diff --git a/apps/web/src/app/api/kiloclaw/clawmetry/[instanceId]/route.ts b/apps/web/src/app/api/kiloclaw/clawmetry/[instanceId]/route.ts
new file mode 100644
index 0000000000..d17c6f7da1
--- /dev/null
+++ b/apps/web/src/app/api/kiloclaw/clawmetry/[instanceId]/route.ts
@@ -0,0 +1,88 @@
+import { NextResponse } from 'next/server';
+import { getUserFromAuth } from '@/lib/user.server';
+import { KILOCLAW_API_URL } from '@/lib/config.server';
+import { generateApiToken, TOKEN_EXPIRY } from '@/lib/tokens';
+
+/**
+ * POST /api/kiloclaw/clawmetry/[instanceId]
+ *
+ * One-shot endpoint backing the "View Observability Dashboard" button. Does
+ * two things on the user's KiloClaw instance and returns the dashboard URL
+ * the browser should open in a new tab:
+ *
+ *   1. POST `/_kilo/clawmetry-start-sync` — spawns the sync daemon (idempotent)
+ *   2. GET  `/_kilo/clawmetry-dashboard-url` — reads the self-decrypting URL
+ *
+ * Both calls go through the existing per-instance worker proxy
+ * (`{KILOCLAW_API_URL}/i/{instanceId}/...`) which already handles JWT auth,
+ * access control, and the gateway-token signing for the controller.
+ *
+ * The returned URL contains the AES-256-GCM enc_key in its `#fragment` —
+ * that fragment is meaningful only to the browser (servers never see it).
+ * The browser stashes the key in localStorage and decrypts ClawMetry
+ * events client-side.
+ */
+export async function POST(_req: Request, { params }: { params: Promise<{ instanceId: string }> }) {
+  const { instanceId } = await params;
+  if (!instanceId || !/^[A-Za-z0-9_-]+$/.test(instanceId)) {
+    return NextResponse.json({ error: 'Invalid instance ID' }, { status: 400 });
+  }
+
+  const { user, authFailedResponse } = await getUserFromAuth({ adminOnly: false });
+  if (authFailedResponse) return authFailedResponse;
+
+  if (!KILOCLAW_API_URL) {
+    return NextResponse.json({ error: 'KiloClaw not configured' }, { status: 503 });
+  }
+
+  const token = generateApiToken(user, undefined, { expiresIn: TOKEN_EXPIRY.fiveMinutes });
+  const proxyBase = `${KILOCLAW_API_URL}/i/${encodeURIComponent(instanceId)}`;
+  const headers = { Authorization: `Bearer ${token}` };
+
+  // 1. Start the sync daemon — idempotent. Failure here is non-fatal; we
+  //    still try to return the dashboard URL so the user can at least see
+  //    historical data (or an empty dashboard with a clear error state).
+  try {
+    const startRes = await fetch(`${proxyBase}/_kilo/clawmetry-start-sync`, {
+      method: 'POST',
+      headers,
+    });
+    if (!startRes.ok && startRes.status !== 404) {
+      console.warn(`[clawmetry] start-sync returned ${startRes.status} for instance ${instanceId}`);
+    }
+  } catch (err) {
+    console.warn(`[clawmetry] start-sync error for instance ${instanceId}:`, err);
+  }
+
+  // 2. Fetch the self-decrypting dashboard URL.
+  let urlRes: Response;
+  try {
+    urlRes = await fetch(`${proxyBase}/_kilo/clawmetry-dashboard-url`, { headers });
+  } catch (err) {
+    console.error(`[clawmetry] dashboard-url fetch failed for instance ${instanceId}:`, err);
+    return NextResponse.json({ error: 'Failed to reach instance' }, { status: 502 });
+  }
+
+  if (urlRes.status === 404) {
+    return NextResponse.json(
+      {
+        error:
+          'ClawMetry not provisioned on this instance — try redeploying or check KILOCLAW_CLAWMETRY_DISABLED env var',
+      },
+      { status: 404 }
+    );
+  }
+  if (!urlRes.ok) {
+    return NextResponse.json(
+      { error: `Instance returned ${urlRes.status}` },
+      { status: urlRes.status }
+    );
+  }
+
+  const body = (await urlRes.json()) as { url?: string };
+  if (!body.url) {
+    return NextResponse.json({ error: 'Instance returned no dashboard URL' }, { status: 502 });
+  }
+
+  return NextResponse.json({ url: body.url });
+}
diff --git a/apps/web/src/components/subscriptions/kiloclaw/KiloClawDetail.tsx b/apps/web/src/components/subscriptions/kiloclaw/KiloClawDetail.tsx
index 6c14c33e98..49c6d9f2ff 100644
--- a/apps/web/src/components/subscriptions/kiloclaw/KiloClawDetail.tsx
+++ b/apps/web/src/components/subscriptions/kiloclaw/KiloClawDetail.tsx
@@ -342,6 +342,32 @@ export function KiloClawDetail({ instanceId }: { instanceId: string }) {
             </Button>
           )}
 
+          <Button
+            variant="outline"
+            onClick={async () => {
+              const t = toast.loading('Starting ClawMetry sync…');
+              try {
+                const res = await fetch(
+                  `/api/kiloclaw/clawmetry/${encodeURIComponent(instanceId)}`,
+                  {
+                    method: 'POST',
+                  }
+                );
+                const body = (await res.json()) as { url?: string; error?: string };
+                if (!res.ok || !body.url) {
+                  toast.error(body.error ?? 'Could not open observability dashboard', { id: t });
+                  return;
+                }
+                toast.success('Opening ClawMetry — syncing your data…', { id: t });
+                window.open(body.url, '_blank', 'noopener,noreferrer');
+              } catch (err) {
+                toast.error(err instanceof Error ? err.message : 'Network error', { id: t });
+              }
+            }}
+          >
+            View Observability
+          </Button>
+
           {subscription.showConversionPrompt ? (
             <Button variant="outline" onClick={() => setConfirmationAction('switchToCredits')}>
               Switch to Credits
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 09c714f349..3e8dda6f21 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -1602,7 +1602,7 @@ importers:
         version: 7.0.0-dev.20260319.1
       jest:
         specifier: ^30.3.0
-        version: 30.3.0(@types/node@24.12.0)(esbuild-register@3.6.0(esbuild@0.27.4))
+        version: 30.3.0(@types/node@25.5.0)(esbuild-register@3.6.0(esbuild@0.27.4))
       typescript:
         specifier: 'catalog:'
         version: 5.9.3
@@ -1981,6 +1981,9 @@ importers:
       drizzle-kit:
         specifier: 'catalog:'
         version: 0.31.9
+      playwright:
+        specifier: ^1.58.2
+        version: 1.58.2
       typescript:
         specifier: 'catalog:'
         version: 5.9.3
@@ -26646,6 +26649,25 @@ snapshots:
       - supports-color
       - ts-node
 
+  jest-cli@30.3.0(@types/node@25.5.0)(esbuild-register@3.6.0(esbuild@0.27.4)):
+    dependencies:
+      '@jest/core': 30.3.0(esbuild-register@3.6.0(esbuild@0.27.4))
+      '@jest/test-result': 30.3.0
+      '@jest/types': 30.3.0
+      chalk: 4.1.2
+      exit-x: 0.2.2
+      import-local: 3.2.0
+      jest-config: 30.3.0(@types/node@25.5.0)(esbuild-register@3.6.0(esbuild@0.27.4))
+      jest-util: 30.3.0
+      jest-validate: 30.3.0
+      yargs: 17.7.2
+    transitivePeerDependencies:
+      - '@types/node'
+      - babel-plugin-macros
+      - esbuild-register
+      - supports-color
+      - ts-node
+
   jest-config@29.7.0(@types/node@24.12.0):
     dependencies:
       '@babel/core': 7.29.0
@@ -27297,6 +27319,19 @@ snapshots:
       - supports-color
       - ts-node
 
+  jest@30.3.0(@types/node@25.5.0)(esbuild-register@3.6.0(esbuild@0.27.4)):
+    dependencies:
+      '@jest/core': 30.3.0(esbuild-register@3.6.0(esbuild@0.27.4))
+      '@jest/types': 30.3.0
+      import-local: 3.2.0
+      jest-cli: 30.3.0(@types/node@25.5.0)(esbuild-register@3.6.0(esbuild@0.27.4))
+    transitivePeerDependencies:
+      - '@types/node'
+      - babel-plugin-macros
+      - esbuild-register
+      - supports-color
+      - ts-node
+
   jimp-compact@0.16.1: {}
 
   jiti@2.6.1: {}
diff --git a/services/kiloclaw/Dockerfile b/services/kiloclaw/Dockerfile
index 415249e289..d22ab88acb 100644
--- a/services/kiloclaw/Dockerfile
+++ b/services/kiloclaw/Dockerfile
@@ -9,7 +9,7 @@ ENV NODE_VERSION=24.15.0
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
        ca-certificates curl gnupg git xz-utils unzip jq ripgrep rsync zstd \
-       build-essential python3 ffmpeg tmux chromium \
+       build-essential python3 python3-venv ffmpeg tmux chromium \
     && ARCH="$(dpkg --print-architecture)" \
     && case "${ARCH}" in \
          amd64) NODE_ARCH="x64" ;; \
@@ -74,6 +74,27 @@ RUN npm install -g openclaw@2026.4.23 \
     && echo "OK: patched actionRequiresTarget in $(basename "$CT_FILE")" \
     && openclaw --version
 
+# Install ClawMetry — observability dashboard for the OpenClaw runtime.
+# Pre-installed so every KiloClaw instance has it available; the controller's
+# bootstrap step `provisionClawMetrySync` activates it (one-time account
+# auto-provisioning + sync daemon) when CLAWMETRY_PARTNER_KEY is set on the
+# instance env.
+#
+# Uses the upstream one-line installer instead of pinning a PyPI version.
+# This delegates version selection + bootstrap (venv layout, symlink, future
+# install steps) to ClawMetry's install.sh so it can evolve without a PR
+# back to this repo. Trade-off: builds are not bit-reproducible across
+# rebuilds — the image picks up whatever version PyPI has at build time.
+# That's intentional; the integration is best-effort observability and the
+# sync daemon is fail-soft (see provisionClawMetrySync).
+#
+# install.sh creates a venv at /root/.clawmetry and symlinks the binary at
+# /root/.local/bin/clawmetry. We add that to PATH so subsequent build steps
+# and runtime callers can invoke `clawmetry` by name.
