Spin up a multi-tenant platform that provisions, bills, and scales OpenClaw AI agents on your own infrastructure — in minutes, not months.
opensass is a production-ready Rails 8 SaaS platform that lets you run your own hosted "AI agent" product — like a multi-tenant Claude.ai for self-hosted agents. Users sign up, pay, and get a dedicated AI agent instance auto-provisioned on a Docker container, accessible via a unique subdomain.
Open-sourced so you can:
- Launch your own AI-agent SaaS without rebuilding billing, auth, provisioning, and orchestration.
- Self-host a private multi-user AI agent platform for your team or company.
- Learn how a real Rails 8 SaaS is architected — payments, bin-packing autoscaler, SSH-based Docker orchestration, the whole thing.
No Kubernetes. No Docker Swarm. Just Rails, Postgres, Redis, Nginx, and
docker runover SSH. It scales further than you'd think.
| Most "SaaS starter kits" | opensass |
|---|---|
| Marketing page + Stripe + auth | Full multi-tenant provisioning pipeline |
| You wire up the actual product | The product (OpenClaw) is already integrated |
| Single-tenant or per-user DB row | Real per-tenant containers, isolated resources, subdomains |
| Kubernetes overhead | Direct docker run over SSH — boring, reliable, debuggable |
| One cloud only | Cloud-agnostic: AWS EC2 + Hetzner today, pluggable provider |
| Tutorials, no production deployment | Battle-tested in production |
- Multi-tenant auth — Devise + Google OAuth, auto-tenant on first login, email confirmation, rate limiting, Rack::Attack
- Payments out-of-the-box — Dodo Payments integration with webhook-driven provisioning
- Auto-scaling worker pool — Best-fit bin-packing scheduler with
FOR UPDATE SKIP LOCKED, auto-terminates idle workers after 5 min - Cloud-agnostic — AWS EC2 and Hetzner providers shipped; add any provider by implementing one interface
- Per-tenant subdomains —
*.yourdomain.comwith wildcard Let's Encrypt SSL, dynamically routed via Nginx - SSH-based Docker orchestration — No Swarm, no K8s;
docker runoverNet::SSHwith full per-container lifecycle control - Background jobs — SolidQueue (no Redis required for the queue), health checks, drain jobs, cleanup jobs
- Admin panel — ActiveAdmin for managing tenants, projects, workers, plans
- Observability — Sentry error tracking, Lograge structured logs, container health monitoring
- Production-ready — Deployed via Kamal, brakeman + rubocop + rspec in CI, security review baked in
┌──────────────────────────────────────────────────┐
│ MANAGEMENT SERVER │
│ │
│ Rails 8 + Puma PostgreSQL 16 Redis 6 │
│ SolidQueue Nginx (reverse proxy) │
│ │
│ Nginx: *.yourdomain.com → worker_ip:port │
│ (tenant-ports.conf, auto-generated) │
└──────────────────────────────────────────────────┘
│ SSH + Docker commands (Net::SSH)
▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ WORKER-1 │ │ WORKER-2 │ │ WORKER-N │
│ (4GB EC2) │ │ (4GB EC2) │ │ (Hetzner) │
│ │ │ │ │ │
│ ┌──────────┐ │ │ ┌──────────┐ │ │ ┌──────────┐ │
│ │ Tenant-A │ │ │ │ Tenant-C │ │ │ │ Tenant-E │ │
│ │:18789 │ │ │ │:18789 │ │ │ │:18789 │ │
│ ├──────────┤ │ │ ├──────────┤ │ │ └──────────┘ │
│ │ Tenant-B │ │ │ │ Tenant-D │ │ │ │
│ │:18790 │ │ │ │:18790 │ │ │ │
│ └──────────┘ │ │ └──────────┘ │ │ │
└──────────────┘ └──────────────┘ └──────────────┘
Deep-dive docs:
- Architecture plan — service objects, AASM state machines, namespacing
- Project specification — full model + service + job reference
- Scaling plan — how the bin-packer and auto-terminator work
- Challenges & solutions — every rake we stepped on so you don't have to
| Layer | Tech |
|---|---|
| Framework | Rails 8, Ruby 3.3, Hotwire (Turbo + Stimulus), Tailwind CSS 4 |
| Database | PostgreSQL 16 |
| Queue | SolidQueue (database-backed, zero infra) |
| Cache | SolidCache + Redis (for Rack::Attack) |
| Auth | Devise + OmniAuth (Google OAuth) |
| Payments | Dodo Payments |
| Admin | ActiveAdmin |
| Containers | Docker (docker run over SSH via net-ssh) |
| Cloud | AWS EC2, Hetzner (pluggable via Cloud::ProviderFactory) |
| Deploy | Kamal + Docker |
| Observability | Sentry, Lograge |
| Testing | RSpec, Capybara, Selenium, FactoryBot |
Requirements: Ruby 3.3, PostgreSQL 16, Redis 6, Docker, Node.js (for Tailwind builds).
