Openclaw Service

OpenClaw as a Service — how Molt.id runs isolated AI agents for every .molt domain.

Molt.id Multiclaw Service

Molt.id Multiclaw Service is OpenClaw as a Service — a multi-tenant platform that gives each .molt domain owner their own isolated AI agent (OpenClaw instance) running inside a Cloudflare container. Users authenticate via Solana NFT ownership, and the platform handles all infrastructure: container lifecycle, LLM routing, channel integrations, and data persistence.

Architecture Overview

                    ┌──────────────────────────┐
                    │   Cloudflare Workers      │
                    │   (HTTP Router)           │
                    └──────┬───────────────────┘
                           │
            ┌──────────────┼──────────────┐
            │              │              │
            ▼              ▼              ▼
    ┌──────────────┐ ┌──────────┐ ┌──────────────┐
    │ User A       │ │ User B   │ │ User C       │
    │ Container    │ │Container │ │ Container    │
    │              │ │          │ │              │
    │ OpenClaw     │ │ OpenClaw │ │ OpenClaw     │
    │ ClawRouter   │ │ ClawRtr  │ │ ClawRouter   │
    └──────────────┘ └──────────┘ └──────────────┘
            │              │              │
            └──────────────┼──────────────┘
                           │
                    ┌──────▼───────────────────┐
                    │   Cloudflare R2 Storage   │
                    │   (Snapshots, User Data)  │
                    └──────────────────────────┘

Components

NFT Domain Authentication

Users authenticate by proving ownership of a .molt domain NFT (Metaplex Core asset). The NFT contains on-chain attributes that map to a Molt.id Multiclaw Service user identity.

Authentication Flow

NFT Attributes (On-Chain)

The NFT stores these attributes in the Metaplex Core Attributes plugin:

The NFT's Name field is used as the domain name (e.g., alice.molt).

Token Lifecycle

• JWT tokens are valid for 7 days

• Signed with HMAC-SHA256

• Stored as an HttpOnly cookie scoped to your agent's path

Cloudflare Containers

Each user gets an isolated Cloudflare Sandbox container running OpenClaw.

Container Image

Services Running Inside Each Container

Idle Timeout & Sleep

• Containers automatically stop after 10 minutes of no external requests

• Only incoming requests reset the idle timer — internal activity does not

• When sleeping, the container's processes are killed and the slot is freed

• On the next request, the container cold-starts and restores from its R2 snapshot

This is how we keep costs near zero — you only pay when your agent is active.

Container Startup (Cold Start)

When a user's container is accessed after sleeping:

1. Cloudflare provisions a fresh container instance

2. R2 snapshot is downloaded and restored (chat history, workspace, device identity)

3. Fresh config is written with current channel tokens, LLM keys, and auth

4. ClawRouter starts (if wallet key is available)

5. OpenClaw gateway starts

6. A loading page is shown to the user while startup completes

R2 Storage & Snapshots

R2 is used for all persistent storage — user data, snapshots, and global configuration. No ingress fees.

What's Stored

What Persists Across Restarts

Included in snapshots:

• Device identity (critical for channel pairing)

• Approved sender lists (pairing allowlists)

• All chat transcripts and session history

• Agent state files

• User workspace, memory, and custom files

Excluded (always written fresh on startup):

• OpenClaw config

• API credentials

• Wallet keys

• Lock files, SQLite temp files, and logs

Backup Triggers

Snapshot Limits

• 50 MB maximum per snapshot — larger snapshots are skipped

Restore Process

On cold start:

1. Snapshot tarball is downloaded from R2

2. Extracted into the fresh container

3. Config files are written after restore (always fresh, never from snapshot)