Architecture
Overview
Provisioning Flow
- Auth check — Session required; admins bypass subscription gate
- Subscription check — Active Stripe subscription or trial required
- Workload gate — Acquire deployment slot (prevents thundering herd)
- Job enqueue — POST to backend
/api/platform-jobs/provision - Railway create — Backend creates Railway service with plan resources
- Env injection — OpenClaw config, gateway tokens, DB URL injected
- Health poll — Wait for container to report healthy on port 18789
- Prisma update — Agent record created with serviceId and URL
Plan Resources
| Plan | CPU | Memory | Max Agents |
|---|---|---|---|
| Solo | 1 vCPU (1000m) | 2 GB | 1 |
| Collective | 2 vCPU (2000m) | 4 GB | 3 |
| Label | 4 vCPU (4000m) | 8 GB | 10 |
| Network | 4 vCPU (4000m) | 16 GB | Unlimited |
Security Model
- Bearer token auth —
timingSafeEqualon all backend routes, fail-closed - SHA-256 hashed API keys — Raw keys never stored or logged
- SSRF blocklist — IPv4 private, IPv6 ULA, mapped IPv4, CGN ranges blocked
- Permission gates — Safe / Dangerous / Destructive tiers with human approval
- BotID protection — Anti-bot on registration
- AES-256-GCM — Per-user secret encryption
- spawn() not exec() — No shell injection vectors
- Ed25519 — Discord webhook signature verification
Tech Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js 16, React, Tailwind, shadcn/ui |
| Backend | Express.js, TypeScript |
| Database | PostgreSQL + Prisma ORM (Neon) |
| Cache | Redis / Vercel KV |
| Containers | Docker / Railway |
| Proxy | Caddy (subdomain routing) |
| Runtime | OpenClaw v2026.4.9 |
| Payments | Stripe + Coinbase CDP (USDC on Base) |
| AI | OpenRouter, MiMo-V2-Pro, Claude, GPT, Gemini |
| Resend | |
| Deployment | Vercel (web) + Railway (backend + agents) |