Case Study · Z47 · OpenClaw + Scalekit

How Z47 shipped secure OpenClaw agents firm-wide.

Ship agents like Z47See how it works ↓
0+
agents live
0 days
to full rollout
0+
connectors active
About Z47

Z47 — formerly Matrix Partners India — manages $3.5Bn across 100+ portfolio companies and 10 unicorns. They treat AI agents as production infrastructure, not pilots.

Every team member runs their own OpenClaw agent on their own data. Adoption was easy. Running it safely at org scale, with real credentials in play, was the unsolved problem.

25 agents in productionOne per team member. Each agent runs in its own session, on that person's own accounts.
ASRKVMPN+20
OpenClaw + Scalekitagents + actions
25 agents20+ apps5 days to ship

"We paused rollout because we weren't confident in the security model. Scalekit gave us the identity layer to ship with confidence. Every agent now acts as its own user, and we can see and control exactly what each one can do."

Krish BajajSenior Analyst, Tech and AI · Z47
Krish Bajaj

One agent per person — scoped to their work, their tools, their data.

Every message stays scoped to the sender. The agent runs in their session, acts on their accounts, and every tool call is attributed to them.

01

Pull a portfolio summary

AttioAffinity

Reads each user's Attio pipeline and drafts a tailored summary from their own deals — no shared data leakage.

WhatsApp"Update on active Series B talks."
02

Catch up on email

GmailOutlook

Scans the user's Gmail or Outlook inbox and surfaces threads that need a response, ranked by urgency.

WhatsApp"What did I miss from founders this week?"
03

Pre-meeting intelligence

NotionAffinityBrave

Pulls notes from Notion, relationship history from Affinity, and live web context via Brave — all under the user's own permissions.

WhatsApp"Brief me on [founder] before my 3pm."
04

Run prospecting and outreach flows

PhantombusterGranola

Triggers Phantombuster flows for sourcing and outreach, attributed to the person who sent the message.

WhatsApp"Run sourcing flow for this week's deal targets."

OpenClaw routes the message. Scalekit executes the call.

OpenClaw runs every agent inside its own per-user sandbox. Scalekit owns the identity layer, the credential vault, and every tool call leaving the agent. The sandbox never sees a real token.

Message-to-action flow

WhatsApp

team chat
  • Team member sends message
1message

OpenClaw

router
  • Looks up phone number
  • Routes to user sandbox
  • Spins one up if missing
  • Passes message in
2route + isolate

Sandbox

per employee
  • Holds client ID only
  • No tokens or secrets stored
  • Calls Scalekit SDK
3call w/ client ID

Scalekit

identity + execution
  • Resolves user identity
  • Fetches scoped token
  • Executes tool call
  • Returns result to agent
  • Logs audit event
  • Enforces rate limits
4resolve + execute
Notion
Gmail
Outlook
Attio
Affinity
Brave
Granola
Phantombuster
+ 20 more
5connected services
0+connectors live across CRM, comms, knowledge, ops

Every agent connects to the tools that person actually uses.

Each agent authenticates with the user's own accounts via OAuth — never a shared service principal. Scalekit scopes tokens per user, per app, and refreshes them silently in the background.

CRM & Pipeline

Relationship intel

Deal history, portfolio contacts, and pipeline signals — queried as each user, with their own permissions.
Attio
Affinity
Communications

Mail & calendar

Reads, drafts, and sends from each person's own inbox. Every action fully attributable to them.
Gmail
Outlook
Knowledge

Research & notes

Deal memos from Notion, live web research via Brave, meeting summaries from Granola — all under user scope.
Notion
Brave
Granola
Operations

Trackers & ops

Deal pipeline trackers, portfolio dashboards, and LP reports — read and updated in Google Sheets, scoped to each user.
Sheets
+
On demand

New agents onboard in minutes — no IT ticket required.

When a new team member sends their first message, Scalekit generates per-service magic links. They tap once, complete OAuth, and the agent picks up where it left off — no admin intervention, no hardcoded tokens.

01

Message arrives

Team member sends their first message. OpenClaw spins up their sandbox and flags any tools the agent isn't authorized to use yet.

02

Magic link sent

Scalekit generates a per-user, per-service magic link. The agent delivers it back over WhatsApp.

03

OAuth completed

User taps the link and finishes OAuth in their browser. Scalekit captures the token, scoped to that account.

04

Agent proceeds

From here on, every call uses that user's credentials automatically. Zero maintenance, zero repeat steps.

Isolated by design.
Bounded blast radius.

The original deployment had a structural flaw: OpenClaw's config file held plaintext credentials any agent could read. A single compromised agent meant every other agent's keys were exposed.

Scalekit closes the gap. Each sandbox holds only a unique client ID — never a real token. Suspend one ID, every other agent keeps running.

No shared credentials

OpenClaw's central config holds only Scalekit identifiers — never raw tokens. No agent can read another agent's credentials by design.

Per-agent client IDs

Every sandbox gets a unique Scalekit client ID. Suspension is instant and surgical: revoke one ID, every other agent keeps running.

Full audit trail

Every tool call is logged: which agent, which user, which action, which service. Total visibility into what happened — and on whose behalf.

Credential isolation
Session A
Active
a@z47.com
ref_a1x9f2...ref only
Session B
Revoked
b@z47.com
ref_b4m7r8...off
Session C
Active
c@z47.com
ref_c8n2p5...ref only
Revoke one. Others run.
0 of 25 active
Safe

The blueprint for any multi-user agent system.

Every team member gets their own agent, their own credentials, and their own audit trail — without building identity infrastructure from scratch. The agent framework handles execution. Scalekit handles everything else.

01

Agent execution framework

Per-user session isolation across one shared runtime. OpenClaw delivers this out of the box: one process, N isolated agents, no cross-agent state.

Runtime
02

Credential isolation + tool execution

Scalekit decouples secret storage from the agent runtime entirely. Sandboxes hold client IDs, not tokens — Scalekit resolves identity, fetches scoped tokens, and executes the tool call.

Identity + Execution
03

Per-user connected accounts

OAuth managed per user, per app. Every action taken as the person who triggered it — never a shared bot with org-wide access.

Accounts
Without this pattern
Shared credentials accessible to every agent
One compromised agent = full org exposure
No way to suspend one agent without taking everything down
No audit trail of who did what
Manual onboarding for every new team member
VS
With OpenClaw + Scalekit
Zero plaintext secrets anywhere in config
Blast radius contained to one client ID
One-click suspension, zero collateral
Full per-action audit trail, per user
Self-serve magic-link onboarding over WhatsApp

Building multi-user agents of your own?

Resolve identity, scope permissions, execute tool calls — across 20+ services. Ship production agents without building the layer yourself.

Get started freeSee the docs →
The auth stack for agents.
hi@scalekit.com
Scalekit Inc
2261 Market Street, STE 86971
San Francisco, CA 94114
Join our community
AgentKit
QuickstartConnectorsAGENTKIT SDKCODE SAMPLESAgentKit Pricing
Auth for SaaS  
org and UserSSOSCIMMCP AUth
RBACPasswordlessAUTH FOR SAAS PRICING
Developers
DocsAPI ReferenceSDKsGitHubBlog
Company
LegalTrust centerCustomers
COMPLIANCE
Follow us on
All systems operational
© 2026 SCALEKIT, INC.

We use cookies, so things load fast, we learn what to fix, and you can always reach us on chat

Okay, got it!