Does OpenClawMU pass SOC 2 / ISO 27001 audits?

Compliance is a property of your deployment, not of the project itself. OpenClawMU ships the controls (tenant isolation, audit logs, encrypted-at-rest tokens, role separation) that a SOC 2 audit will examine. The audit itself is between you and your auditor; we can provide architectural diagrams and threat-model documentation on request.

Can it integrate with our SSO?

Yes via the control-plane HTTP API. Your SSO provider authenticates your user; your backend then calls the OpenClawMU control plane to issue or look up the tenant token. The gateway itself doesn't speak SAML / OIDC directly — that's a deliberate separation so you can use whatever IdP you already have.

Can we restrict outbound traffic?

Yes. Tenants are configured with a per-tenant allow-list of outbound hostnames + ports. By default, sandboxes have no network egress. You can route gateway-LLM traffic through a forward proxy if your network team wants visibility.

For enterprise IT · OpenClawMU

The shape of the problem

Marketing wants Claude to draft campaigns. Engineering wants it to explain legacy code. Finance wants it to summarize earnings calls. HR wants it for résumé screening (carefully). Each department builds a half-baked deployment with different keys, different prompts, different security postures, different cost ceilings. Procurement wants to consolidate.

OpenClawMU is the consolidation primitive: one self-hosted gateway, one set of credentials, one audit log, one billing rollup — with per-team isolation so nothing leaks between departments.

What your security team will care about

Data residency. Everything sits on your hardware in your region. LLM traffic egresses to Anthropic / OpenAI / your-internal-model.
Token rotation. Per-tenant tokens rotate without restart. Compromised credentials are a single CLI command away from revoked.
Audit log. JSONL append-only log captures every state-changing operation: tenant create/delete, token rotate, config write, backup, restore, channel pair.
Sandbox isolation. Code execution is sandboxed by default (bubblewrap on Linux, Docker elsewhere). No network egress unless explicitly allow-listed.
Admin/tenant separation. Admin keys live in the gateway config; tenants cannot read or override them.
Path-traversal hardening. Every path-taking API resolves and validates against the tenant root.

What your finance team will care about

Per-team cost. CSV reports per tenant per period. Charge back to internal budgets.
Hard quotas. Departments can't blow the monthly LLM budget — the gateway 429s at the quota boundary.
Rate card snapshotting. Historical reports reflect the rates that were in effect at the time, not today's rates.
Apache-2.0. No per-seat licensing, no surprise SaaS bills.

Deployment patterns

Single-instance. One VM, one gateway, all departments as tenants. Good for < 500 active users.
Two-region. Active gateway in primary region, hot-standby in secondary, S3 cross-region replication for backups. RTO ~10 minutes via restore.
Tenant-routed cluster. N gateways, a router in front that pins tenants to gateways by hash. Good for larger orgs.
Air-gapped. Gateway points at an internal Llama / Mistral inference server. No outbound traffic at all. Slower, fully isolated.

Integration with existing tools

SSO. Your IdP authenticates users; your backend maps them to tenant tokens via the control-plane API.
Slack. Tenant pairs Slack workspace; messages route to that tenant's agent.
Email. Custom inbound adapter (~200 lines) makes the gateway answer to a shared mailbox.
SIEM. Ship the JSONL audit log to Splunk / Elastic / Datadog with any log forwarder.
BI. Pipe billing CSVs to Snowflake / BigQuery for executive dashboards.

One gateway, every team — and your security team approves.

The shape of the problem

What your security team will care about

What your finance team will care about

Deployment patterns

Integration with existing tools

Run your own gateway today.