+ENV PATH="/root/.local/bin:${PATH}"
+RUN curl -fsSL https://clawmetry.com/install.sh | bash \
+    && clawmetry --version
+
 # Bake bundled plugin runtime deps into the image so first boot is pure
 # startup — no npm install from `openclaw doctor` on shared-cpu Fly machines.
 # Each step writes to a temp file and is chained with && so failures break
diff --git a/services/kiloclaw/controller/src/bootstrap.test.ts b/services/kiloclaw/controller/src/bootstrap.test.ts
index 1d68684756..2b03e55a35 100644
--- a/services/kiloclaw/controller/src/bootstrap.test.ts
+++ b/services/kiloclaw/controller/src/bootstrap.test.ts
@@ -1,5 +1,6 @@
 import { describe, it, expect, vi } from 'vitest';
 import crypto from 'node:crypto';
+import type { spawn as nodeSpawn } from 'node:child_process';
 import {
   decryptEnvVars,
   setupDirectories,
@@ -7,6 +8,7 @@ import {
   generateHooksToken,
   configureGitHub,
   configureLinear,
+  provisionClawMetrySync,
   runOnboardOrDoctor,
   formatBotIdentityMarkdown,
   writeBotIdentityFile,
@@ -57,6 +59,7 @@ function fakeDeps(): {
   chdirCalls: string[];
   copyCalls: { src: string; dest: string }[];
   execCalls: { cmd: string; args: string[]; input?: string }[];
+  spawnCalls: { cmd: string; args: string[] }[];
   writeCalls: { path: string; data: string }[];
   renameCalls: { from: string; to: string }[];
   setConfigExists: (v: boolean) => void;
@@ -66,6 +69,7 @@ function fakeDeps(): {
   const chdirCalls: string[] = [];
   const copyCalls: { src: string; dest: string }[] = [];
   const execCalls: { cmd: string; args: string[]; input?: string }[] = [];
+  const spawnCalls: { cmd: string; args: string[] }[] = [];
   const writeCalls: { path: string; data: string }[] = [];
   const renameCalls: { from: string; to: string }[] = [];
   let configExists = false;
@@ -105,12 +109,18 @@ function fakeDeps(): {
         execCalls.push({ cmd, args, input: opts?.input });
         return '';
       }),
+      spawn: vi.fn((cmd: string, args: string[]) => {
+        spawnCalls.push({ cmd, args });
+        // Minimal ChildProcess stub — bootstrap only calls .unref().
+        return { unref: () => {} } as unknown as ReturnType<typeof nodeSpawn>;
+      }),
     },
     mkdirCalls,
     chmodCalls,
     chdirCalls,
     copyCalls,
     execCalls,
+    spawnCalls,
     writeCalls,
     renameCalls,
     setConfigExists(v: boolean) {
@@ -566,6 +576,241 @@ describe('configureLinear', () => {
   });
 });
 
+// ---- provisionClawMetrySync ----
+
+describe('provisionClawMetrySync', () => {
+  it('skips when KILOCLAW_CLAWMETRY_DISABLED=true', () => {
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const { deps, execCalls } = fakeDeps();
+
+    provisionClawMetrySync({ KILOCLAW_CLAWMETRY_DISABLED: 'true', FLY_MACHINE_ID: 'm1' }, deps);
+
+    expect(execCalls).toEqual([]);
+    expect(logSpy).toHaveBeenCalledWith('ClawMetry: disabled via KILOCLAW_CLAWMETRY_DISABLED');
+    logSpy.mockRestore();
+  });
+
+  it('warns and exits when no machine_id can be derived', () => {
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+    const { deps, execCalls } = fakeDeps();
+
+    provisionClawMetrySync({}, deps);
+
+    expect(execCalls).toEqual([]);
+    expect(warnSpy).toHaveBeenCalledWith(
+      'ClawMetry: skipping — no FLY_MACHINE_ID or HOSTNAME to identify the machine'
+    );
+    warnSpy.mockRestore();
+  });
+
+  it('registers via /api/register with source=kiloclaw, writes config, spawns daemon (which will defer uploads)', () => {
+    const logSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
+    const { deps, execCalls, spawnCalls, writeCalls, chmodCalls, mkdirCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') {
+        return JSON.stringify({
+          ok: true,
+          api_key: 'cm_abc123',
+          dashboard_id: 'dash-uuid-1',
+          node_id: 'agent-vivek-fly',
+        });
+      }
+      return '';
+    });
+
+    provisionClawMetrySync(
+      {
+        FLY_MACHINE_ID: 'fly-machine-abc',
+        HOSTNAME: 'agent-vivek-fly',
+        KILOCLAW_USER_EMAIL: 'user@kilocode.ai',
+      },
+      deps
+    );
+
+    const curlCall = execCalls.find(c => c.cmd === 'curl');
+    expect(curlCall).toBeDefined();
+    expect(curlCall?.args).toContain('https://app.clawmetry.com/api/register');
+    // Public endpoint — no X-Partner-Key header anywhere
+    expect(curlCall?.args.every(a => !a.includes('X-Partner-Key'))).toBe(true);
+    const payload = JSON.parse(curlCall?.args.find(a => a.includes('machine_id')) ?? '{}');
+    expect(payload).toEqual({
+      hostname: 'agent-vivek-fly',
+      machine_id: 'fly-machine-abc',
+      platform: 'Linux',
+      source: 'kiloclaw',
+      email: 'user@kilocode.ai',
+    });
+
+    expect(mkdirCalls).toContain('/root/.clawmetry');
+
+    // config.json: full schema with api_key + encryption_key + node_id
+    const configWrite = writeCalls.find(w => w.path === '/root/.clawmetry/config.json');
+    expect(configWrite).toBeDefined();
+    const config = JSON.parse(configWrite!.data);
+    expect(config.api_key).toBe('cm_abc123');
+    expect(config.node_id).toBe('agent-vivek-fly');
+    expect(config.platform).toBe('Linux');
+    // encryption_key is 32 random bytes base64-encoded → 44 chars
+    expect(config.encryption_key).toHaveLength(44);
+    expect(typeof config.connected_at).toBe('string');
+
+    // dashboard URL points at /cloud/node/<id> — the only page that has the
+    // bridge script that reads the #fragment and stashes the enc_key
+    const urlWrite = writeCalls.find(w => w.path === '/root/.clawmetry/dashboard-url.txt');
+    expect(urlWrite).toBeDefined();
+    expect(urlWrite!.data).toMatch(
+      /^https:\/\/app\.clawmetry\.com\/cloud\/node\/agent-vivek-fly\?token=cm_abc123#key=[^&]+&node=agent-vivek-fly\n$/
+    );
+
+    // Both files written 0600
+    expect(chmodCalls).toContainEqual({ path: '/root/.clawmetry/config.json', mode: 0o600 });
+    expect(chmodCalls).toContainEqual({ path: '/root/.clawmetry/dashboard-url.txt', mode: 0o600 });
+
+    // Daemon spawned at bootstrap with source=kiloclaw — the cloud will tell
+    // it sync_allowed=false, reason='intent_pending' until the user clicks
+    // "View Observability". Heartbeats fire so dashboard is ready when they do.
+    expect(spawnCalls).toEqual([
+      { cmd: '/root/.clawmetry/bin/python3', args: ['-m', 'clawmetry.sync'] },
+    ]);
+
+    expect(logSpy).toHaveBeenCalledWith(
+      'ClawMetry: provisioned (node=agent-vivek-fly, E2E enabled, daemon spawned) — sync deferred until user opens dashboard'
+    );
+    logSpy.mockRestore();
+  });
+
+  it('uses machine_id as node_id fallback when /api/register omits node_id', () => {
+    const { deps, execCalls, writeCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') return JSON.stringify({ api_key: 'cm_x' });
+      return '';
+    });
+
+    provisionClawMetrySync({ FLY_MACHINE_ID: 'fallback-mid', HOSTNAME: 'h1' }, deps);
+
+    const config = JSON.parse(
+      writeCalls.find(w => w.path === '/root/.clawmetry/config.json')!.data
+    );
+    expect(config.node_id).toBe('fallback-mid');
+
+    const urlContents = writeCalls.find(w => w.path === '/root/.clawmetry/dashboard-url.txt')!.data;
+    expect(urlContents).toContain('node=fallback-mid');
+  });
+
+  it('omits email from payload when neither KILOCLAW_USER_EMAIL nor GITHUB_EMAIL is set', () => {
+    const { deps, execCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') return JSON.stringify({ api_key: 'cm_x' });
+      return '';
+    });
+
+    provisionClawMetrySync({ FLY_MACHINE_ID: 'm1', HOSTNAME: 'h1' }, deps);
+
+    const curlCall = execCalls.find(c => c.cmd === 'curl');
+    const payload = JSON.parse(curlCall?.args.find(a => a.includes('machine_id')) ?? '{}');
+    expect(payload.email).toBeUndefined();
+    expect(payload.machine_id).toBe('m1');
+  });
+
+  it('falls back to GITHUB_EMAIL when KILOCLAW_USER_EMAIL is absent', () => {
+    const { deps, execCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') return JSON.stringify({ api_key: 'cm_x' });
+      return '';
+    });
+
+    provisionClawMetrySync(
+      { FLY_MACHINE_ID: 'm1', HOSTNAME: 'h1', GITHUB_EMAIL: 'fallback@x.com' },
+      deps
+    );
+
+    const curlCall = execCalls.find(c => c.cmd === 'curl');
+    const payload = JSON.parse(curlCall?.args.find(a => a.includes('machine_id')) ?? '{}');
+    expect(payload.email).toBe('fallback@x.com');
+  });
+
+  it('falls back to HOSTNAME when FLY_MACHINE_ID is absent', () => {
+    const { deps, execCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') return JSON.stringify({ api_key: 'cm_x' });
+      return '';
+    });
+
+    provisionClawMetrySync({ HOSTNAME: 'standalone-host' }, deps);
+
+    const curlCall = execCalls.find(c => c.cmd === 'curl');
+    const payload = JSON.parse(curlCall?.args.find(a => a.includes('machine_id')) ?? '{}');
+    expect(payload.machine_id).toBe('standalone-host');
+    expect(payload.hostname).toBe('standalone-host');
+  });
+
+  it('warns but does not throw when register request errors', () => {
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+    const { deps, execCalls, writeCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') throw new Error('network down');
+      return '';
+    });
+
+    expect(() =>
+      provisionClawMetrySync({ FLY_MACHINE_ID: 'm1', HOSTNAME: 'h1' }, deps)
+    ).not.toThrow();
+    expect(writeCalls).toEqual([]);
+    expect(warnSpy).toHaveBeenCalledWith(
+      expect.stringContaining('ClawMetry: register request failed')
+    );
+    warnSpy.mockRestore();
+  });
+
+  it('warns and skips daemon spawn when register returns no api_key', () => {
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+    const { deps, execCalls, writeCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') {
+        return JSON.stringify({ ok: false, error: 'invalid payload' });
+      }
+      return '';
+    });
+
+    provisionClawMetrySync({ FLY_MACHINE_ID: 'm1', HOSTNAME: 'h1' }, deps);
+
+    expect(writeCalls).toEqual([]);
+    expect(execCalls.find(c => c.cmd === 'sh')).toBeUndefined();
+    expect(warnSpy).toHaveBeenCalledWith(
+      'ClawMetry: register returned no api_key — invalid payload'
+    );
+    warnSpy.mockRestore();
+  });
+
+  it('honors CLAWMETRY_API_BASE override (for staging / self-hosted)', () => {
+    const { deps, execCalls } = fakeDeps();
+    deps.execFileSync = vi.fn((cmd: string, args: string[]) => {
+      execCalls.push({ cmd, args });
+      if (cmd === 'curl') return JSON.stringify({ api_key: 'cm_x' });
