01 — Overview
OpenClaw Starter is a fully managed AI agent platform running on Cloudflare's edge. It provides:
- ▪ Agent lifecycle management (create, start, stop, checkpoint, restore)
- ▪ Real-time WebSocket chat with streaming AI responses
- ▪ Five-gate governance pipeline (G1–G5) on every message
- ▪ Three-tier LLM routing: Workers AI (free), BYOK via AI Gateway, Managed
- ▪ Cryptographic transparency log with verifiable proof chains
- ▪ AES-GCM encrypted key vault for BYOK API keys
- ▪ R2-backed file storage per agent
The entire platform runs on Workers, Durable Objects, KV, R2, and Workers AI — zero traditional servers.
02 — Getting Started
OpenClaw Starter requires no installation. Access it through:
- 1. Web Dashboard — dashboard/openclaw-starter/ for visual agent management and chat
- 2. REST API — programmatic access at
https://starter.obligationsign.com/v1/ - 3. MCP SSE — Model Context Protocol integration for AI tool use
Authentication uses Cloudflare Access (SSO) for the dashboard, or API keys for programmatic access.
03 — Creating Agents
Agents are the core unit of OpenClaw Starter. Each agent has its own state, chat sessions, file storage, and governance history.
Governance modes:
- transparent All gates evaluated, results logged, execution always proceeds
- enforcing REFUSE verdict blocks execution; QUARANTINE warns
Agent lifecycle: POST /v1/agents/:id/start and POST /v1/agents/:id/stop.
04 — Chat & WebSocket
Real-time chat uses WebSocket connections with streaming AI responses.
Chat history is persisted in Durable Objects and retrievable via REST: GET /v1/agents/:id/messages.
05 — Governance Pipeline
Every message passes through the AGTS five-gate evaluation pipeline before the AI generates a response. The governance verdict is cryptographically signed and anchored in the transparency log.
| Gate | Name | Measures | Threshold |
|---|---|---|---|
| G1 | Statistical Confidence | Entropy (H) | ≥ 0.40 |
| G2 | Causal Attribution | Coherence (C) | ≥ 0.40 |
| G3 | Regression Safety | Energy (E) | ≤ 0.60 |
| G4 | Evidence Integrity | Hash verification | SHA-256 match |
| G5 | Human Authorization | Explicit consent | Ed25519 signature |
Verdicts: ADMIT (all gates pass), REVIEW (non-critical gate fails), BLOCK (critical gate fails).
06 — LLM Routing & BYOK
OpenClaw Starter supports three tiers of LLM routing:
Llama 3.1 8B runs at the edge, no API keys needed. Included in all tiers.
Bring your OpenAI, Anthropic, or Google keys. Routed through Cloudflare AI Gateway with sovereign headers.
ObligationSign-provisioned keys with premium models, SLA, and dedicated support.
All tiers receive the same five-gate governance. Sovereign headers (X-AGTS-Commitment-Hash, X-AGTS-Agent-Id) are injected on every outbound AI Gateway call.
07 — Key Vault
BYOK keys are stored in an AES-GCM encrypted vault in KV. Keys are encrypted at rest using a derived key unique to each agent.
Supported providers: openai, anthropic, google.
The vault never returns the full key — only a 6-character prefix is stored for identification.
08 — API Key Management
API keys allow programmatic access scoped to a single agent. Keys cannot access /v1/agents (list) or /v1/billing/checkout top-level routes.
09 — File Storage
Each agent has R2-backed file storage for context documents, uploads, and artifacts.
10 — Proof Verification
Every governance decision produces a cryptographic proof anchored in the AGTS transparency log. Proofs are independently verifiable.
Proofs can also be verified at the public verification portal: /verify/openclaw/.
11 — Quotas & Billing
Governance events are metered per month:
| Tier | Events/Month | LLM Access |
|---|---|---|
| Free | 500 | Workers AI (Llama 3.1 8B) |
| Pro | 5,000 | Workers AI + BYOK |
| Enterprise | Unlimited | All tiers + Managed keys + SLA |