Public WSS Hosting

Rapid onboarding path for OSS launch with BYO OpenClaw over secure WSS.

Prerequisites

A stable app domain for production and a staging domain for validation.
Authentication provider configured for the exact domain and callback URL.
Workspace onboarding flow tested end to end.
OpenClaw gateway URL/token/scopes decided for each workspace type.

Detailed setup steps

Create a fresh workspace and complete the onboarding wizard as owner.
Open Settings -> OpenClaw, set gateway URL, auth token, and scopes.
Create one agent from recipe and one manually to test both paths.
Create a task, move it across stages, and validate activity emission at each transition.
Invite one member and one viewer, then validate permissions and UI restrictions.
Re-login on a second browser profile to verify session continuity and workspace persistence.

Acceptance checks

- Login redirect returns to app root
- Workspace switcher state persists after refresh
- Agent panel shows expected status updates
- Live feed receives task/document events
- Unauthorized actions are blocked by role

Operational verification checklist

OAuth callback is deterministic (no unexpected provider-host landing page).
Onboarding lock only applies where intended and does not block public pages.
OpenClaw settings are saved per workspace and survive restarts.
Agent setup workflow generates expected heartbeat and protocol artifacts.
API key and role-based controls are enforced server-side.

Go-live notes

Ship Public WSS onboarding and core workflow first.
Keep OpenClaw origin allowlist aligned with your app domains before opening signups.
Verify reconnect and scope checks for each workspace before launch.
Publish support boundaries clearly: response windows, channels, and paid escalation options.

Recommended launch policy

Start with a small private cohort, monitor for 72 hours, then open public signups.