OpenClaw: AI Assistant on Cloudflare Workers

OpenClaw: Personal AI Assistant for Cloudflare Workers

OpenClaw (formerly Moltbot) is a gateway-based personal AI assistant designed to run on Cloudflare Workers, enabling secure, always-on deployment without self-hosting infrastructure. This sandbox implementation demonstrates how to package and deploy a multi-channel AI agent runtime in a fully managed Cloudflare environment, with optional persistence via R2 storage.

Purpose and Significance

OpenClaw addresses a critical gap in the AI ecosystem: most personal AI assistants require either self-hosted servers or rely on closed platforms. This project demonstrates that a fully-featured, multi-channel AI agent can run reliably on Cloudflare's managed infrastructure, eliminating operational overhead while maintaining security through device pairing and Cloudflare Access controls. The gateway architecture decouples the AI runtime from specific chat platforms (Telegram, Discord, Slack), allowing users to control their assistant from multiple channels while maintaining unified conversation context and device management.

Core Features

• Multi-Channel Gateway — Connect via Telegram, Discord, Slack, or the web-based Control UI with unified conversation history
• Device Pairing Security — Explicit approval workflow for new devices, preventing unauthorized access
• Cloudflare Access Integration — Built-in authentication for the admin UI using Cloudflare Zero Trust
• Agent Runtime — Extensible AI capabilities with workspace support and modular skills system
• Persistent Storage — Optional R2 integration preserves paired devices and conversation history across container restarts
• Browser Automation — Native Cloudflare Browser Rendering for web navigation and information retrieval
• Cost-Efficient Deployment — Runs on Cloudflare Workers Paid plan ($5/month) with free tiers for Access, Browser Rendering, and optional AI Gateway routing
• Multiple LLM Integration — Direct Anthropic API access or Cloudflare AI Gateway for unified billing and analytics

Architecture Overview

OpenClaw uses a gateway pattern that separates the AI agent runtime (control layer) from communication channels (chat platforms). The Cloudflare Sandbox container hosts the core gateway, which manages device pairing, conversation persistence, and agent execution. The Control UI provides a web interface for direct interaction, while integrated chat platforms (Telegram, Discord, Slack) act as alternative access layers. All connections funnel through the gateway, which enforces authentication, maintains session context, and coordinates multi-platform messaging.

The architecture leverages three key Cloudflare services: Workers (compute), R2 (optional persistent storage), and Access (identity/authentication). This serverless-first design eliminates the need to manage containers, databases, or networking—you deploy once and the platform handles scaling, availability, and updates.

Getting Started (Quick Path)

Prerequisites: Cloudflare Workers Paid plan ($5/month for Sandbox support), Anthropic API key or Cloudflare AI Gateway credentials, Node.js and npm.

Core Deployment Steps:

1. Clone the repository and run npm install
2. Set your Anthropic API key: npx wrangler secret put ANTHROPIC_API_KEY
3. Generate a secure gateway token: openssl rand -hex 32 and store it via npx wrangler secret put MOLTBOT_GATEWAY_TOKEN
4. Deploy to Cloudflare: npm run deploy
5. Enable Cloudflare Access on your worker's admin UI and configure identity providers (email, Google, GitHub)
6. Visit the admin UI at /_admin/ to pair your first device
7. (Optional) Enable R2 storage for persistence across container restarts

After deployment, access the Control UI by visiting https://your-worker.workers.dev/?token=YOUR_TOKEN. The first request may take 1–2 minutes while the container initializes.

Authentication & Security

OpenClaw implements a two-layer authentication model. The gateway token (required for remote Control UI access) acts as the first gate, passed as a query parameter in the URL. The device pairing system provides the second layer: any new client (web browser, CLI tool, etc.) must be explicitly approved by an admin via the /_admin/ interface before it gains persistent access. This prevents unauthorized devices from connecting even if they know the gateway token.

For sensitive deployments, Cloudflare Access protects the admin UI with enterprise-grade identity verification. You can configure allow-lists by email, or delegate to identity providers (Google Workspace, GitHub, SAML). The worker validates incoming JWTs using your Cloudflare team domain and application audience tag.

Local development mode (DEV_MODE=true in .dev.vars) bypasses both authentication layers, useful for testing but never recommended for production.

Who This Is For

• Individual Developers — Build and deploy a personal AI assistant without managing servers
• Teams Exploring Agent Architectures — Reference implementation for gateway-based multi-channel AI systems
• Cloudflare Ecosystem Developers — Example of Workers, R2, Access, and Browser Rendering in a real-world agent scenario
• Researchers & Proof-of-Concept Builders — Demonstrates feasibility of agent runtimes in serverless environments
• Privacy-Conscious Users — Full control over your assistant, running on your infrastructure (Cloudflare account)

Configuration & Optional Features

Cloudflare AI Gateway (Optional): Instead of direct Anthropic API calls, route requests through Cloudflare's AI Gateway for unified billing, request analytics, and optional caching. Set AI_GATEWAY_API_KEY and AI_GATEWAY_BASE_URL secrets.

R2 Persistent Storage (Recommended): By default, the Sandbox container loses all data (paired devices, conversation history, configs) on restart. Enabling R2 binding preserves this state across deployments and container recycling, essential for production use.

Browser Rendering: Cloudflare's browser automation service is pre-integrated for web navigation, screenshot capture, and information extraction—useful for agent tasks requiring live web interaction.

Status & Experimental Nature

This is a proof-of-concept and not officially supported by Cloudflare or the OpenClaw team. The project demonstrates viability but may experience breaking changes without notice. It is actively maintained and useful for experimentation, but production deployments should understand the experimental status and monitor for upstream changes.

Development & Contributing

The project is written in TypeScript and includes a full test suite (Vitest + E2E tests). Local development uses the same codebase as production, with hot-reload support via Vite. See CONTRIBUTING.md for guidelines. The AGENTS.md file documents the agent runtime and skill system for extending capabilities.

Related Resources

• Repository: snow-cre8/moltbot-sandbox-2026
• License: Apache 2.0
• Language: TypeScript
• Key Dependencies: Cloudflare Workers, Wrangler CLI, Anthropic SDK

Learn More: Review the README for detailed configuration examples. Check the contributing guide for skill development. Explore the src/ directory to understand the gateway and agent implementation.