Claworc

Claworc is a multi-instance orchestrator and management platform for OpenClaw local AI Agents. It provides a single Web dashboard to create, start, stop, and delete multiple Agent instances, each running in an isolated container with its own browser, terminal, and persistent storage.

Multi-Instance Lifecycle Management#

• Instance create/start/stop/delete via a single Web dashboard
• Container-level isolation: each instance has its own browser, terminal, persistent storage, and filesystem
• Crash recovery: instances monitored by systemd with automatic restart
• Supports both AMD64 and ARM64 architectures

Agent Interaction Channels#

Five interaction channels are available: LLM chat (supporting Claude, GPT, DeepSeek, etc.), real-time browser viewing and control via VNC, SSH interactive terminal (with session persistence and rollback), SSH file management (browse/upload/download/edit), and real-time log streaming.

Security & Access Control#

The security architecture centers on SSH: the control plane serves as the sole entry point, proxying all traffic to Agents through multiplexed SSH tunnels without exposing Agent ports externally. Security mechanisms include automatic ED25519 key generation with zero-downtime rotation, source IP whitelisting (CIDR), sliding-window rate limiting (10/min) with escalating lockouts, SQLite audit logging, Fernet symmetric encryption for API Keys, and WebAuthn-based multi-user RBAC (Admin/User roles with biometric authentication).

Model & Key Management#

• Global default LLM model and API Key configuration
• Per-instance override for different models and Keys
• Built-in LLM Gateway, virtual keys, and model configuration

Architecture & Implementation#

The control plane is a single Go binary (~20MB, frontend TypeScript compiled and embedded), built with go-chi, SQLite (GORM), Docker SDK, and Kubernetes client-go. Agent instance images are based on Debian Bookworm minimal + s6-overlay v3, with Node.js 22, Python 3, Poetry, and Git pre-installed. The desktop environment uses Openbox + Chromium (Brave/Chrome alternatives available via different Dockerfiles), with a built-in stealth extension for browser anti-detection.

Communication architecture: Browser → Control Plane → [SSH Tunnel] → Agent :3000 (VNC) / :18789 (Gateway) / SSH exec (terminal, files, logs). Three-layer health monitoring (SSH keepalive → command execution probe → tunnel connectivity probe) with automatic reconnection.

Deployment Options#

• Docker Compose: Official install script or manual docker-compose.yml deployment
• Kubernetes Helm: helm install claworc ./helm --namespace claworc --create-namespace
• Environment variables: CLAWORC_DATA_PATH (data storage), CLAWORC_BACKUPS_PATH (backup path)
• Instance environment variables support three-level configuration: global → per-instance override → skip on creation

Use Cases#

Team AI Agent distribution, shared data analysis Agents, internal IT support bots, parallel isolated multi-Agent experiments, organizational-level AI Agent security management.

Notes#

• Custom source-available license (non-OSI), explicitly prohibits offering as a hosted/managed service to third parties
• No tags/releases published yet, only latest Docker tag
• Upstream OpenClaw repository link not explicitly provided (suspected: nicepkg/openclaw)