Lobu is an open-source multi-tenant gateway for OpenClaw. One sandbox and filesystem per user/channel. Shared memory across contexts. Agents never see secrets.
OpenClaw is a full agent runtime (~800k LOC) but it's single-tenant by design β every user shares the same filesystem and bash session. Lobu rewrites only the gateway layer (~40k LOC) to be multi-tenant and keeps OpenClaw's Pi harness untouched inside each worker.
Embedded mode uses just-bash + Nix for reproducible packages. Each user gets an isolated virtual filesystem and bash session at ~50MB per instance β tested at 300 concurrent instances on a single machine, no Docker needed.
Embed OpenClaw-powered agents into your product, or give your team agents without managing a separate instance per person.
demo-readme.mp4 #
REST APIβ programmatic agent creation, control, and state.** Slack**β multi-channel/DM agents with rich interactivity.** Telegram**β webhook or polling bot with interactive workflows.** WhatsApp**β WhatsApp Business Cloud API.** Discord**β channel + DM bot support.** Teams**β Microsoft Teams bot.** Google Chat**β Cards v2, Workspace spaces.
Scaffold and run via the CLI. Lobu boots as a single Node process with a zero-config embedded Postgres by default (or bring your own β pgvector required β via DATABASE_URL
).
npx @lobu/cli@latest init my-bot
cd my-bot
npx @lobu/cli@latest run # boots the stack and applies your agent
npx @lobu/cli@latest chat -c local "hello" # talk to it
lobu run
(embedded) auto-applies your lobu.config.ts
, so the scaffolded agent is usable immediately. To use an external Postgres, set DATABASE_URL
in .env
; to push later config changes, run lobu apply
.
Runtime configuration is managed through the web app or the same org-scoped REST API used by the CLI:
npx @lobu/cli@latest login
npx @lobu/cli@latest org set my-org
npx @lobu/cli@latest agent list
Local lobu.config.ts
projects are still useful for lobu validate
and lobu apply
workflows.
Single-process Node remains the simplest deployment: run it with node
, pm2
, systemd
, or another process supervisor. The app needs DATABASE_URL
(Postgres + pgvector) reachable from its environment.
Local dev(contributing to Lobu itself): clone,make setup
,make dev
(boots embedded gateway + workers + Vite HMR on:8787
).Production (VM/bare metal):bun run --cwd packages/server build:server
, thennode packages/server/dist/server.bundle.mjs
under your process supervisor of choice.Production (Kubernetes): use the public Helm chart incharts/lobu
:See
helm install lobu oci://ghcr.io/lobu-ai/charts/lobu \
--namespace lobu --create-namespace \
-f your-values.yaml
charts/lobu/values.yaml
for the full set of tunables. At minimum supply an ingress host, asecretName
Secret containingDATABASE_URL
+ENCRYPTION_KEY
+BETTER_AUTH_SECRET
- provider API keys, and a
database.existingSecret
.
flowchart LR
Slack[Slack] <--> GW[Gateway]
Telegram[Telegram] <--> GW
WhatsApp[WhatsApp] <--> GW
Discord[Discord] <--> GW
API[REST API] <--> GW
GW <--> PG[(Postgres)]
GW -->|spawn| W[Worker]
subgraph Sandbox
W
end
W -.->|HTTP proxy| GW
W -.->|MCP proxy| GW
GW -->|domain filter| Internet((Internet))
GW -->|scoped tokens| MCP[MCP Servers]
Every Lobu agent ships with tools for autonomous execution and persistence:
| Feature | Built-in Tools |
|---|---|
| Autonomous scheduling β one-time or cron | |
manage_schedules |
|
| Human-in-the-loop β on button input, resume on answer | |
ask_user |
|
| Full Linux toolbox β sandboxed shell, file edit, search | |
bash , read , write , edit , grep , find , ls |
|
| Conversation context β pull earlier thread messages | |
get_channel_history |
|
| File & media delivery β share reports, charts, audio | |
upload_file , generate_audio , generate_image |
|
Skills β extend via lobu.config.ts or admin settings |
|
lobu.config.ts , Settings UI |
|
| Connected APIs β GitHub, Google, etc. with Lobu-managed OAuth | |
| MCP tools via Lobu | |
| Managed MCP proxy β any MCP server with secret injection | |
Nix + external MCPβ browsing, headless UI, custom toolsbash
(Nix), MCP serversProductivity: Google Calendar, Slack, Jira, NotionDevelopment: GitHub, GitLab, Postgres, DockerKnowledge: Wikipedia, Brave Search, YouTube, PDF Search
Gateway as single egress. All worker traffic β internet and MCP β routes through the gateway. Workers have no direct network access; domain filtering controls which services they reach.MCP proxy. Gateway resolves${env:VAR}
secrets and routes to upstream MCP servers. OAuth for third-party APIs stays in Lobu β workers never see tokens.Multi-platform, multi-tenant. One instance serves Slack, Telegram, WhatsApp, Discord, Teams, and the REST API. Each channel/DM gets its own runtime, model, tools, credentials, and Nix packages.OpenClaw runtime. Workers runOpenClaw Pi Agentwith per-agent model selection. Supports OpenClaw skills andIDENTITY.md
/SOUL.md
/USER.md
workspace files.Multi-provider auth. 16 LLM providers (OpenAI, Gemini, Groq, DeepSeek, Mistral, β¦) via a config-driven registry. API keys stay on the gateway.
Lobu is the infrastructure layer for autonomous agents. Frameworks like LangChain or CrewAI help you write agent logic; Lobu is the delivery layer that runs those agents at scale β sandboxing, persistence, and messaging connectivity.
| Lobu | OpenClaw | |
|---|---|---|
| Scale to zero | Workers scale down when idle | Requires always-on machine |
| Multi-tenant | Single bot, per-channel/DM isolation | One instance per setup |
| Multi-platform | Slack, Telegram, WhatsApp, Discord, Teams, Google Chat, REST API | |
βWorker egress through the gateway proxyHTTP_PROXY=http://localhost:8118
with allowlist/blocklist + LLM egress judge. On Linux production hosts the worker spawn usessystemd-run --user --scope
withIPAddressDeny=any
to enforce egress at the kernel level; in dev (macOS) the proxy is best-effort.β provider credentials andSecrets stay in gateway${env:}
substitution; OAuth lives in Lobu. Workers never see real keys.βThreat model: single-tenant local isolationjust-bash
andisolated-vm
are policy + best-effort sandboxes, not security boundaries for hostile code. Seedocs/SECURITY.md
before exposing Lobu to untrusted users.β per-agent reproducible tooling and skill policy.Nix system packages
Lobu is open source, but deploying production-grade agents usually means tuning soul, identity, and integrations. I offer hands-on implementation for:
Employee AI assistantsβ persistent sandboxed agents on Slack wired into internal tools and docs.** Automated customer support**β multi-step ticket handling with human-in-the-loop.** Autonomous workflows**β long-running, scheduled background jobs with persistent state.** Managed infrastructure**β private Lobu deployments with updates and scaling.** Custom tooling & skills**β bespoke MCP servers, Nix runtimes, and OpenClaw skills.
I'm a second-time technical founder. Previously founded rakam.io (enterprise analytics PaaS), acquired by LiveRamp (NYSE: RAMP).
Tip
Want persistent agents for your team or customers? Talk to Founder or reach out on X/Twitter.