How to Build a SaaS Product on Top of the OpenClaw Framework

People keep asking whether you can ship a paid SaaS on top of an open-source agent like OpenClaw. Short answer: yes. I did it twice internally and learned where the bodies are buried. This post walks through the architecture, the API surface you actually touch, white-labeling tricks, and—because we all like examples—the Moltbook model that proved it works.

Why OpenClaw Is Viable SaaS Infrastructure

OpenClaw sits in a sweet spot between full AI platforms (too heavy, too closed) and chatbot wrappers (too shallow). Features you get for free:

850+ integrations via Composio
Out-of-the-box channel adapters (WhatsApp, Discord, Slack, etc.)
Browser control, shell exec, scheduled jobs, vector memory

None of that is trivial to rebuild. Licensing is MIT, no viral clauses, so reselling as SaaS is allowed—just keep the copyright header. That alone removes weeks of contract law back-and-forth when talking to customers.

Reference Architecture: Your App, OpenClaw, ClawCloud

Self-Host vs ClawCloud

You can:

Run the daemon yourself – full control, heavier ops burden.
Use ClawCloud – let Peter’s team babysit the Node processes.

I started self-hosted for dev, went to ClawCloud for prod. The point is optionality. Migrate if margins get squeezed.

Component Diagram (ASCII, sorry)


┌─────────────┐   https    ┌───────────────┐
│  Frontend   │──────────►│  Your API      │
└─────────────┘           └───────────────┘
                             │ REST/gRPC
                             ▼
                        ┌──────────┐
                        │ Gateway  │  ⇦ part of OpenClaw
                        └──────────┘
                             │ event bus
                             ▼
                        ┌──────────┐
                        │ Daemon   │  ⇦ long-running tools, tasks
                        └──────────┘
                             │
                   ┌─────────┴────────┐
                   │ LLM Providers    │
                   └──────────────────┘

Your API acts as a tenant boundary. The Gateway (web UI + REST) is where you plug in.

Touching the OpenClaw API Surface

1. Agent Lifecycle

Create, update, delete agents through the Gateway REST endpoints. Example:


POST /api/v1/agents
{
  "name": "acme-onboarding-bot",
  "model": "gpt-4o",
  "tools": ["github", "notion", "shell"],
  "memory": {
    "type": "vector",
    "backend": "qdrant"
  }
}

Response contains an agent_id you’ll store in your DB.

2. Conversations & Events

You rarely poll. Instead, subscribe to the SSE stream:


curl -H "Authorization: Bearer $TOKEN" \
     https://gateway.clawcloud.dev/api/v1/agents/$ID/events

Events are JSON blobs: {type:"message", role:"assistant", content:"…"}. Forward them to your users’ UI.

3. Custom Tools

The SDK lives in @openclaw/toolkit. A trivial internal API wrapper:


import { defineTool } from "@openclaw/toolkit";

export default defineTool({
  name: "invoice.lookup",
  description: "Fetch invoice status by ID",
  args: z.object({ id: z.string() }),
  run: async ({ id }) => {
    const res = await fetch(`https://billing/api/invoices/${id}`);
    return await res.json();
  }
});

Drop the file under tools/, restart the daemon. The Gateway introspects and exposes it automatically.

Embedding OpenClaw Inside Your Service

Node 22+ Is Mandatory

I learned the hard way. Ubuntu 20 ships Node 18; LTS won’t cut it. Use asdf or n to pin Version 22.4.1.

Docker Compose Skeleton


version: "3.9"
services:
  gateway:
    image: ghcr.io/openclaw/gateway:1.9.2
    environment:
      - PORT=3000
      - DATABASE_URL=postgres://claw:pass@db/claw
    depends_on: [db]
    restart: unless-stopped

  daemon:
    image: ghcr.io/openclaw/daemon:1.9.2
    volumes:
      - ./agents:/agents
    environment:
      - GATEWAY_URL=http://gateway:3000
    depends_on: [gateway]
    restart: unless-stopped

  db:
    image: postgres:16-alpine
    environment:
      - POSTGRES_USER=claw
      - POSTGRES_PASSWORD=pass

Stick your own service in the same network, call the Gateway on gateway:3000.