+      return '';
+    });
+
+    provisionClawMetrySync(
+      {
+        FLY_MACHINE_ID: 'm1',
+        HOSTNAME: 'h1',
+        CLAWMETRY_API_BASE: 'https://staging.clawmetry.com',
+      },
+      deps
+    );
+
+    const curlCall = execCalls.find(c => c.cmd === 'curl');
+    expect(curlCall?.args).toContain('https://staging.clawmetry.com/api/register');
+  });
+});
+
 // ---- bot identity file ----
 
 describe('formatBotIdentityMarkdown', () => {
@@ -1736,6 +1981,7 @@ describe('bootstrapNonCritical', () => {
     expect(phases).toEqual([
       'github',
       'linear',
+      'clawmetry-sync',
       'gateway-client-device-scopes',
       'onboard',
       'tools-md',
@@ -1772,6 +2018,7 @@ describe('bootstrapNonCritical', () => {
     expect(phases).toEqual([
       'github',
       'linear',
+      'clawmetry-sync',
       'gateway-client-device-scopes',
       'onboard',
       'tools-md',
@@ -1799,6 +2046,7 @@ describe('bootstrapNonCritical', () => {
     expect(phases).toEqual([
       'github',
       'linear',
+      'clawmetry-sync',
       'gateway-client-device-scopes',
       'onboard',
       'tools-md',
@@ -1833,7 +2081,13 @@ describe('bootstrapNonCritical', () => {
     );
 
     expect(result).toEqual({ ok: false, phase: 'doctor', error: 'doctor exited 1' });
-    expect(phases).toEqual(['github', 'linear', 'gateway-client-device-scopes', 'doctor']);
+    expect(phases).toEqual([
+      'github',
+      'linear',
+      'clawmetry-sync',
+      'gateway-client-device-scopes',
+      'doctor',
+    ]);
   });
 });
 
@@ -1865,6 +2119,7 @@ describe('bootstrap', () => {
       'feature-flags',
       'github',
       'linear',
+      'clawmetry-sync',
       'gateway-client-device-scopes',
       'onboard',
       'tools-md',
diff --git a/services/kiloclaw/controller/src/bootstrap.ts b/services/kiloclaw/controller/src/bootstrap.ts
index 48f1bf1ed7..1db68ac874 100644
--- a/services/kiloclaw/controller/src/bootstrap.ts
+++ b/services/kiloclaw/controller/src/bootstrap.ts
@@ -12,7 +12,8 @@
 import crypto from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
-import { execFileSync as nodeExecFileSync } from 'node:child_process';
+import { execFileSync as nodeExecFileSync, spawn as nodeSpawn } from 'node:child_process';
+import type { ChildProcess, SpawnOptions } from 'node:child_process';
 import {
   generateBaseConfig,
   sanitizeLegacyStreamChatConfig,
@@ -82,6 +83,7 @@ export type BootstrapDeps = {
   readdirSync: (dir: string) => string[];
   statSync: (p: string) => { isDirectory: () => boolean };
   execFileSync: (cmd: string, args: string[], opts?: ExecOpts) => string;
+  spawn: (cmd: string, args: string[], opts?: SpawnOptions) => ChildProcess;
 };
 
 const defaultDeps: BootstrapDeps = {
@@ -103,6 +105,7 @@ const defaultDeps: BootstrapDeps = {
       env: opts?.env,
       input: opts?.input,
     }),
+  spawn: (cmd, args, opts) => nodeSpawn(cmd, args, opts ?? {}),
 };
 
 // ---- Controller state type ----
@@ -669,6 +672,199 @@ export function configureLinear(env: EnvLike): void {
   }
 }
 
+// ---- Step 6b: ClawMetry observability sync ----
+
+const CLAWMETRY_DIR = '/root/.clawmetry';
+const CLAWMETRY_CONFIG_PATH = '/root/.clawmetry/config.json';
+const CLAWMETRY_DASHBOARD_URL_PATH = '/root/.clawmetry/dashboard-url.txt';
+const CLAWMETRY_REGISTER_TIMEOUT_MS = 8_000;
+
+type ClawMetryRegisterResponse = {
+  ok?: boolean;
+  api_key?: string;
+  dashboard_id?: string;
+  node_id?: string;
+  error?: string;
+};
+
+/**
+ * Register this instance with ClawMetry and start the sync daemon.
+ *
+ * ClawMetry (https://clawmetry.com) is a free, end-to-end-encrypted
+ * observability dashboard for OpenClaw runtimes. The Python package is
+ * pre-installed in the image; this step (a) calls the public
+ * `/api/register` endpoint to get a per-machine cm_token, (b) generates a
+ * client-side AES-256-GCM encryption key (never sent to the server), (c)
+ * writes both to `~/.clawmetry/config.json` in the schema the sync daemon
+ * expects, (d) writes a self-decrypting dashboard URL to
+ * `~/.clawmetry/dashboard-url.txt` so KiloClaw's UI can surface a "View
+ * Observability" link, and (e) spawns `clawmetry sync` detached.
+ *
+ * E2E model: the encryption_key is generated on this box and never leaves
+ * it via any HTTP request. The cloud only ever sees ciphertext blobs. The
+ * dashboard URL embeds the key as a `#fragment` (which browsers never send
+ * to servers), so opening the URL in a browser primes localStorage with the
+ * key and decrypts events on the fly.
+ *
+ * Deferred sync: this step does NOT spawn the sync daemon. We only PRE-WIRE
+ * the integration (install + config + decryptable URL). The daemon should
+ * be started on demand — when the user clicks "View Observability" in
+ * KiloClaw's web UI, KiloClaw's controller exec's `clawmetry sync` in the
+ * background and opens the dashboard URL in a new tab. This avoids burning
+ * compute / bandwidth / cloud storage syncing for users who never look at
+ * the dashboard. The daemon, once started, can read the persisted local
+ * OpenClaw session files and publish a catch-up batch.
+ *
+ * KiloClaw's web UI should expose two controller endpoints:
+ *   GET  /_kilo/clawmetry-dashboard-url  → returns the contents of
+ *                                          dashboard-url.txt
+ *   POST /_kilo/clawmetry-start-sync     → spawns `nohup clawmetry sync &`
+ *                                          (idempotent — checks pgrep first)
+ *
+ * Same provisioning flow any user installing clawmetry on a fresh OpenClaw
+ * box would use — no special endpoint, no partner key, no secrets to manage.
+ *
+ * Failures NEVER block boot — observability is best-effort. Operators can
+ * set `KILOCLAW_CLAWMETRY_DISABLED=true` to skip entirely.
+ */
+export function provisionClawMetrySync(env: EnvLike, deps: BootstrapDeps = defaultDeps): void {
+  if (env.KILOCLAW_CLAWMETRY_DISABLED === 'true') {
+    console.log('ClawMetry: disabled via KILOCLAW_CLAWMETRY_DISABLED');
+    return;
+  }
+
+  const machineId = env.FLY_MACHINE_ID || env.HOSTNAME;
+  if (!machineId) {
+    console.warn('ClawMetry: skipping — no FLY_MACHINE_ID or HOSTNAME to identify the machine');
+    return;
+  }
+  const hostname = env.HOSTNAME || machineId;
+  const userEmail = env.KILOCLAW_USER_EMAIL ?? env.GITHUB_EMAIL;
+  const apiBase = env.CLAWMETRY_API_BASE ?? 'https://app.clawmetry.com';
+  const registerUrl = `${apiBase}/api/register`;
+
+  // Build the same payload the standard `clawmetry connect` flow would.
+  // Email is optional; account is keyed on machine_id either way.
+  // `source: 'kiloclaw'` puts the account in deferred-sync mode on the
+  // ClawMetry cloud — heartbeats go through but every other upload path
+  // is gated until the user clicks "View Observability" (which fires
+  // /api/cloud/intent-start; see routes/clawmetry.ts).
+  const payload: {
+    hostname: string;
+    machine_id: string;
+    platform: string;
+    source: string;
+    email?: string;
+  } = {
+    hostname,
+    machine_id: machineId,
+    platform: 'Linux',
+    source: 'kiloclaw',
+  };
+  if (userEmail) {
+    payload.email = userEmail;
+  }
+
+  let registered: ClawMetryRegisterResponse;
+  try {
+    const result = deps.execFileSync(
+      'curl',
+      [
+        '-sS',
+        '--max-time',
+        String(Math.ceil(CLAWMETRY_REGISTER_TIMEOUT_MS / 1000)),
+        '-X',
+        'POST',
+        '-H',
+        'Content-Type: application/json',
+        '-d',
+        JSON.stringify(payload),
+        registerUrl,
+      ],
+      { stdio: 'pipe' }
+    );
+    registered = JSON.parse(String(result)) as ClawMetryRegisterResponse;
+    if (!registered.api_key) {
+      console.warn(
+        `ClawMetry: register returned no api_key — ${registered.error ?? 'unknown error'}`
+      );
+      return;
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    console.warn(`ClawMetry: register request failed — ${message}`);
+    return;
+  }
+
+  // Generate the E2E encryption key client-side. The cloud will never see
+  // this. AES-256-GCM uses a 32-byte key — base64 encoding gives 44 chars.
+  const encryptionKey = crypto.randomBytes(32).toString('base64');
+  const nodeId = registered.node_id || machineId;
+
+  if (!deps.existsSync(CLAWMETRY_DIR)) {
+    deps.mkdirSync(CLAWMETRY_DIR, { recursive: true, mode: 0o700 });
+  }
+
+  // Schema matches what `clawmetry connect` writes (clawmetry/cli.py:495).
+  // `clawmetry sync` reads from this file via clawmetry/sync.py:924.
+  const config = {
+    api_key: registered.api_key,
+    node_id: nodeId,
+    platform: 'Linux',
+    connected_at: new Date().toISOString(),
+    encryption_key: encryptionKey,
+  };
+  deps.writeFileSync(CLAWMETRY_CONFIG_PATH, JSON.stringify(config, null, 2));
+  deps.chmodSync(CLAWMETRY_CONFIG_PATH, 0o600);
+
+  // Self-decrypting dashboard URL pointing at the per-node detail page —
+  // /cloud/node/<id>?token=cm_xxx#key=<enc>&node=<id>. This is the page
+  // users actually want when they click "View Observability" (their
+  // KiloClaw runtime's Brain feed, sessions, tools, etc.), and it's the
+  // only page that contains the cm-setup-bridge script that reads the
+  // fragment and stashes the enc_key in localStorage.
+  //
+  // The fragment is never sent to any server (browsers strip fragments
+  // from outgoing requests). The dashboard JS reads it client-side and
+  // uses it to decrypt event blobs. Putting ?token= in the URL is the
+  // standard ClawMetry auth pattern (every /d/<id> redirect does the
+  // same thing) — anyone with this URL can view this user's KiloClaw
+  // observability data, which is the whole point of the integration.
+  const dashboardUrl = `${apiBase}/cloud/node/${encodeURIComponent(nodeId)}?token=${encodeURIComponent(registered.api_key)}#key=${encodeURIComponent(encryptionKey)}&node=${encodeURIComponent(nodeId)}`;
+  deps.writeFileSync(CLAWMETRY_DASHBOARD_URL_PATH, dashboardUrl + '\n');
+  deps.chmodSync(CLAWMETRY_DASHBOARD_URL_PATH, 0o600);
+
+  // Spawn the sync daemon here, at instance boot. With source='kiloclaw',
+  // the cloud-side /ingest/heartbeat will tell this daemon sync_allowed=
+  // false, reason='intent_pending' — so the daemon heartbeats every 60s
+  // (cheap, metadata only) but uploads zero session / event / log /
+  // memory data until the user clicks "View Observability". That click
+  // fires POST /api/cloud/intent-start, the cloud flips users.sync_intent_at,
+  // and the daemon's next heartbeat returns sync_allowed=true.
