Tools
Enterprise
By Enterprise multi-tenant plugin for OpenClaw โ governance, audit, isolation, collaboration, and reliability
Install
npm install -gConfiguration Example
{
"enterprise": {
"enabled": true,
"kernel": {
"storage": { "backend": "postgres", "connectionString": "env:DATABASE_URL" },
"queue": { "backend": "redis", "url": "env:REDIS_URL" },
"cache": { "backend": "redis", "url": "env:REDIS_URL" },
"eventBus": { "backend": "redis", "url": "env:REDIS_URL" },
"lock": { "backend": "redis", "url": "env:REDIS_URL" }
},
"governance": {
"identity": { "provider": "token" },
"authorization": { "engine": "scope" }
},
"audit": {
"sinks": [
{ "type": "log" },
{ "type": "storage" }
]
},
"reliability": {
"metrics": { "provider": "prometheus", "port": 9090 }
}
}
}README
# OpenClaw Enterprise Plugin
Enterprise multi-tenant extension for [OpenClaw](https://github.com/openclaw/openclaw) โ adds governance, audit, isolation, collaboration, and reliability layers for enterprise deployments.
## Features
- **Kernel** โ Pluggable infrastructure abstractions (Storage, Queue, Cache, EventBus, Lock, Secret) with Memory, PostgreSQL, and Redis backends
- **Governance** โ Identity providers (Token, OIDC), authorization engines (RBAC, Scope-based), quota management, content filtering
- **Audit** โ Event pipeline with pluggable sinks (Log, Storage, Webhook, EventBus)
- **Collaboration** โ Task state machine, workflow engine, agent handoff, knowledge store
- **Embedding API** โ REST API with rate limiting, API key management, message envelope
- **Isolation** โ Agent runtime backends (Kubernetes), resource limiting
- **Reliability** โ Circuit breaker, retry policies, checkpointing, health checks, timeout management, Prometheus metrics
- **Middleware** โ AuthN, AuthZ, tenant context, audit logging, rate limiting pipeline
## Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ OpenClaw Gateway โ
โ (upstream โ syncs independently) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Enterprise Plugin (this repo) โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โ Kernel โ โ Governance โ โ Audit โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โCollabora.โ โ Embedding โ โ Isolation โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โReliabilityโ โ Middleware โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ PostgreSQL โ Redis โ Kubernetes โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
## Installation
### As an OpenClaw Plugin
```bash
# Install OpenClaw
npm install -g openclaw
# Install the enterprise plugin
openclaw plugins install @openclaw/enterprise
```
### From Source (Development)
```bash
git clone https://github.com/haoyuxiao0223/openclaw-enterprise-plugin.git
cd openclaw-enterprise-plugin
npm install
```
## Configuration
Add the `enterprise` section to your `openclaw.json`:
```json
{
"enterprise": {
"enabled": true,
"kernel": {
"storage": { "backend": "postgres", "connectionString": "env:DATABASE_URL" },
"queue": { "backend": "redis", "url": "env:REDIS_URL" },
"cache": { "backend": "redis", "url": "env:REDIS_URL" },
"eventBus": { "backend": "redis", "url": "env:REDIS_URL" },
"lock": { "backend": "redis", "url": "env:REDIS_URL" }
},
"governance": {
"identity": { "provider": "token" },
"authorization": { "engine": "scope" }
},
"audit": {
"sinks": [
{ "type": "log" },
{ "type": "storage" }
]
},
"reliability": {
"metrics": { "provider": "prometheus", "port": 9090 }
}
}
}
```
## Deployment
### Docker Compose
```bash
cd deploy/docker-compose
docker compose up -d
```
This starts OpenClaw with enterprise mode, PostgreSQL, and Redis.
### Kubernetes (Helm)
```bash
helm install openclaw-enterprise deploy/helm/openclaw-enterprise \
--set postgres.auth.password=<your-password>
```
## Project Structure
```
โโโ index.ts # Plugin entry (definePluginEntry)
โโโ bootstrap.ts # Enterprise subsystem assembly
โโโ openclaw.plugin.json # Plugin manifest for OpenClaw discovery
โโโ package.json # npm package with openclaw metadata
โโโ src/
โ โโโ kernel/ # Infrastructure abstractions
โ โโโ kernel-impl/ # Memory / Postgres / Redis implementations
โ โโโ governance/ # Identity, authorization, quota, content filter
โ โโโ audit/ # Audit pipeline + sinks
โ โโโ collaboration/ # Task FSM, workflow, handoff, knowledge
โ โโโ embedding/ # REST API, rate limiter, API key management
โ โโโ isolation/ # Agent runtime, resource limiter
โ โโโ reliability/ # Circuit breaker, retry, checkpoint, health
โ โโโ middleware/ # AuthN, AuthZ, tenant, audit, rate limit
โ โโโ registry.ts # EnterpriseModules type definitions
โโโ deploy/
โ โโโ Dockerfile.enterprise
โ โโโ docker-compose/
โ โโโ helm/
โโโ database-schema.sql # PostgreSQL schema
โโโ rls-policies.sql # Row-Level Security policies
โโโ docs/
โโโ PRD-openclaw-enterprise-architecture.md
โโโ api-design.md
โโโ tech-desigh.md
```
## How It Works
This plugin integrates with OpenClaw using the standard plugin API:
- **`registerService`** โ Bootstraps the enterprise kernel and all modules on gateway start, tears down on stop
- **`registerHttpRoute`** โ Mounts the enterprise REST API at `/api/v1/*` on the gateway HTTP server
The enterprise modules are completely decoupled from OpenClaw core:
- Zero imports from upstream OpenClaw source code
- All types are self-contained within this plugin
- Configuration is read from the `enterprise` section of `openclaw.json`
## License
MIT โ See [LICENSE](LICENSE) for details.
Based on [OpenClaw](https://github.com/openclaw/openclaw) (MIT License, Copyright 2025 Peter Steinberger).
tools
Comments
Sign in to leave a comment