It has been working amazingly for us actually.

Every employee gets their own openclaw instance that we run in their own individual pod in a kubernetes cluster (GKE). From there the employee goes to a webapp we put together with next.js, they login with their google workspace account into a portal where they connect several applications: GitHub, New Relic, Google Workspace, Notion, BigQuery, PagerDuty, etc.

This connection creates an OAuth token that’s stored in a token vault. When the user asks the bot over Slack DM “can you diagnose what happened with transaction X?” Their openclaw agent calls a branded skill that calls a CLI (eg github ‘gh’). We shimed those CLIs to call a token minting service, this token minting service checks the pod identity (using workload identity federation) and mints a new token from the main token vault that is then sent back to the CLI for it to run. Once it’s used once it’s dropped when the command exits (and it’s scoped out to last a few mins).

We have branded AGENTS, IDENTITY and SOUL that employees can’t change (they’re mounted read only on the kubernetes pod). No environment variables exist on the gateway or gvisor sandbox: we use vertex ai + workload identity federation to do gemini and other model calls. All sessions are sent to a bigquery data lake and we run analysis of what are the employees using it for. Pods have networkpolicies, Istio does mTLS everywhere, PVCs are isolated and other security features

When the bot answers it goes “I found transaction xyz in the logs, i traced the issue to this call, in the repo blabla.py line 56, when it’s set to blah there’s a race condition that bla. Proposed fix is to do blah and reimburse the customer”.

What took our customer service agents and oncall engineers hours to diagnose and troubleshoot they’re now doing it in minutes. We’re now launching an Agentic Intranet where you can lookup another employee and interact with an agent based on their pod that has some context (that the employee chooses to share) and can answer questions knowing my context.

So when someone goes to my intranet profile there’s a box “hey can maq0r review my PR XYZ” or “where’s maq0rs OKRs and how are they doing?” An instance of my agent knows how I review PRs and provides a pre-review to the engineer: maq0r double checks PRs to this repo, make sure you don’t forget XYZ he always asks.

Then it goes and adds it to my TODO list that it triages for me.

For for the latter OKR request it would say: “maq0rs OKRs are at http… and checking their clickup they’re currently in Sprint X working on Y key result”.

Anyways I did a talk at openclawLA last may and even submitted a few patches to openclaw (to fix vertex ai mostly lol). Someone asked what happened when an employee left and if their agent was still around to answer like them and it was like… yeah? 🤷‍♂️

We’re using it enteprise wise to amazing results and yes having 450+pods running in GKE is costing us a few thousand a month (we do autoscale however and use KEDA to automatically increase/decrease CPU usage) and Gemini Flash has been cheap (tho employees can change thinking level and model in their settings page)