Inference-first GTM · July 2026
The Foundational Platform for Auditable Production AI
ClawQL provides the Agentic Gateway as the Foundational Platform for Auditable Production AI — land with an OpenAI-compatible inference control plane and native /mcp access, then expand into memory, model provenance, Dedicated Virtual Gateway audit-trail enforcement, and a Zero-Trust Agentic Fabric of Regional Hubs, private Virtual Gateways, and Edge Gateways on every laptop.
This playbook defines ClawQL’s default go-to-market motion: the Agentic Gateway as the Foundational Platform for Auditable Production AI. Developers land with OpenAI-compatible inference and a locally hosted MCP server, then expand product-led into memory, model provenance, documents, payments, and the Zero-Trust Agentic Fabric — Regional Hubs, Dedicated Virtual Gateways (Audit-Trail Enforcement Points with NATS JetStream + Valkey), and Edge Gateways on every laptop. For the secondary enterprise / Palantir-facing motion, see the Enterprise GTM playbook.
Primary positioning
Agentic Gateway
Foundational Platform for Auditable Production AI
Entry binary
One gateway, two protocols
/v1 chat completions and /mcp from one process
Core GTM motion
Adoption-led expansion
Inference or MCP → optimization → provenance → Dedicated VG → Edge swarm → IDP
Business outcome
Auditable Production AI
Three-layer fabric: usage, intent, and execution audits — plus model provenance
Executive summary: the strategic reframe
ClawQL’s GTM motion has evolved from a broad platform pitch to a focused, adoption-led strategy. The Agentic Gateway is the Foundational Platform for Auditable Production AI — realized as a Zero-Trust Agentic Fabric: Regional Hubs for multi-tenant routing and billing, Dedicated Virtual Gateways for isolated policy and event-driven swarm coordination, and Edge Gateways on every engineer laptop for local execution in the mesh.
ClawQL provides the Agentic Gateway as the Foundational Platform for Auditable Production AI.
Developers land with an OpenAI-compatible inference control plane and native /mcp access, then expand product-led into persistent memory, the fine-tuning Flywheel, Dedicated Virtual Gateway governance (NATS JetStream + Valkey), and a fleet of Edge Gateways that turn the company into a distributed agentic swarm. This three-minute install is the beginning of an expansion path that evolves a developer’s workflow into a fully compliant, production-grade agentic fabric.
The Agentic Gateway is not merely a proxy; it is the infrastructure core that solves the “Agent Sprawl” problem. It integrates HTTP/REST inference routing and MCP tool-calling into one binary, creating a single surface for policy enforcement, audit logging, and state management — then scales into Regional Hubs, Dedicated Virtual Gateways, and Edge nodes without changing the developer’s entry point.
The architecture question that defines our market leadership
How many inference gateways provide the foundational platform requirements for Auditable Production AI?
- Architectural governance: Dedicated Virtual Gateways as Audit-Trail Enforcement Points — isolated policy, WORM-auditable trails, and NATS JetStream + Valkey for event-driven swarm workflows — federated across regions when customers choose, never as a single global master.
- Stateful intelligence: Built-in persistent, cross-session memory that survives restarts.
- Integrated pipeline: An IDP document processing pipeline that feeds the same semantic search layer as the inference gateway.
- Model provenance: A fine-tuning Flywheel that turns production traffic into proprietary models, backed by verifiable supply-chain integrity.
- Agentic economics: Native payment rails (Stripe + x402 + MPP) to monetize tools and agents directly at the gateway layer.
The answer is zero. The Agentic Gateway is the entry point. The Foundational Platform is what makes it the standard for production-grade, auditable AI.
The two entry points
Entry point 1: Inference gateway (OpenAI drop-in)
For any developer currently using OpenAI, Anthropic, Groq, Together, or Ollama:
npx clawql-inference
export OPENAI_BASE_URL=http://localhost:8080/v1
# Existing code runs unchanged. Nothing else required.This developer is immediately inside ClawQL’s ecosystem. Their inference calls hit the WORM call store. The 12-layer efficiency stack begins working. The PAL routing ladder starts building data on which tier each task type needs. The Intelligence Flywheel begins accumulating training signal.
