ɳSelfɳSELFDOCS

  • Getting Started

    • Introduction
    • Quick Start
    • Installation
    • Your First Project

  • Core Concepts

    • Architecture Overview
    • Project Structure
    • Configuration
    • Environments

  • Services

    • PostgreSQL Database
    • Hasura GraphQL
    • Authentication
    • Real-Time Communication
    • Storage (MinIO)
    • Email Configuration
    • Redis Cache
    • Search Engines
    • Functions
    • MLflow (ML Tracking)
    • Monitoring & Metrics
    • Admin UI
    • Dashboard

  • Database Tools

    • Schema Management
    • Migrations
    • Seeding Data
    • Backup & Restore
    • dbdiagram.io Sync

  • Microservices

    • NestJS Services
    • BullMQ Workers
    • Go Services
    • Python Services

  • CLI Reference

    • Complete Command Reference
    • Core Commands
    • Database Commands
    • Service Management
    • Production Commands

  • Deployment

    • Local Development
    • Production Setup
    • SSL/TLS Configuration
    • Domain Configuration
    • Environment Variables

  • Advanced Topics

    • Multi-Tenancy & SaaS
    • Security & Hardening
    • Custom Actions
    • Webhooks
    • Performance Tuning
    • Troubleshooting

  • ɳClaw

    • Backend Manager
    • API Gateway
    • Voice Input
    • Threads & Projects

  • Migration Guides

    • From Supabase
    • From Nhost
    • From Firebase

  • Resources

    • Changelog
    • Licensing
    • FAQ
    • Contributing
    • Support

ɳClaw Backend Manager

The backend manager lets you query your nSelf database, check service health, restart containers, and review the audit log — all through a plain-English chat interface. No terminal required.

It is part of the nself-claw plugin (Max tier). Once installed, your ɳClaw instance gains a dedicated /admin route that shows a live dashboard backed by your server.

Activating admin mode

The backend manager is off by default. Enable it by setting CLAW_WEB_PASSWORD on your server. Any non-empty value turns on the admin route and requires that password to log in.

# In your backend .env (or web app env vars)
CLAW_WEB_PASSWORD=your-strong-password

# Then rebuild and restart
nself build
nself restart

Open https://your-claw-domain/admin and enter the password. The session persists in the browser until you clear it manually.

Supported operations

Read operations

These are safe to run at any time. ɳClaw will execute them without confirmation.

  • Natural-language database queries — translated to read-only SQL
  • Service health check — uptime, container status, restart count
  • System metrics — CPU, RAM, and disk usage in real time
  • Audit log — paginated log of all admin actions

Write operations

ɳClaw asks for confirmation before running anything that changes state.

  • Service restart — restarts a named container (e.g. restart Hasura)
  • Environment variable updates — proposed changes shown before applying

Destructive operations

These are disabled by default. Enable them by setting CLAW_ADMIN_ALLOW_DESTRUCTIVE=true. Even then, ɳClaw requires two confirmations before executing.

  • Direct SQL mutations — INSERT, UPDATE, DELETE via natural language
  • Service teardown — stopping a service entirely

Natural-language query examples

"How many users signed up this week?"
→ SELECT COUNT(*) FROM users WHERE created_at >= NOW() - INTERVAL '7 days'

"Show the last 5 failed auth attempts"
→ SELECT * FROM auth.audit_log WHERE type = 'signIn' AND error IS NOT NULL ORDER BY created_at DESC LIMIT 5

"What tables are in my database?"
→ SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'

"Is Redis running?"
→ Checks container status and returns uptime + memory usage

"Restart the auth service"
→ Prompts for confirmation, then: docker restart <auth-container-id>

Safety model

ɳClaw never executes SQL that modifies data without your explicit confirmation. The query is shown to you in full before it runs. If the translation looks wrong, type cancel and rephrase.

All operations — reads and writes — are logged to the audit trail. The log is append-only and cannot be modified through the chat interface.

Audit log

Every backend manager action is recorded with a timestamp, the actor (session identifier), and the operation. The log is stored in your PostgreSQL database and is accessible through:

  • The admin dashboard sidebar (last 50 entries)
  • Natural-language query: "Show the audit log from today"
  • Direct SQL: SELECT * FROM claw_audit_log ORDER BY created_at DESC

CLI commands

# Enable the backend manager (sets CLAW_WEB_PASSWORD and rebuilds)
nself claw admin enable --password your-password

# Disable the backend manager
nself claw admin disable

# Set a new password without disabling
nself claw admin set-password new-password

# View the audit log from the terminal
nself claw admin log

# View the last N entries
nself claw admin log --limit 20

# Clear the audit log (requires --confirm)
nself claw admin log --clear --confirm

Requirements

  • nSelf v0.9.9 or later
  • Max license ($19/yr) — see nself.org/commercial
  • Plugins: nself plugin install ai claw mux