+  //
+  // Spawning at bootstrap (vs. on first click) eliminates the spawn-on-
+  // click race that previously left users staring at a "Run: clawmetry
+  // connect" banner during cold-start. The daemon is always there; only
+  // the data flow is deferred.
+  try {
+    const child = deps.spawn('/root/.clawmetry/bin/python3', ['-m', 'clawmetry.sync'], {
+      detached: true,
+      stdio: 'ignore',
+    });
+    child.unref();
+    console.log(
+      `ClawMetry: provisioned (node=${nodeId}, E2E enabled, daemon spawned) — sync deferred until user opens dashboard`
+    );
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    // Bootstrap should not fail because the daemon couldn't spawn — the
+    // gateway boot continues. Worst case: user clicks View Observability
+    // and start-sync fires intent-start, but no daemon is alive to pick
+    // it up. They'll see the dashboard chrome with empty data.
+    console.warn(`ClawMetry: daemon spawn failed (continuing) — ${message}`);
+  }
+}
+
 // ---- Step 7: Onboard / doctor + config patching ----
 
 /**
@@ -1258,6 +1454,7 @@ export async function bootstrapNonCritical(
   const steps: BootstrapStep[] = [
     { phase: 'github', run: () => configureGitHub(env, deps) },
     { phase: 'linear', run: () => configureLinear(env) },
+    { phase: 'clawmetry-sync', run: () => provisionClawMetrySync(env, deps) },
     {
       phase: 'gateway-client-device-scopes',
       run: () => runGatewayClientDeviceScopeRemediation(deps),
diff --git a/services/kiloclaw/controller/src/index.ts b/services/kiloclaw/controller/src/index.ts
index afd7363f2c..7e0d8dcbfc 100644
--- a/services/kiloclaw/controller/src/index.ts
+++ b/services/kiloclaw/controller/src/index.ts
@@ -42,6 +42,7 @@ import { registerInboundEmailRoute } from './routes/inbound-email';
 import { registerFileRoutes } from './routes/files';
 import { registerKiloCliRunRoutes } from './routes/kilo-cli-run';
 import { registerMorningBriefingRoutes } from './routes/morning-briefing';
+import { registerClawmetryRoutes } from './routes/clawmetry';
 import { CONTROLLER_COMMIT, CONTROLLER_VERSION } from './version';
 import { writeKiloCliConfig } from './kilo-cli-config';
 import { writeGogCredentials } from './gog-credentials';
@@ -448,6 +449,7 @@ export async function startController(env: NodeJS.ProcessEnv = process.env): Pro
   registerInboundEmailRoute(honoApp, supervisor, config.expectedToken, config.hooksToken);
   registerFileRoutes(honoApp, config.expectedToken, '/root/.openclaw');
   registerKiloCliRunRoutes(honoApp, config.expectedToken);
+  registerClawmetryRoutes(honoApp, config.expectedToken);
   honoApp.all(
     '*',
     createHttpProxy({
diff --git a/services/kiloclaw/controller/src/routes/clawmetry.test.ts b/services/kiloclaw/controller/src/routes/clawmetry.test.ts
new file mode 100644
index 0000000000..b9b0947e7b
--- /dev/null
+++ b/services/kiloclaw/controller/src/routes/clawmetry.test.ts
@@ -0,0 +1,172 @@
+import { describe, it, expect, vi } from 'vitest';
+import { Hono } from 'hono';
+import {
+  registerClawmetryRoutes,
+  CLAWMETRY_DASHBOARD_URL_PATH,
+  CLAWMETRY_CONFIG_PATH,
+} from './clawmetry';
+
+const TOKEN = 'test-token';
+const AUTH = { authorization: `Bearer ${TOKEN}` };
+
+function makeApp(deps: Parameters<typeof registerClawmetryRoutes>[2]): Hono {
+  const app = new Hono();
+  registerClawmetryRoutes(app, TOKEN, deps);
+  return app;
+}
+
+// ── auth ──────────────────────────────────────────────────────────────────
+
+describe('clawmetry routes — auth', () => {
+  it('GET /_kilo/clawmetry-dashboard-url rejects missing bearer', async () => {
+    const app = makeApp({ existsSync: () => true, readFileSync: () => 'http://x' });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url');
+    expect(res.status).toBe(401);
+  });
+
+  it('GET rejects wrong bearer', async () => {
+    const app = makeApp({ existsSync: () => true, readFileSync: () => 'http://x' });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url', {
+      headers: { authorization: 'Bearer wrong' },
+    });
+    expect(res.status).toBe(401);
+  });
+
+  it('POST /_kilo/clawmetry-start-sync rejects missing bearer', async () => {
+    const app = makeApp({});
+    const res = await app.request('/_kilo/clawmetry-start-sync', { method: 'POST' });
+    expect(res.status).toBe(401);
+  });
+});
+
+// ── GET dashboard-url ──────────────────────────────────────────────────────
+
+describe('GET /_kilo/clawmetry-dashboard-url', () => {
+  it('returns the URL from disk', async () => {
+    const app = makeApp({
+      existsSync: p => p === CLAWMETRY_DASHBOARD_URL_PATH,
+      readFileSync: p => {
+        if (p === CLAWMETRY_DASHBOARD_URL_PATH) {
+          return 'https://app.clawmetry.com/cloud#key=abc&node=fly-machine-1\n';
+        }
+        return '';
+      },
+    });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url', { headers: AUTH });
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as { url: string };
+    expect(body.url).toBe('https://app.clawmetry.com/cloud#key=abc&node=fly-machine-1');
+  });
+
+  it('returns 404 when bootstrap has not run (file missing)', async () => {
+    const app = makeApp({ existsSync: () => false });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url', { headers: AUTH });
+    expect(res.status).toBe(404);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toContain('not found');
+  });
+
+  it('returns 500 when file is empty', async () => {
+    const app = makeApp({
+      existsSync: () => true,
+      readFileSync: () => '   \n',
+    });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url', { headers: AUTH });
+    expect(res.status).toBe(500);
+  });
+
+  it('returns 500 when readFileSync throws', async () => {
+    const app = makeApp({
+      existsSync: () => true,
+      readFileSync: () => {
+        throw new Error('disk error');
+      },
+    });
+    const res = await app.request('/_kilo/clawmetry-dashboard-url', { headers: AUTH });
+    expect(res.status).toBe(500);
+  });
+});
+
+// ── POST start-sync ────────────────────────────────────────────────────────
+
+describe('POST /_kilo/clawmetry-start-sync', () => {
+  it('reads api_key from config and POSTs to ClawMetry intent-start', async () => {
+    const intentCalls: string[] = [];
+    const app = makeApp({
+      existsSync: p => p === CLAWMETRY_CONFIG_PATH,
+      readFileSync: p => {
+        if (p === CLAWMETRY_CONFIG_PATH) {
+          return JSON.stringify({ api_key: 'cm_abc123', node_id: 'agent-vivek-fly' });
+        }
+        return '';
+      },
+      intentStart: async apiKey => {
+        intentCalls.push(apiKey);
+        return { ok: true, alreadyStarted: false };
+      },
+    });
+
+    const res = await app.request('/_kilo/clawmetry-start-sync', {
+      method: 'POST',
+      headers: AUTH,
+    });
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ ok: true, alreadyStarted: false });
+    expect(intentCalls).toEqual(['cm_abc123']);
+  });
+
+  it('returns alreadyStarted:true when intent was already set on a prior call', async () => {
+    const app = makeApp({
+      existsSync: () => true,
+      readFileSync: () => JSON.stringify({ api_key: 'cm_abc123' }),
+      intentStart: async () => ({ ok: true, alreadyStarted: true }),
+    });
+
+    const res = await app.request('/_kilo/clawmetry-start-sync', {
+      method: 'POST',
+      headers: AUTH,
+    });
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ ok: true, alreadyStarted: true });
+  });
+
+  it('returns 404 when bootstrap config is missing (provisioning never ran)', async () => {
+    const app = makeApp({
+      existsSync: () => false,
+      intentStart: vi.fn(),
+    });
+    const res = await app.request('/_kilo/clawmetry-start-sync', {
+      method: 'POST',
+      headers: AUTH,
+    });
+    expect(res.status).toBe(404);
+  });
+
+  it('returns 500 when config exists but is missing api_key', async () => {
+    const app = makeApp({
+      existsSync: () => true,
+      readFileSync: () => JSON.stringify({ node_id: 'x' }),
+      intentStart: vi.fn(),
+    });
+    const res = await app.request('/_kilo/clawmetry-start-sync', {
+      method: 'POST',
+      headers: AUTH,
+    });
+    expect(res.status).toBe(500);
+  });
+
+  it('returns 502 when intent-start upstream fails', async () => {
+    const app = makeApp({
+      existsSync: () => true,
+      readFileSync: () => JSON.stringify({ api_key: 'cm_abc123' }),
+      intentStart: async () => {
+        throw new Error('cloud unreachable');
+      },
+    });
+    const res = await app.request('/_kilo/clawmetry-start-sync', {
+      method: 'POST',
+      headers: AUTH,
+    });
+    expect(res.status).toBe(502);
+  });
+});
diff --git a/services/kiloclaw/controller/src/routes/clawmetry.ts b/services/kiloclaw/controller/src/routes/clawmetry.ts
new file mode 100644
index 0000000000..12152f5683
--- /dev/null
+++ b/services/kiloclaw/controller/src/routes/clawmetry.ts
@@ -0,0 +1,165 @@
+import fs from 'node:fs';
+import type { Hono } from 'hono';
+import { timingSafeTokenEqual } from '../auth';
+import { getBearerToken } from './gateway';
+
+/**
+ * ClawMetry observability endpoints.
+ *
+ * These pair with the `provisionClawMetrySync` bootstrap step that pre-wires
+ * each instance with a ClawMetry account at boot AND spawns the daemon. The
+ * daemon heartbeats every 60s but uploads zero session / event / log /
+ * memory data because the cloud responds to /ingest/heartbeat with
+ * sync_allowed=false, reason='intent_pending' (see clawmetry-cloud's
+ * deferred-sync gate).
+ *
+ * When the user clicks "View Observability" in the KiloClaw web UI:
+ *   1. The web UI POSTs /_kilo/clawmetry-start-sync (this file).
+ *   2. We POST to ClawMetry's /api/cloud/intent-start, flipping the
+ *      cloud-side flag for this account.
+ *   3. We GET /_kilo/clawmetry-dashboard-url and return the URL.
+ *   4. The web UI opens that URL in a new tab.
+ *   5. The daemon's next heartbeat (~60s) sees sync_allowed=true and
+ *      uploads resume — sessions / events / logs / memory all start
+ *      flowing.
+ *
+ * Auth: same bearer-token gate as the rest of `/_kilo/*`.
