DEV Community

Vishal Kumar Singh
Vishal Kumar Singh

Posted on

Why This Backend Engineer Stopped Calling LLM APIs From Every Service And Started Running a Local Agent Instead

#devchallenge #openclawchallenge #ai #java

OpenClaw Challenge Submission 🦞

This is a submission for the OpenClaw Writing Challenge.

The Problem Every Backend Team Has Right Now

If you run a Java or Node backend in 2026, your architecture diagram probably has a
new blob labelled "LLM" with an arrow pointing to it from every second service.
Someone added an OpenAIClient bean six months ago to summarise tickets. Someone
else added an AnthropicClient to rewrite customer emails. The data science team
spun up their own proxy because they wanted Gemini for embeddings.
From an engineering perspective, this is the same mess we cleaned up a decade ago
with Kafka and service meshes, just with a different label. Every team re-implements:

  • Retry, timeout, and circuit-breaker policy around an external API
  • Secret management for a rotating pile of vendor keys
  • Audit logs of "what prompt went out, what came back, who paid for it"
  • Context collection -- pulling email, calendar, docs, tickets -- over and over I wanted a different pattern: one local daemon that owns the model connection and the context, and every app in my personal workflow talks to it over a stable API. That is exactly what OpenClaw is. This post is a backend engineer's mental model of OpenClaw, how I set it up, and why I think the "AI as a local gateway" pattern is about to eat a lot of the LLMClient beans we have been writing. ## What OpenClaw Actually Is (In Backend Terms) OpenClaw is an open-source personal AI agent you run on your own machine. Strip away the marketing and the shape is very familiar:
  • A daemon listening on localhost:18789 (they call it the Gateway)
  • A control plane UI in the browser for config, skills, and chat
  • A pluggable model backend -- you bring your own Anthropic, OpenAI, Google, Ollama, or local model key
  • A channel adapter layer that speaks Slack, Discord, Telegram, WhatsApp, Signal, Teams, and a few more
  • A skills abstraction -- small, composable units of capability that the agent can invoke If you squint, this is a little personal API gateway plus a rules engine plus a provider-agnostic LLM client. The thing that makes it interesting is that the context and the policy live on your box, not in a vendor tenant. ## The Five-Minute Install Node 24 is the recommended runtime (22.14+ also works). On macOS/Linux/WSL2: 
curl -fsSL https://openclaw.ai/install.sh | bash
Enter fullscreen mode Exit fullscreen mode

On Windows PowerShell:

iwr -useb https://openclaw.ai/install.ps1 | iex
Enter fullscreen mode Exit fullscreen mode

Or just npm i -g openclaw@latest if you already run a Node toolchain. Then:

openclaw onboard --install-daemon
openclaw gateway status     # should show listening on 18789
openclaw dashboard          # opens the Control UI
Enter fullscreen mode Exit fullscreen mode

You paste in an API key for whichever provider you already have a budget with --
I used Anthropic for authoring-heavy work and a small Ollama model for anything
that touches private data. That switch is a single field in the dashboard, not a
code change in your apps.

The Mental Model That Clicked For Me

I kept trying to think about OpenClaw as "just another chat UI", and none of it
made sense until I flipped the frame. Here is the frame that worked:

OpenClaw is a sidecar for your digital life. Each skill is a tiny service.
Each channel is a transport. You -- the human -- are the load balancer.
Once I thought about it that way, every design decision made sense:

  • Why a local daemon? Because sidecars have to be co-located. Latency, trust, and data locality all get much easier when the agent is on the same host as the secrets it needs.
  • Why skills instead of one giant prompt? Because production services are composed of small, testable units with clear contracts. Prompts without boundaries become the stored procedures of the AI era.
  • Why so many channels? Because in a sidecar model, transport is cheap. Slack, Telegram, CLI -- all just ingress to the same brain. ## A Concrete Setup For A Backend Engineer Here is the layout I actually ended up with after two evenings of tinkering. It mirrors how I would structure an internal platform team's "AI access layer" at work, just scaled down to one human. Providers
  • Primary model: Anthropic Claude (authoring, refactoring, design docs)
  • Private model: a local Ollama qwen variant for anything that references real customer data, internal service names, or unpublished work
  • Embeddings: provider-native on whichever model the skill is pointed at, so I do not have to babysit a second key Skills I wrote or enabled
  • jira-triage -- reads a ticket URL, extracts repro steps, asks clarifying questions, drafts a reply. Rule: never posts automatically. Always returns a draft to me.
  • pr-review-prep -- given a PR URL, pulls the diff, identifies risky files using a small heuristic (touches application-prod.yml, changes a migration, edits a security filter), and writes a review checklist.
  • weekly-brag -- every Friday, scrapes my GitHub activity, merged PRs, and Medium drafts, and emits three bullets in "impact / action / metric" form for my running brag doc. Feeds my promotion file instead of dying in chat history.
  • calendar-debrief -- pre-meeting skill that pulls the calendar event, finds the last three email threads with the attendees, and gives me a two-sentence primer. Channels
  • Slack in a private workspace just for me (@claw ping me when X)
  • CLI (openclaw ask "...") for terminal-first work
  • iMessage for phone-originated captures Policies
  • Any skill that would write to an external system (post a ticket comment, send an email, push code) must return a draft instead of executing, by default
  • Any skill that touches *.mmt.internal or files under ~/work/ must use the local model, never a hosted one
  • Every agent run writes a JSON line to ~/.openclaw/audit.log -- same spirit as any access log you would keep in a regulated system That last one is worth emphasising. If you think of AI usage as traffic, then everything you already know about traffic applies: log it, budget it, rate-limit it, and be able to answer the question "what did this system say and do, on my behalf, yesterday?" ## What Running This For A Week Actually Felt Like I have opinions. ### The good
  • The context stays put. I stopped copy-pasting ticket text into a chat window. My Slack thread with @claw already has what it needs. This is the biggest quality-of-life change, and it is underrated.
  • Multi-model is a config field. The fact that switching from a hosted model to a local one was a radio button meant I actually did it for sensitive work, rather than promising myself I would.
  • The skill abstraction composes. pr-review-prep calls jira-triage when a PR mentions a ticket ID. They were written days apart and nothing broke. This is the composition story that "custom GPTs" never quite nailed because the boundaries were not proper ones. ### The sharp edges
  • Skill authoring is still more art than engineering. You are writing prompts, tool definitions, and fallback logic in a format that is evolving quickly. Expect to refactor your own skills every few weeks. Treat them like any other code: version them, review them, and write little acceptance notes.
  • Observability is young. The audit log is there, but the analytics around "how often does this skill run, how much does it cost, which provider is flaking" are not what you get from a mature API gateway. I ended up writing a tiny shell script to jq the audit log into a weekly summary.
  • Provider drift is real. Two of my skills broke when I switched models because one provider is stricter about tool-call JSON. Treat the model as an external dependency: pin versions where you can, write a smoke test where you cannot. ### The thing I did not expect I write a lot of Java for a living. The most surprising win was using OpenClaw as the ingress for design-doc drafting from my phone. I dictate a messy idea in iMessage while walking, a skill cleans it up into a structured doc template, and by the time I am back at my laptop it is a well-formed markdown file waiting in ~/docs/drafts/. That workflow does not exist in the "open a chat UI, paste, copy back" model. It only shows up when the agent lives on your side of the API. ## What I Would Tell Another Backend Engineer Before They Start If you already run services for a living, you will underestimate how much of your existing mental model transfers. Here is the short version:
  • Treat skills like services. Name them clearly, give them inputs/outputs, version their prompts, write down their failure modes. A "prompt with tool use" is just a service with two backends (the model and the tool).
  • Put a policy at the edge. Decide early which skills are allowed to talk to the hosted model, which must use local, and which are draft-only. It is much harder to retrofit.
  • Log everything. The audit log is the single most reassuring file on my machine right now. Future-you will want to know what past-you authorised.
  • Do not try to replace your team's AI strategy with your personal one. OpenClaw is a sidecar for you. If your employer has an enterprise story, use it for work. Use OpenClaw for the long tail of personal and side-project work where you are the CISO, the SRE, and the user all at once. ## Where I Think This Pattern Goes I have been building backend systems long enough to recognise a shape when it repeats. We went from "every app has its own auth" to OAuth gateways. We went from "every app has its own cache" to Redis-as-a-service. We went from "every app has its own queue" to Kafka. Each time, the shared thing moved to a well-defined, pluggable gateway, and app code got smaller and clearer. AI is on the same curve. The "every app embeds an OpenAIClient" phase is the first draft. The next phase is a gateway that owns the provider connection, the context, the policy, and the audit trail. For enterprises, that gateway will be an internal platform service. For me, personally, it is OpenClaw. If you have been waiting for the right time to stop pasting ticket text into a chat window, this is that time. Install the daemon, write one skill that replaces one copy-paste workflow, and see what happens. Budget an hour. ## Appendix: The One-Hour Starter Skill If you want to actually try this today, here is the smallest useful skill I wrote and how I structured it. This is the kind of thing that takes an evening and pays for itself in a week. Full source (with tests and CI) lives at github.com/singhvishalkr/pr-review-prep. An OpenClaw skill is a directory with a SKILL.md at the root. Everything the agent needs to know about when to use the skill is in the YAML frontmatter; everything it needs to know about how is in the markdown body. That's the whole format. 
pr-review-prep/
├── SKILL.md              # frontmatter (name/description) + markdown guidance
├── scripts/
│   └── risk-scan.sh      # deterministic heuristic, ~60 lines of bash
└── test/
    ├── run.sh            # 5 unit tests, zero deps
    └── fixtures/         # file-list + PR-body fixtures
Enter fullscreen mode Exit fullscreen mode

