Native MCP support Now Available

Infrastructure for
the AI agent era

The managed platform where your AI agents connect to your tools, run securely in production, and launch with their own subdomain, TLS certificate, and edge-isolated runtime.

Request Access → See the Architecture

Invite-only access · Approved within one business day

Need a walkthrough? Read the setup guide.

Agent Infrastructure

✓ Per-agent DNS subdomain
✓ Automatic TLS
✓ Edge Isolation
✓ Native MCP Support
✓ Tenant Isolation
✓ Audit Logging

Supported Providers

OpenAI

Anthropic

Google AI

Groq

OpenRouter

Ollama Cloud

Cerebras

Workers AI

10 Channels

✓ Web Chat
✓ Telegram
✓ Discord
✓ Slack
✓ WhatsApp
✓ Teams
✓ Google Chat
✓ Matrix
✓ Zalo
✓ BlueBubbles

AI Providers

Anthropic · Claude Opus, Sonnet, Haiku OpenAI · GPT-4.1, o3, o4-mini Google AI · Gemini 3 Pro, Flash Cerebras · Fast inference OpenRouter · 200+ models Workers AI · Fast inference, no egress Ollama · Local models via gateway

Route tasks to the right model. Bring your own provider keys for unmetered usage.

MCP NATIVE

Your agent is an MCP endpoint

Every ClawCentral agent exposes a production-ready MCP server. Any MCP-compatible client — Claude Desktop, Cursor, Windsurf, custom apps — can connect and use your agent's tools directly.

🔒

OAuth 2.1 + PKCE

Production-grade auth. No shared tokens — real OAuth with proof keys and scoped access.

⚡

Server-Sent Events transport

Streaming SSE transport with session management. Connect, call tools, stream results in real time.

🔌

Every tool, every skill — over MCP

Built-in tools, installed skills, and workspace files are all available through the MCP protocol.

🌐

Discoverable at your subdomain

your-agent.clawcentral.io/.well-known/oauth-authorization-server — standard discovery, zero config.

Endpoint https://my-agent.clawcentral.io/mcp

Transport SSE (Server-Sent Events)

Auth ✓ OAuth 2.1 + PKCE

Tools Built-in + installed skills

Discovery /.well-known/oauth-authorization-server

Status ● Live

Compatible with

Claude Desktop Cursor Windsurf Claude Code Custom clients

The Trade-off

The Self-Hosting Tax:
What It Actually Costs

Self-hosting OpenClaw is free — until you count the ops time. Firewall config, TLS, secrets management, updates, monitoring: that's 2–6 hours setup plus 1–2 hours every month. Here's where that time goes.

Infrastructure setup: 2–4 hours

Provision a server, configure networking, set up reverse proxy, obtain TLS certificates, harden the firewall. All before your agent handles a single request.

Secrets management: your responsibility

API keys stored as files on disk, environment variables in plaintext, no encryption at rest. You build the secrets pipeline or accept the risk.

Updates and patches: ongoing

OpenClaw ships updates frequently. Each one means pulling, testing, restarting — and hoping nothing breaks in production.

Team access: not built in

Need per-user roles, audit trails, or isolated workspaces? You're building that yourself. Self-hosted OpenClaw is single-tenant by default.

Scaling: more servers, more ops

Need more capacity? Spin up another VPS, configure it, keep it updated. No auto-scaling, no load balancing, no capacity planning built in.

No MCP marketplace

Self-hosted means manually configuring every tool integration. No pre-built MCP servers, no one-click connections to the tools your team relies on.

Managed infrastructure handles all of this for you.

Architecture

Built for Production:
Edge-Isolated Agent Runtime

Every agent runs in its own tenant-isolated runtime with automatic TLS, per-tenant storage, and native MCP — secure by architecture, not by checklist.

ClawCentral

Client Request

↓

Global Edge Network Global edge network · Automatic TLS · DDoS mitigation

↓

Authentication Layer Enterprise identity · MFA · HMAC sessions (8h expiry)

↓

Tenant Isolation Layer Per-tenant routing · Role-based access · Owner / Admin / Member

↓

Sandboxed Instance Isolated runtime · No exposed ports · Scoped encrypted storage

Self-Hosted

Internet

↓

Open Port Directly exposed to the internet

↓

OpenClaw Gateway No auth layer · Token in URL

↓

Your Data Plaintext on disk · Shared filesystem

No Public Ingress

Your agent has no internet-facing ports. Every request must pass identity and scope checks at the edge before it can reach your instance — anonymous traffic never arrives.