+ */
+
+export const CLAWMETRY_DASHBOARD_URL_PATH = '/root/.clawmetry/dashboard-url.txt';
+export const CLAWMETRY_CONFIG_PATH = '/root/.clawmetry/config.json';
+
+type IntentStartFn = (apiKey: string) => Promise<{ ok: boolean; alreadyStarted?: boolean }>;
+
+type ClawmetryDeps = {
+  readFileSync?: (path: string, encoding: BufferEncoding) => string;
+  existsSync?: (path: string) => boolean;
+  intentStart?: IntentStartFn;
+  apiBase?: string;
+};
+
+/** POST to ClawMetry's /api/cloud/intent-start. Flips the deferred-sync gate. */
+async function defaultIntentStart(
+  apiBase: string,
+  apiKey: string
+): Promise<{
+  ok: boolean;
+  alreadyStarted?: boolean;
+}> {
+  const res = await fetch(`${apiBase}/api/cloud/intent-start`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${apiKey}`,
+    },
+    body: JSON.stringify({}),
+  });
+  if (!res.ok) {
+    throw new Error(`intent-start returned ${res.status}: ${(await res.text()).slice(0, 200)}`);
+  }
+  const body = (await res.json()) as { ok?: boolean; already_started?: boolean };
+  return { ok: !!body.ok, alreadyStarted: !!body.already_started };
+}
+
+export function registerClawmetryRoutes(
+  app: Hono,
+  expectedToken: string,
+  deps: ClawmetryDeps = {}
+): void {
+  const readFileSync = deps.readFileSync ?? ((p, e) => fs.readFileSync(p, e));
+  const existsSync = deps.existsSync ?? (p => fs.existsSync(p));
+  const apiBase = deps.apiBase ?? process.env.CLAWMETRY_API_BASE ?? 'https://app.clawmetry.com';
+  const intentStart: IntentStartFn =
+    deps.intentStart ?? (apiKey => defaultIntentStart(apiBase, apiKey));
+
+  // Shared bearer-token gate for both endpoints.
+  app.use('/_kilo/clawmetry-dashboard-url', async (c, next) => {
+    const token = getBearerToken(c.req.header('authorization'));
+    if (!timingSafeTokenEqual(token, expectedToken)) {
+      return c.json({ error: 'Unauthorized' }, 401);
+    }
+    await next();
+  });
+  app.use('/_kilo/clawmetry-start-sync', async (c, next) => {
+    const token = getBearerToken(c.req.header('authorization'));
+    if (!timingSafeTokenEqual(token, expectedToken)) {
+      return c.json({ error: 'Unauthorized' }, 401);
+    }
+    await next();
+  });
+
+  /**
+   * GET /_kilo/clawmetry-dashboard-url
+   *
+   * Returns the self-decrypting dashboard URL written at bootstrap time.
+   * The URL contains a `#fragment` with the AES-256-GCM enc_key — never
+   * sent to any server (browsers strip fragments from outgoing requests).
+   *
+   * 404 means bootstrap hasn't run yet OR ClawMetry was disabled via
+   * KILOCLAW_CLAWMETRY_DISABLED. The caller should surface a friendly
+   * "ClawMetry not provisioned on this instance" error.
+   */
+  app.get('/_kilo/clawmetry-dashboard-url', c => {
+    if (!existsSync(CLAWMETRY_DASHBOARD_URL_PATH)) {
+      return c.json(
+        { error: 'ClawMetry dashboard URL not found — provisioning may not have run' },
+        404
+      );
+    }
+    try {
+      const url = readFileSync(CLAWMETRY_DASHBOARD_URL_PATH, 'utf8').trim();
+      if (!url) {
+        return c.json({ error: 'Dashboard URL file is empty' }, 500);
+      }
+      return c.json({ url });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.warn(`[clawmetry] failed to read dashboard URL: ${message}`);
+      return c.json({ error: 'Failed to read dashboard URL' }, 500);
+    }
+  });
+
+  /**
+   * POST /_kilo/clawmetry-start-sync
+   *
+   * The daemon is already running (spawned at bootstrap) but in deferred
+   * mode — heartbeats only, no uploads. This endpoint signals user intent
+   * to the ClawMetry cloud, which flips the gate so the daemon's next
+   * heartbeat (~60s) returns sync_allowed=true and content uploads resume.
+   *
+   * Idempotent: hitting this multiple times is a no-op after the first
+   * success — the cloud's intent-start endpoint short-circuits when
+   * users.sync_intent_at is already set.
+   *
+   * Returns { ok: true, alreadyStarted: bool }. The web UI calls this
+   * before opening the dashboard URL so by the time the user starts
+   * looking, the daemon's first content sync is at most ~60s away.
+   */
+  app.post('/_kilo/clawmetry-start-sync', async c => {
+    if (!existsSync(CLAWMETRY_CONFIG_PATH)) {
+      return c.json({ error: 'ClawMetry config not found — provisioning may not have run' }, 404);
+    }
+    let apiKey: string;
+    try {
+      const config = JSON.parse(readFileSync(CLAWMETRY_CONFIG_PATH, 'utf8')) as {
+        api_key?: string;
+      };
+      if (!config.api_key) {
+        return c.json({ error: 'ClawMetry config missing api_key' }, 500);
+      }
+      apiKey = config.api_key;
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.warn(`[clawmetry] failed to read config: ${message}`);
+      return c.json({ error: 'Failed to read ClawMetry config' }, 500);
+    }
+    try {
+      const result = await intentStart(apiKey);
+      return c.json({ ok: true, alreadyStarted: !!result.alreadyStarted });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.warn(`[clawmetry] intent-start failed: ${message}`);
+      return c.json({ error: 'Failed to start sync' }, 502);
+    }
+  });
+}
diff --git a/services/kiloclaw/controller/src/routes/config.ts b/services/kiloclaw/controller/src/routes/config.ts
index 33555e8c53..93d744be01 100644
--- a/services/kiloclaw/controller/src/routes/config.ts
+++ b/services/kiloclaw/controller/src/routes/config.ts
@@ -252,6 +252,8 @@ export function registerConfigRoutes(
         readdirSync: () => [],
         statSync: () => ({ isDirectory: () => false }),
         execFileSync: () => '',
+        spawn: () =>
+          ({ unref: () => {} }) as unknown as ReturnType<typeof import('node:child_process').spawn>,
       });
 
       return c.json({ ok: true, enabled: parsed.data.enabled }, 200);
diff --git a/services/kiloclaw/docs/clawmetry-integration.md b/services/kiloclaw/docs/clawmetry-integration.md
new file mode 100644
index 0000000000..15cbbf1dd5
--- /dev/null
+++ b/services/kiloclaw/docs/clawmetry-integration.md
@@ -0,0 +1,112 @@
+# ClawMetry observability integration
+
+[ClawMetry](https://clawmetry.com) is a free, end-to-end-encrypted observability dashboard for OpenClaw agents (sessions, token usage, cost, tool timeline, channels, alerts). Every KiloClaw instance ships with ClawMetry pre-installed and pre-wired — but the sync daemon stays dormant until the user clicks "View Observability" in KiloClaw's web UI. No wasted compute / bandwidth / storage for users who never look.
+
+## What this gives the user
+
+- Real-time dashboard of agent sessions, token spend, and tool activity (once they open it)
+- **Free tier (forever, no account required)**: 1 node monitoring · 24-hour Brain feed history · 7-day token tracking · E2E encryption
+- Optional **Pro upgrade** ($5/node/month, 7-day free trial): unlimited nodes · 30-day Brain feed · 90-day token analytics + CSV export · 90-day event retention · approval policies · channel integrations (Slack/Telegram/PagerDuty/Phone) · Flow view · custom alert webhooks · budget limits
+- Zero setup — works out of the box; one click to view
+- E2E encrypted: cloud only ever sees ciphertext; encryption key never leaves their KiloClaw instance
+
+Pricing: <https://clawmetry.com/pricing>
+
+## How it works
+
+### At bootstrap (every new instance)
+
+The `provisionClawMetrySync` step in [`controller/src/bootstrap.ts`](../controller/src/bootstrap.ts) does the same thing any user installing ClawMetry on a fresh OpenClaw box would do — minus starting the daemon:
+
+1. POSTs `{hostname, machine_id, platform: 'Linux', email?}` to `${CLAWMETRY_API_BASE}/api/register` (a public, idempotent endpoint)
+2. Receives `{api_key, dashboard_id, node_id}` back — a per-machine token
+3. Generates a 32-byte AES-256-GCM `encryption_key` **client-side** — never sent to any server
+4. Writes `/root/.clawmetry/config.json` (mode 0600) with the schema `clawmetry sync` expects: `{api_key, encryption_key, node_id, platform, connected_at}`
+5. Writes `/root/.clawmetry/dashboard-url.txt` (mode 0600) with a self-decrypting URL: `https://app.clawmetry.com/cloud#key=<enc_key>&node=<node_id>` — the `#fragment` is never sent to any server (browsers strip it from outgoing requests)
+
+**The sync daemon is NOT spawned here.** Deferred until the user actually wants to view the dashboard.
+
+### When the user clicks "View Observability" in KiloClaw's web UI
+
+KiloClaw's web UI should expose two controller endpoints:
+
+```
+GET  /_kilo/clawmetry-dashboard-url    → returns contents of dashboard-url.txt
+POST /_kilo/clawmetry-start-sync       → spawns `nohup clawmetry sync &` (idempotent — pgrep first)
+```
+
+The button click handler:
+
+```ts
+async function viewClawmetryDashboard() {
+  // Start the sync daemon on demand (idempotent — controller checks pgrep)
+  await fetch('/_kilo/clawmetry-start-sync', { method: 'POST' });
+  // Open the self-decrypting dashboard URL in a new tab
+  const url = await fetch('/_kilo/clawmetry-dashboard-url').then(r => r.text());
+  window.open(url, '_blank');
+}
+```
+
+Once the daemon starts, it reads `config.json`, processes any persisted local OpenClaw session files (catch-up batch), and streams live events from then on. The dashboard shows "Syncing your data..." until the first events arrive.
+
+## E2E encryption guarantee
+
+| Where                                        | Has plaintext events?         | Has encryption_key?                        |
+| -------------------------------------------- | ----------------------------- | ------------------------------------------ |
+| User's KiloClaw instance (Fly machine)       | ✅ yes                        | ✅ yes (in `/root/.clawmetry/config.json`) |
+| ClawMetry cloud (`app.clawmetry.com`)        | ❌ no — only ciphertext blobs | ❌ no                                      |
+| KiloClaw's cloud (`Kilo-Org/cloud`)          | ❌ no                         | ❌ no                                      |
+| User's browser (after opening dashboard URL) | ✅ decrypted client-side      | ✅ yes (from URL fragment → localStorage)  |
+
+The encryption key flows: instance → URL fragment → user's browser. **Never** through any server. Even KiloClaw's controller endpoint that returns the URL only sees the URL string itself; the fragment is meaningful only to the user's browser.
+
+## Versioning
+
+ClawMetry is installed via the upstream one-line installer (`curl -fsSL https://clawmetry.com/install.sh | bash`), not a PyPI version pin. Every fresh image build picks up the latest ClawMetry release at build time. ClawMetry can ship updates without requiring a PR back to this repo — trigger a KiloClaw image rebuild to pick them up.
+
+Trade-off: builds are not bit-reproducible across rebuilds. That's intentional; the integration is best-effort observability.