They haven’t changed a line of application code. They haven’t evaluated a pitch deck. They just made their existing setup better.
Entry point 2: MCP server (IDE-native)
For any developer using Cursor, Claude Code, or Codex who wants to connect to local or private APIs without routing inference through ClawQL at all:
clawql inference serve --port 8080
# In Cursor MCP settings:
# URL: http://localhost:8080/mcp
# That's it.The Agentic Gateway exposes /mcp alongside /v1/chat/completions. The IDE connects via MCP protocol. The developer immediately gets:
- ClawQL’s full tool catalog (search + execute across any configured API)
- Vault memory (
memory_ingest+memory_recallacross sessions) - Document pipeline tools if IDP is enabled
- WORM audit trail on every tool invocation
- Seatbelt containment via
clawql sandbox init
This is the original MCP-first deployment plan, now unified in the Agentic Gateway. The same binary handles both. The Edge Agentic Gateway on a laptop is the locally hosted MCP server. They are not two separate products — they are two protocols exposed by one Foundational Platform.
A developer who starts with the MCP entry point and never routes inference through ClawQL is still building habits, muscle memory, and dependency on ClawQL’s tool catalog and memory vault. When they want to add inference routing, token efficiency, or the fine-tuning flywheel, they’re already inside the ecosystem.
The expansion ladder toward Auditable Production AI
Every ClawQL user starts on one of the two entry points. The expansion path is product-led — each stage is an evolution toward Auditable Production AI. No sales motion required until the Virtual Gateway conversation (the Audit-Trail Enforcement Point).
Week 1: Production visibility
Inference entry: Developer runs clawql inference spend --group-by team. For the first time they can see which calls are expensive, which models are being used, and what the cost attribution looks like per team — the first artifact of an auditable production trail. This report is often surprising — and hard to generate from OpenRouter or LiteLLM without significant custom instrumentation.
MCP entry: Developer runs memory_recall for the first time and retrieves context from a session three weeks ago. The agent remembers what decisions were made, what was tried, what failed. Stateful intelligence replaces the “what were we doing?” tax that breaks production continuity.
In both cases, the value is immediate and concrete. No onboarding. No training. No integration work beyond the initial setup.
Week 2: Infrastructure optimization — semantic cache
Enable semantic cache (CLAWQL_INFERENCE_SEMANTIC_CACHE=1). Cache hits start appearing in the call store. Cost drops measurably on repeated similar requests. The call store now shows cache_hit: true on a growing fraction of calls — infrastructure optimization for auditable production, not a theoretical efficiency claim.
This is the first moment where ClawQL demonstrably costs less than the alternative as a visible line item in the spend report, with every hit recorded in the same WORM-backed trail.
Week 3: Infrastructure optimization — PAL routing
Enable routing (CLAWQL_INFERENCE_ROUTING_ENABLED=1). Decomposed sub-tasks start routing to Frugal tier (local Ollama or Phi-4). Top-level orchestration stays on Standard. Frontier only fires on genuine escalation.
The bill drops again. The call store shows tier distribution: what fraction of calls resolved at Frugal, Standard, or Frontier. Routing decisions become part of the auditable production record — not opaque spend.
Month 2: Model provenance — the Flywheel
The call store has accumulated 500–2,000 verified training examples. The developer runs:
clawql inference export \
--verdict passed \
--format openai-jsonl \
--output ./training-data/$(date +%Y-%m).jsonlPresidio scrubs PII automatically. The WORM manifest records exactly what entered the training dataset. The developer submits the fine-tuning job:
clawql inference finetune \
--dataset ./training-data/2026-07.jsonl \
--base-model gpt-4o-mini \
--provider openaiThe fine-tuned model registers back to tier-map.json as a custom Frugal tier. PAL routing uses it automatically for matching task types. This is model provenance for auditable production — not only efficiency. The Frugal tier is more accurate than the generic model it replaced because it was trained on this developer’s actual production traces, with WORM-recorded lineage of what entered the training set.
