Runtimes
A runtime is the thing that actually runs an agent. cloudscode is generic by design: the control plane provisions tenants, manages billing, and routes messages, but it does not pick your agent loop for you.
Built-in runtimes
Section titled “Built-in runtimes”| Name | Image | Notes |
|---|---|---|
openclaw | cloudscode/openclaw:latest | Default community runtime; Claude / OpenAI / Gemini compatible. |
bash-only | cloudscode/bash:latest | Minimal shell + git + curl; useful for tests. |
custom | your image | Any container that speaks the runtime protocol. |
Bring your own runtime
Section titled “Bring your own runtime”A runtime image must:
- Boot to a TCP listener on
RUNTIME_PORT(default7000). - Accept JSON messages on
POST /runmatching the runtime protocol. - Stream events back over WebSocket on
/events. - Honour
SIGTERMfor graceful shutdown.
Register your image with a tenant:
curl -X POST http://localhost:8787/instances \ -H "x-tenant-id: <tenant_id>" \ -H 'content-type: application/json' \ -d '{"runtime":"custom","image":"ghcr.io/acme/my-agent:1.4"}'Isolation model
Section titled “Isolation model”Each runtime instance runs in its own container with:
- A dedicated working directory mounted at
/workspace. - Per-tenant network policy (egress allow-list optional).
- CPU and memory limits derived from the tenant’s plan.
- Read-only access to the tenant’s BYOK keystore.
See Tenants for the surrounding isolation guarantees.