+
+## Env vars
+
+All optional:
+
+| Variable                      | Default                     | Purpose                                                                                                             |
+| ----------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------- |
+| `CLAWMETRY_API_BASE`          | `https://app.clawmetry.com` | Override for staging / self-hosted ClawMetry                                                                        |
+| `KILOCLAW_USER_EMAIL`         | unset                       | Email attached to the account so dashboard OTP-login surfaces this node under the user's existing ClawMetry account |
+| `GITHUB_EMAIL`                | unset                       | Fallback when `KILOCLAW_USER_EMAIL` is absent                                                                       |
+| `KILOCLAW_CLAWMETRY_DISABLED` | unset                       | Set to `'true'` to disable the integration entirely (escape hatch)                                                  |
+
+`FLY_MACHINE_ID` and `HOSTNAME` are read directly from the runtime env (Fly auto-injects them); they don't need to be set.
+
+## Verifying
+
+After deploying a new KiloClaw image:
+
+```bash
+fly ssh console -s --app <kiloclaw-app>
+ls -la /root/.clawmetry/                   # config.json + dashboard-url.txt, both 0600
+cat /root/.clawmetry/dashboard-url.txt     # https://app.clawmetry.com/cloud#key=...&node=...
+ps -ef | grep 'clawmetry sync'             # should show NOTHING (deferred — daemon not running yet)
+```
+
+Then in browser: paste the dashboard URL → see "Syncing your data..." overlay → KiloClaw web UI's "View Observability" button (when it's added) will start the daemon + open the URL in one click.
+
+Once sync starts:
+
+```bash
+ps -ef | grep 'clawmetry sync'             # daemon now running
+tail -20 /var/log/clawmetry-sync.log       # confirms events publishing
+```
+
+## Disabling
+
+Set `KILOCLAW_CLAWMETRY_DISABLED=true` on the instance env. On next boot the bootstrap step skips silently. Existing files at `/root/.clawmetry/` remain — to fully clean up, also stop any running sync daemon and delete the directory.
+
+## Follow-up work
+
+This PR pre-wires the integration but doesn't add the UI surface. Tracking issue for KiloClaw web UI work:
+
+- Add "View Observability Dashboard" button (likely in instance detail or settings page)
+- Add controller endpoints `/_kilo/clawmetry-dashboard-url` (GET) and `/_kilo/clawmetry-start-sync` (POST, idempotent)
+- Optional: show sync status (running / stopped) so users can see whether their data is up-to-date
diff --git a/services/kiloclaw/e2e/clawmetry-integration.mjs b/services/kiloclaw/e2e/clawmetry-integration.mjs
new file mode 100644
index 0000000000..9c09ddbf68
--- /dev/null
+++ b/services/kiloclaw/e2e/clawmetry-integration.mjs
@@ -0,0 +1,383 @@
+#!/usr/bin/env node
+/**
+ * KiloClaw × ClawMetry integration end-to-end test.
+ *
+ * Reproduces the bootstrap step from controller/src/bootstrap.ts in JS,
+ * registers a fresh test account against the live ClawMetry cloud
+ * (app.clawmetry.com), opens the resulting dashboard URL in a headless
+ * browser, and asserts the page renders + decrypts.
+ *
+ * Run:
+ *   node services/kiloclaw/e2e/clawmetry-integration.mjs
+ *   HEADLESS=0 node services/kiloclaw/e2e/clawmetry-integration.mjs   # show browser
+ *   CLAWMETRY_API_BASE=https://staging.clawmetry.com node …          # staging
+ *
+ * Exits 0 if all checks pass, 1 on first failure.
+ *
+ * Why this exists:
+ *   - Catches regressions in the bootstrap → register → daemon flow
+ *     without spinning up a real KiloClaw instance.
+ *   - The browser-side enc_key handoff via URL fragment is impossible to
+ *     unit test (it's a race between inline scripts in dashboard.py).
+ *     This test exercises the live cloud + Playwright together so a real
+ *     human's "click View Observability" experience is what we actually
+ *     verify.
+ *
+ * Limitations:
+ *   - Requires network egress to app.clawmetry.com. The test creates a
+ *     real (free-tier) account each run; cleanup is best-effort.
+ *   - Doesn't generate real OpenClaw activity, so tabs with feed-style
+ *     content show empty states. The test asserts the chrome (tabs
+ *     render, no decrypt errors), not the data.
+ */
+import { chromium } from 'playwright';
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+
+const API_BASE = process.env.CLAWMETRY_API_BASE || 'https://app.clawmetry.com';
+const HEADLESS = process.env.HEADLESS !== '0';
+const ATTEMPTS = parseInt(process.env.RETRIES || '5', 10);
+
+let pass = 0;
+let fail = 0;
+const failures = [];
+
+function check(label, condition, detail) {
+  if (condition) {
+    pass++;
+    console.log(`  ✓ ${label}`);
+  } else {
+    fail++;
+    failures.push(label + (detail ? `\n      ${detail}` : ''));
+    console.log(`  ✗ ${label}${detail ? `\n      ${detail}` : ''}`);
+  }
+}
+
+// ── Bootstrap-equivalent: register a fresh machine + build dashboard URL ──
+
+async function postJson(path, payload, apiKey) {
+  return fetch(`${API_BASE}${path}`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      ...(apiKey ? { Authorization: `Bearer ${apiKey}` } : {}),
+    },
+    body: JSON.stringify(payload),
+  });
+}
+
+async function provision() {
+  const machineId = `kc-e2e-${Date.now()}-${crypto.randomBytes(3).toString('hex')}`;
+
+  // /api/register can return 500 on cold-start or transient DB-pool pressure.
+  // Retry a few times with backoff before giving up.
+  // 429 = registration-rate-limit hit (10/hour per IP) — bail cleanly so CI
+  // doesn't flag the test red on a legitimate cloud defense.
+  // source: 'kiloclaw' is what puts this account in deferred-sync mode on
+  // the cloud side — see clawmetry-cloud's routes/auth.py register flow.
+  let body,
+    lastErr,
+    lastStatus = 0;
+  for (let attempt = 1; attempt <= 4; attempt++) {
+    const res = await postJson('/api/register', {
+      hostname: machineId,
+      machine_id: machineId,
+      platform: 'Linux',
+      email: `kc-e2e+${machineId}@clawmetry.com`,
+      source: 'kiloclaw',
+    });
+    if (res.ok) {
+      body = await res.json();
+      break;
+    }
+    lastStatus = res.status;
+    lastErr = `/api/register returned ${res.status}: ${(await res.text()).slice(0, 200)}`;
+    if (res.status === 429) break;
+    console.log(`  register attempt ${attempt} failed: ${lastErr}`);
+    await new Promise(r => setTimeout(r, 2000 * attempt));
+  }
+  if (!body) {
+    if (lastStatus === 429) {
+      console.log(`\n[clawmetry-e2e] SKIP: ${lastErr}`);
+      console.log('[clawmetry-e2e] Rate limit is per-IP. Wait ~1h or run from a different IP.\n');
+      process.exit(0);
+    }
+    throw new Error(lastErr || '/api/register failed after retries');
+  }
+
+  const encKey = crypto.randomBytes(32).toString('base64');
+  const dashboardUrl =
+    `${API_BASE}/cloud/node/${encodeURIComponent(body.node_id)}` +
+    `?token=${encodeURIComponent(body.api_key)}` +
+    `#key=${encodeURIComponent(encKey)}&node=${encodeURIComponent(body.node_id)}`;
+  return { ...body, machineId, encKey, dashboardUrl };
+}
+
+async function sendHeartbeat(p, { expectDeferred = false } = {}) {
+  // Cloud Run runs multiple instances; the INSERT in /api/register can
+  // take ~500ms to be visible to the instance handling /ingest/heartbeat.
+  // When we expect deferred mode, retry once on the legacy {ok:true}
+  // response shape — a real bug would persist past a 1s wait, while a
+  // propagation race resolves immediately.
+  const call = async () => {
+    const res = await postJson(
+      '/ingest/heartbeat',
+      { node_id: p.node_id, hostname: p.machineId, platform: 'Linux', version: 'e2e-test' },
+      p.api_key
+    );
+    if (!res.ok) {
+      throw new Error(`/ingest/heartbeat returned ${res.status}: ${await res.text()}`);
+    }
+    return res.json();
+  };
+  let body = await call();
+  if (expectDeferred && body.sync_allowed !== false) {
+    await new Promise(r => setTimeout(r, 1500));
+    body = await call();
+  }
+  return body;
+}
+
+async function intentStart(p) {
+  const res = await postJson('/api/cloud/intent-start', {}, p.api_key);
+  if (!res.ok) {
+    throw new Error(`/api/cloud/intent-start returned ${res.status}: ${await res.text()}`);
+  }
+  return res.json();
+}
+
+// Retry wrapper for the dashboard load — handles cold-start instances and
+// the intermittent /cloud/node/<id> 200/stub flake under load.
+async function openDashboardWithRetry(page, url, attempts = ATTEMPTS) {
+  let lastDiag = '';
+  for (let i = 1; i <= attempts; i++) {
+    await page.goto(url, { waitUntil: 'domcontentloaded' }).catch(() => undefined);
+    await page.waitForTimeout(2500);
+    const diag = await page.evaluate(() => ({
+      ready: window.CLOUD_MODE === true && !!window.CLOUD_NODE_ID,
+      cloudMode: window.CLOUD_MODE,
+      href: location.href,
+      bodyHead: (document.body.innerText || '').slice(0, 120).replace(/\s+/g, ' '),
+    }));
+    if (diag.ready) return i;
+    lastDiag = `attempt ${i}: CLOUD_MODE=${diag.cloudMode} href=${diag.href} body="${diag.bodyHead}"`;
+    if (process.env.DEBUG) console.log('  ' + lastDiag);
+  }
+  throw new Error(
+    `Dashboard did not load CLOUD_MODE after ${attempts} attempts. Last: ${lastDiag}`
+  );
+}
+
+// ── The actual test flow ─────────────────────────────────────────────────
+
+async function main() {
+  console.log(`[clawmetry-e2e] target: ${API_BASE}`);
+  console.log(`[clawmetry-e2e] headless: ${HEADLESS}\n`);
+
+  console.log("▸ Bootstrap: register with source='kiloclaw' (deferred-sync mode)");
+  const p = await provision();
+  console.log(`  api_key:      ${p.api_key.slice(0, 16)}…`);
+  console.log(`  node_id:      ${p.node_id}`);
+  console.log(`  dashboard_id: ${p.dashboard_id}`);
+  check(
+    'register response: api_key shape',
+    /^cm_[a-f0-9]{32}$/.test(p.api_key),
+    `got ${p.api_key.slice(0, 24)}…`
+  );
+  check(
+    'register response: dashboard_id is uuid',
+    /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(p.dashboard_id),
+    p.dashboard_id
+  );
+  check('register response: node_id present', !!p.node_id);
+  check('register response: plan is free', p.plan === 'free', `plan=${p.plan}`);
+
+  // ── Deferred-sync gate ────────────────────────────────────────────────
+  // Until the user clicks "View Observability", every heartbeat from this
+  // account should come back with sync_allowed=false, reason='intent_pending'.
+  // The OSS daemon respects this and skips every upload path while
+  // continuing to send heartbeats.
+  console.log("\n▸ Daemon's first heartbeat — should be deferred");
+  const hb1 = await sendHeartbeat(p, { expectDeferred: true });
+  console.log(`  response: ${JSON.stringify(hb1)}`);
+  check('hb1: sync_allowed === false', hb1.sync_allowed === false);
+  check('hb1: reason === "intent_pending"', hb1.reason === 'intent_pending');
+
+  // ── Intent flip ──────────────────────────────────────────────────────
+  // Simulates the KiloClaw web UI's "View Observability" click. The
+  // controller's /_kilo/clawmetry-start-sync route POSTs to this endpoint
+  // before opening the dashboard URL.
