OpenClaw installed, protected, and monitored in one command.

Install Docker — OrbStack (recommended, free) or Docker Desktop on macOS, Docker Desktop with WSL2 on Windows, or Docker Engine on Linux. Then from your Zedly Setup dashboard, copy and run the one-command bootstrap shown for your OS (curl … | bash on macOS/Linux, irm … | iex in PowerShell on Windows). That single command pulls the latest Zedly OpenClaw image, creates the container, injects the session's SSH key, and opens a secure outbound tunnel back to Zedly — if the container already exists it just reconnects. Once connected, open the localhost:<port> link shown in the dashboard for the OpenClaw gateway UI (each instance gets its own host port so you can run multiple OpenClaws side-by-side). The Zedly setup agent then configures LLM providers, installs plugins, and verifies your first agent through the Setup chat. No SSH server on your host, nothing permanent installed, and docker stop ends the session at any time.

Yes. The Zedly OpenClaw container runs entirely on your hardware — no files are copied off your machine. The image is pinned and signed, pulled from GitHub Container Registry. The tunnel is outbound-only from inside the container to Zedly, so you never open an inbound port on your host. Every session uses a unique ed25519 SSH key that the bootstrap script injects into the container and that auto-revokes on the server when the session ends. The bootstrap token in the URL is one-time and session-scoped. The gateway UI binds only to localhost on your machine — each instance gets its own local port (never exposed to the internet). Every command the setup agent runs is logged to a per-session audit trail you can export. docker stop or docker rm cleanly disconnects and removes the container. See “What can Zedly see on my Mac / PC through the tunnel?” below for the exact list of host folders the container can read.

The tunnel connects Zedly to the Docker container, not to your host OS directly. The container is a sandboxed Linux environment that only sees three host folders that the bootstrap script explicitly bind-mounts into it:

• ~/.codex/ — your Codex OAuth token, so your ChatGPT Plus/Pro login persists across container rebuilds.
• ~/.config/codex/ — the newer XDG config path some Codex CLI versions use.
• ~/.zedly/containers/<instance>/.openclaw/ — your OpenClaw config, agent memory, Shield settings, workflow state, and credentials.

Everything else on your Mac or PC — /Users/, /Applications/, system files, other Docker containers, files in any directory outside those three paths — is invisible to the container and therefore invisible to Zedly. If you want to give an OpenClaw agent access to another host folder (e.g. a project directory for code tasks, or an Outlook attachment drop folder), add a -v /path/on/host:/root/path-in-container bind-mount when you re-run the bootstrap command.

Anywhere Docker runs. macOS (Intel and Apple Silicon) via OrbStack (recommended, free) or Docker Desktop, Windows 10/11 via Docker Desktop with the WSL2 backend (the PowerShell bootstrap is native — no WSL shell required), and Linux via Docker Engine (Ubuntu, Debian, Fedora, and other major distributions). You do not need OpenSSH, Node, or any other tooling on your host — everything OpenClaw needs is inside the container.

A typical first-time session takes 15 to 30 minutes once the container is running. The first run includes pulling the container image (roughly 1–2 GB), which can add a few minutes on slower connections. The session itself covers LLM provider configuration, model routing, plugin install, gateway verification, and a test agent run. Complex setups with custom skills can take longer.

No. OpenClaw is already installed inside the Zedly container image along with Shield and the tunnel client. The only prerequisite is Docker — OrbStack or Docker Desktop on macOS, Docker Desktop with WSL2 on Windows, or Docker Engine on Linux. The one-command bootstrap from your Setup dashboard pulls the image, creates the container, and connects. Spin up additional isolated instances later from the same dashboard without touching your host OS.

Rerun the one-command bootstrap from your Setup dashboard. It's the safest upgrade path — the one we test against each release, and the one that automatically preserves your bind-mounted ~/.openclaw config, API keys, Shield settings, and tunnel state.

Mechanically, the script does a docker pull plus recreate against your existing bind mounts (~/.zedly/containers/<instance>/.openclaw and ~/.codex), so native dependencies rebuild cleanly against the new image's Node toolchain.

Comfortable with Docker? Any docker pull + recreate that keeps your existing bind mounts intact will land you in the same place; the bootstrap just does that and also refreshes tunnel SSH keys, checks for config drift, and prints a clear success/failure line.

What to avoid, either way: running openclaw-level self-update flows or npm upgrade inside a running container. Native add-ons (e.g. node-llama-cpp) are compiled against that container's Node toolchain, and an in-place upgrade can leave you with a binary that fails at runtime without an obvious error — it's also a documented drift source from pre-2026.4.15 installs.

Want to try a new release safely? Spin up a second instance from the dashboard — same bootstrap, different name — upgrade one while the other stays pinned.

Cancel anytime. Your OpenClaw install is self-hosted — the Docker container, your config.json, any one-time workflow packs you've purchased, and locally-cached Shield policies stay on your machine and keep working.

When your billing period ends you'll keep the agent and lose the Zedly-hosted platform features: Shield cloud dashboard and fleet view, cross-instance policy sync, cloud config backups, the monthly setup-agent token allowance, workflow marketplace updates, and your support-tier SLA.

Resubscribe anytime — your existing config.json auto-reconnects to the cloud dashboard on the next handshake. Enterprise cancellation terms follow your contract. See Terms §6 for the full policy.

No. Solo runs a 14-day free trial with no credit card required. Sign up with your email, install OpenClaw in Docker, and use the dashboard, Shield, and one included workflow for the full trial.

We'll email you a couple days before the trial ends so you can upgrade without a gap. If you don't upgrade, your self-hosted OpenClaw keeps running on your machine (see Terms §6), but cloud features (marketplace, policy sync, backups, token allowance) pause until you resubscribe.

This is a launch-period policy — if we re-enable a card-on-file trial later, the CTA on this page updates automatically.

No. Each plan includes a monthly token allowance that covers the Zedly setup agent's LLM usage — Solo gets 2M tokens/mo, Consultant gets 10M, and Enterprise gets 100M. Allowances reset on your billing date and unused tokens do not roll over. If you hit the cap mid-month, either upgrade your plan (prorated at the next billing cycle) or contact sales to raise the Enterprise cap. Need help with a specific install? Buy a $99 Engineer Session (up to 45 minutes) — one-off credits that must be scheduled within 12 months of purchase.

A Zedly Setup subscription is the ongoing plan. Solo ($19/mo) covers up to 2 instances with Shield, the cloud dashboard, one standard workflow, and email support (48h). Consultant ($99/mo) adds multi-client fleet management, up to 15 instances, three workflows, and priority email and chat (24h). Enterprise ($999/mo) includes up to 250 instances, all marketplace workflows, SSO, audit-log export, and a dedicated support engineer with a 4h SLA. Need more than 250 instances? Contact sales to raise the cap. Need help one-off? Buy a $99 Engineer Session (up to 45 minutes) for stuck installs, migrations, or anything the dashboard agent can't handle alone.