# 1. Clone
git clone https://github.com/princetechs/opensass.git
cd opensass
# 2. Install deps
bundle install
bin/rails db:setup
# 3. Configure environment
cp .env.example .env
# Edit .env — at minimum set GOOGLE_OAUTH_CLIENT_ID/SECRET and DODO_API_KEY (sandbox is fine)
# 4. Run it
bin/devOpen http://localhost:3000, sign in with Google, and you'll be dropped into your tenant. From here:
- Create a project → pick a plan → get redirected to Dodo sandbox checkout
- On webhook receipt, a container is provisioned on a local worker (no cloud account needed for dev)
- Visit
http://<subdomain>.localhost:3000to talk to your agent
See docs/QUICKSTART.md for a guided walkthrough including how to register a cloud provider, configure DNS, and deploy to production with Kamal.
- Indie hacker shipping an AI product — fork it, rebrand, point at your domain, ship in a weekend
- Agency building AI tools for clients — give every client a dedicated agent instance under your white-label domain
- Internal AI platform — give your team a private "Claude.ai" backed by your own LLM keys and policies
- Education — read a real production multi-tenant Rails 8 codebase end-to-end
opensass is production software. The core (auth, billing, provisioning, scaling, admin) is stable. We're actively working on:
- Pluggable agent runtimes (today: OpenClaw; soon: arbitrary Docker images)
- More cloud providers (DigitalOcean, Vultr, Linode)
- Usage-based billing in addition to flat-rate plans
- A one-click
bin/opensass initto scaffold a custom-branded fork
See the full roadmap below or browse docs/tasks/ for the historical task log.
- Multi-tenant Rails 8 base + Devise + Google OAuth
- Dodo Payments webhook-driven provisioning
- Bin-packing worker scheduler with
FOR UPDATE SKIP LOCKED - AWS EC2 + Hetzner cloud providers
- Wildcard SSL + dynamic Nginx routing
- ActiveAdmin dashboard
- Telegram pairing for OpenClaw bots
- Pluggable agent runtimes (any Docker image, not just OpenClaw)
- DigitalOcean / Vultr / Linode providers
- Stripe + Lemonsqueezy in addition to Dodo
- Per-tenant usage metering + usage-based billing
- One-click
bin/opensass initrebranding scaffold - Helm chart for the few of you who really want K8s
Open an issue or discussion if you want to claim one of these or suggest something new.
We love contributors — and we mean it. Good first issues are labeled good first issue and there's always a mentor pairing offer in the issue thread.
- Read CONTRIBUTING.md for the dev setup, test commands, and PR checklist
- Read CODE_OF_CONDUCT.md — TL;DR: be kind, give context, assume good intent
- Found a security issue? See SECURITY.md — please don't open a public issue
If you're using opensass in production, please add yourself to USERS.md — it helps other people discover the project, and it makes our day.
- Discussions: GitHub Discussions — questions, ideas, show & tell
- Issues: GitHub Issues — bugs and feature requests
If opensass helps you, a GitHub star is the single best way to support the project. ⭐
MIT — do whatever you want with it. Use it for commercial projects. Fork it. Rebrand it. Resell it. If you ship something cool, we'd love to hear about it.
Built with ☕ and Rails by @princetechs. If you ship a SaaS with opensass, tell us — we'll add you to the showcase.