Here is the heart of SKILL.md. The frontmatter is what OpenClaw reads to
decide when this skill should fire. The metadata.openclaw.requires block is
what lets the dashboard offer to brew install gh for you the first time you
invoke it.

---
name: pr-review-prep
description: "\"Prep a GitHub pull-request review by pulling the diff with `gh`,"
  flagging risky files via heuristics, and emitting a reviewer checklist.
  Use when: (1) the user pastes a GitHub PR URL and asks for a review/checklist,
  (2) the user wants a pre-review summary before a 1:1 code review.
  NOT for: merging PRs, posting review comments directly to GitHub, or
  non-GitHub PRs (GitLab/Bitbucket)."
metadata:
  openclaw:
    emoji: "🦞"
    requires: { bins: ["gh", "bash"] }
    install:
      - id: brew
        kind: brew
        formula: gh
        bins: [gh]
        label: "Install GitHub CLI (brew)"
---
Enter fullscreen mode Exit fullscreen mode

The key design choice: the risk detection is a bash script, not a prompt.
Here is the relevant slice of scripts/risk-scan.sh:

if grep -Eq '(^|/)application(-[a-zA-Z0-9]+)?\.ya?ml$' "$FILES"; then
  flag "config-change — confirm per-env overrides exist"
fi
if grep -Eq 'Migration\.java$|(^|/)migrations/|\.sql$' "$FILES"; then
  flag "db-migration — check rollback and dual-write plan"
fi
if grep -Eq '(^|/)(security|auth|authz|authn)/' "$FILES"; then
  flag "security-sensitive — require second reviewer"
fi
Enter fullscreen mode Exit fullscreen mode

Every rule is one line of grep -E you can read in git. The LLM then composes
the checklist prose from those flags. That split matters: your organisation's
risk model is the thing that should be visible in git blame, not hidden
inside a prompt string an agent loaded at startup.
The repo ships with 5 unit tests (bash test/run.sh) and a GitHub Actions
workflow that runs shellcheck plus the tests on every push. Boring choices.
That is the point: we already know how to make small pieces of infrastructure
trustworthy, and a skill is a small piece of infrastructure.
Happy clawing. 🦞

Top comments (0)