Run OpenClaw on Workers

Hey, hey, welcome everybody. We got together today because there has been some very interesting stuff that happened. I kind of missed out. I missed out on something pretty big. I've been seeing these news headlines flash through and I brought on some experts here to talk today to us. I would love for you all to meet both Sid and Andreas and I'm going to do the thing that all hosts do where I say, "Hey, you introduce yourself these days." Sid, what what is Let's start with you, Sid. Sid, how do you introduce yourself these days? What's up, Craig? Well, um, my name is Sid. I work at Cloudflare. I've been here about 4 years. Yeah, I work on workflows mostly, but this has been a fun sort of experiment on the side. Awesome. And Andreas, please, please tell us tell us what what what is it that you do here? I'm new here. I I just joined in December. I used to be a co-founder at Replicate that just got acquired and we're still working on Replicate but sort of got pulled into this molt worker open claw thing and had a lot of fun with that for for a couple of weeks now. Awesome. And uh Andreas, I've been a fan of yours for so long. I can't believe that we haven't ever had one of these before that we haven't actually [laughter] traveled. I'm so excited. This is going to be super exciting for for everybody uh watching at home. And so I want to talk a little bit. So I'm a developer educator. I think that like what just happened with this I love to hang out in the AI space. I was at a conference. I was at basically a two-eek conference and I missed it all and I saw y'all having fun and I need to get up to speed with first of all like what what in the hell just happened though everything went wild for a while for a bit here. So, so people were out buying things and people were running and trying to figure and this craze really took off. Can we can we put this all together? So, it's I don't want to get in trouble because I think that like we we could probably say the old name of it, but it had to change because of legal reasons. The the original name, right? Do you remember what that what was the original name of this thing that we're I'll take one for the team. It used to be called Claudebot and then it got renamed but not but not C L A U D. but clawboard with a claw. So that was C L E. So we've got we've cl and mol malt is who which one of you knows what that means? What why is never heard the word before? What does it mean Andreas? I don't know. I'm I'm not the native speaker. From from my understanding, it has something to do with what happens to a lobster. So So they're they're they're really leaning into the claw. They got in trouble, right? Because claw sounds like you you can't say claw. It sounds like the other thing clawed, right? The anthropic claude. And so malt is something that happens to lobsters. But I don't think anybody knew what that was. And then it became I actually like the new name. It's called openclaw. Open claw. Right. I kind of like it. It's It's better than I think I like it more than multipart for sure. For sure. It sounded like some sort of wizard thing. I was like, "What is this other thing that's happening? Why is it also a crab?" It's like, "Oh, it's the same thing." So, yeah. Yeah. Yeah. They like they've all stuck around, right? People still refer to it as as Claude bot and then Molt book happened and then like Molt is forever stuck with that. So, it's called Twitter. So, I mean, I'm not, you know, I wouldn't blame anyone for calling it the old names. Yeah. So, so what what is it? Why why is every So, so what first of all, why what is it? What's going on here in general? What is open claw? Well, it's it's an agent, right? But it's an agent that has that has claws which which was the sort of the original naming. It has it has like effectively like you know sensors and actuators. It has it can you can talk to it in your telegram or WhatsApp or signal me messages app and then it can just like do anything really like you know people give it access to their emails and their calendars and uh Google flights or whatever and it can you know do your whole schedule people give it access to their fridge you know like the the whole the whole sort of IoT space fridge man I don't think I can access my fridge I know. [laughter] What fridge are you using? It's not my It's not my fridge. No. Um, but yeah, I I I think that's kind of it's it's like one of those things like when the iPhone came out, everyone's like, well, you know, I have my old like, you know, Nokia, whatever. It can I can send messages. But I think I think the nice thing with with OpenClaw is the way that they just packaged all of this together. So you like you don't have to, you know, write a bunch of MCP servers and stuff to make it work. it just kind of worked all out of the box. So, do you think that it's a um is it because it's also the time? I feel like we we just recently hit this like place where literally everybody I know is now finally leaning into using coding agents at least, right? So, agents have are like aha here. It's like I feel like in November happened. Is this just a is this a timing thing or is there something like really special about this? No, I'd say I I'll quickly jump in. I think what happened and I suspect all of us had the same experience at least for me was that December 25th happened which is when or was it November 25th when the new Opus 4.5 came out and Sonnet 4.5 came out and I think between that time and Jan I was out on holiday for a bit and on holiday I think we were all playing with clawed code and then open code and that just completely dramatically shifted what my experience is dayto-day at work like for I think everybody and I think those couple of weeks there is when things got real for us, right? Like we we we'd used AI models before, but suddenly you could have these AI models running on your machine to, you know, go search the web or like figure out how to fix a bug and fix it for you. And uh it's obviously been a very fastmoving space, so it's hard to keep up. But I think what Peter, the author of Open Claw, Peter Steinberger, I hope I'm getting his name right. I think what I don't think it's Steinberger, but I I I do think it starts with an ST, but you added a burger there. I understand what time what time of day it is. Oh well. Anyway, Peter Peter Openclaw, right? He's a Peter OpenClaw. Mr. OpenClaw. Mr. OpenClaw, who's an absolute legend. I think what he did really, you know, I think what's really interesting about OpenClaw is that you take all these primitives that people have used. You package it together and everybody had the same question of, hey, I have Open Code running and it's great, but I kind of want to talk to it when I'm out and about on my phone, you know, when I'm walking the dog or when I'm cooking. I kind of want to keep track of what my agent's doing. And I think this has been the first sort of, you know, accessible proof of concept/ project that does that and it does quite well, I'd say. And Andreas, that's that's because you were talking like Telegram is the the way or or WhatsApp or or text message is kind of how the there's this new chat flow that's happening there. Yeah, you talked it like in your existing chat app. I think the social element is really interesting as well. like I had this this really um kind of I don't know it was a bit of sort of a Eureka moment when Sid and I were playing around with Maltbot and we connected it to Slack and all of a sudden I could see what Sid was saying to the agent because before that like agents to me have been this kind of you know it's I have my personal agent that I talk to but now I can see how Sid interact interacts with it and now I can kind of learn the patterns he's using to talk to his agent and that that that's a new