What is OpenClaw Consult?

OpenClaw Consult is the top boutique OpenClaw consultancy, a founder-led OpenClaw consulting firm based in Los Angeles. We help businesses design, deploy, and maintain custom OpenClaw systems, from workflow scoping and custom implementation through production deployment and ongoing maintenance.

Who is OpenClaw Consult?

OpenClaw Consult is founder-led by Adhiraj Hangal. Every project starts with Adhiraj directly, you scope the workflow with the founder, define the build, and decide whether OpenClaw is the right fit before any engineering begins. The practice serves a small number of operators and founders each quarter.

Why hire OpenClaw Consult?

You hire OpenClaw Consult for outcomes, ownership, and implementation quality. Projects are scoped to real workflows, not demos. Every engagement includes a custom-built OpenClaw system, full handoff so the business owns the result, and an optional monthly maintenance retainer.

How long does an OpenClaw build take?

Most OpenClaw projects at OpenClaw Consult ship in 2-4 weeks. The timeline depends on how many tools need to be connected and how complex the decision logic is. Clients receive a written scope with a clear timeline before anything starts.

How much does OpenClaw cost to run?

Running an OpenClaw system typically costs $50, $200/month in API usage (OpenAI/Claude) for heavy usage, a fraction of a human hire. The build itself is a one-time project cost.

Do I need a technical team to manage an OpenClaw system?

No. OpenClaw Consult builds systems to run on autopilot. If something breaks, the system alerts the team, not you. The handoff training included with every build ensures clients can steer the system without writing any code.

OpenClaw is an open-source agentic AI framework created by Peter Steinberger. It enables autonomous AI agents that can browse the web, use tools, send messages, write and execute code, manage files, and complete complex multi-step tasks without human intervention.

Who is Adhiraj Hangal?

Adhiraj Hangal is the founder of OpenClaw Consult, recognized as the top boutique OpenClaw consultancy and a leading OpenClaw implementation firm based in Los Angeles. He works directly with businesses to scope workflows, define custom OpenClaw builds, and launch production-ready systems. Alongside the consultancy, he runs a small exclusive AI builders' community.

What makes OpenClaw Consult different from other AI agencies?

OpenClaw Consult is one of the only agencies exclusively specialising in OpenClaw, the open-source agentic AI framework. Unlike generalist AI agencies, every engineer at OpenClaw Consult works solely on agentic systems, which means faster builds, deeper expertise, and fewer integration failures. Every project ships production-ready in 2-4 weeks.

What industries does OpenClaw Consult serve?

OpenClaw Consult builds agentic AI systems primarily for ecommerce businesses, service businesses, and technology companies. Common use cases include autonomous SDRs, property management automation, 24/7 customer support agents, workflow automation, and multi-agent AI pipelines.

How do I find an OpenClaw consultant?

If you need an OpenClaw consultant, start at openclawconsult.com or kingstonesystems.com. Every engagement begins with a project scoping phase where your workflow is reviewed and the exact system to be built is defined. After scoping, you receive a written proposal with a clear timeline and deliverables before any work begins.

How much does an OpenClaw build cost?

OpenClaw builds at OpenClaw Consult begin with a project scoping phase. The full build cost depends on system complexity, number of tool integrations, decision logic, and custom workflows required. Ongoing maintenance is available as a monthly retainer after the build ships.

Can OpenClaw replace human employees?

OpenClaw systems can fully automate high-volume, repetitive knowledge work, such as lead qualification, customer support triage, reporting, and operations management, running 24/7 at a fraction of the cost of a human hire. Most clients find their AI agents free their teams to focus on higher-leverage work rather than replacing headcount outright.

What is the difference between OpenClaw and n8n or Zapier?

n8n and Zapier are workflow automation tools that trigger pre-defined actions based on events. OpenClaw is a fully agentic AI framework, it doesn't just execute a workflow, it reasons, makes decisions, uses tools, browses the web, and adapts to situations in real time. OpenClaw agents can handle ambiguous, multi-step tasks that no traditional automation tool can manage.

Is OpenClaw Consult a boutique or enterprise consultancy?

