Engineering
multi-tenant-isolation avatar

multi-tenant-isolation

Enables multi-tenant isolation for AI agent swarms, ensuring strict data separation, process isolation, and secure resource management between deployments.

Introduction

The multi-tenant-isolation skill is a core architectural component for managing multiple independent OpenClaw agent swarms on a single host. Inspired by the Paperclip multi-company isolation principle, this tool provides a robust framework for developers, DevOps engineers, and system administrators to segregate agent environments, prevent cross-tenant data leakage, and maintain operational stability. It is essential for scenarios where a single infrastructure must serve distinct clients, environments, or research projects, each requiring its own identity, memory, and configurations.

  • Workspace Isolation: Forces separate directory structures for each tenant to prevent accidental file interference.

  • Process Isolation: Assigns unique PIDs to agent swarms, ensuring that memory space and runtime execution remain distinct.

  • Network Security: Allocates individual relay ports for each tenant, allowing simultaneous API communication without port conflicts.

  • Config Management: Supports scoped configurations using unique openclaw.json files for granular control over models and environment variables.

  • Hierarchical Storage: Standardizes directory trees for tenant-specific skills, logs, heartbeat schedules, and agent identities.

  • Configurable Enforcement: Offers tiered isolation levels including Strict, Standard, and Loose to balance between security and resource overhead.

  • Use cases include hosting concurrent Dev/Staging/Production agent environments on a single VPS or EC2 instance.

  • Input requirements involve defining tenant IDs and isolation tiers within the tenant-manager.json file.

  • Typical outputs include isolated process execution, segregated log files under ~/.openclaw/tenants/, and independent swarm API access.

  • Constraints: Requires Linux or macOS environments; relies on standard file system permissions; sensitive to disk space when scaling to numerous tenants.

  • Integration: Interfaces with the OpenClaw CLI to switch contexts, list active swarms, and initialize new isolated workspaces.

Repository Stats

Stars
1
Forks
0
Open Issues
0
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
May 3, 2026, 09:58 PM
View on GitHub