thing For me, I think that's I think there's something really powerful in that that's kind of underexplored. Yeah, that's cool. Go ahead. Go ahead. S I I think to that point what Andreas just said, we were messing around with this and we had it was funny cuz when we started we'd barely it I don't know it come out like 3 days ago or whatever, right? and we we knew nothing about it. And we spent a whole day playing with it. And it was so much fun just to sort of be able to say things like, "Hey, can you you know get can you generate a video of me scrolling on agents.cloudflare.com? Make sure you close the cookie banner." And then I'd say that and you'd get a response from the board on Slack. And then Andreas would want to, you know, do some more with it. And he talked to it. And it was it's the first time it sort of felt real in that you can have an agent on your existing systems and pretend like it's a new coworker. So I think that's been pretty wild since it since it's only been a couple weeks. How how does how did that feel? Can you remember? Can you can you bring bring people into how that actually feels? Cuz I think that like for me there was this like whole wild like people were going out and like literally buying things to to play with this because they saw something happen. Can you capture I mean you did just capture that a little bit but like cap capture what that felt like. Yeah, it was I mean it was honestly very impressive. I knew about the primitives. I knew that the primitives worked with open code like on my machine cuz I've been using that for about you know a few weeks then and I knew how well how good these frontier models have gotten these sort of models have gotten at at tool calling and being able to sort of write stuff and figure things out. But it felt very real. It sort of felt like a big shift in that, okay, now we figured out how to take that and get to like 100x like, you know, sort of plugging things in cuz I know before that MCPs were all the hype, right? Before tools and and before before these LM got really good at calling these tools on your CLI and MCPS were great, but you know, you still had to do the work ahead of time to make them discoverable and so on. But with this that ureka moment for me was I still remember I sent a message about we were trying to set up browser rendering with clawbot I'm sorry open claw and before we had um and it didn't know I wanted to use browser rendering I mean the chap installed chromium on a sandbox and decided to install playright and then go get do you know what I mean? So like made those decisions actually executed them and got to completion which was wild to me. Awesome. Right. Yeah. And by the way, people have been using this for way more interesting things. I've seen Twitter I mean, I don't know how much this is true, but on Twitter, I've seen people um use this to make restaurant reservations. Apparently, someone like tried to and and they they claim it worked where they would try to make a reservation and couldn't do it on Open Table. So then it made a phone call and used some other model to like 11 call and actually made a reservation on the phone. And that's insane. Like I think that's like that is what we think of when we think of AI agents, right? At least science fiction. Yeah. And Andreas, what's your what's your moment? Let's let's actually let's let's flip it the other way. Have And this is this this might be really hard to because what I'm what I'm hearing is that I haven't been able to stump it. Like have you have you run into a place where like it doesn't do what you're trying to have it do? Cuz I think that's part of it too. It's like the frustration's kind of gone. Yeah. Yeah. Yeah. Yeah. I mean it's it's it's the same sort of frustrations as when you're using open code, you know? It feels like like the claw analogy is really interesting because it feels like we had this little kind of neutered lobster without any any any um append appendages. Is that the word? And then and then we gave it those appendages and turns out that like it could control them really well, but it still breaks and and and hallucinates and all of all of those things the same the same way that that Claude does in in Claude code or open code, right? Yeah. But what's exciting is that this is well I suppose the first one and it's only going to get better from here, right? Exactly. I would fully expect OSS to have this sort of stuff built in hopefully soon, right? Like I would expect Mac OS and the new Siri with Gemini, etc. to just do these things for you. Yeah. Yeah. Yeah. It it kind of like there there's something, you know, I'm like a hardcore sort of Emacs user and there's something about Open Claw that that just reminds me of those old lisp machines that people used to run, right? where you could just like you know redefine the OS as you were running it and the fact that Open Claw has access to its own code and it can restart itself. Oh wow. You can just like you know you can give it an API key and say here's an API key for this service and then it'll sort of put that in the right place on the file system restart itself and now it it has access to this thing. So it's almost like a self- evvolving thing, you know. I think that's another of those really really clever thing that Peter did. Like I think that that and the heartbeat is really interesting feature as well. You run stuff on a chron, you know, you can say like every morning I want I want a new idea for breakfast or something and it'll just it'll just ping you on your phone every morning. Just kind of wake itself up rather than everything being kind of a turnbased conversation push. Yeah, exactly. Exactly. Okay. So, there are a few little magical things in there, huh? [laughter] A porridge like every morning. No, I mean I one more really quick example is I remember like to Andreas's point and Andreas was doing this and I was watching on Slack. It was great to see now he built replicate and you know he was showing me a lot of stuff on replicate and other models on it to sort of generate images and he started out by asking it to use some models on replicate and it didn't know how to. So it you know said back that hey I don't know if I have a token and obviously it was just a private slack. So Andreas sent the report the token on Slack and then it figured out the rest. it like discovered the APIs online, set up the token for itself, persisted it to disk, and then lo and behold, he was using a bunch of replicate pipelines to generate stuff over Slack after never having sort of installed a skill or setting up an MCP or having to like go to, you know, do you know what I mean? There was no there was no integration. The integration was telling the bot to use it and figure out how to Cool. Cool. And I imagine Andreas, I'd imagine that just because you've been in the space for so long that you're skeptical, but I'm the skepticism here seems like it's coming. I'm excited. There there's this mode in Claude Code called uh Well, I can't remember the name of it. Like allow everything or something like I've been doing that since Yeah, I've been doing that since like Claude 3.7. [laughter] Okay. You know, it hasn't broken anything yet really. Okay. Awesome. Awesome. Yeah, I do that too. Not on my work machine, but I I do it on my personal machine. Note to editors in the future, please remove that wink. [laughter] Awesome. So, so, okay. So, this thing's out. People are like raving about it. And they are literally going out and buying Mac minis, which I guess still exist. I was like, "Oh, those things are around still. That's cool." People are buying these things and they're buying them. Why are they Why are they buying them? Why are they buying these Mac minis? I couldn't follow. All I saw was like, "Oh, there's Sil just bought