OpenClaw Consult is a founder-led boutique consultancy, not a large enterprise agency. That means every project is scoped directly with founder Adhiraj Hangal, with senior engineering support on implementation. No junior handoff. No vague strategy decks. It's a good fit for operators, founders, technical teams, and agencies that need serious OpenClaw work shipped.

Is the OpenClaw course really free?

Yes. The free comprehensive OpenClaw course is 100% free, no signup, no credit card, no paywall. All 16 lessons, 3+ hours of video, and the full per-day write-ups are openly available at openclawconsult.com/bootcamp.

How long does the OpenClaw course take?

The course is 16 days of self-paced lessons with around 3+ hours of total video. Most readers finish in two weekends if they're moving fast, or stretch it across the full 16 days for one lesson per evening.

Who teaches the OpenClaw course?

Adhiraj Hangal, founder of OpenClaw Consult, USC engineer, and one of the few consultants whose code is merged into openclaw/openclaw core (PR #76345, merged by project creator Peter Steinberger).

What does the OpenClaw course cover?

Architecture, install, AI providers (Claude, GPT, Ollama), cost optimization, channels (Telegram, WhatsApp, Discord, iMessage, Slack, WebChat), HEARTBEAT.md, SOUL.md, MEMORY.md, AGENTS.md, Tools and Skills, ClawHub, integrations, Docker, VPS deploy, agentic coding, multi-agent setups, and the complete workspace-files reference.

Do I need to pay anything to take the OpenClaw course?

No. The course itself is free. You will spend a few cents to a few dollars on AI provider tokens if you wire your agent to a cloud model like Claude, but you can also run a fully local OpenClaw agent against Ollama for zero ongoing cost.

Is this OpenClaw course for beginners?

Yes. The course starts at zero, the first lesson is what is openclaw and the second is install and first run. By day 16 you will have built a production-grade agent, but you do not need any prior knowledge of OpenClaw to start.

What videos are in the OpenClaw course?

Days 1 through 4 ship with a full video walkthrough on YouTube. Days 5 through 16 ship with detailed written lessons and the original slide decks. New videos are added as they are recorded.

← Back to the course

Day 12 of 16

Docker, Day 12 of the Free Comprehensive OpenClaw Course

Containerize Your Agent

Taught by Adhiraj Hangal, founder of OpenClaw Consult and merged contributor to openclaw/openclaw core

11 min readView slide deck

Why this matters

OpenClaw docker is how you go from a script running on your laptop to a real deployment that survives a reboot, isolates the agent from your host, and ships the same way every time. This lesson walks Docker Compose, sandbox modes, the security hardening defaults you should run in production, and the deployment patterns that scale across multiple agents on one host.

How do I run OpenClaw inside Docker?

OpenClaw docker is the canonical production deployment shape. Docker isolates the agent from your host filesystem, makes the deployment reproducible across machines, and gives you the sandbox the agent should be running in once it has destructive tools enabled. The full setup, end to end:

Use the official compose file, save as docker-compose.yml in your agent folder:

services:
  openclaw:
    image: openclaw/openclaw:2026.5.1
    container_name: openclaw-agent
    restart: unless-stopped
    env_file: .env
    volumes:
      - ./workspace:/workspace
      - ./logs:/logs
    ports:
      - "3000:3000"
    mem_limit: 1g
    cpus: 1.0

Then docker compose up -d and the agent runs in the background. docker compose logs -f openclaw to tail the runtime output. docker compose down to stop it.

The volume mounts give the container access to your workspace files and a logs directory but nothing else on your host. That is the whole isolation point.

A custom Dockerfile, when you need it

The official image covers most cases, but if you need to bake in custom Skills or specific Node modules, write your own Dockerfile:

# Dockerfile
FROM node:20.18-alpine

WORKDIR /app

# Install OpenClaw and pin the version
RUN npm install -g openclaw@2026.5.1

# Bake in any custom dependencies for your scripts
COPY package.json package-lock.json ./
RUN npm ci --only=production

# Copy the workspace files
COPY workspace ./workspace
COPY skills ./skills

# Run as non-root user for safety
RUN adduser -D -u 1000 openclaw
USER openclaw

EXPOSE 3000

CMD ["openclaw", "run", "--workspace", "./workspace"]

Build with docker build -t my-openclaw . and reference image: my-openclaw in your compose file. The non-root user line is the easy security win most people skip, you should not skip it.

