OpenClaw on Cloudflare Sandbox - AI Assistant

OpenClaw on Cloudflare Workers: Run a Personal AI Assistant in the Cloud

OpenClaw (formerly Moltbot) is a personal AI assistant with a gateway architecture designed to connect across multiple chat platforms. This project packages OpenClaw to run as a serverless application on Cloudflare Sandbox containers, eliminating the need for self-hosted infrastructure while maintaining full control over your AI assistant. It's a proof-of-concept demonstrating that production-grade AI gateway architectures can thrive in managed cloud environments.

What You Get

• Web-based Control UI — Chat interface at the gateway level with real-time message handling
• Multi-channel integration — Connect Telegram, Discord, and Slack to a single assistant instance
• Device pairing authentication — Secure DM-based device approval requiring explicit admin consent
• Persistent conversations — Maintain chat history and context across sessions using optional R2 storage
• Extensible agent runtime — Workspace-based skills architecture for custom AI capabilities
• Managed deployment — Runs entirely on Cloudflare infrastructure with no self-hosting required
• Optional AI Gateway routing — Use Cloudflare's unified billing for API management and analytics

Architecture Overview

OpenClaw operates as a gateway that sits between your chat platforms and Claude (via Anthropic API or Cloudflare AI Gateway). The Cloudflare Sandbox container handles WebSocket connections, device authentication, and message routing. Conversation state and device pairings are optionally persisted to R2 storage, ensuring continuity across container lifecycle events.

Getting Started

Prerequisites: Cloudflare Workers Paid plan ($5/month for Sandbox access), Anthropic API key or AI Gateway setup, and Node.js/npm installed locally.

Deployment in 5 steps:

1. Install dependencies: npm install
2. Set your API credentials: npx wrangler secret put ANTHROPIC_API_KEY
3. Generate a gateway token: export MOLTBOT_GATEWAY_TOKEN=$(openssl rand -hex 32)
4. Store the token securely: echo $MOLTBOT_GATEWAY_TOKEN | npx wrangler secret put MOLTBOT_GATEWAY_TOKEN
5. Deploy: npm run deploy

Access the Control UI at https://your-worker.workers.dev/?token=YOUR_GATEWAY_TOKEN. Note: The first request may take 1–2 minutes while the container starts.

Essential Setup: Admin UI & Device Pairing

Before using the Control UI, you must:

1. Enable Cloudflare Access — Protect the admin UI at /_admin/ using Cloudflare's Zero Trust platform. The easiest path: enable built-in Access on your workers.dev domain, add your email to the allowlist, and copy the Application Audience (AUD) tag.
2. Set Access secrets — Store your team domain and AUD via npx wrangler secret put CF_ACCESS_TEAM_DOMAIN and npx wrangler secret put CF_ACCESS_AUD.
3. Pair your device — Visit /_admin/ (now protected by Cloudflare Access) to approve your first device connection. New devices remain pending until explicitly approved here.
4. Redeploy — Run npm run deploy to activate Access authentication.

For advanced setups, you can manually create a Self-hosted Access application in the Cloudflare Zero Trust Dashboard with custom identity providers (Google, GitHub, email OTP, etc.).

Persistent Storage with R2 (Optional but Recommended)

By default, OpenClaw data (device pairings, conversation history, configs) is lost when the Sandbox container restarts. Enable R2 storage to persist state across sessions. Create an R2 API token in the Cloudflare dashboard, store it as R2_API_TOKEN, R2_ACCOUNT_ID, and R2_BUCKET_NAME secrets, then redeploy. This is especially valuable for maintaining long-running conversations and device approval state.

Local Development

Create a .dev.vars file for local testing:

• DEV_MODE=true — Bypass Cloudflare Access and device pairing authentication
• DEBUG_ROUTES=true — Enable /debug/* diagnostic endpoints

This lets you develop and test the full UI/API stack locally without cloud infrastructure overhead.

Authentication & Security

Device pairing is the primary auth mechanism. When a new device connects, it enters a pending state until an admin approves it via the /_admin/ interface—no tokens or passwords required on the device side. The gateway token (passed as a query parameter to the Control UI) is a secondary safeguard for remote access. Cloudflare Access provides the outermost security layer, protecting both the admin UI and API routes from unauthenticated access.

Why This Matters

OpenClaw demonstrates that sophisticated AI assistants with multi-channel presence and state management can run entirely serverless. You avoid the operational burden of VPS management, always-on compute costs, and infrastructure scaling—while retaining full control over your AI assistant's behavior, integrations, and data. Cloudflare's Sandbox containers bridge the gap between traditional serverless (stateless functions) and long-running agent workloads.

Who This Is For

• AI developers exploring gateway architectures and agent runtimes
• Platform teams building personal AI assistants with multi-platform reach
• DevOps engineers interested in serverless patterns for stateful workloads
• Hobbyists wanting a fully managed AI assistant without self-hosting
• Researchers studying agent authentication, device pairing, and conversational persistence

Resources & Documentation

• Repository: thebourbonsherpa/moltbot-sandbox
• AGENTS.md — Deep dive into the agent runtime and skill architecture
• CONTRIBUTING.md — Contribution guidelines for the project
• Dockerfile — Container configuration for local testing
• Related Tools: Cloudflare_Workers Claude_API Serverless_AI_Deployment

License: Apache 2.0

Source: GitHub repository by @thebourbonsherpa; last updated February 2026.