This is the moment that creates lock-in — not contractual lock-in, value lock-in. The custom Frugal model lives in ClawQL’s tier-map with verifiable provenance. Moving to a different inference gateway means giving up that model asset and starting training-data accumulation from scratch.
Month 3: Stateful intelligence — memory across sessions
The developer enables persistent memory across their team. memory_ingest starts capturing architectural decisions, debugging context, and runbook notes. memory_recall retrieves them in new sessions without anyone having to paste context — stateful intelligence required for production agents that must remain continuous and reviewable.
This is available on the Developer tier ($29/mo) but it changes how the team works. Context that was previously lost between sessions now persists. Agents stop asking “what were we doing?” and start asking “what happened since last time?”
Month 4–6: Audit-trail enforcement — Dedicated Virtual Gateway
The team grows. Different projects need different policies. The developer wants per-project audit trails, per-team budget caps, and isolation between workloads. This is the Dedicated Virtual Gateway conversation — the Audit-Trail Enforcement Point that CISOs and compliance teams require to authorize production AI.
Per-team virtual keys with USD budget caps are already available (clawql inference keys create --team engineering --budget 500). Customers start on ClawQL’s multi-tenant Regional Hubs for routing and billing, then upgrade to a Dedicated Virtual Gateway — deployed into the same region or their own cloud — that keeps policy, WORM sinks, and observability isolated while still consuming Regional Hub routing and billing.
This is when the first real sales conversation happens — not to sell ClawQL (the developer is already sold) but to scope deployment model, SLA, and Dedicated Virtual Gateway placement (ClawQL region vs customer VPC).
Month 6+: Integrated pipeline — IDP and documents
The developer is processing documents — contracts, invoices, reports — and wants agents to read, classify, extract, and query them through the same MCP interface they’re already using.
# Same endpoint, new tools
clawql sources add https://your-nextcloud-instance/api
# run_idp_pipeline, classify_document, extract_document
# now available in the same MCP serverThe IDP doesn’t require a new deployment. It activates behind the same endpoint via the plugin bundle model. The developer upgrades to Starter ($299/mo) and document processing appears in their existing Cursor / Claude Code MCP session.
This is the IDP sale completing itself. The developer didn’t evaluate an IDP platform. They evaluated an inference gateway, expanded to memory, and eventually discovered documents could flow through the same system they were already using. The IDP is an upsell from trust, not a standalone evaluation.
Hardened Security Dossier — technical verification by expansion stage
Enterprise buyers and CISOs do not buy abstract security claims. They buy architectures they can verify. The PragmaticVectors library — especially the Hardened Agentic Stack series — is the proof-of-competence dossier for every stage of the expansion ladder. When a buyer asks “how do you secure this?”, the answer is a published engineering standard, not a marketing slide.
| Expansion stage | Business outcome | Technical verification (whitepaper) |
|---|---|---|
| Inference Gateway | Infrastructure optimization | The Twelve Layers of LLM Cost |
| Memory / IDP | Stateful intelligence | Local Data Residency: Securing Obsidian and JSONL |
| Dedicated Virtual Gateway | Audit-trail enforcement | The Observability Loop: Correlating Intent to Action |
| Edge Agentic Swarm | Sovereign execution | The Kernel Said No: Containment on macOS |
| Governance / CISO | Auditable Production AI | The Mini Shai-Hulud Worm: Layered Defense |
Sales quick reference
Map the objection to the essay — educate first, then show that ClawQL implements the same architecture.
- Supply chain: Supply Chain Trust: Signing Images and Artifacts · Mini Shai-Hulud
- LiteLLM migration: Replacing LiteLLM After the March 2026 Supply Chain Compromise
- Runtime isolation (Kata / sandbox): Building the Sandbox: Isolated Tool Execution · Process Containment (Tetragon / eBPF)
- Regional Hub → Dedicated VG onboarding: Zero-Trust Ingest · Anomalous Tool Use Detection
This is education-led sales. A buyer who adopts ClawQL because they read The Kernel Said No and Process Containment is buying an architectural philosophy — not just a SKU. The moat is intellectual as much as it is technical.
