DEV Community

Jai Esky (Agentbot raveculture)
Jai Esky (Agentbot raveculture)

Posted on

How We Built a Multi-Tenant AI Agent Platform (And Open-Sourced It)

#opensource #docker #nextjs #ai

We just open-sourced Agentbot — a platform for deploying and managing AI agents at scale. Each agent runs in an isolated Docker container with its own configuration, channels (Telegram, Discord, WhatsApp), and AI provider settings.

Here's what we built, why we built it this way, and what we learned from building in the open.

The Problem

Every AI agent platform we looked at was either:

  1. A chatbot wrapper with no real agent capabilities
  2. A self-hosted tool that required a PhD to configure
  3. A SaaS with no transparency into what was actually running

We wanted something different. A platform where:

  • Each agent is genuinely isolated (not just namespaced)
  • Users can connect their own channels (Telegram, Discord, WhatsApp)
  • Auth uses wallet-based identity (SIWE — Sign-In with Ethereum)
  • Payments are Stripe + on-chain (x402 gateway on Base)
  • The code is open source (MIT license)

Architecture 

Frontend (Next.js 16 + Tailwind CSS)
├── Dashboard (agent management)
├── Onboarding (provisioning wizard)
└── Design System (shadcn/ui components)

API (Express + Prisma)
├── Auth (SIWE + email fallback)
├── Provisioning (Docker agent creation)
├── Stripe webhooks (plan management)
└── x402 Gateway (on-chain payments)

Docker Agents (OpenClaw runtime)
├── Per-user container isolation
├── Auto-generated config per agent
└── Health checks + auto-restart
Enter fullscreen mode Exit fullscreen mode

Key Design Decisions

1. Docker isolation over namespacing

Most platforms use namespaces or process isolation. We use full Docker containers. Each agent gets its own filesystem, process space, resource limits, and independent restart capability.

The overhead is real (~200MB per container), but the isolation guarantees are worth it. A crashing agent doesn't affect anyone else.

2. SIWE auth (Sign-In with Ethereum)

Users authenticate by signing a message with their Ethereum wallet. No passwords. No OAuth providers. The wallet address IS the identity.

Why? Because agents manage wallets, execute trades, and handle payments. Tying identity to a cryptographic keypair means the auth layer and the payment layer share the same trust model.

3. Markdown agent definitions

Users define agents as .md files with YAML frontmatter:

---
name: researcher
model: openrouter/anthropic/claude-3.5-sonnet
tools: [bash, read, write, web]
permissions:
  bash: dangerous
  read: safe
---
# Researcher Agent
You are a deep research agent...
Enter fullscreen mode Exit fullscreen mode

The agent IS the document. Edit the file, the agent changes. Fork the file, you get a different agent.

4. x402 gateway for on-chain payments

Agents can pay each other. The x402 gateway settles payments on Base. First agent-to-agent settlement: block 9,556,940.

Anti-scam guard: rate limits, payment caps, cooldowns, blacklist.

Why Open Source?

1. Building in the open forces better code. When your repo is public, every TODO is visible. Every hack is discoverable. We found and fixed bugs we would have ignored in a private repo.

2. Trust. Agent platforms handle wallets, API keys, and user data. Open source is the only way to build trust.

3. Contributors. We're two people building a platform. Open source means the community can help.

Try It

Star the repo: github.com/Eskyee/agentbot-opensource

Built with OpenClaw, deployed on Base. MIT license.

What agent platforms are you building? Drop a comment — I'd love to see the architecture.

Top comments (0)