Frequently asked
Quick answers, organized.
Every question on this page is also emitted as FAQPage JSON-LD, so AI search engines (Perplexity, ChatGPT browsing, Google AI Overviews) extract the answers cleanly.
About the project
About the project
Every question here is also emitted as FAQPage JSON-LD — so Google AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. Crawler-friendly fallback below for screen readers and bots that don't run JS.
OpenClawMU is the multi-tenant fork of OpenClaw — a self-hosted AI gateway across WhatsApp, Telegram, Slack, Discord, and 8+ other messaging channels. The 'MU' stands for multi-user / multi-tenant. It adds tenant token auth, isolated session/memory/sandbox/cron/channel directories per tenant, per-tenant quotas and billing, S3 backup, a browser web terminal, and a control-plane HTTP API.
Multi-tenancy is a load-bearing architectural change — it touches almost every code path. Upstream OpenClaw's design assumes one user and that assumption is the right call for their product. A fork lets OpenClawMU make different choices without breaking the single-user experience that upstream users love.
Neul Labs (run by Dipankar Sarkar), with contributions welcome from the community. The fork is rebased against upstream OpenClaw regularly so it stays current with new channels and agent features.
Architecture
Architecture
Every question here is also emitted as FAQPage JSON-LD — so Google AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. Crawler-friendly fallback below for screen readers and bots that don't run JS.
Each tenant gets its own directory under /tenants/<name>/ containing sessions, memory, plugins, sandbox roots, cron jobs, channel credentials, and a config overlay. The dispatcher routes JSON-RPC calls by tenant token (SHA-256 hashed at rest, constant-time verified). Path-traversal protection on every path-taking API. Admin keys live only in the gateway config and cannot be set in tenant overlays.
Sessions and memory are stored in per-tenant SQLite databases (with sqlite-vec for embeddings). Channel credentials, cron jobs, and config are YAML/JSON files. There's no central database, no shared state across tenants. Backup is a tar-zstd of the tenant directory.
Yes. Each gateway is self-contained; you can run N gateways behind a tenant-hash router (HAProxy stick-table, nginx Lua, or a tiny custom router) and tenants will pin to the same gateway on every request. There's no central coordinator.
Operations
Operations
Every question here is also emitted as FAQPage JSON-LD — so Google AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. Crawler-friendly fallback below for screen readers and bots that don't run JS.
The gateway exposes /healthz (always 200 once up) and /metrics (Prometheus format) endpoints. Audit log is JSONL on disk — ship it to Splunk / Elastic / Datadog with any log forwarder. Per-tenant usage stats are queryable via the control-plane API for custom dashboards.
Per-tenant tar-zstd snapshots to any S3-compatible store. Path-traversal protected. Restore is reverse-symmetric. Schedule nightly via the gateway's cron primitive or your own scheduler.
`npm install -g openclaw@latest && openclaw service restart`. Tenant data is preserved across upgrades — directory layout is stable.
Security & compliance
Security & compliance
Every question here is also emitted as FAQPage JSON-LD — so Google AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. Crawler-friendly fallback below for screen readers and bots that don't run JS.
Yes. JSONL append-only at ~/.openclaw/audit.log. Every state-changing operation is captured: tenant create/delete, token rotate, config write, backup, restore, channel pair/unpair, cron add/remove. Rotate with logrotate or your favorite log shipper.
Email security@neullabs.com. We acknowledge within 48 hours, fix confirmed issues within 14 days, same-day for critical sandbox-escape findings. Coordinated disclosure preferred.
Not directly. The gateway speaks tenant tokens; you bridge your SSO at the application layer — your IdP authenticates the user, your backend issues / looks up the tenant token and proxies the request. This separation is deliberate so any IdP works.
Pricing & licensing
Pricing & licensing
Every question here is also emitted as FAQPage JSON-LD — so Google AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. Crawler-friendly fallback below for screen readers and bots that don't run JS.
Yes. Apache-2.0, no per-seat fees, no enterprise upsell. We may offer hosted-ops services later, but the code is and will remain free.
Yes — that's exactly what Apache-2.0 allows. You can run it as the backbone of a paid SaaS, you can fork it, you can ship binaries to customers. The only ask: keep the upstream copyright and license notice in the code you redistribute.
EXFOLIATE!
Run your own gateway today.
Apache-2.0, self-hosted, no SaaS layer between you and your users. Install the CLI, create your first tenant, mint a token — you're routing traffic in 60 seconds.