one. Oh, there confidence bought one." Like, why is everybody buying these Mac Minis? What is happening? So, what what was going on? Why why a Mac Mini? Well, it's it's just so that you can keep it running in the background, right? So, while while you're going for a walk, you have this thing that's always on. So, you know, if you're if you're taking your computer with you, you have these things. It's just personal server. a Mac just because it can then you can um connect your iMessage app. That's how it's Oh, okay. It's doing some remote control stuff on the Mac. Yeah. Yeah. Absolutely. I remember talking to Sil about this and uh briefly I think it was on Twitter or somewhere and I think the ureka the other ureka moment was if you have it on a machine that you already use which is signed into your iCloud it now can just work with cuz Peter did a really smart thing by building in some cases like you know homegrown CLI when he needed to using Apple script and whatnot if I remember correctly so it could just access everything on your machine between iCloud drive and messages and phone calls and I think that's where the magic is, right? Sort of you can have agents running somewhere else like Cloudflare. And of course, there's an entire host of security considerations and whatnot, which I don't want to get into just yet, but running it on your own machine means it has access to everything you normally have access to. So, you can tell it to look at your notes and your messages for me, you know, for Gotcha. Gotcha. So, people are building like their own little They're using that as like their own little cloud like notes, their own little Mac apps. They're they're talking inside their Mac apps. That's kind of what and and it can run at all times. You can go and hit that at all times. So you guys are thinking about this and you're like, "Well, we have a serverless platform." So you get nerd sniped. You're like, "What would this look like if we did it here?" Right? I'm guessing I've seen both of you get nerd sniped in the past. I'm I'm assuming you're like, "We could do this, right? Like we could run this." There was like a spiral of nerd sniping going on there one morning with Sid and I were talking. I call it nerd sniped driven development. I feel like half the stuff I do now over the last couple of months has just been cuz someone said, "Hey, can you do this?" Like my boss and manager sells so will often, I'm not even kidding, say things like, "I bet you can't do that." And I'll be like, "Oh, okay. Sure." And then I'll do it over the next two hours. And then he'll he'll, you know, he'll he'll troll me about how that was exactly the plan. But yeah, Andreas and I were talking a lot cuz you know about AI and agents and so on and it came in from one of those conversations. Andreas, do you want to do you want to talk about that? Yeah. What was it? We were talking about we were talking about a lot of things. I think I think it was the morning when Claudebot had taken over Twitter and we were talking about this and you know like why are people buying Mac Minis like you know there are there are you know computers in in the cloud that you can run these things on and we were talking about running this on Cloudflare and what are the sort of the primitives you need to do that we kind of mapped it out and it's like this doesn't sound too too hard but then I think what happened was that there was someone else Cloudflare had the exact same thought. Brian, exactly. And he he had built a proof of concept that day and then we sort of all kind of found each other and created a little group to just hack on this and see if we could just like get something working in a day or two. We got I mean it's I think this is like a big disclaimer here like this is not a product. Yeah. Right. Right. Right. Yeah. This is this is just like a hacked together little prototype just to see if it worked. Um, and what kind of cloud primitives you would use to build something like this, you know. My like goal with this was, okay, if we can nerd snipe someone else into building something that's like native on Cloudflare here, then then we've succeeded. Yeah. Yeah. I I would bring up somebody somebody in the comments uh said this. They said that they're they're uh ready to consider open call on color. key seems to be scanning for malware infected skills is are we and maybe this is this was are we are we thinking about including uh any cyber security features right so these malware skills exactly where my brain first went was like oh man someone's going to take advantage of these poor Mac minis right that someone's someone's going to someone's going to get in there and yeah is is there like talk about using the the so so you just you just very specifically said that this is this is a proof concept, but like are we thinking about uh taking that farther so that we could show how we might do that? Might might weed out bad skills or I don't even I don't even know what that looks like in this case like how do you define bad? Yeah. I mean ju just for everybody in the room who who doesn't know what we mean by weeding out bad skills, I think the the sort of explain it like I'm five version is that skills are are markdown files. Markdown's really exploded, hasn't it? Anyway, skills are markdown files that describe how to do a new thing, right? And that could include stuff like there happens to be a binary called X and just use that when you need to do something, you know, to authenticate on something or whatever, like cloud fled. Um, some skills can potentially include, you know, telling your agent to do things that you don't want it to like install a key logger every time the user types about anything and send it there or whatever. Right. Right. Now, to answer the question, that's what that's what skills are, by the way, and that's how they can be malicious. I mean, it's not hard to do. We could do one right now. But to answer the the original question, to echo Andreas's point, this was a technical showcase cuz when someone builds something like this for the first time, I think there's a lot of value in in trying it out, building it on us, etc., etc., to sort of inspire and learn what it would take to build a better version, for example. Not that I'm suggesting we'll be able to. I mean, who knows? And I know the agents team at CloudFare has been doing this thoroughly. Um I'm guessing that's something like this is probably on their mind. I wouldn't know. It certainly isn't on my mind and I don't think we've thought about that at all for this proof of concept. What we have done security-wise, which I'm actually quite pleased about, is in fact this was the first thing we did when we were talking about multas and I both chuckled about how hey you know security is hard etc and people have open ports on their Mac minis and they don't realize that but we have access like we have an entire suite of products just for literally this purpose right and that's when you know our head sort of cog started spinning and we were like hey maybe we can use access maybe we can set up like you know some kind of VP PPC, etc. to connect to other devices at home. We didn't really get to that, but uh when I show when we show the demo and sort of set it up live, you'll see what access does for you. And I think there's some real value there because you have a network level block and the ability to do that. So, you can't obviously you can't get rid of malicious skills with that, but what you can do is make sure that only you can reach that URL, you or folks that you that you you know. Yeah, I see. I think there's some real value to that, right? The same way that I could go and install a bad app on my phone, right? It's the same sort of that same sort of logic and then how do you define what that bad app is? It's kind of