Research Preview
Get a personal OpenClaw instance running in a Vercel Sandbox — with one click.
This is a Next.js app that wraps OpenClaw in a full control plane — auth, persistent sandboxes, channel integrations, and an egress firewall — and runs it inside a Vercel Sandbox.
Click Deploy with Vercel above, set a password, and you're up.
- Deploy — the button auto-provisions an Upstash Redis database and asks for an
ADMIN_SECRET(your password). - Sign in — open the deployment and enter your admin secret.
- Use OpenClaw — visit
/gatewayor click Start in the admin panel. The first boot takes about a minute while OpenClaw is installed into the sandbox. After that, resuming from stop takes about 10 seconds (the sandbox auto-snapshots on stop and auto-resumes on get). - Verify — run destructive launch verification from the admin panel before connecting channels. Preflight is a config-readiness check. It does not prove the sandbox can complete a real channel delivery.
- Connect channels — optionally wire up Slack, Telegram, WhatsApp (experimental), or Discord (experimental) from the admin panel so people can chat with your instance. For Slack, set
SLACK_CLIENT_ID,SLACK_CLIENT_SECRET, andSLACK_SIGNING_SECRETto enable one-click OAuth install, or enter credentials manually. A deployment is channel-ready only after destructive launch verification passes and channelReadiness.ready is true.
- Full OpenClaw UI proxied at
/gatewaywith auth and WebSocket rewriting - Persistent sandboxes — sandbox state is automatically preserved on stop and restored on resume
- Slack, Telegram, WhatsApp (experimental) & Discord (experimental) — channel integrations with durable delivery
- Egress firewall — learn which domains your agent talks to, then lock it down
- Auto-wake — a cron watchdog wakes your sandbox when scheduled OpenClaw jobs are due
| Technology | Role |
|---|---|
| Next.js | App framework |
| Vercel Sandbox | Runs the OpenClaw instance (persistent sandboxes with auto-snapshot on stop, auto-resume on get) |
| Vercel AI Gateway | OIDC-authenticated model access for the agent |
| Upstash Redis | Persistent state — metadata, snapshots, channel config |
| Vercel Workflow | Durable channel message delivery (Slack, Telegram; WhatsApp and Discord are experimental) |
| Vercel Queues | Launch verification probe delivery |
| Vercel Cron | Watchdog health checks and scheduled wake |
For the default deploy-button path (VERCEL_AUTH_MODE=admin-secret), the only value you must provide up front is ADMIN_SECRET. Everything else is auto-configured:
- Upstash Redis — provisioned by the deploy button
- AI Gateway auth — handled via Vercel OIDC on deployed environments
- Cron secret — falls back to
ADMIN_SECRETwhenCRON_SECRETis unset; setCRON_SECRETseparately on deployed environments if you want cron auth to rotate independently from admin login - Watchdog cron — runs once daily by default so Hobby-plan deploys succeed. On a Pro plan you can increase the schedule in
vercel.jsonup to every minute for more responsive auto-wake
If you switch to VERCEL_AUTH_MODE=sign-in-with-vercel, you must also set NEXT_PUBLIC_VERCEL_APP_CLIENT_ID, VERCEL_APP_CLIENT_SECRET, and SESSION_SECRET.
See docs/environment-variables.md for the full reference, including optional tuning (vCPU count, sleep timeout, version pinning) and alternative auth modes.
npm install
vercel link && vercel env pull # pulls OIDC credentials for AI Gateway
npm run dev # http://localhost:3000| Document | Contents |
|---|---|
| Architecture | System overview and subsystem map |
| Sandbox Lifecycle and Restore | State transitions, persistent sandboxes, resume behavior |
| Preflight and Launch Verification | Deployment readiness and runtime verification |
| Channels and Webhooks | Channel setup (Slack, Telegram, WhatsApp, Discord), readiness, protection behavior |
| Environment Variables | Full env var reference |
| API Reference | Endpoint and payload reference |
| Deployment Protection | Bypass secret behavior and display-safe URLs |
| Architecture Tradeoffs | Why the codebase is shaped this way, alternatives explored |
| Contributing | Architecture, routes, testing, development workflows |
