Manifest-driven, not click-driven.
YAML in, fleet out. Diff before you apply. Roll back like git. The reconciler runs every 5 seconds and is idempotent — safe to interrupt, safe to re-apply.
›fleet.yaml → reconciled state
v1.0 — open-source — MITDeclare what you want.
Declare what you want.
We reconcile until you have it.
OpenClaw Deploy is the declarative control plane for OpenClaw, Hermes, and NanoClaw agent fleets — across mixed Incus, Docker, and VPS targets. Manifest in. Reconciled fleet out. No 03:00 OAuth incidents.
$ curl -fsSL openclaw-deploy.prin7r.com/install.sh | bash
fleet · prin7r-prod
last reconcile · 2.4s ago·26 agents · 3 hosts · $11.21/day
| agent | type | target | replicas | state | cost |
|---|---|---|---|---|---|
| nanoclaw-pool | NanoClaw | incus://dev2 | 5/5 | running | $2.41/d |
| hermes-bridge | Hermes | docker://144 | 2/2 | running | $0.74/d |
| openclaw-eu | OpenClaw | incus://dev2 | 12/12 | running | $5.18/d |
| openclaw-staging | OpenClaw | docker://staging | 3/3 | draining | $1.02/d |
| nanoclaw-batch | NanoClaw | vps://contabo-c | 4/4 | running | $1.86/d |
// why operators ship faster on this
A small surface. Operator-grade.
One control plane. Three target types.
Incus, Docker, fresh VPS — same manifest, same drain semantics, same audit log. The driver layer hides the differences. Mix targets in a single fleet.
›incus:// · docker:// · vps://
OAuth rotation that doesn't fail at 3 AM.
Dependency-ordered, in-flight-task-aware, zero-overlap rotation. 19 agents in 47 seconds with no 401s on the timeline. Your on-call shift, returned.
›rolling · dependency-ordered
// 14 lines · the entire surface
That's it. That's the API.
Five NanoClaws on the Incus host. Two Hermes bridges on the Docker host. Tokens referenced from your vault, never inlined. Apply once, reconciled forever.
- Schema-validated. Manifest typos are rejected at the API layer — never reach the reconciler.
- Diff-then-apply.
occ apply --dry-runshows exactly what will change. - CLI-first. The dashboard is an observation surface — every action also lives in the
occbinary.
fleet.yaml14 lines
1# fleet.yaml — illustrative2apiVersion: openclaw.deploy/v13fleet: prin7r-prod4agents:5 - name: nanoclaw-pool6 type: NanoClaw7 image: ghcr.io/openclaw/nanoclaw:1.4.28 target: incus://dev29 replicas: 510 auth:11 claude_oauth: ref(vault://oauth/claude_main)12 - name: hermes-bridge13 type: Hermes # replicas: 2, target: docker://14414 replicas: 2$ occ apply -f fleet.yamlreconciled in 2.4s
// the 03:00 problem, solved
19 agents.
47 seconds. Zero 401s.
Quarterly OAuth rotation used to be a pager-bait routine. The reconciler walks agents in dependency order, drains in-flight tasks, swaps the credential, and confirms — then moves to the next. Old tokens are retired before new tokens are loaded. No overlap. No loss.
19
agents
47s
duration
0
401s
0
dropped tasks
audit · rotation · monday 09:00 UTCref vault://oauth/claude_main
- 09:00:00.412nanoclaw-pool/0rotated
- 09:00:02.811nanoclaw-pool/1rotated
- 09:00:05.214nanoclaw-pool/2rotated
- 09:00:07.620nanoclaw-pool/3rotated
- 09:00:10.039nanoclaw-pool/4rotated
- 09:00:12.488hermes-bridge/0rotated
- 09:00:14.910hermes-bridge/1rotating
- 09:00:17.----openclaw-eu/0pending
strategy: rolling · concurrency: 1in flight
// why operators trust this
Built for the people on the pager.
We run our own fleet on this.
Prin7r's production agent fleet — the system that built this site — is managed by OpenClaw Deploy. Operator zero is us.
Open by default.
MIT licensed. Manifests are YAML. State lives in your Postgres or SQLite. Drivers are inspectable, replaceable, forkable.
Idempotent, append-only.
The reconciler is safe to interrupt and re-apply. Audit log is append-only and exportable to any S3-compatible bucket.
No vendor lock-in.
Your manifests are portable plain-text. If you ever leave OpenClaw Deploy, every successor tool can read the same files.
// pricing
Self-hosted is free. Cloud is per-fleet.
Run the open-source control plane yourself for nothing — or pay us in USDT/USDC to host it. Cloud plans bill in 1-month increments via NOWPayments. No credit card. No marketing-team upsell.
Self-hosted
Freeforever
Run the control plane on your own servers. MIT-licensed, no quotas, no telemetry.
- Unlimited fleets · agents · hosts
- Full reconciler, manifest, multi-target
- Local audit log on your disk
- Community support (Discord)
Cloud · Team
most chosen$199/ month / fleet
We host the control plane. You get a managed reconciler with vault, OAuth rotation, and the cost meter wired in.
- 50 agents · 10 hosts
- Vault adapter · OAuth rotation · cost meter
- RBAC · 30-day audit retention
- Email support · 24h response
USDT · USDC · BTC · ETH via NOWPayments
Cloud · Org
$899/ month flat
Multi-fleet companies that have outgrown per-fleet billing. SAML, audit export, longer retention.
- Unlimited fleets · 200 agents
- SAML SSO · audit log export
- 90-day audit retention
- Slack support · priority bug triage
USDT · USDC · BTC · ETH via NOWPayments
Cloud · Enterprise
From $2,400/ month
Dedicated single-tenant control plane. Named CSM. SOC-2-bound buyers welcome.
- Dedicated single-tenant deploy
- SAML · custom integrations · MSA + DPA
- Named CSM · architecture reviews
- Annual contract · invoiced billing on request
USDT · USDC · BTC · ETH via NOWPayments
// common questions
The questions Maya asks first.
We already run Kubernetes. Why this?+
Run OpenClaw Deploy as a thin layer on top — your k8s cluster is one of its targets. Most teams use it specifically because their agents are not a good fit for k8s pods (stateful, sub-1k in count, redeployed frequently).
Why not just bash + Ansible?+
Bash + Ansible is fine until your first 03:00 OAuth incident. We exist for the day after that incident. Try the free tier — if your bash scripts are still fine in 90 days, you did not need us.
How is this different from Coolify or Dokploy?+
Coolify and Dokploy are deployment tools — they deploy services. We are a fleet reconciliation tool — we manage running populations of agents with health, OAuth, and drain semantics. We integrate with Dokploy as one of our Docker drivers.
Is this safe to run in production?+
The reconciler is idempotent and append-only at the audit layer. We dogfood it on the Prin7r production fleet. The roadmap is conservative — no rewrites of the v1 schema for at least 18 months.
What about vendor lock-in?+
Manifests are plain YAML. State is your SQLite or Postgres. Drivers are open-source. If you ever leave OpenClaw Deploy, your manifests still describe your fleet for any successor tool.