I've been running OpenClaw since it went viral. It worked surprisingly well for
personal use, but I kept hitting the same walls every time I tried to do anything
beyond the basic setup.
The memory system is a folder of markdown files. Fine for one user, but it breaks
badly with concurrent sessions — and the docs literally document it as expected
behavior. The "scheduler" is a daemon that wakes up every 30 minutes to read a
HEARTBEAT.md checklist. The MCP integration felt bolted on. And after the CVE
batch, I started looking more carefully at the auth story — disabled by default,
which is how 40K+ instances ended up on Censys.
I didn't want to patch it. The issues are architectural, not bugs. So a few weeks
ago I started a rewrite in Go to see if I could fix the fundamentals:
- Memory: Neo4j graph database (typed relationships, proper queries). File-based
fallback for people who don't want to run Neo4j.
- Multi-user: Each user on each channel is a first-class entity with isolated
history, permissions, and a pairing flow.
- Scheduler: Real task runner with cron expressions and ISO 8601 datetimes.
- MCP: Streamable HTTP, full OAuth 2.1 flow, per-user permission matrix.
- Security: Auth on by default, encrypted secrets backend (OpenBao or file),
no plain-text API keys.
- Performance: 200ms cold start, 30MB RAM with everything loaded.
Runs fine on a Raspberry Pi 3.
It worked better than I expected, so I cleaned it up and published it.
It's still Beta and rough around some edges. GPL-3.0.
I've been running OpenClaw since it went viral. It worked surprisingly well for personal use, but I kept hitting the same walls every time I tried to do anything beyond the basic setup.
The memory system is a folder of markdown files. Fine for one user, but it breaks badly with concurrent sessions — and the docs literally document it as expected behavior. The "scheduler" is a daemon that wakes up every 30 minutes to read a HEARTBEAT.md checklist. The MCP integration felt bolted on. And after the CVE batch, I started looking more carefully at the auth story — disabled by default, which is how 40K+ instances ended up on Censys.
I didn't want to patch it. The issues are architectural, not bugs. So a few weeks ago I started a rewrite in Go to see if I could fix the fundamentals:
- Memory: Neo4j graph database (typed relationships, proper queries). File-based fallback for people who don't want to run Neo4j. - Multi-user: Each user on each channel is a first-class entity with isolated history, permissions, and a pairing flow. - Scheduler: Real task runner with cron expressions and ISO 8601 datetimes. - MCP: Streamable HTTP, full OAuth 2.1 flow, per-user permission matrix. - Security: Auth on by default, encrypted secrets backend (OpenBao or file), no plain-text API keys. - Performance: 200ms cold start, 30MB RAM with everything loaded. Runs fine on a Raspberry Pi 3.
It worked better than I expected, so I cleaned it up and published it.
It's still Beta and rough around some edges. GPL-3.0.
github.com/Neirth/OpenLobster Docs: neirth.gitbook.io/openlobster
Happy to answer questions about the architecture or any of the decisions.
Very nice!