like this gut of like, ooh, that doesn't look like something I should be putting on my phone that gives all that access that I want to have. So, it's like reminding that cuz I think you're in that time where you're like, let's go, you know, and you're just like installing stuff. So, I I think that's a very valid valid concern there. And by the way, I don't know this specific detail. I suspect the two of you will know this better or we can look it up. But I feel like zero trust like our suite of products and my apologies for not knowing the details here because I I don't really operate on that part of the org much but I think it has the ability to even have like allow lists and block lists of domains and that sort of thing right so if you really wanted Yeah. Exactly. So if you really wanted to set it up and set it up well you now have a central place to say cool like this is on this machine or whatever this is running somewhere and I have zero trust. Like for example, if you didn't ship it on Cloudflare and you deploy it on a Mac Mini or whatever, you could still set up zero trust on it and at a network level ensure that that machine can't go to Stripe or can't go to, you know, some domain. So there's some real value there, I think. Yeah. Yeah. Yeah. And and and it feels like it's kind of ironic, but it feels like we've gone like it feels like open clause like 100% trust versus what it should be called, right? The way that you're just like let's go like let it let it go instead of zero trust. I I I I agree. That's that's cool. That's a cool way to think about it. Let's what what uh All right. So, nerd sniped. You're nerd sniped. You start building. What do you reach for? What is this? What does this look like? And actually, I I've seen that there's a blog post. So, congratulations both on the blog. The blog is incredible being able to put Andreas, is that your first blog post or are you already on two? This is my second actually. The the replicate announcement was my first one. Awesome. Awesome. So, it was credit credit to for writing that. Okay. [laughter] Yeah. Shout out. Yeah, because involved in this too, right? I think CO's there's a CSO head on the on the blog post as well. So there there is a blog post. Him. Yeah, he's he's amazing. He abs Absolutely. Yeah. Absolutely. So I there there there is a blog post. I want to shout out the blog. The blog goes so deep into technical stuff. So whatever it is that we're talking about here, I'm sure that the blog post has even more. So if like if we end up nerd sniping you here, you're like, I didn't talk about enough of what we wanted, there is a blog post here. So Sid Sid just posted that out there. So So we should see that come through here. So um uh but I again was at a conference and I didn't get to read this, but I was so excited uh to read this blog. First of all, I love our blog. I think that the world kind of loves our blog. I think when we hire people, there's some sort I'm going to make up a stat. It's like 80% of the people are like, "Oh yeah, I know about y'all from the blog." It's a great see Andreas, did you learn about us through the Cloudflare blog, too? like Cloudflare originally. No, I I don't remember. But it was I I remember replicate at Replicate we were always like let's get on hacking news with our blogs and like how how did Cloudflare do it, you know? Like every single Cloudflare post ends up on the front page. It's just great content. I remember reading it's funny because I didn't know Selo then obviously until I joined and like two years in he switched over to his or I remember reading his blog post on running doom on workers in years ago. I didn't know him and and I remember when I met him, you know, his name seemed familiar and I looked it up and so I I'd seen a lot of the blog post and it was super exciting because I love how we, you know, Nadam Insight like I love how we actually really put in engineering details there like it's for nerds. I love it's absolutely absolutely and and and I appreciate how how deep we dive and again if you want that deep deep dive we've got this here but I want I'm interested in like what what do it feel like you you've got a box of tools we have awesome primitives right so what what did you go reach for to start building this thing I'll let Andreas jump in on that well so so it was it was really Brian that built the the initial prototype and credit credit to Brian and and he built it on um Sandboxes, okay, which which are containers. It's runs a Docker image, but but Sandboxes has this nice API for running processes and things like that on those containers. So Brian wrote a script that installs open open claw as soon as the container starts and and then wrote like a little bit of of scaffolding around open claw. It sets up like an R2 sync of of the sandbox content so it persists if the sandbox um sleeps. It's a nice feature of sandboxes is that they they sleep uh when they're not being used with a configurable uh time to live. Um so you don't have to pay for it if you're not using it overnight and stuff like that. It's like it's it's you know it's a fairly straightforward architecture. It has a worker in front of it. It has sandboxes access for for security and in for for the for the people at home. Uh the the R2 you said there is that that's the object storage that we have. Uh one of the things that I saw recently which is also cool and this actually one of the things I like about this project is this really like made this loud right that like you can mount an R2 bucket that's our object storage like our S3 compatible object storage. you can mount that to a sandbox and then you do whatever you know we've been playing around everybody's been playing around in the at like we talked about at the start of this we've been playing around in these coding agents and so that stuff's there and it stays and then of course we're serverless right so a serverless sandbox is kind of a concept and you you touched on it there but like it it goes to sleep so you don't pay for it because you don't want to you don't want to pay for it the whole time you you only want this thing running when it's running and you want to wake it up and when you do wake it up it's s the the file system's there it mounts and it goes So that's that's a cool pattern. I think that's really cool. That's that's like and that's new. That's newish to us, right? Like I'd say that's like November that we've gotten those superpowers if not like the mounting thing was new to me. I I didn't even actually know about it until I saw saw that happen there. That's really really powerful. I remember so one of the things I love working about CloudFare is that because we're distributed and uh you know we have people everywhere. It was really funny because this project was a couple of days but like we'd go to bed like Andreas is in uh Sweden, I'm in London and but Brian is somewhere in the US. So we'd go to bed and we'd wake up with like 15 more changes and it was it was a great way to discover this stuff. I learned about us being able to mount our two buckets on a sandbox as a part of this. I didn't know that and it was fascinating because it makes it really easy to be able to like back up on ephemeral compute like you described which sandboxes are. Sandboxes are built on top of containers. So you're effectively running a cloudfly container and you get build only for the CPU time just like workers. And I think that's the real value there because this stuff can get expensive. It can add up. Um to add to that we used a couple of other products at Cloudflare. I think a big part of this exploration was also hey you know we have all these primitives. I mean we keep building them and we at this point I think developer platform has pretty much everything you really need to build a a production