Zero-Trust Agentic Fabric — the enterprise architecture
ClawQL’s Foundational Platform is not a single global proxy. It is a Zero-Trust Agentic Fabric — the distributed agentic operating system for Auditable Production AI: multi-tenant Regional Hubs (billing/routing), customer-owned Dedicated Virtual Gateways (governance + NATS nervous system), and Edge Gateways on every laptop (execution). Full technical specification: docs.clawql.com/architecture/agentic-fabric.
Global master gateways are an anti-pattern: SPOF, compliance bottleneck, identical policy overhead for every team, concentrated supply-chain target. Prefer federated Virtual Gateways that share EnterpriseGovernance truth but enforce and audit locally. Regional Hub ≠ policy brain.
Layer 1 — Regional Hub (SaaS / shared)
ClawQL-operated, multi-tenant by default. Customers connect to one or multiple hubs. This is the “cloud pipe” — transactional plumbing so teams start today without a VPC.
- Does: model routing, billing metering, usage attribution, provider load balancing
- Does not: hold tenant manifests, write tenant intent/execution WORM, see raw PII on sovereign paths, or store customer sovereign secrets
- Audit role: usage audit — what was called, at what cost
Layer 2 — Dedicated Virtual Gateway (governance / private)
The primary enterprise entry point — the company’s “brain.” Deployed into a ClawQL region or the customer’s VPC/on-prem. Usage and billing still flow through Regional Hubs; everything else couples to the Dedicated VG.
- Function: Audit-Trail Enforcement Point; EnterpriseGovernance; PII/PHI scrubbing; private WORM; NATS JetStream + Valkey swarm fabric
- Federation: multiple VGs as peers (not spokes under a global master) — EU enforcement stays in EU; optional cross-gateway tool routing under explicit policy
- Audit role: intent audit — why an action was authorized
Layer 3 — Edge Agentic Gateway (developer laptop / swarm node)
Same Agentic Gateway binary class, deployed locally: MCP for Cursor/Claude Code, local Frugal inference, vault memory, NATS task subscriber, Seatbelt containment, WORM relay.
- Sync: VG pushes policy; Edge pushes WORM-signed audit bundles — offline first, online governed
- Shadow IT inversion: developers prefer the Edge node because it unlocks corporate memory, documents, and swarm topics
- Audit role: execution audit — what actually ran on the workstation
Three audits, one forensic narrative
| Layer | Audit surface | What the CISO reconstructs |
|---|---|---|
| Regional Hub | Usage audit | Tokens, models, billing — not private policy contents |
| Dedicated Virtual Gateway | Intent audit | Policies, authorizations, tool permissions, WORM in the audit boundary |
| Edge Agentic Gateway | Execution audit | Fine-grained local runs, synced as signed bundles when online |
Usage proves what was called. Intent proves why it was allowed. Execution proves what happened. An auditor querying the Dedicated VG gets the composed record without centralizing raw source or personal context.
Sovereign handshakes
- VG → Regional Hub: VG initiates (pull — no inbound into tenant VPC). mTLS identity → GovernanceSync (manifest hash) → stream for routing/billing signals. Heartbeat timeout = kill switch (fail-closed). Hash mismatch → DEGRADED_MODE + WORM event.
- Edge → VG: identity pinning → policy push (local enforce) → audit-bundle push on schedule or reconnect. Offline Edges queue WORM; trail never discarded.
Event-driven fabric — NATS JetStream + Valkey
Each Dedicated VG hosts its own JetStream and Valkey. This is baked into the VG definition — not a bolted-on Phase 4. Subject hierarchy and Valkey schemas are specified in the architecture doc (clawql.tasks.*.broadcast, clawql.problems.{id}.open|attempt|solved|closed, audit relay, policy updates).