Enterprise Identity

Authentication via Microsoft Entra with MFA, conditional access, and account lockout. Sessions use cryptographically signed cookies with automatic expiry. No long-lived tokens, no shared passwords.

Tenant Isolation

Each tenancy runs in its own sandboxed instance with dedicated compute, memory, and filesystem. One tenant cannot access another's data, processes, or configuration. Ever.

Encrypted Storage

Conversations, provider keys, and configuration live in per-tenant storage with scoped access and encryption at rest. Deleted data is actually deleted — no plaintext backups lingering on disk.

Edge-First

Every request is authenticated at the nearest edge location before traversing the network. Built-in DDoS protection, automatic TLS, and intelligent geographic routing across a global network.

Protocol-Level Security

WebSocket connections are intercepted at the edge. Authentication frames are rewritten server-side. The gateway never sees raw credentials from the client.

AI Gateway DLP

Data Loss Prevention policies scan every prompt and response flowing through the AI gateway. PII, credentials, API keys, and custom patterns are detected and blocked before they reach the model or the user. Helps meet GDPR, HIPAA, and PCI DSS requirements.

See the full trust boundary model →

Features

Everything you need,
nothing you don't

Deploy AI agents that take action — not just chat. Connected to your tools, running in production.

Extensible Skill System

Bring your own code or install from the catalog — GitHub, Slack, Gmail, Linear, Notion, Stripe, and more. Every skill runs in a sandboxed per-tenant environment with scoped access.

Scheduled Agents

Cron-driven agent runs with per-schedule payloads. Nightly reports, hourly polls, one-shots — any agent can run on a timer without wiring up external schedulers.

Sub-Agent Orchestration

Spawn sub-agents 3 levels deep with per-agent model routing for planning, coding, research, and execution.

Extended Thinking

Five thinking levels from off to adaptive. Let the model reason through complex problems before it acts.

Audit Trail

Every request, tool call, and completion is recorded with actor, tenant, and timestamp. Queryable API for compliance reviews and incident response — no log-forwarding required.

Native MCP Server

Full OAuth 2.1 + PKCE + SSE transport. Your agent is an MCP endpoint — connect from any MCP client.

Code Sandbox

Python, Bash, and Node execution in isolated managed containers. Persistent state, 120-second timeout, auto-restart.

10 Messaging Channels

Web, Telegram, Discord, Slack, WhatsApp, Teams, Google Chat, Matrix, Zalo, and BlueBubbles. All with webhook verification.

Use Cases

What teams are
automating

ClawCentral isn't a chat interface — it's a platform for AI agents that take real action. Here's what people are building.

Media & Production Pipelines

Automate podcast research, guest briefings, show notes, and social clips from a single workflow. Trigger on new episode drafts and publish across channels.

Sales Research & Outreach

Enrich leads, draft personalized emails, and update your CRM — all without touching a keyboard. Run at scale across hundreds of prospects.

Code Review & Ticket Triage

Route GitHub issues, summarize PRs, tag priorities, and post Slack updates automatically. Keep your eng team focused on building, not triaging.

News Monitoring & Digests

Watch topics, summarize breaking news, and deliver a custom digest to Telegram or email on any schedule. Your agent reads so you don't have to.

Agent Identity

Every agent gets a name,
an address, and a certificate

When you deploy on ClawCentral, your agent gets its own DNS subdomain with automatic TLS — a verifiable, human-readable, revocable identity built on standard internet infrastructure.

Public DNS subdomain

Your agent lives at your-agent.clawcentral.io — discoverable, shareable, and human-readable.

Automatic TLS certificate

Every subdomain gets its own certificate. Verification is built into the protocol, not bolted on.

Agent discovery endpoint

Standard /.well-known/agent-card metadata — capabilities, owner, version, all machine-readable.

Instant revocation

Deactivate a compromised agent by removing its DNS record. No key rotation, no token refresh — it simply stops existing.

Agent Identity Card

Endpoint https://my-agent.clawcentral.io

TLS ✓ Valid · auto-provisioned

Discovery /.well-known/agent-card

MCP Native support enabled

Isolation Tenant-isolated runtime

Status ● Live

Comparison

Self-Hosted vs ClawCentral

See how managed infrastructure compares to running your own instance.