Scaling Strategy

Gateway is stateless. Horizontal scaling works behind a load balancer; just share Postgres.
Daemon is sticky. Each instance owns a shard of agents. Use a queue (e.g., NATS) to distribute jobs.

In practice we did 1:1 mapping—one small daemon per customer—then charged for dedicated compute. Easier than multitenant CPU throttling.

White-Labeling & Multi-Tenancy Tricks

Brand & Theme Overrides

The Gateway exposes a JSON theme file at /config/theme.json. Ship a sidecar that rewrites:


{
  "logoUrl": "/static/acme.svg",
  "accentColor": "#FF5722",
  "productName": "AcmeAI"
}

One Nginx rule later and your customers never see a claw logo.

Auth

OpenClaw ships with GitHub login only. For SaaS you’ll need SSO. We proxy:

User hits GET /login on our app
We run OIDC with the customer’s IdP
Backend generates a short-lived JWT signed with CUSTOMER_KEY
JWT added as X-OpenClaw-Token when we iframe the Gateway

Gateway trusts the signature; no modifications to its codebase. Keep patches low.

Data Isolation

Two schools:

Single DB, tenant_id column – cheaper, more indices.
Schema-per-tenant – easy export/delete, favored by EU lawyers.

We chose schema-per-tenant, 600 tenants, no issues under Postgres 16.

LLM Usage Caps

OpenClaw does not meter. Wrap the /completions call via an envoy filter that increments Redis counters. Reject when quota exceeded. Five lines of Lua.

The Moltbook Precedent

Moltbook is the notebook-style interface some of you saw trending on GitHub (#3 on Hacker News in March). It’s open-source (MIT) yet the team monetizes by:

Hosting it (zero-install pitch)
Adding vendor-specific integrations (Snowflake, Databricks) behind a paywall
Providing SOC-2 compliant environments

Same playbook applies to OpenClaw. The OSS core attracts contributors; your SaaS sells convenience, compliance, and SLAs.

Business Viability: Numbers & Margins

Cost Breakdown (per active agent)

OpenAI or Anthropic tokens: $0.0005–$0.03 per 1K tokens
ClawCloud compute: $18/month for a 1 vCPU box
Postgres on Supabase: $25/month (2 GB RAM)

We priced at $49/agent/mo. Gross margin ~60% before support. Once you pass $10k MRR, self-host the stack on bare metal and margins jump to 80%.

License & Compliance

OpenClaw’s MIT license is permissive but has trademark clauses. Don’t call your thing “OpenClaw Pro.” Stick to your branding and you’re safe. If you tweak core code, upstream it; maintenance is cheaper than carrying a fork.

Operational Headaches Nobody Tells You About

Shell Tool Sandboxing

tool.shell can nuke a host. We chroot into a tmpfs and run with --cap-drop=ALL in Docker. Customers never noticed; auditors were happy.

Prompt Drift & Regression Tests

LLM providers change models weekly. We record agent transcripts and replay nightly. A simple diff threshold (>5% token difference) triggers manual review.

Upgrade Path

Gateway 1.8 ➜ 1.9 renamed /v1/tools to /v1/skills. Pin image tags; never track :latest. Write a one-page runbook: migrate DB, run npm run migrate, rollback plan.

Putting It All Together: 10-Step Checklist

Validate use-case: internal tool? customer support? list integrations needed.
Spin up OpenClaw locally: npm create openclaw@latest
Prototype custom tool: wrap one proprietary API.
Embed Gateway via iframe in your React/Vue app.
Add JWT auth proxy for single sign-on.
Decide tenancy model: schema-per-tenant or column.
Meter LLM calls with an envoy/Lua filter.
Write regression harness to replay transcripts nightly.
Pick hosting: start on ClawCloud, plan exit to k8s later.
Price >2× cost, sell convenience and compliance, not the code.

Follow these steps and you’ll have a working, billable SaaS on top of OpenClaw before the weekend ends—provided you already paid last month’s OpenAI bill.

Next step: fork the example repo (github.com/openclaw/examples-saas), swap the logo, and push it in front of a customer. Feedback is faster than any blog post.