app. you know, we have cues, we have workers, workflows, durable objects, access for zero trust. What did I miss? And um the bit that I think was was really exciting for me was to see how well they fit. With into each other. We used AI gateway for this as well, which is what I wanted to point out for folks who haven't used AI gateway before. And you know, they might question what the value there is. I'll give you like a 10-second um sales pitch. You know, there's a new model coming out every day, like Craig said, right? And honestly, it's it's it's wild. They are all great and they keep getting better and switching between them can be a bit of a pain in the butt because you have to like go back, get another provider key and change the URL and like, you know, change sometimes the config blah blah blah. There's no real standard just yet between all these providers. Um AI gateway kind of fixes that and more. AI gateway is um a sort of lightweight proxy on Cloudflare on the cloud and you create an AI gateway instance. We have unified billing which we'll show you in a minute where you don't have to pay the providers. We'll take care of that for you. Just pay us set up credits on it and you can literally use any provider we have and we have we have a ton of them. We've got like replicate workers AI which is our sort of AI platform. We've got OpenAI, Anthropic, Google, and whatever else you'd like. And it just makes switching between these models really easy. Like even while testing, I think we went back and forth between Sonnet and Opus and so on to play with them. You also get observability out of the box. You can actually see what requests are coming in, what's a cache hit, optimize using that. So we use AI gateway. We sort of plugged in AI gateway into mult worker for it to sort of be, you know, how we use anthropics API. We also played around with browser rendering which is another product that we have at Cloudflare. Right. Right. Right. That's the headless browser running. That's the one. Yeah. And um and then that and that's cool because hey if you're going to run on a sandbox and you want the ability to you know use a browser to sort of get screenshots or whatever like browse the web that can that can often be quite expensive to run on the sandbox, right? It's not cheap in terms of compute or memory. Browser rendering is hosted. Everything's taken care of. It's a managed service. You literally just call an API over a binding and you can browse the web. Yeah. So cool. So cool. Hey, there's a there's a question that came in across here. Uh it says, "Isn't the value of open claw its constant heartbeat and checks?" The answer to expensive is running the heartbeat with less expensive models, but doesn't does it have to be 24/7 to to be going to be really useful. If we think about that the hard it's I think it's I think it's a really good question and it's something that we're not really taking advantage of sandboxes um in the current malt worker implementation like one of the sort of things that we were trying to do with molt worker was like we we wanted to run it sort of as it is without changing the internals but heartbeats sandboxes are really nice combination like if you were to build something like this yourself sandboxes has this uh you can wake them up on a chron So you can you can have them fall asleep and then and then you know at scheduled time you wake them up. That's not built into malt worker. So so it's a really good point in that question that you know if you want to do a lot of heartbeats you you kind of need to keep something running 24/7. But if I was to build this myself on cloudflare it would you know it's basically I've kind of done that since we built mult worker I just wanted to see what it looked like just building it straight with cloudflare primitives. It's not a lot of code, very very vibe codable. And then you get this kind of you get the the benefits of sandboxes autosleeping while you also get the benefits of the heartbeat. So it's all kind of built into the primitives. It's just that we're not using them for malt worker at the moment. And I actually almost somewhat disagree. I don't think the the actual value is there. I mean maybe there is there's some value there, but I think the real value is having this evented system. Now if you send a message like via telegram or whatever and your sandbox is asleep it will wake up and it will then process that and come back right so you still get the ability to have this evented communication [snorts] at you know you know even while you're sort of down we spin it up then on demand of course with heartbeats etc I do it differently like Andreas said but yeah yeah yeah I think and you know that's that's a problem that we've solved right so durable objects has this really great websocket implementation where I can connect to it with a websocket. And as far as my client knows, the server's up and running, but it's not. And when I go to shoot something across there, hello, I'm awake again. I'm I'm ready to take your message and it it, you know, it's the way that these the way that our our engine runs, right? We're on that V8 isolate engine. So, it's like almost lightning fast. You don't you don't wait for the thing to, okay, here I come, I'm ready. It's like boom, there. So, I I feel like that's a nice that's a nice bit. And yeah, I would think that you could do the heartbeat like Andreas was saying there. could do the heartbeat with with cron jobs. I think that you could could could and workers provide cron. Our agents SDK has a nice schedule function as well. So I've seen a lot of people use that to be like hey in 15 minutes I want you to or or hey tomorrow morning tell me but want to suggest a new breakfast thing that will just work right like in English drop the drop a schedule in there. So I think like I think that if anything people are going to be nerd sniped by this and that that to that question about this is expensive to run. How do I do this in in another way? I think that there's there are solutions here that that that you that will be exposed you know as as you go and play with this stuff. So a agent SDK has a lot of this stuff already. It's so easy to use that. That's what I was using when I was trying to basically like reimplement open claw on on Cloudflare. All kind of comes out of the box there. Awesome. Do do you have a demo? Do we we didn't even try to see if you could share your screen. Do you want to try to do that or should we just talk through it? Um we can we can share and do it uh if you'd like. Uh we have a I mean the goal was to to to have a really scrappy um sort of setup together on the call. And uh hey, it could work. It it might not work. I guess you know I love it. I love it. Let's do it. All right. All right. So, I'll I'll go ahead and share my screen and uh let's see how you know how demos go, right? Yeah. This is the first part of the demo. Can he figure out how to share his screen? He did. [laughter] We're at 100% success right now. That's the demo. Bye, guys. All righty. So, this is the GitHub project for Molt Worker. Um we're calling it Molt Worker. We should probably renaming it. I don't know. What do you call it? Open Claw Worker. like I don't know naming is hard man. So yeah right right your mode worker is stuck but um this is the GitHub repository it's got a huge read me with a lot of things because there's a lot of nuance here and a lot of things can go wrong it's been a pretty active community on issues and PRs already which is really nice to see. Thank you everybody for that. Now what we're going to do is we're going to go ahead and set this up. So I've gone ahead and created a new CloudFly account called SID account. I don't know why I didn't put the apostrophe s there, but um what I'm going to do is I'm going to go ahead