Case Study · Z47 · OpenClaw + Scalekit

How Z47 gave every team member their own OpenClaw agent.

Ship agents like Z47See how it works ↓
0+
agents live
0 days
to full rollout
0+
connectors active
About Z47

Z47, formerly Matrix Partners India, manages $3.5Bn across 100+ portfolio companies and 10 unicorns. They treat AI agents as production infrastructure, not pilots.

Every team member runs their own OpenClaw agent on their own data. The challenge wasn't adoption — it was the layer underneath: every agent had to act as a specific person, not a shared bot, with isolated credentials per account and every action attributable to the right human.

25 agents in productionOne per team member. Each agent runs in its own session, on that person's own accounts.
ASRKVMPN+20
OpenClaw + Scalekitagents + actions
25 agents20+ apps5 days to ship

"Scalekit gave us the connectivity layer to ship our OpenClaw agents with confidence. Every agent now acts as its own user, calls each tool with the right scope, and we can see and control exactly what each one can do."

Krish BajajSenior Analyst, Tech and AI · Z47
Krish Bajaj

One agent per person, scoped to their work, their tools, their data.

Every message stays scoped to the sender. The agent runs in their session, acts on their accounts, and every tool call is attributed to them.

01

Pull a portfolio summary

AttioAffinity

Reads each user's Attio pipeline and drafts a tailored summary from their own deals. No shared data leakage.

WhatsApp"Update on active Series B talks."
02

Catch up on email

GmailOutlook

Scans the user's Gmail or Outlook inbox and surfaces threads that need a response, ranked by urgency.

WhatsApp"What did I miss from founders this week?"
03

Pre-meeting intelligence

NotionAffinityBrave

Pulls notes from Notion, relationship history from Affinity, and live web context via Brave, all under the user's own permissions.

WhatsApp"Brief me on [founder] before my 3pm."
04

Log work and projects

HarvestGranola

Logs hours into Harvest under the right project, filed as the person who sent the message.

WhatsApp"Log today's founder calls to Harvest."

OpenClaw routes the message. Scalekit handles identity, scope, execution, and audit.

OpenClaw runs every agent inside its own per-user sandbox. Scalekit owns the identity layer, the credential vault, and every tool call leaving the agent. The sandbox never sees a real token.

Message-to-action flow

WhatsApp

chat
  • Team member sends message
1message

OpenClaw

router
  • Looks up phone number
  • Routes to user sandbox
  • Spins one up if missing
  • Passes message in
2route + isolate

Sandbox

per employee
  • Holds client ID only
  • No tokens or secrets stored
  • Calls Scalekit SDK
3call w/ client ID

Scalekit

identity + execution
  • Resolves user identity
  • Fetches scoped token
  • Executes tool call
  • Returns result to agent
  • Logs audit event
  • Enforces rate limits
4resolve + execute
Notion
Gmail
Outlook
Attio
Affinity
Brave
Granola
Harvest
+ 20 more
5connected services
0+connectors live across CRM, comms, knowledge, ops

Every agent connects to the tools that person actually uses.

Each agent authenticates with the user's own accounts via OAuth, never a shared service principal. Scalekit scopes tokens per user, per app, and refreshes them silently in the background.

CRM & Pipeline

Relationship intel

Deal history, portfolio contacts, and pipeline signals, queried as each user, with their own permissions.
Attio
Affinity
Communications

Mail & calendar

Reads, drafts, and sends from each person's own inbox. Every action fully attributable to them.
Gmail
Outlook
Knowledge

Research & notes

Deal memos from Notion, live web research via Brave, meeting summaries from Granola. All under user scope.
Notion
Brave
Granola
Operations

Time & projects

Project context and time tracking via Harvest. New connectors added on demand as the firm's stack evolves.
Harvest
+
On demand

New agents onboard in minutes. No IT ticket required.

When a new team member sends their first message, Scalekit generates per-service magic links. They tap once, complete OAuth, and the agent picks up where it left off. No admin intervention, no hardcoded tokens.

01

Message arrives

Team member sends their first message. OpenClaw spins up their sandbox and flags any tools the agent isn't authorized to use yet.

02

Magic link sent

Scalekit generates a per-user, per-service magic link. The agent delivers it back over WhatsApp.

03

OAuth completed

User taps the link and finishes OAuth in their browser. Scalekit captures the token, scoped to that account.

04

Agent proceeds

From here on, every call uses that user's credentials automatically. Zero maintenance, zero repeat steps.

Isolated by design.
Bounded blast radius.

The original deployment had a structural flaw: OpenClaw's config file held plaintext credential values any agent could read. A single compromised agent meant every other agent's keys were exposed.

Scalekit closes the gap. Each sandbox gets a unique client ID stored only in its own environment — no shared config, no cross-agent visibility. Suspend one ID, every other agent keeps running.

No shared credentials

OpenClaw's central config holds only Scalekit identifiers, never raw tokens. No agent can read another agent's credentials by design.

Per-agent client IDs

Every sandbox gets a unique Scalekit client ID. Suspension is instant and surgical: revoke one ID, every other agent keeps running.

Full audit trail

Every tool call is logged: which agent, which user, which action, which service. Total visibility into what happened, and on whose behalf.

Credential isolation
Session A
Active
a@z47.com
ref_a1x9f2...ref only
Session B
Revoked
b@z47.com
ref_b4m7r8...off
Session C
Active
c@z47.com
ref_c8n2p5...ref only
Revoke one. Others run.
0 of 25 active
Safe

The blueprint for any multi-user agent system.

Every team member gets their own agent, their own credentials, their own audit trail, without rebuilding the layer underneath. The agent framework runs the agent. Scalekit handles identity, scope, execution, and audit for every tool call leaving it.

01

Agent execution framework

Per-user session isolation across one shared runtime. OpenClaw delivers this out of the box: one process, N isolated agents, no cross-agent state.

Runtime
02

Credential isolation + tool execution

Scalekit decouples secret storage from the agent runtime entirely. Sandboxes hold client IDs, not tokens. Scalekit resolves identity, fetches scoped tokens, and executes the tool call.

Identity + Execution
03

Per-user connected accounts

OAuth managed per user, per app. Every action taken as the person who triggered it. Never a shared bot with org-wide access.

Accounts
Without this pattern
Shared credentials accessible to every agent
One compromised agent = full org exposure
No way to suspend one agent without taking everything down
No audit trail of who did what
Manual onboarding for every new team member
VS
With OpenClaw + Scalekit
Zero plaintext secrets anywhere in config
Blast radius contained to one client ID
One-click suspension, zero collateral
Full per-action audit trail, per user
Self-serve magic-link onboarding over WhatsApp

Building multi-user agents of your own?

Identity, scope, execution, audit. Handled across 20+ services. Ship production agents that act on behalf of every user, without rebuilding the layer underneath.

Get started freeSee the docs →
The auth stack for agents.
hi@scalekit.com
Scalekit Inc
2261 Market Street, STE 86971
San Francisco, CA 94114
Join our community
AgentKit
QuickstartConnectorsAGENTKIT SDKCODE SAMPLESAgentKit Pricing
Auth for SaaS  
org and UserSSOSCIMMCP AUth
RBACPasswordlessAUTH FOR SAAS PRICING
Developers
DocsAPI ReferenceSDKsGitHubBlog
COMPLIANCE
Follow us on
All systems operational
© 2026 SCALEKIT, INC.

We use cookies, so things load fast, we learn what to fix, and you can always reach us on chat

Okay, got it!