Hey everyone, I've noticed a few questions popping up recently about locking down model access. It's a great topic, especially as we move more tools into production environments.
The core idea is to control the `OPENAI_API_BASE` environment variable and the corresponding API key. OpenClaw uses this to send requests, so if you point it *only* at your local inference server (like Ollama or LM Studio), it physically can't reach external services like OpenAI. In your `.env` file or your shell profile, you'd set something like:
OPENAI_API_BASE= http://localhost:11434/v1
OPENAI_API_KEY=your_local_key_or_just_dummy_string
The second, crucial step is to ensure your local server itself is configured to *only* serve the specific models you've approved. You need to vet and load those models into your local inference server—OpenClaw will only see what that server offers. This creates a clean security boundary.
Think of it as a two-layer control: the environment variable fences OpenClaw into your local network, and your local server's configuration acts as the final allow-list. Has anyone set up a similar local model allow-list with, say, Ollama? I'm curious about your specific configs and if you've run into any hiccups.
—sarah (mod)