Feature comparison between Self-Hosted OpenClaw and ClawCentral
	Self-Hosted	ClawCentral
Infrastructure
Auto-scaling	Manual	Automatic global edge
Zero-downtime updates	Process restart	Zero-downtime rolling deploys
Multi-tenancy	Single user	Subdomain routing + DO namespacing
Global edge	Single server	Global edge network
Infrastructure mgmt	You manage	Fully managed
AI & Agent
AI providers	7+ (direct)	7+ (via AI Gateway)
Sub-agents	3 levels, 5 children	3 levels, 5 children
Code execution	Docker	Managed containers
Scheduled runs	External cron	Built-in, per-agent
Audit trail	Roll your own	Queryable API included
Channels
Messaging channels	12 (incl. Signal, Mattermost)	10 (incl. Zalo, BlueBubbles)
MCP server	Basic bearer token	OAuth 2.1 + PKCE + SSE
Security
Authentication	Local gateway token	Microsoft Entra CIAM
Instance isolation	Docker (shared kernel)	Tenant-isolated runtime
Multi-user access	Shared token	Owner / Admin / Member RBAC
Data isolation	Shared filesystem	Per-tenant encrypted storage
DDoS protection	Self-managed	Automatic edge network
Automation
Cron jobs	✓	✓
Heartbeats	✓	✓
Webhook hooks	✓	✓
Provisioning
Getting started	You provision and operate	Invite-only · admin-approved
Model keys	You manage	BYOK — use your provider, your rates

The trust boundary, layer by layer

Identity

Every request is authenticated — SSO, API token, or paired-device credential. Anonymous traffic never reaches an agent.

Scope

Tools, data, and skills are scoped per agent. A skill that can read mail cannot write to billing, even for the same user.

Execution

Your agent runs in a tenant-isolated runtime. Code you run goes through a managed container sandbox with no inbound network.

Secrets

Provider keys live in a permission-hardened vault — never in plaintext config, never in logs, rotated in-place.

Audit

Every action is recorded — who, what, when. Replayable trail for compliance and incident response.

FAQ

Frequently asked questions

Everything you need to know before getting started.

How long does setup take? +

Once you're approved, we provision your tenancy with the capacity your team needs. Then use the setup guide to connect channels and tools in the order you need them.

What is OpenClaw? +

OpenClaw is an open-source AI assistant platform used by individuals and organizations to run private, customizable AI assistants. ClawCentral provides enterprise-grade hosting so you get the power of OpenClaw without managing infrastructure, security, or scaling.

How is my instance protected? +

Your instance runs inside a sandboxed environment with no exposed ports. Every request passes through enterprise authentication and an edge proxy before it can reach your instance. There's no way to connect to it directly from the internet.

How is my data isolated from other tenants? +

Each tenancy has its own dedicated instance, compute, memory, and filesystem. Storage is scoped per-tenant with encryption. One tenant cannot access another's data, conversations, configuration, or API keys.

Can I use this for my team or organization? +

Yes. Invite team members as Admins or Members with role-based permissions. Each person gets their own authenticated session with fine-grained access controls.

Can I bring my own API keys? +

Yes. Bring your own OpenAI, Anthropic, or other provider keys for unmetered usage — or use the platform-managed defaults we provision for your tenancy.

Can I migrate from a self-hosted OpenClaw instance? +

Yes. You can connect your existing OpenClaw configuration and skills to a ClawCentral tenancy. Your conversation history stays with your self-hosted instance, but new conversations start immediately on the managed platform.

Where is my data stored? +

Conversations and configuration are stored in per-tenant encrypted storage distributed across global infrastructure. API keys and secrets are stored separately with additional encryption. Deleted data is permanently purged — no plaintext backups remain.

What happens if I need more capacity? +

Capacity is sized during onboarding and can be raised by your platform admin at any time. Usage with your own provider keys is not metered by us.

What AI providers does ClawCentral support? +

Anthropic (Claude), OpenAI (GPT), Google AI (Gemini), Cerebras, OpenRouter, Workers AI, and Ollama. BYOK is supported for every provider — bring your own keys for unmetered usage.

Can agents run on a schedule? +

Yes. Every agent supports cron-style scheduled runs with a per-schedule payload. Use it for nightly reports, hourly polls, or one-shot tasks — no external scheduler required.

Is there an audit log? +

Yes. Every request, tool call, and completion is recorded with actor, tenant, and timestamp in a queryable audit log. Use the included API for compliance reviews and incident response.

Request Access

Invite-only access,
approved within one business day

Tell us a little about what you want to build. We'll provision a tenant, assign the right limits, and email you a sign-in link.

Your AI agents deserve real infrastructure

Tell us what you want to build. We'll provision a tenant with the right limits and email you a sign-in link.

Request Access →

🔒 Microsoft Entra sign-in ✉ Invite-only access 🛠 Bring your own model keys 📖 Setup guide included