#imessage gets recieved but I see this message in the terminal.

% imsg launch
Using dylib: /opt/homebrew/Cellar/imsg/0.8.2/lib/imsg-bridge-helper.dylib
Launching Messages.app with injection...
Failed to launch: Timeout waiting for Messages.app to initialize. Ensure SIP is disabled and Messages.app has necessary permissions.
Timeout waiting for Messages.app to initialize. Ensure SIP is disabled and Messages.app has necessary permissions.

That error is specifically imsg launch, which is the private-API injection path. If iMessages are being received, your basic imsg path is probably working; launch is only needed for advanced bridge features like reactions/tapbacks, edit/unsend, threaded reply, effects, group ops, typing/read receipts.

A few checks:

openclaw --version
imsg --version
imsg status --json
openclaw channels status --probe

If you only need normal send/receive, you can usually ignore imsg launch and stay in basic mode. If you want the advanced actions, then the Mac running Messages.app needs SIP disabled, Messages.app signed in, and the right macOS permissions for the exact process context running imsg/OpenClaw: Full Disk Access for reading chat.db, and Automation permission for controlling Messages.

Docs: https://docs.openclaw.ai/channels/imessage

If you paste the outputs above plus your macOS version, we can narrow down whether this is just “basic mode working as expected” or a failed private-API injection.

What does SIP disable mean and how do I check it on OSX?

SIP = System Integrity Protection. It’s a macOS security feature that prevents even admin/root processes from modifying or injecting into protected system apps/processes.

For imsg launch, “disable SIP” means booting into macOS Recovery and running Apple’s csrutil disable, so imsg can inject its helper dylib into Messages.app. That unlocks advanced private-API features. It’s a real security tradeoff, so don’t do it casually.

To check SIP status on macOS, run:

csrutil status

You’ll see something like:

System Integrity Protection status: enabled.

or:

System Integrity Protection status: disabled.

Important: if your iMessages are already being received/sent normally, you probably do not need SIP disabled. Basic OpenClaw iMessage use works without it. SIP-off is only for advanced actions like tapbacks/reactions, edit/unsend, threaded replies, effects, group ops, typing/read receipts.

Docs: https://docs.openclaw.ai/channels/imessage

% csrutil status
System Integrity Protection status: disabled.

Good — that means SIP itself is not the blocker.

Next likely causes for Timeout waiting for Messages.app to initialize:

1. Messages.app isn’t actually usable interactively
   • Open Messages.app manually
   • Confirm it’s signed in and not stuck on an iCloud/login prompt
   • Quit it, then retry:

imsg launch

2. macOS privacy permissions aren’t granted to the process running imsg
   In System Settings → Privacy & Security, check:
   • Full Disk Access: add Terminal/iTerm, and if OpenClaw runs as a service, the relevant shell/node/openclaw process context
   • Automation: Terminal/iTerm should be allowed to control Messages

Then trigger prompts with:

imsg chats --limit 1
imsg send <your-number-or-email> "test"

3. Need version / status details
   Please paste:

openclaw --version
imsg --version
imsg status --json
openclaw channels status --probe

Since you said iMessage is received, basic mode is probably fine. This only matters if you need the private bridge features like tapbacks/reactions, edit/unsend, threaded replies, effects, group ops, typing/read receipts.

Where is this ? if OpenClaw runs as a service, the relevant shell/node/openclaw process

That wording is annoyingly abstract, sorry 😅

On macOS, permissions are granted to the app/binary that launches or runs the process.

If you run OpenClaw manually from Terminal, grant permissions to:

• Terminal.app or iTerm.app — whichever you use

Path in macOS:

System Settings → Privacy & Security → Full Disk Access

Add/enable Terminal or iTerm there. Then also check:

System Settings → Privacy & Security → Automation

Make sure Terminal/iTerm is allowed to control Messages.

If OpenClaw is installed as a background service/LaunchAgent, it may be running through node rather than your terminal. In that case also add the actual Node binary used by OpenClaw to Full Disk Access. You can find it with:

which node
which openclaw
openclaw gateway status

Common examples are:

/opt/homebrew/bin/node
/usr/local/bin/node
/Users/<you>/.nvm/versions/node/.../bin/node

In the Full Disk Access picker, press Cmd+Shift+G and paste the path to jump directly to it.

After changing permissions, fully quit/restart Messages and restart OpenClaw/the terminal before trying imsg launch again.

Yes! This should be added to the offical docs somewhere

Agreed — this is exactly the kind of thing that belongs in the docs.