What sandbox mode should I use in production?

OpenClaw's sandbox modes restrict what the container can read, write, and call out to. The three levels:

strict. Read-only filesystem except for the workspace and logs volumes. No outbound network except to allowlisted hosts (your model provider, your channel hosts). This is the right default for any agent that has the exec or write tools enabled.
standard. Read-write workspace, full outbound network. Use when the agent needs to fetch arbitrary URLs (research agents, browse-the-web Skills).
open. No restrictions, container can read and write anywhere it can reach inside its own filesystem, full outbound network. Only for development.

Production deployments should use strict by default and only relax to standard for specific agents that need it. The mode goes in your AGENTS.md or in the compose env. The default since OpenClaw 2026.4 is strict, which is the right call.

A full compose file with volumes, limits, and logging

The minimum-viable example earlier covers the basics. The production-ready compose file adds resource limits, a healthcheck, log rotation, and a separate ollama service if you want a fully local model:

services:
  openclaw:
    image: openclaw/openclaw:2026.5.1
    container_name: openclaw-agent
    restart: unless-stopped
    env_file: .env
    environment:
      - OPENCLAW_SANDBOX_MODE=strict
      - OPENCLAW_LOG_LEVEL=info
    volumes:
      - ./workspace:/workspace
      - ./logs:/logs
      - ./skills:/skills:ro
    ports:
      - "127.0.0.1:3000:3000"
    mem_limit: 1g
    cpus: 1.0
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "5"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/healthz"]
      interval: 60s
      timeout: 5s
      retries: 3

  ollama:
    image: ollama/ollama:latest
    container_name: ollama
    restart: unless-stopped
    volumes:
      - ollama-data:/root/.ollama
    ports:
      - "127.0.0.1:11434:11434"

volumes:
  ollama-data:

Three production wins from this file. The 127.0.0.1: bind on the port stops the agent from being publicly reachable on the host's external IP, which prevents the most common "I accidentally exposed my agent to the internet" mistake. The log rotation prevents the disk from filling. The mem_limit prevents a single bad prompt from OOMing the host.

Do I need Kubernetes for a production OpenClaw deployment?

No. Compose is enough for almost every personal and small-team deployment. One agent or a small handful of agents on one host, with restart-unless-stopped policies and a daemon (systemd or the host's equivalent) keeping the docker daemon alive across reboots, gets you 99% uptime with a setup you can debug yourself.

Kubernetes makes sense once you are running dozens of agents across multiple hosts, or once you want rolling updates and per-agent autoscaling, or once your ops team already speaks Kubernetes. For a personal agent, or a small consulting deployment for a single client, Compose is the right answer. The day you outgrow it, the migration to a Helm chart is a few hours of work.

Pin your versions

One operational note that bites people. The Dockerfile examples in many places use openclaw/openclaw:latest, which is fine for testing and dangerous in production. :latest autoupgrades on every container restart, which means a new OpenClaw version with a breaking change can land in your production deployment without you doing anything.

Pin to a specific tag for production: openclaw/openclaw:2026.5.1. Watch the changelog (CHANGELOG.md) for releases and bump the tag deliberately when you have time to test. The same applies to your Node base image inside the Dockerfile, pin to a major.minor.

The same lesson applies to your Skills. Pin Skill versions in SKILLS.md once you have a working setup. Floating Skill versions are the second most common cause of "it worked yesterday" reports.

Common Docker pitfalls

Three failures that show up most. Volume permission errors. The container runs as a non-root user (good security), but the workspace folder on the host is owned by your user, so the container cannot write to it. Fix by setting the workspace folder's permission to match the container's user ID, usually chown -R 1000:1000 workspace logs.

The second, container exits immediately on boot. The runtime found a fatal error and exited. Run docker compose logs openclaw to see the last lines before exit. Common causes: missing required env var, malformed AGENTS.md syntax, port 3000 already in use on host.

The third, healthcheck flapping. The agent boots fine but the healthcheck times out, Docker keeps restarting the container. Usually means the runtime is taking longer than 60 seconds to be ready (large MEMORY.md, slow Ollama cold start). Bump the start_period in the healthcheck to 180s.