+  console.log('\n▸ User clicks "View Observability" → POST /api/cloud/intent-start');
+  const intent = await intentStart(p);
+  console.log(`  response: ${JSON.stringify(intent)}`);
+  check('intent: ok === true', intent.ok === true);
+  check('intent: already_started === false', intent.already_started === false);
+
+  console.log('\n▸ Heartbeat after intent — gate should be open');
+  const hb2 = await sendHeartbeat(p);
+  console.log(`  response: ${JSON.stringify(hb2)}`);
+  check('hb2: sync_allowed is not false', hb2.sync_allowed !== false);
+
+  console.log('\n▸ Idempotency — second intent-start is a no-op');
+  const intent2 = await intentStart(p);
+  console.log(`  response: ${JSON.stringify(intent2)}`);
+  check('intent2: already_started === true', intent2.already_started === true);
+
+  console.log('\n▸ /api/cloud/account reports the new account');
+  const accRes = await fetch(
+    `${API_BASE}/api/cloud/account?token=${encodeURIComponent(p.api_key)}`
+  );
+  const account = await accRes.json();
+  check('account: ok=true', account.ok === true);
+  check('account: plan=free', account.plan === 'free');
+
+  console.log('\n▸ Browser: open dashboard URL with retry');
+  const browser = await chromium.launch({ headless: HEADLESS });
+  const ctx = await browser.newContext({ viewport: { width: 1440, height: 900 } });
+  const page = await ctx.newPage();
+
+  const errors = [];
+  page.on('pageerror', e => errors.push(`pageerror: ${e.message.slice(0, 200)}`));
+  page.on('console', m => {
+    if (m.type() === 'error') {
+      const loc = m.location() || {};
+      const where = loc.url ? ` @ ${loc.url}` : '';
+      errors.push(`console.error: ${m.text().slice(0, 200)}${where}`);
+    }
+  });
+
+  let attemptsUsed;
+  try {
+    attemptsUsed = await openDashboardWithRetry(page, p.dashboardUrl);
+    check('dashboard loaded CLOUD_MODE within retries', true, `(took ${attemptsUsed} attempt(s))`);
+  } catch (err) {
+    check('dashboard loaded CLOUD_MODE within retries', false, err.message);
+    await browser.close();
+    return;
+  }
+
+  await page.waitForLoadState('networkidle', { timeout: 15_000 }).catch(() => undefined);
+  await page.waitForTimeout(3000);
+
+  const state = await page.evaluate(() => {
+    return {
+      cloudMode: window.CLOUD_MODE,
+      cloudNodeId: window.CLOUD_NODE_ID,
+      cloudTokenPrefix: (window.CLOUD_TOKEN || '').slice(0, 16),
+      url: window.location.href,
+      bodyLen: (document.body.innerText || '').length,
+      bodyText: (document.body.innerText || '').slice(0, 400),
+      encKeyValue: (() => {
+        const k = Object.keys(localStorage).find(x => x.startsWith('cm-enc-key-'));
+        return k ? localStorage.getItem(k) : null;
+      })(),
+    };
+  });
+
+  console.log('\n▸ Dashboard auth + decryption hand-off');
+  check('window.CLOUD_MODE === true', state.cloudMode === true);
+  check('window.CLOUD_NODE_ID matches', state.cloudNodeId === p.node_id);
+  check(
+    'window.CLOUD_TOKEN matches api_key prefix',
+    state.cloudTokenPrefix === p.api_key.slice(0, 16),
+    `got ${state.cloudTokenPrefix}`
+  );
+  check('URL fragment scrubbed (privacy)', !state.url.includes('#key='), state.url);
+  check('enc_key landed in localStorage', state.encKeyValue === p.encKey);
+  check(
+    'no "Enter your secret key" prompt (decryption ready)',
+    !state.bodyText.toLowerCase().includes('enter your secret key')
+  );
+  check('free-tier "24 hours" copy is shown', state.bodyText.includes('Showing last 24 hours'));
+
+  console.log('\n▸ Walking key feature tabs');
+  const screenshotDir = process.env.SCREENSHOT_DIR;
+  if (screenshotDir) {
+    await fs.promises.mkdir(screenshotDir, { recursive: true });
+    await page.screenshot({ path: `${screenshotDir}/00_landing.png` });
+  }
+  // Real free-tier tabs as rendered by the cloud dashboard (verified in
+  // browser). Pro adds more tabs but the integration only ever lands users
+  // on Free, so this is the correct surface to assert against.
+  const TABS = [
+    'Flow',
+    'Brain',
+    'Overview',
+    'Approvals',
+    'Alerts',
+    'Notifications',
+    'Context',
+    'Tokens',
+    'Crons',
+    'Memory',
+  ];
+  let tabIdx = 0;
+  for (const tab of TABS) {
+    tabIdx++;
+    const errBefore = errors.length;
+    const t = page.locator(`.nav-tab:has-text("${tab}"), [role="tab"]:has-text("${tab}")`).first();
+    const visible = (await t.count()) > 0;
+    if (!visible) {
+      check(`${tab} tab visible`, false);
+      continue;
+    }
+    await t.click({ timeout: 5000 }).catch(() => undefined);
+    await page.waitForTimeout(2500);
+    const tabState = await page.evaluate(() => {
+      const text = document.body.innerText || '';
+      return {
+        bodyLen: text.length,
+        hasUnlock: text.toLowerCase().includes('enter your secret key'),
+        hasDecryptFail: text.toLowerCase().includes('could not decrypt activity'),
+        snippet: text.replace(/\s+/g, ' ').slice(0, 140),
+      };
+    });
+    if (screenshotDir) {
+      await page
+        .screenshot({
+          path: `${screenshotDir}/${String(tabIdx).padStart(2, '0')}_${tab.toLowerCase()}.png`,
+        })
+        .catch(() => undefined);
+    }
+    check(
+      `${tab}: tab opens (body > 200 chars)`,
+      tabState.bodyLen > 200,
+      `body=${tabState.bodyLen} snippet="${tabState.snippet}"`
+    );
+    check(`${tab}: no unlock prompt`, !tabState.hasUnlock);
+    check(`${tab}: no decrypt failure`, !tabState.hasDecryptFail);
+    check(`${tab}: no new JS errors`, errors.length === errBefore);
+  }
+
+  console.log('\n▸ JS error filter (ignoring known harmless warnings)');
+  // - "Unexpected string" — pre-existing JS quirk in dashboard.py inline scripts
+  // - 410 from /api/skills — intentional deprecated endpoint with friendly response
+  // - posthog/clarity/analytics — third-party trackers
+  const real = errors.filter(
+    e =>
+      !/Unexpected string/.test(e) &&
+      !(/\/api\/skills/.test(e) && /\b410\b/.test(e)) &&
+      !/posthog/i.test(e) &&
+      !/clarity/i.test(e) &&
+      !/analytics/i.test(e) &&
+      !/gtag/i.test(e)
+  );
+  check(`zero unexpected JS errors`, real.length === 0, real.slice(0, 5).join('\n      '));
+
+  await browser.close();
+
+  // ── Summary ────────────────────────────────────────────────────────────
+  console.log(`\n${'─'.repeat(60)}`);
+  console.log(`  ${pass} passed, ${fail} failed`);
+  if (fail > 0) {
+    console.log('\nFailures:');
+    failures.forEach(f => console.log(`  • ${f}`));
+    process.exit(1);
+  }
+  console.log('  ✅ All checks passed');
+}
+
+main().catch(err => {
+  console.error('\n[clawmetry-e2e] FATAL:', err);
+  process.exit(1);
+});
diff --git a/services/kiloclaw/e2e/clawmetry-normal-user.mjs b/services/kiloclaw/e2e/clawmetry-normal-user.mjs
new file mode 100644
index 0000000000..09b3f56738
--- /dev/null
+++ b/services/kiloclaw/e2e/clawmetry-normal-user.mjs
@@ -0,0 +1,307 @@
+#!/usr/bin/env node
+/**
+ * Normal (non-KiloClaw) ClawMetry user end-to-end test.
+ *
+ * Runs side-by-side with `clawmetry-integration.mjs` (KiloClaw deferred
+ * sync) to prove that the deferred-sync gate doesn't regress the standard
+ * `pip install clawmetry && clawmetry connect` flow. A normal user must
+ * NOT be put into deferred mode — heartbeats and uploads should be
+ * allowed from the very first call.
+ *
+ * Run:
+ *   node services/kiloclaw/e2e/clawmetry-normal-user.mjs
+ *   HEADLESS=0 node services/kiloclaw/e2e/clawmetry-normal-user.mjs   # show browser
+ *
+ * Exits 0 if all checks pass, 1 on first failure.
+ *
+ * What this guards against:
+ *   - A future cloud change that accidentally tags every user as deferred
+ *     (e.g. fallthrough in the source whitelist).
+ *   - A regression in the heartbeat response shape that breaks the OSS
+ *     daemon's _TRIAL_STATE update path.
+ *   - Dashboard rendering regressions for normal users (the URL form is
+ *     different — /d/<dashboard_id> instead of /cloud/node/<id>?token=…).
+ *
+ * Limitations:
+ *   - Doesn't simulate the OTP login that real `clawmetry connect` does.
+ *     Instead it talks to /api/register directly, the same way the OSS
+ *     CLI would after a successful OTP. The OTP flow itself is exercised
+ *     by tests/e2e/test_signup_smoke.py in the OSS repo.
+ *   - Doesn't generate real OpenClaw activity, so the dashboard's Brain
+ *     feed shows the empty state. We assert the chrome (tabs render,
+ *     decryption succeeds, no JS errors), not the data.
+ */
+import { chromium } from 'playwright';
+import crypto from 'node:crypto';
+
+const API_BASE = process.env.CLAWMETRY_API_BASE || 'https://app.clawmetry.com';
+const HEADLESS = process.env.HEADLESS !== '0';
+const ATTEMPTS = parseInt(process.env.RETRIES || '5', 10);
+
+let pass = 0;
+let fail = 0;
+const failures = [];
+
+function check(label, condition, detail) {
+  if (condition) {
+    pass++;
+    console.log(`  ✓ ${label}`);
+  } else {
+    fail++;
+    failures.push(label + (detail ? `\n      ${detail}` : ''));
+    console.log(`  ✗ ${label}${detail ? `\n      ${detail}` : ''}`);
+  }
+}
+
+async function postJson(path, payload, apiKey) {
+  return fetch(`${API_BASE}${path}`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      ...(apiKey ? { Authorization: `Bearer ${apiKey}` } : {}),
+    },
+    body: JSON.stringify(payload),
+  });
+}
+
+async function provision() {
+  const machineId = `cm-normal-${Date.now()}-${crypto.randomBytes(3).toString('hex')}`;
+
+  // Same retry wrapper as the kiloclaw test — register can 500 on cold
+  // start, 429 means we hit the 10/hour per-IP rate limit.
+  let body,
+    lastErr,
+    lastStatus = 0;
+  for (let attempt = 1; attempt <= 4; attempt++) {
+    // NOTE: no `source` field — this is what makes the user a normal user
+    // instead of a kiloclaw-provisioned one.