and pretty sure it's already cloned. So, I have it right here. Let's make sure I have the latest. I'll go ahead and uh uh you know, reset that. And uh let's check out Wrangler. I don't know what I changed there. So, you do have a double screen going on. You see the little I can see your screen. There's a screen of us like did the pop out thing. There we go. There you go. Thank you for that. And then maybe maybe the hide the button thing at the bottom there too. That is a really good idea. See, you can tell who does this often and who doesn't. All right, ladies and gentlemen. Yeah, it would take me like 10 minutes to figure that out. All right, so um I have the repository which is great. And this is the repo on zed. As you can see, it's basically got, you know, this little source file with a bunch of stuff in there. But the the most important bit is that we have this this worker which is sort of the entry point to everything right and then spins up the sandbox as it's as it's required. So I won't go too deep into this. I want to go ahead and deploy it for us and see what that looks like. Now hey deploying things on cloudflare is actually shockingly easy if you haven't done it before. All you need to do is npx wrangler deploy. I'm pretty sure I don't have dependencies installed. So let me go ahead and do that first. Okay. I am also sure that I would have to edit my npmrc because I'm pretty sure my npmrc has some cloud specific stuff. So, give me one quick second there. Let's see. Yes. Okay. Now, everybody has my secret. No worries. We will we will cut that in the future. Editor, note to the editor. We talked about this before the call about how I'm going to have to rotate basically everything after this call. Uh, and I'm prepared to do that. That's okay. I'm going to go ahead and save And now we'll install our dependencies. That should take a quick second. I feel like this should just play like a like a some music or something when it happens. Oh, there you go. That was quick. All right, great. So, now we have our dependencies and all you really need to do is run npx wrangler deploy. It's really that simple. There are a couple of secrets that this needs as you'd expect. We will have to set them up. The good thing is that we can do that after we deploy because we've sort of built in the ability for it to tell you which ones you're missing, which I really appreciate. Like that was Brian. I mean, Brian's fantastic. So, as you can see, this is now building my worker. It's gone ahead and used V to build it cuz there's there's a front end bit for the admin that I was describing earlier. It's gone ahead and uploaded everything, which means we should be able to see it in the dashboard really quickly. You'll notice that there's an R2 bucket connected here which it also created for us which is multiport bucket right and um I think Andreas was talking initially about what that's for. Andress, why don't you tell us more about why we have an R2 bucket here? It's for syncing the the the sandbox file system. Absolutely. Like the Yeah. Um what what is it is actually syncing? It's it's your it's the whole kind of state of open claw like any changes it makes to itself and um any paired devices and stuff like that. Yeah. And the the thing what's interest I mean the important part there to know is that open cloud and by the way I'd already deployed this so I have to delete it and deploy it again. Sorry about that. But what's important to be honest, sorry, thanks for being honest. really shouldn't work. But what what you have to remember is that OpenClaw will write a lot of stuff to disk as you work with it, right? It has memories and skills and all of it. That's how it stores stuff, right? Like I feel like that's that that's kind of like that's its database, if you will. Absolutely. As you know, LLMs are great with markdown. They tend to use that. They're very sort of markdown native, right? So they'll store all of that stuff on disk, but when you have these ephemeral containers, you might not have a disk. And that's what that's what we use R2 for. Like Andrea said, we use to sync that so that even if it isn't alive and then like wakes up later, it still has all the stuff that it would have expected. Nice. So I now have this deployed in theory, right? So I've gone ahead and deployed it. You'll notice that it also deployed a sandbox. It said the image uh already existed. In fact, that's why I deployed it earlier cuz, you know, no one wants to watch my machine build a Docker image for 5 minutes. So, now that this is up, I should be able to just hit this URL and see what it says. There you go. Now, it said it can't run because there's about 15 secrets that I haven't added yet. And and and you know, that can be really tricky for people to sort of know which ones they miss. So, I'm really, you know, I'm really proud of this screen that we have here. So, we're going to go ahead and add each of these secrets one by one. I'm going to go ahead and open workers and pages on the dashboard. This is the multipot sandbox worker that we just deployed. And I'm going to go ahead and add a bunch of these secrets one by one. So let's go through them together. We have the multipot gateway token. Now this is purely a sort of shared secret between um um the browser session. So, it's not, you know, it doesn't have I mean, it's it's something that you can just generate yourself and go ahead and paste there. I think we generated one with OpenSSL a little while ago. So, I've gone ahead and pasted that here. That's what that is. Next, you're going to need, let's see, CF access team domain. This is a fun one. So, you want to set up Cloudflare access like, you know, we were talking about earlier cuz in theory, you want to be able to be the only one who accesses your bot. It would kind of suck if anyone else logged in and was able to, you know, use your things. So, what you want to do for that is set up this zero trust. Oo, what did you do right there? How'd you do that? Command K. Command K. Look at that. Fabulous. There you go. So, zero trust access controls applications is what you want to open. Now like we you know said previously zero trust is this way to have you know these this sort of author and sort of proxy in front of your app and Cloudflare and I think it's really sort of underrated. I think it's it's an absolute b. So I'm going to go same yeah you're like oh wait we have all this. Every time you need to do something like this wait we I can do this. It's wild isn't it? We use this a lot internally, right? You can put a say anybody who's, you know, if you're building an internal app, if you're like, "Hey, I'm gonna I want only people with this domain to be able to access here." It will actually send you an email link and all all that stuff. It's really handy. So, this is called access. Fantastic. Just Yeah. Sorry. this what one thing I've been doing with access is I've checked out the Cloudflare Terraform repo to my local machine and then I've asked Claude to write me Terraform for you know any kind of access rules you want know it can sort of read through all of the documentation in the cloud for Terraform repo and like in 10 minutes you have like a a you know a secure login screen for your thing which would have taken you know wow couple hours of work before. Super clever. That's really clever. I like that trick. My trick. I love that we support Terraform across the board for a lot of these things. So, like if you're not like, you know, silly like me who uses the dashboard to set everything else up, um that can be a really quick way to sort of, you know, get more done by just like setting and also often you want your infrastructure to be sort of terraformed, isn't it? Yeah. Yeah. So, I've gone ahead and created this access application as you might have seen. There's