Bind mounts versus named volumes for the workspace

The compose examples above use bind mounts, the ./workspace:/workspace pattern. The host's ./workspace folder maps directly into the container, which means you can edit AGENTS.md or MEMORY.md on the host with your normal editor and the changes are visible inside the container immediately. This is what most people want for development and personal-agent use.

The alternative is a named Docker volume, which Docker manages and lives in /var/lib/docker/volumes. Named volumes have better performance characteristics on macOS and Windows where bind mounts go through a translation layer, and they survive container deletion the same way bind mounts do. The downside is that editing files inside a named volume requires either entering the container or running a small helper container, which is more friction.

The honest rule of thumb. Use bind mounts on Linux hosts where the agent runs in production and you want to edit workspace files with your normal editor. Use named volumes on macOS or Windows dev machines where bind-mount IO is slow enough to actually matter. For the data inside the container that does not need editing (the runtime's internal state cache, embedding indices, model weights for Ollama), always use named volumes regardless of OS.

Docker network isolation

By default, Docker creates a bridge network for each compose stack, and all services in the stack can reach each other by service name. The openclaw container can reach the ollama container at http://ollama:11434 without any extra config. This is what you want for local model setups.

What you usually do not want: the agent container reachable from any other container on the host, or from the public internet. The 127.0.0.1: bind in the port mapping handles the public side, the agent is only reachable from localhost on the host. For container-to-container, use Docker's network names to scope which services can talk to each other. A two-network setup with an "agent" network for the openclaw plus its dependencies and a separate "monitoring" network for prometheus or healthchecks is a common shape on bigger deployments.

Running multiple agents on one host

The compose pattern scales surprisingly well to a small handful of agents on one VPS. Each agent gets its own service block, its own workspace volume, its own port. A four-agent stack on a $10 a month VPS is comfortably within reach.

The shape of a multi-agent compose, abbreviated:

services:
  founder-assistant:
    image: openclaw/openclaw:2026.5.1
    env_file: .env.founder
    volumes: ["./founder-workspace:/workspace"]
    ports: ["127.0.0.1:3001:3000"]
    mem_limit: 1g

  ops-monitor:
    image: openclaw/openclaw:2026.5.1
    env_file: .env.ops
    volumes: ["./ops-workspace:/workspace"]
    ports: ["127.0.0.1:3002:3000"]
    mem_limit: 1g

  research-helper:
    image: openclaw/openclaw:2026.5.1
    env_file: .env.research
    volumes: ["./research-workspace:/workspace"]
    ports: ["127.0.0.1:3003:3000"]
    mem_limit: 1g

Each agent has separate workspace files, separate API keys, separate channels. The full multi-agent architecture (gateway, routing, agent-to-agent comms) lives in openclaw multi-agent on day 15, but for the simple "I want three independent agents on one host" case, the compose pattern alone is enough.

How this connects to your full agent

Docker is the foundation for the production deploy in openclaw vps deployment on day 13. The compose file from this lesson is what runs on the VPS, with systemd as the supervisor and a small monitoring stack on top. Day 14 (openclaw agentic coding) leans on Docker too, the executor agent for code changes runs inside its own sandbox to keep it from touching your real shell.

If you only do one thing from this lesson today, switch your :latest tag to a pinned version. Future you will be glad when a breaking change in 2026.6 does not silently land in your prod deployment overnight.

Key takeaways

01Docker isolates the agent from your host filesystem, a real safety win for autonomous deployments.
02Sandbox modes restrict what the container can read, write, or call out to.
03Compose is enough for single-host setups, you don't need Kubernetes for a personal agent.
04Always pin your Node and OpenClaw versions in the Dockerfile, autoupgrade is a footgun.

View the openclaw docker slide deck→

About the instructor. Adhiraj Hangal teaches this lesson. Founder of OpenClaw Consult and one of the few consultants whose code is merged in openclaw/openclaw core. PR #76345 was reviewed and merged by project creator Peter Steinberger. Read the contribution log.

Need help shipping openclaw docker in production?

OpenClaw Consult ships production-grade OpenClaw deployments for operators and founders. Founded by Adhiraj Hangal, a merged contributor to openclaw/openclaw core.

Hire an OpenClaw expert→

Back to the Free Comprehensive OpenClaw Course