Collaborative problem-solving
- Publish — stuck Edge opens a problem topic; VG initializes Valkey problem state
- Parallel execute — Edges pull attempts, avoid redundant work, publish progress
- Breakthrough — first solver publishes
.solved; peers stop; VG validates - Close — originator notified; full WORM chain for the session
CTO / CISO orchestration
Signed mandates on task broadcast subjects (security patches, weekly summaries). Every Edge validates the issuer, executes locally, reports results. VG aggregates coverage %, failures, and a non-repudiable completion WORM entry. Mandates are system events — not email.
Orchestration loop: Broadcast → Pull → Execute → Report. Optional agentic payment rails can credit identities for completed automation work.
Federated mesh
- Peer policy sync; Independent Policy Enforcement Points
- Cross-gateway tool routing under explicit policy
- Local WORM + mesh observability without centralizing raw sensitive payloads
- Explicit registries and mTLS — not open discovery
VG buying triggers & 90-day onboarding
The VG conversation opens when a Teams customer says any of:
- “Different projects need different policies” — isolation
- “Our CISO needs to own the audit trail” — compliance
- “We want models on our own hardware” — sovereignty
| Days | Activity | Outcome |
|---|---|---|
| 1–7 | Deploy VG; mTLS to Regional Hub; WORM sink to customer storage | Traffic through VG; customer owns audit storage |
| 8–21 | Publish EnterpriseGovernance; Presidio; kinetic guardrails | Policy enforcement active in the audit boundary |
| 22–45 | Enable NATS + Valkey; pilot Edge Gateways on 2–3 laptops | First swarm / mandate demo |
| 46–90 | Fleet Edge Gateways; first org-wide CTO/CISO mandate | Agentic Fabric operational for the account |
Sales framing
- CTO: Manage agents at the Edge, govern through your Dedicated VG, ClawQL Regional Hubs handle multi-tenant routing and billing.
- CISO: Policy and WORM stay in your audit boundary. Regional Hubs see billing/routing signals — not private enforcement contents. “Verify us, don’t trust us.”
Sovereign Execution Environment — safety switches
Kill switches are runtime primitives: mTLS identity + Kata / sandbox + Tetragon / eBPF + Falco + VG WORM. Essay map: Hardened Security Dossier.
Sales quick reference — competitive objections
| Objection | One-sentence answer |
|---|---|
| “LiteLLM does everything we need” | LiteLLM had a supply-chain compromise and has no Flywheel, no persistent memory, and no Virtual Gateway fabric — see Replacing LiteLLM… and Mini Shai-Hulud. |
| “We use Palantir” | Palantir asks you to trust a black box. ClawQL asks you to verify WORM, Cosign, and your own VG audit boundary — see Enterprise GTM. |
| “OpenRouter is simpler” | OpenRouter is a routing layer with zero governance path. ClawQL is the Foundational Platform — memory, WORM, Flywheel, fabric. |
| “We’ll build this on LiteLLM” | You can build a proxy. You cannot ship Flywheel + Dedicated VG + NATS swarm + Edge fleet as a package in any reasonable timeframe. |
Why nobody else can run this playbook
The expansion ladder works because ClawQL’s stack is genuinely integrated. Each layer feeds the next. Trying to replicate this with point solutions fails at every transition.
- Inference → Memory: Every other inference gateway is stateless. ClawQL’s ObservedInferenceGateway writes every call to the call store and the memory vault is available at the same endpoint. The transition is one flag.
- Memory → Documents: Persistent memory that uses an Obsidian vault with wikilinks is already a semantic knowledge graph. The IDP pipeline ingests documents into the same Onyx search layer that
memory_recallqueries. Activating the IDP plugin bundle is the transition — the infrastructure is already there. - Documents → VDR: Ingested, classified, extracted, and indexed documents can be distributed via ConeShare with engagement analytics, dynamic watermarking, and x402 micropayment gating. No VDR vendor can add inference, memory, and document processing. ClawQL adds VDR to its existing pipeline.
- Any layer → Payments:
clawql-paymentscan gate tool calls, APIs, documents, or VDR links behind Stripe, x402, MPP, ACP, or AP2. Payment is integrated at the MCP layer via the McpProxyPipeline (X402EnforcementService, EntitlementService, AuditService).
