How to deploy OpenClaw for a startup team of 5-20 people

If you landed here you probably have two unanswered questions. One: can five to twenty engineers and ops folks actually share an AI agent without chaos? Two: how do you ship it this week, not next quarter? I spent the last month wiring OpenClaw (v2.7.1) into a 14-person product team. Here’s the exact playbook—infra, YAML, and the slightly painful human part.

Why startups bother with multi-agent OpenClaw

Single-user OpenClaw is trivial: npx openclaw gateway and you’re chatting. But the value curve bends when agents can:

Share persistent memory on deals, incidents, customer tickets.
Act in different channels—support, on-call, growth—each with tailored tool access.
Keep individual sandboxes so Alice’s experimental Zapier action doesn’t brick prod.

The caveat: once more than three humans share an agent, you need normal org hygiene—RBAC, audit logs, and a place to stick the YAML so nobody commits secrets to main.

Reference architecture for a 5–20 person team

Components

Gateway – Node 22+ web UI where users chat, inspect memory, and wire tools.
Daemon – Keeps workflows alive, runs schedulers, restarts crashed browser sessions.
Memory store – We use Postgres 15. Simple, ACID, and every dev already has psql muscle memory.
Secret store – HashiCorp Vault in prod; .env locally. Do not skip this.
Chat surfaces – Slack and Discord for us. WhatsApp for customer success. Pick two, not six.
Tool integrations – Via Composio (v0.44). Enabled per agent, not globally.

Network shape

One container for the gateway, one for the daemon, both on the same overlay network as Postgres. Agents talk to Slack over HTTPS. Browser control jumps through a headless Chromium sidecar. Nothing exotic.

Option A: Provision on ClawCloud in 10 minutes

If you want zero infra tickets, the hosted route wins. The downside: you’re handing data to a third party—fine for marketing copy, less fine for unreleased code. Trade-offs noted.

Sign up with SSO. The org slug will be used in URLs, can’t be changed—choose wisely.
Name the first agent. We used product-assistant. You can add more later.
Invite teammates via email or SAML group. Default role = member.
Generate an API token with Settings → Tokens → Create. Store in Vault.
Wire integrations under Tools. Pro tip: give the GitHub app read-only until you trust your prompts.
Under Channels click Slack, follow the OAuth flow. Pick a fresh channel; retrofitting into #general is loud.

You’re live. The onboarding bot posts a quickstart. Redirect the team there and skip to the "Change management" section of this article.

Option B: Self-hosting with Docker Compose

We went self-hosted to keep logs inside our VPC. Here’s the trimmed docker-compose.yaml we ship to prod:


version: "3.9"
services:
  postgres:
    image: postgres:15
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data

  gateway:
    image: ghcr.io/openclaw/gateway:2.7.1
    depends_on:
      - postgres
    environment:
      DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/openclaw
      NODE_ENV: production
      PORT: 3000
    ports:
      - "443:3000"
    secrets:
      - vault_token

  daemon:
    image: ghcr.io/openclaw/daemon:2.7.1
    depends_on:
      - gateway
      - postgres
    environment:
      DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/openclaw
      VAULT_TOKEN_FILE: /run/secrets/vault_token
    secrets:
      - vault_token

secrets:
  vault_token:
    file: ./vault_token

volumes:
  pgdata:

Note the images are pinned. Latest tends to sneak in breaking changes on Fridays.

Bootstrapping


export POSTGRES_PASSWORD=$(openssl rand -base64 24)
export OPENCLAW_ORG=acme
mkdir openclaw-prod && cd $_
curl -LO https://raw.githubusercontent.com/acme/scripts/main/docker-compose.yaml
vim .env   # stick secrets here
sudo docker compose up -d

Hit https://openclaw.mycorp.com and create the first admin account.

Modeling people, agents and shared memory

1. Org-level roles

admin – Creates agents, manages tokens.
member – Uses existing agents, can’t install new integrations.
observer – Read-only. Handy for auditors and interns.

2. Agent-level capabilities

Each agent has its own ACL:


agent "ops-oncall" {
  allowedTools = ["shell", "pagerduty", "github:write"]
  channels     = ["slack:#oncall", "telegram:+1555..."]
  memoryScopes = ["incidents", "postmortems"]
}

Memory scopes are namespace prefixes in Postgres. The browser sidecar persists cookies per agent, not globally, so you can run both customer-facing and internal stacks without leaking sessions.

3. Per-person workspaces

By default OpenClaw dumps all conversation context into one giant table. That’s noisy. Create personal workspaces so prompts don’t cross streams:


oc admin workspace create --user alice --db postgres://.../openclaw --scope "alice-lab"

Then instruct Alice to prepend /workspace alice-lab in Slack. She gets her sandbox; the agent retains shared memory when she hops back.

Access control and audit logging

Enabling RBAC


export OPENCLAW_RBAC=1   # set in gateway container env

With RBAC on, each action—running a shell command, pushing to GitHub—is checked against the agent policy.

Audit log sink

Every event is already stored in Postgres. Pipe it to a real SIEM:


select ts, user_email, action, metadata
from audit_log
where ts > now() - interval '1 day';

We ship these rows into Vector → Loki → Grafana. 30-line config; worth it when compliance shows up.

Getting humans to actually use it

1. Appoint one agent owner

If everyone can tweak prompts, no one trusts the output. We picked our staff engineer Dan as “agent owner.” He merges prompt PRs and is the single point of blame.

2. Run a 30-minute onboarding session

Live demos beat wiki pages. Show three workflows that save real pain—ours were:

Generate a changelog from merged PRs since the last tag.
Spin up a staging environment with one Slack command.
Summarize the last five Zendesk tickets and propose fixes.

3. Default to public channels

Private DMs with the bot kill virality. We routed /ask queries to #product-bot. Peer pressure keeps prompts clean and teaches the team by osmosis.

4. Weekly office hours

We stole this from the GitHub discussions. 15 minutes every Friday where anyone can share a new workflow. Low ceremony, high novelty.

Governance checklist

[ ] All secrets live in Vault or AWS Secrets Manager, never in repo.
[ ] RBAC flag enabled; observers can’t mutate state.
[ ] Audit log shipped off-box and retained for 90 days.
[ ] Agent owner documented.
[ ] Prompt snippets reviewed like code (PR + review).
[ ] Break-glass policy: oc admin disable-agent <name>.

Next step: ship one workflow this week

Don’t aim for a “fully autonomous org.” Pick one annoyance—release notes, on-call rota, sales Q&A—and let OpenClaw own it end-to-end. The team sees value, the infra holds, and you earn the right to automate the next thing.