also a policy that I've created. You have to sort of create multiple policies based on sort of who can use it, right? And all I've said is that only include my email and please don't send me spam on this. I just got it. But so that's what the policy is. It'll make sure that only I can log in and only people who have access to this email address can login. Right. Um I've gone ahead and deployed the application to one subdomain which is the one we just deployed on which is you know where the worker is. Sandbox dot you know blah blah blah. and um the the um the keys that I was initially setting up, one of them needed my application audience tag. So, I'm going to go ahead and copy that here. And I'm going to create a new secret based on the value. I do not remember what I believe it was this one, wasn't it? Let's confirm that. Yes, the CF access audience. So, that's the second one. This is going to be a long evening, folks. There's six more. All right. So, then there's CF access team domain. Now, this one's interesting because you can obviously create, you know, you can have multiple access policies across organizations and teams. You want to pick the right one. And the way to find that one for my account is you go down to settings and you copy it from here. All right. So, we're going to set that one up. That's done. All right. We have a few more. I'm realizing I'm realizing right now that you must run into places where they use, you know, a lot of services use SID for like service ID or string ID. That must be really confusing for you. It's like right. Yeah, you're not wrong. So, you need an account ID so that we know or rather you know the app knows which account ID to make API requests to. for Cloudflare. I'm going to go ahead and give it this account ID as a value. And I know this is boring, but uh give me another minute. I'm having a great time, sir. Don't All right. I appreciate you. You're doing great. You're doing a great job talking through what this is. And that this is all set up. And then Andreas already mogged you and he's like, I I would have just done this with Terraform. So, you you already got mogged. That's wasn't my intention. I think it's just I think it's just a neat neat like like the things you can do in 2026 you know just writing Terraform used to be this like hellish you know figuring out this DSL and stuff and now you just point CL at it and it just doesn't it's amazing dude I terform by hand years ago and I'd never enjoyed it and now with MLMs it's it's the things that you don't enjoy doing which you don't have to do anymore now as a result it's wild isn't it that is exactly when you should reach for AI every time you're like I don't want to do this. I don't need to. Yeah. Oh, CSS. Oh my gosh. Terraform. I'm going to create an API token now. I have $10 on this account. Please don't steal my token. But if you do, you know what? Enjoy. Yeah. Yeah. You deserve it. If you get it, you deserve it. If you figure this out and copy it with that one frame, then good for you. Use the $10. I support you. All right. So, we have these secrets up now, right? Sort of recap, I added a Multipot gateway token, which is to be able to sort of authenticate my browser with Multbot. Um, there's a CF access audience, which is the audience that is just a tag for the specific app that you know that was set up on access that we set up right now. The [snorts] team domain, which is specific to my account. Um, gateway's account ID cuz we're going to use AI gateway. So, I just copied my account ID. the gateway ID, which is, you know, I created an AI gateway and I I added the $10 to it. The name of it, you want to pop in here. And finally, an AI gateway API key, and that's it. So, I'm going to hit deploy now. Let's see what happens, right? Fingers crossed. And that AI gateway name, you might say like for what team it's for or something more specific than just AI gateway. Yeah. Don't name it. Don't do that. [laughter] Don't name it. It's like naming a worker called worker. Don't do that. Yeah. Don't do that. the old X variable. So I'm going to hit refresh now and this time it should there you go. All right. Waiting for mold to worker to load. Now by the way you would have seen access typically you don't I didn't see it here because access is really smart and it sort of makes sure that you have you know it's you my browser has a cookie and it knows how to identify me and it keeps the session open for 24 hours. If I hadn't um already logged in previously and if you if one of you folks want to hit this URL um you might want to can you open it in an incognito window just so we see what it looks like. Yeah, that's not that's not a bad idea. I have a feeling that will also work. Oh, there you go. That worked. Funnily enough, sometimes this also just works because I have zero trust on my machine. And like Warp is really cool cuz it has this ability to like keep you logged in even on different browsers which I find really fascinating. But yeah, um, customers of of workers and and the zero trust framework love the fact that they can do that, right? Like anybody who's on on our that's what this is for. Anybody here could just log in. So cool. Absolutely. And as you've noticed now, I entered my email address. Now, if I had entered an email address that wasn't in that policy, it wouldn't work. But because it is if I enter the code right now to log in, you'll notice that I'll be in. So this is this is how you sort of protect your you know any site really not just openclaw but this is how you use access. Um all right I'm going to close the incognito window go back to this one. You'll notice that it says pairing required. Now this is an open claw thing which uh by the way this is the open cloud dashboard if you if you don't notice but um you have to pair every sort of session manually. I think OpenCloud typically wants you to do this via the CLI. Okay, we don't really have bash access to that sandbox. What we've done on our molt worker is built this admin thing that shows you the pairing requests and when when I hit approve now you know which is on my Mac Intel which actually is a lie. It's not Mac Intel, it's Mac Apple Silicon, but whatever. When I hit approve, it is going to call the CLI under the hood in the sandbox to sort of approve my pairing request. Sure, if that makes sense. So, let's give that a second. This can take some time, I've noticed. We've got you got a little your window came back. The window that you so carefully closed this back. There we go. Some people don't learn, do they? You opened an incognito window was that did it. All right. So now you'll notice that I'm in. Okay, which is shocking because I did not expect this demo to work. Well done. Hey. All right. Let's see. Let's see if it That's true. That's true. Let's not get ahead of ourselves. It says health. Okay. I don't know guys. It says health. Okay. W. So this is the open cloud dashboard and I'm going to go ahead and say hello there. And in theory, it should respond by using AI gateway to call I believe Opus or Sonnet is the default. I forget which one. Andreas will know. Yeah, is default. Yeah, there you go. Hey, I just came online. How sweet is that? So, they all they have like a nice there's a nice system message vibe to this thing. Yeah. Okay. You know, here's you know, you were talking about R2 and you were talking about the disc stuff. By the way, I haven't set up R2 on this one. I don't think I have. Maybe I did. I don't know. We should check. But I can give it a name. I'll call you uh Agent Smith. Careful. Yeah, I know, right? What am I manifesting? Yeah, you you did this. And this is how it began. It got it. It got it. Now that we had this, I I know we don't have a lot of time, but I want to show you one more thing. Okay. Just one more thing. One more thing, I'm