Built on OpenClaw

Turn your OpenClaw into a playground for your friends.

Multi-agent namespaces, a friend portal, and vibe-coding — on the k3s box you already have.

Quick start
$ git clone https://github.com/niach/manyclaws
$ cd manyclaws && kubectl apply -f manifests/
Read the install guide Browse the docs

Give your friends their own namespace.

Your friend messages the agent. The agent writes code, deploys it to their namespace, and puts it live on the internet. All from a chat message.

1
🔗

Magic Link

Agent sends a login link via any connected channel. One click, no password, 30-day session.

2
🏠

Friend Portal

Personal dashboard to manage secrets, view deployments, edit memory, and control cron jobs.

3
💬

Vibe-Code Together

Friends describe what they want in chat. The agent writes code, deploys it to their namespace, and exposes it publicly.

4
🌐

Live on the Internet

Auto-provisioned subdomain, Cloudflare DNS, TLS — their app is live in seconds. All from a chat message.

The Friend Portal

🦀 ManyClaws Portal alice
friend-alice
🔑 Secrets 3
openai-key Opaque
github-token Opaque
db-credentials Opaque
🚀 Deployments 2
crypto-tracker 1/1
crypto-alice.domain.net
postgres 1/1
internal
🧠 Memory
# alice/MEMORY.md
Prefers Python for backends.
Working on crypto portfolio
tracker since Feb 2026.
📊 Quota
CPU
200m/500m
RAM
180Mi/512Mi

Built for real clusters.

Not a demo. Not a toy. Designed for clusters you actually care about.

Per-agent namespaces

RBAC, NetworkPolicy, ResourceQuota, Pod Security. Each agent is fully sandboxed in its own namespace.

Friend portal

Magic-link login, personal secrets, deployment dashboard, editable memory. No passwords.

Agent self-deployment

Agents use kubectl to deploy within their namespace sandbox. Deployments, services, jobs. No Docker socket.

Single-box friendly

5-8 agents on 15 GB RAM. k3s recommended. Cloudflare Tunnel for zero-trust ingress. One VPS is enough.

7 layers of isolation

Your cluster. Your friends' data. Seven layers stand between them.

1. Cloudflare Access — zero-trust auth
2. NetworkPolicy — namespace isolation
3. RBAC — scoped service accounts
4. Pod Security — restricted profile
5. ResourceQuota — no resource exhaustion
6. Kubernetes Secrets — per-namespace, read-only
7. Container hardening — non-root, seccomp

No Docker socket. No shared secrets. No trust assumptions.

How traffic flows.

From the internet to your agent's pod, every hop is authenticated and isolated.

🌐 Internet
🛡️ Cloudflare Access (zero-trust OTP)
🚇 Cloudflare Tunnel (no open ports)
🔀 Traefik Ingress (IngressRoute CRDs)
agent-<name>
Your AI Agent
manyclaws-system
Controller + Tunnel
friend-<name>
Friend Workloads