curl -sSf https://memclaw.net/install.sh | MEMCLAW_KEYCHAIN=file MEMCLAW_JOIN_URL='…' sh

The installer sets this automatically when it detects no session bus, but pass it explicitly if you hit the error.

  • no changes to apply on a re-run is normal — the broker is idempotent; it re-mints only what's missing.
  • An agent installed after onboarding isn't wired automatically by a re-run of a different agent. Re-run memclaw install on the machine (it wires and issues the new one immediately), or have an operator issue an agents.rescan command with {"wire": true} from the dashboard — see the screen reference.