I can’t make the docs change or file it for you from here, but the best path is to open a docs issue here: https://github.com/openclaw/openclaw/issues

Include the error text, what it means, and the working fix/workaround from this thread so it’s easy to turn into a docs note. 🦞

Looks like messages are getting seen. How do I enable iMessage support in the config ?

For new setups, use BlueBubbles rather than the legacy imessage/imsg channel.

Fastest path:

openclaw onboard

Pick BlueBubbles, or add it manually:

openclaw channels add bluebubbles --http-url http://192.168.1.100:1234 --password <password>

Manual config shape is:

{
  channels: {
    bluebubbles: {
      enabled: true,
      serverUrl: "http://192.168.1.100:1234",
      password: "example-password",
      webhookPath: "/bluebubbles-webhook",
    },
  },
}

Then in the BlueBubbles server app, enable the Web API, set that password, and point its webhook at your gateway, e.g.:

https://your-gateway-host:3000/bluebubbles-webhook?password=<password>

Docs: https://docs.openclaw.ai/channels/bluebubbles

There is also legacy iMessage via imsg, but docs recommend BlueBubbles for new deployments: https://docs.openclaw.ai/channels/imessage

Also: what does openclaw --version show? Version mismatches around channels/config can cause weirdness, so I’d check that early.

in the json config, how are local paths supposed to look ?

In ~/.openclaw/openclaw.json, paths are just JSON/JSON5 strings.

For macOS local paths, prefer absolute paths like:

{
  channels: {
    imessage: {
      enabled: true,
      cliPath: "/opt/homebrew/bin/imsg", // Apple Silicon Homebrew usually
      dbPath: "/Users/jeremy/Library/Messages/chat.db",
    },
  },
}

or for Intel/Homebrew:

cliPath: "/usr/local/bin/imsg"

For BlueBubbles local outbound media allowlists, docs specifically say these must be absolute local directories:

{
  channels: {
    bluebubbles: {
      enabled: true,
      serverUrl: "http://192.168.1.100:1234",
      password: "...",
      mediaLocalRoots: [
        "/Users/jeremy/Downloads",
        "/Users/jeremy/Pictures"

      ],
    },
  },
}

~ is used in some OpenClaw config examples and often expands, but for channel/file access troubleshooting I’d use full /Users/you/... paths to remove ambiguity.

Docs refs: https://docs.openclaw.ai/channels/imessage and https://docs.openclaw.ai/channels/bluebubbles

iMessage pairing request ?

Yep — that means iMessage is receiving, but the sender is not approved yet.

By default, iMessage/BlueBubbles DMs use dmPolicy: "pairing". Unknown senders get a pairing request/code, and OpenClaw ignores their messages until you approve it.

Approve it with the matching channel name:

openclaw pairing list imessage
openclaw pairing approve imessage <CODE>

If you’re using BlueBubbles, use:

openclaw pairing list bluebubbles
openclaw pairing approve bluebubbles <CODE>

Alternative: switch to an explicit allowlist in config:

{
  channels: {
    bluebubbles: {
      dmPolicy: "allowlist",
      allowFrom: ["+15555550123", "person@example.com"],
    },
  },
}

I’d keep pairing while testing unless you’re sure of the handles. Docs: https://docs.openclaw.ai/channels/pairing

Who types this "openclaw pairing list imessage" ?

You do — the person running the OpenClaw Gateway.

Run it in a terminal on the same machine/account where OpenClaw is installed and where the gateway config/state lives. Usually that’s the Mac/VPS running:

openclaw gateway

So for legacy iMessage:

openclaw pairing list imessage
openclaw pairing approve imessage <CODE>

For BlueBubbles:

openclaw pairing list bluebubbles
openclaw pairing approve bluebubbles <CODE>

The <CODE> is the pairing code shown in the terminal/log or sent to the iMessage sender. Once approved, that sender can DM the bot.

When I run that command I see "No pending imessage pairing requests."

That usually means one of these is true:

1. You’re actually using BlueBubbles, not the legacy imessage channel. Try:

openclaw pairing list bluebubbles

2. You have a non-default account configured. Then include the account id:

openclaw pairing list imessage --account <accountId>
# or
openclaw pairing list bluebubbles --account <accountId>

3. The request expired or wasn’t created. Pairing codes expire after 1 hour, and OpenClaw only creates/sends a fresh request roughly once per sender per hour. Send another iMessage DM to trigger it, then immediately run the list command.