+    const res = await postJson('/api/register', {
+      hostname: machineId,
+      machine_id: machineId,
+      platform: 'Linux',
+      email: `cm-normal+${machineId}@clawmetry.com`,
+    });
+    if (res.ok) {
+      body = await res.json();
+      break;
+    }
+    lastStatus = res.status;
+    lastErr = `/api/register returned ${res.status}: ${(await res.text()).slice(0, 200)}`;
+    if (res.status === 429) break;
+    console.log(`  register attempt ${attempt} failed: ${lastErr}`);
+    await new Promise(r => setTimeout(r, 2000 * attempt));
+  }
+  if (!body) {
+    if (lastStatus === 429) {
+      console.log(`\n[clawmetry-normal-user] SKIP: ${lastErr}`);
+      console.log(
+        '[clawmetry-normal-user] Rate limit is per-IP. Wait ~1h or run from a different IP.\n'
+      );
+      process.exit(0);
+    }
+    throw new Error(lastErr || '/api/register failed after retries');
+  }
+
+  // Self-decrypting URL pattern is identical to KiloClaw — `clawmetry
+  // connect` writes the same config schema, just via a different code
+  // path. Using /cloud/node/<id> here means the test exercises the same
+  // browser-side bridge that real users hit.
+  const encKey = crypto.randomBytes(32).toString('base64');
+  const dashboardUrl =
+    `${API_BASE}/cloud/node/${encodeURIComponent(body.node_id)}` +
+    `?token=${encodeURIComponent(body.api_key)}` +
+    `#key=${encodeURIComponent(encKey)}&node=${encodeURIComponent(body.node_id)}`;
+  return { ...body, machineId, encKey, dashboardUrl };
+}
+
+async function sendHeartbeat(p) {
+  const res = await postJson(
+    '/ingest/heartbeat',
+    { node_id: p.node_id, hostname: p.machineId, platform: 'Linux', version: 'normal-e2e' },
+    p.api_key
+  );
+  if (!res.ok) {
+    throw new Error(`/ingest/heartbeat returned ${res.status}: ${await res.text()}`);
+  }
+  return res.json();
+}
+
+async function openDashboardWithRetry(page, url, attempts = ATTEMPTS) {
+  let lastDiag = '';
+  for (let i = 1; i <= attempts; i++) {
+    await page.goto(url, { waitUntil: 'domcontentloaded' }).catch(() => undefined);
+    await page.waitForTimeout(2500);
+    const diag = await page.evaluate(() => ({
+      ready: window.CLOUD_MODE === true && !!window.CLOUD_NODE_ID,
+      cloudMode: window.CLOUD_MODE,
+      href: location.href,
+      bodyHead: (document.body.innerText || '').slice(0, 120).replace(/\s+/g, ' '),
+    }));
+    if (diag.ready) return i;
+    lastDiag = `attempt ${i}: CLOUD_MODE=${diag.cloudMode} href=${diag.href} body="${diag.bodyHead}"`;
+    if (process.env.DEBUG) console.log('  ' + lastDiag);
+  }
+  throw new Error(
+    `Dashboard did not load CLOUD_MODE after ${attempts} attempts. Last: ${lastDiag}`
+  );
+}
+
+async function main() {
+  console.log(`[clawmetry-normal-user] target: ${API_BASE}`);
+  console.log(`[clawmetry-normal-user] headless: ${HEADLESS}\n`);
+
+  console.log('▸ Register a normal (non-KiloClaw) user via /api/register');
+  const p = await provision();
+  console.log(`  api_key:      ${p.api_key.slice(0, 16)}…`);
+  console.log(`  node_id:      ${p.node_id}`);
+  console.log(`  dashboard_id: ${p.dashboard_id}`);
+  check('register: api_key shape', /^cm_[a-f0-9]{32}$/.test(p.api_key));
+  check(
+    'register: dashboard_id is uuid',
+    /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(p.dashboard_id)
+  );
+  check('register: node_id present', !!p.node_id);
+  check('register: plan is free', p.plan === 'free');
+
+  // ── The critical regression check ────────────────────────────────────
+  // Heartbeat for a normal user must NOT come back with sync_allowed=false
+  // or reason='intent_pending'. If it does, the cloud-side deferred-sync
+  // gate has accidentally caught a non-KiloClaw user.
+  console.log('\n▸ First heartbeat — must NOT be deferred (no sync_allowed:false)');
+  const hb = await sendHeartbeat(p);
+  console.log(`  response: ${JSON.stringify(hb)}`);
+  check('hb: ok === true', hb.ok === true);
+  check('hb: sync_allowed is not false', hb.sync_allowed !== false, JSON.stringify(hb));
+  check('hb: reason !== "intent_pending"', hb.reason !== 'intent_pending', JSON.stringify(hb));
+
+  // ── Account API works the same as for a KiloClaw user ────────────────
+  console.log('\n▸ /api/cloud/account reports the new account');
+  const account = await fetch(
+    `${API_BASE}/api/cloud/account?token=${encodeURIComponent(p.api_key)}`
+  ).then(r => r.json());
+  check('account: ok=true', account.ok === true);
+  check('account: plan=free', account.plan === 'free');
+
+  // ── Browser: the dashboard must render + decrypt cleanly ─────────────
+  console.log('\n▸ Browser: open dashboard URL with retry');
+  const browser = await chromium.launch({ headless: HEADLESS });
+  const ctx = await browser.newContext({ viewport: { width: 1440, height: 900 } });
+  const page = await ctx.newPage();
+
+  const errors = [];
+  page.on('pageerror', e => errors.push(`pageerror: ${e.message.slice(0, 200)}`));
+  page.on('console', m => {
+    if (m.type() === 'error') {
+      const loc = m.location() || {};
+      const where = loc.url ? ` @ ${loc.url}` : '';
+      errors.push(`console.error: ${m.text().slice(0, 200)}${where}`);
+    }
+  });
+
+  try {
+    const attemptsUsed = await openDashboardWithRetry(page, p.dashboardUrl);
+    check('dashboard loaded CLOUD_MODE within retries', true, `(took ${attemptsUsed} attempt(s))`);
+  } catch (err) {
+    check('dashboard loaded CLOUD_MODE within retries', false, err.message);
+    await browser.close();
+    return;
+  }
+
+  await page.waitForLoadState('networkidle', { timeout: 15_000 }).catch(() => undefined);
+  await page.waitForTimeout(3000);
+
+  const state = await page.evaluate(() => ({
+    cloudMode: window.CLOUD_MODE,
+    cloudNodeId: window.CLOUD_NODE_ID,
+    cloudTokenPrefix: (window.CLOUD_TOKEN || '').slice(0, 16),
+    url: window.location.href,
+    bodyText: (document.body.innerText || '').slice(0, 400),
+    encKeyValue: (() => {
+      const k = Object.keys(localStorage).find(x => x.startsWith('cm-enc-key-'));
+      return k ? localStorage.getItem(k) : null;
+    })(),
+  }));
+
+  console.log('\n▸ Dashboard auth + decryption hand-off');
+  check('window.CLOUD_MODE === true', state.cloudMode === true);
+  check('window.CLOUD_NODE_ID matches', state.cloudNodeId === p.node_id);
+  check(
+    'window.CLOUD_TOKEN matches api_key prefix',
+    state.cloudTokenPrefix === p.api_key.slice(0, 16),
+    `got ${state.cloudTokenPrefix}`
+  );
+  check('URL fragment scrubbed (privacy)', !state.url.includes('#key='), state.url);
+  check('enc_key landed in localStorage', state.encKeyValue === p.encKey);
+  check(
+    'no "Enter your secret key" prompt (decryption ready)',
+    !state.bodyText.toLowerCase().includes('enter your secret key')
+  );
+  check('free-tier "24 hours" copy is shown', state.bodyText.includes('Showing last 24 hours'));
+
+  // ── Walk free-tier tabs to catch decrypt / render regressions ────────
+  console.log('\n▸ Walking free-tier tabs');
+  const TABS = [
+    'Flow',
+    'Brain',
+    'Overview',
+    'Approvals',
+    'Alerts',
+    'Notifications',
+    'Context',
+    'Tokens',
+    'Crons',
+    'Memory',
+  ];
+  for (const tab of TABS) {
+    const errBefore = errors.length;
+    const t = page.locator(`.nav-tab:has-text("${tab}"), [role="tab"]:has-text("${tab}")`).first();
+    if ((await t.count()) === 0) {
+      check(`${tab} tab visible`, false);
+      continue;
+    }
+    await t.click({ timeout: 5000 }).catch(() => undefined);
+    await page.waitForTimeout(2000);
+    const tabState = await page.evaluate(() => {
+      const text = document.body.innerText || '';
+      return {
+        bodyLen: text.length,
+        hasUnlock: text.toLowerCase().includes('enter your secret key'),
+        hasDecryptFail: text.toLowerCase().includes('could not decrypt activity'),
+      };
+    });
+    check(`${tab}: tab opens (body > 200 chars)`, tabState.bodyLen > 200);
+    check(`${tab}: no unlock prompt`, !tabState.hasUnlock);
+    check(`${tab}: no decrypt failure`, !tabState.hasDecryptFail);
+    check(`${tab}: no new JS errors`, errors.length === errBefore);
+  }
+
+  // Same filter list as the kiloclaw test — known-harmless console noise.
+  console.log('\n▸ JS error filter (ignoring known harmless warnings)');
+  const real = errors.filter(
+    e =>
+      !/Unexpected string/.test(e) &&
+      !(/\/api\/skills/.test(e) && /\b410\b/.test(e)) &&
+      !/posthog/i.test(e) &&
+      !/clarity/i.test(e) &&
+      !/analytics/i.test(e) &&
+      !/gtag/i.test(e)
+  );
+  check(`zero unexpected JS errors`, real.length === 0, real.slice(0, 5).join('\n      '));
+
+  await browser.close();
+
+  // ── Summary ────────────────────────────────────────────────────────────
+  console.log(`\n${'─'.repeat(60)}`);
+  console.log(`  ${pass} passed, ${fail} failed`);
+  if (fail > 0) {
+    console.log('\nFailures:');
+    failures.forEach(f => console.log(`  • ${f}`));
+    process.exit(1);
+  }
+  console.log('  ✅ All checks passed');
+}
+
+main().catch(err => {
+  console.error('\n[clawmetry-normal-user] FATAL:', err);
+  process.exit(1);
+});
diff --git a/services/kiloclaw/package.json b/services/kiloclaw/package.json
index 6849894031..6e96dc9164 100644
--- a/services/kiloclaw/package.json
+++ b/services/kiloclaw/package.json
@@ -17,7 +17,9 @@
     "format:check": "oxfmt --list-different src",
     "test": "vitest run",
     "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage"
+    "test:coverage": "vitest run --coverage",
+    "test:e2e:clawmetry": "node e2e/clawmetry-integration.mjs",
+    "test:e2e:clawmetry-normal": "node e2e/clawmetry-normal-user.mjs"
   },
   "dependencies": {
     "@kilocode/db": "workspace:*",
@@ -39,6 +41,7 @@
     "drizzle-kit": "catalog:",
     "typescript": "catalog:",
     "vitest": "^4.1.0",
-    "wrangler": "catalog:"
+    "wrangler": "catalog:",
+    "playwright": "^1.58.2"
   }
 }