Skip to main content
Open Source Free MIT License

OpenClaw Serverless

Running AI agents for multiple tenants means managing isolation, persistence, and scaling — or paying for always-on infrastructure that sits idle.

View on GitHub Get Production Help

Multi-tenant AI agent hosting with zero-cost idle

OpenClaw Serverless is a free, open-source deployment architecture for running AI agents on GCP Cloud Run with complete per-tenant isolation. It features GCSFuse workspace persistence, webhook integration for Telegram and Slack, and scales to zero when idle. Available on GitHub at github.com/cloudon-one/openclaw-serverless.

Core Features

Multi-Tenant Isolation

Complete resource separation between tenants with zero cross-tenant data access.

  • Separate Cloud Run services per tenant
  • Individual service accounts with strict IAM
  • Isolated GCS workspace buckets
  • Network segmentation and secret scoping

Serverless Architecture

Scale-to-zero GCP Cloud Run instances with persistent workspace storage.

  • Zero minimum instances for idle tenants
  • 15-20 second cold start when activated
  • GCSFuse mounts for workspace persistence
  • ~$50-70/month per warm tenant

Messaging Integration

Production-ready webhook handling for Telegram and Slack with security validation.

  • Telegram bot webhook with timing-safe signature validation
  • Slack app with HMAC-SHA256 signature verification
  • Centralized router for tenant routing
  • Replay attack prevention

How It Works

01

Configure Tenants

Define tenants in a YAML configuration file. Each tenant gets its own Cloud Run service, service account, and workspace.

02

Deploy with Terraform

Apply Terraform to provision all GCP infrastructure: Cloud Run services, GCS buckets, IAM bindings, and secrets.

03

Register Webhooks

Set up Telegram bot tokens or Slack app credentials. The router automatically routes incoming messages to the correct tenant.

04

Scale Automatically

Active tenants scale up on demand. Idle tenants scale to zero. You only pay for compute when agents are actually working.

Why Choose OpenClaw Serverless?

Zero-Cost Idle

Tenants with no activity scale to zero instances, costing nothing. Warm tenants run at approximately $50-70/month.

Complete Isolation

Every tenant has its own service account, workspace bucket, and Cloud Run service. No shared state, no cross-tenant data access.

One-File Tenant Addition

Adding a new tenant is a YAML change and a Terraform apply. No code changes, no new deployments, no manual configuration.

Persistent Agent Workspaces

GCSFuse mounts Google Cloud Storage directly into containers, persisting agent state across container restarts without sync daemons.

Tech Stack

GCP Cloud Run (Gen2) Google Cloud Storage GCSFuse Terraform Node.js 20+ Express.js Secret Manager Artifact Registry

Frequently Asked Questions

What is OpenClaw Serverless?
OpenClaw Serverless is an open-source deployment architecture for running multiple isolated AI agents on Google Cloud Platform. Each tenant gets their own Cloud Run service with persistent workspace storage and webhook-based messaging integration.
How much does it cost to run?
Idle tenants cost nothing due to scale-to-zero. Active tenants cost approximately $50-70/month with one minimum instance. The exact cost depends on usage patterns and agent complexity.
What messaging platforms are supported?
OpenClaw Serverless supports Telegram and Slack out of the box with production-ready webhook handling, signature validation, and replay attack prevention.
How is tenant isolation achieved?
Each tenant gets a separate Cloud Run service, service account, GCS bucket, and IAM bindings. The architecture ensures zero cross-tenant data access through strict IAM policies and network segmentation.
Can I add custom agent skills?
Yes. The architecture supports custom agent skills via Git-based skill repositories. Each agent can have its own set of skills configured through the tenant YAML file.

From the Blog

OpenClaw on GCP Cloud Run: Secure, Serverless, Multi-Tenant

How to deploy OpenClaw AI agents on GCP Cloud Run with complete per-tenant isolation, serverless scaling, and production-ready security.

GCP Cloud Run OpenClaw AI Agents
Read article

Other CloudOn Tools

FinOps Guardian

FinOps Guardian is a free, open-source cost governance toolkit for AWS and GCP. It automatically detects idle resources, provides cost-saving recommendations, and cleans up unused infrastructure. Deployed with Terraform, it runs serverlessly on Lambda and Cloud Functions. Available on GitHub at github.com/cloudon-one/FinOps-Guardian.

Learn more

Multi-Cloud Runway

Multi-Cloud Runway is a free, open-source infrastructure template providing security-hardened landing zones for AWS and GCP. It sets up multi-account environments with networking, IAM, security monitoring, and compliance via Terraform/Terragrunt. Available on GitHub at github.com/cloudon-one/multi-cloud-runway.

Learn more

SecureOps

SecureOps is a free, open-source GitHub Action that performs automated security scanning on repositories. It detects secrets, vulnerabilities, and misconfigurations using Gitleaks, Trivy, and OSV-Scanner. Generates multi-format reports and integrates with GitHub Security tab. Available on GitHub at github.com/cloudon-one/git-security-scanner-public.

Learn more

Run OpenClaw Serverless in your environment.

Clone the repo and deploy with Terraform — or book an engineering call for hands-on help adapting it to your stack.

View on GitHub Book an Engineering Call