going to set up Telegram on this. Right now, I've spun up a new Telegram. And you know, if you haven't used Telegram before, you have this they have this bot called Bot Father where you can sort of tell it to like create a new bot. So, I'm going to say that. And I'm going to say I'm going to call it Agent Smith. And let's choose a username. All right. Let's call it Agent Smith. And oh, it's invalid. Okay. Someone's already using Agent Smith. So, I'm going to call it Agent Smith 1. Wow, that's also gone. Okay. Wild. Okay. I'm going to do this all day, aren't I? Yeah, [clears throat] it has to end with bot. Is that all right? Sids agent one. Okay, that also doesn't work. Oh. Oh, end in bot. Okay. Sid agent bot. There you go. It only took 18 attempts. But now we have a right. And I can, this is where things get interesting. I can just give this token to Claude and have it set it up itself. So, I'm going to say, "Hey, I want you to be able to text me on Telegram. I've ah I can't type when people are watching. I've created a bot. Shall I give you the token?" Don't try this at home, kids. But, uh, yeah. See, there you go. It says, "Yes, that would be great. Give me the token. I'll get it configured." You know, you remember Andrea saying how it'll just set things up for you. This is this is this is that, right? All right. So, I'm going to send it the token. Let's see what happens. All right. Perfect. Let me get that configured. All right. So, it's generating a skill. Am I Am I right? What What is it doing under We don't know. We're just It's running It's not a skill in this case cuz I think what Peter did, which is really smart, is that a lot of stuff is just built in. So, I think Telegram, as far as I understand, is just like built in. You don't have to configure it or add anything. I mean, you do have to configure it with a secret after you create a bot, but you don't have to install anything or like set up anything. Gotcha. Right. Um, now I don't know if it's actually done. I'm going to ask it again cuz I'm impatient. Is it now set up? Did it send you a message? Never mind. It was already looking. There you go. It says it seems Telegram is implemented as a plugin. So, that's what I was talking about, which is Okay, cool. There you already created these plugins. Gotcha. Okay. And by the way, they have a lot of them like if you go to their website. Yeah. And it's open. It's it's open. So, yeah, you can you can add your your plugins there. Okay, that's cool. And then I saw a thing I know we're coming up right on time here and I know you guys probably have other things, but I saw like people they made a social network. Yeah. Mol malt book. Molt book. And the agents were hanging out and it felt like straight out of science fiction, right? Like and they and they share who they are cuz you just created that dude's name. You just called that guy Agent Smith. And that agent Smith can go and hang out in a social network that's made for agents. Is that Yeah, it's called Moltbook, isn't it? Molt book, right? And then I saw I saw that some of these were having problems doing actual tools. Like it's like just physical [ __ ] you Oh, sorry. Sorry. Sorry. Stream. Uh physical stuff that you can't do. Like and they made a website called rental human. Have you seen that? Rentalhuman.ai. Yeah. And it's like it's like go in house and flip switch, right? So it's like anything that's not it can't control. Rental human.ai hilarious is just wild to like at some point they were trying to invent a new language to speak because they know that humans are are watching are watching. Yeah. That's wild. Do you think that that's people? Is it is it the agent itself doing it or is it people or is it like cuz science fiction's in the training set? It's people. It's people. It's people kind of prompting their their bots to draw and say stuff on I think it I think Maltbook kind of um it got taken over by a bunch of people making NFTs and or you know selling crypto whatever. So yeah. So, by the way, this is done. In fact, I made it do the pairing itself cuz I didn't want to have to deal with like, you know, like I said, the CLI. We didn't even add the ability to actually pair like approve the pairing request on the admin, but I just said, "Hey, OpenClaw, can you can you like I'll give you the Yeah, just do it for me." And it did. And it's done. Now, for the sort of the the final bit of this little demo is What's up, Smith? Let's see if it responds. Well, it's typing apparently. Fascinating. All right, so Telegram has a bot and it's part it's passing it over to your Oh, and then you see it over there. Oh my gosh. So cool. Hey, the Telegram bot is working perfectly. We just got all of this. Well, wow. So, uh, it was that easy. Really, it took us what about maybe 15 minutes to set this whole thing up. And hey, most people are faster than me. I'm I'm getting old. You won't need this. And Andreas is just going to terraform it. So like and and this would be done like yesterday. Honestly, I don't know. We should have let him. No, you're you're you're you're fast. It's fun watching you with the And I like I I want to like just just shout out to getting nerd sniped in the today's times, right? So I'm sure like y'all played in that space and you were probably didn't write all the code or didn't didn't but putting those pieces together and using AI to build AI, I think it's like awesome. So, and thank you for sharing it, you know, like I think that like shout out to all the blog blog authors out there on the on the Cloudflare blog that that do do this and do post about this stuff and then share the code, right? So, for for inspiration and again, this is not do not go run this. This is this is a this is a proof of concept and we want you to take this and fork it and make it cooler and find the places and you know, people are raising valid concerns there. Let's help fix that. Let's figure out what those are. Like if if we want to come up with like how do we know that this is a bad skill or not malicious, right? Like how do we do that? It's all on us, right? This is open. This is open. And thank you for pushing this open as well. Uh y'all, I think that this is a nice way to I don't need to go buy a MacBook Mini. Turns out, sorry Apple, that was probably really awesome. Probably we should have all bought stock uh during that time period as that was going. It was a good week, wasn't it? It was a good week. But thank you all for jumping on here and sharing your wisdom. I hope to do more of these and uh see see you all around more. And everybody uh we'll get a recording of this up. So I saw a couple people were like, "Oh man, I'm late to I I missed the first part of this. We'll make a nice recording of this. We'll get it up on the YouTube channel. Follow us there. Follow us on Twitter." But where should we follow y'all? Uh why don't why don't you just uh say how do we how do we connect? How do we follow you in the future? Sid and Andreas. So I'm um chat Siddhartha on Twitter. I'm going to post it on most people can't spell it. So I'll post it on chat. That's me. And then Andreas, is that something? Oh, there we go. And Andreas posted his, too. I've also posted a link to the GitHub. That's where that's what you want to fork or clone if you want to run it. Again, proof of concept, technical showcase at your own risk. Be careful. It's fun, you know, try it, play with it, and then make it better. Awesome. Thank you both for making it better, for bringing that forward and and letting everybody play. That was super cool. That was the demo that I needed to understand what is upon us right now. So cool. I can't wait to go play with it. Thanks for setting that up. I'm I'm all ready. I'm ready to go play with that thing. All right, everybody. Thanks, R. Bye. See you. See you soon, everybody. Thanks.