Competitive table — upsell from inference
| Upsell from inference | OpenRouter | LiteLLM | Portkey | Helicone | ClawQL |
|---|---|---|---|---|---|
| Persistent memory | ✗ | ✗ | ✗ | ✗ | ✓ |
| Document processing (IDP) | ✗ | ✗ | ✗ | ✗ | ✓ |
| Virtual Data Room | ✗ | ✗ | ✗ | ✗ | ✓ |
| Per-tenant Virtual Gateway | ✗ | ✗ | ✗ | ✗ | ✓ |
| WORM audit trail | ✗ | ✗ | ✗ | ✗ | ✓ |
| Fine-tuning flywheel | ✗ | ✗ | ✗ | ✗ | ✓ |
| Agentic payment rails | ✗ | ✗ | ✗ | ✗ | ✓ |
| MCP server (same binary) | ✗ | ✗ | ✗ | ✗ | ✓ |
| Kernel-level agent sandbox | ✗ | ✗ | ✗ | ✗ | ✓ |
| Sovereign LLM fleet | ✗ | ✗ | ✗ | ✗ | ✓ (IDP tiers) |
| Supply chain verification | ✗ | ✗ (March 2026) | ✗ | ✗ | ✓ |
None of them can upsell to any of these. ClawQL can upsell to all of them because they’re all part of the same integrated stack.
The pricing model reinforces the strategy
- Self-hosted (Apache 2.0, free forever): Full feature set, no license fee — evaluation path for engineers and data-sovereignty buyers who will never use managed SaaS.
- Developer ($29/mo): Inference gateway + vault memory. The land-and-expand entry tier — priced so procurement friction never blocks a technical evaluation.
- Teams ($99/mo): Inference + vault memory + Onyx semantic search. Five users. Still below executor.sh’s Team tier ($150/mo) while including persistent memory and semantic search that executor.sh doesn’t have at any price.
- Starter / Business / Professional ($299 / $599 / $1,200/mo): IDP plugin bundle activates — documents, VDR, sovereign inference. The expansion ladder completes.
One MCP endpoint on every tier. Upgrade from Developer to Teams to Starter — the URL doesn’t change, the auth token doesn’t change, the vault history doesn’t change. There is no migration. The upsell is frictionless because it’s an upgrade, not a replacement.
Target segments through the inference-first lens
Segment 1: Developers currently on LiteLLM
Entry trigger: The March 2026 supply chain compromise. LiteLLM’s Python dependency tree produced a compromised binary. Teams running LiteLLM in production CI/CD were exposed to credential harvesting.
Migration pitch: Zero code changes. TypeScript-native. Cosign-signed. SBOM per build. Arweave-permanent manifest. Startup hash verification via clawql doctor --smoke. The supply chain posture is architectural, not claimed.
Expansion: LiteLLM users are typically more technically sophisticated. They’ll find the Flywheel faster, want the Virtual Gateway sooner, and understand the WORM audit trail without needing it explained.
Entry: export OPENAI_BASE_URL=http://localhost:8080/v1 — existing LiteLLM configuration maps to ClawQL environment variables.
Segment 2: Developers currently on OpenRouter
Entry trigger: Cost and control. OpenRouter is convenient but provides no pre-inference budget enforcement, no audit trail, no memory, and no path to training proprietary models.
Migration pitch: Same model access pattern (OpenRouter’s 100+ provider breadth is broader today — acknowledged; ClawQL’s plugin API closes this over time). ClawQL adds what OpenRouter can’t: pre-inference budget caps, WORM call store, semantic cache, PAL routing, memory vault, and the Flywheel. The clawql inference spend --group-by team report is often the first value delivered.
Expansion: Individual developers and small teams grow into Teams when they want shared memory, then Starter when they start processing documents.
Entry: Same OPENAI_BASE_URL swap. OpenRouter API keys continue to work as upstream credentials.
Segment 3: MCP-first developers (Cursor / Claude Code)
Entry trigger: They want their AI coding assistant to access private or local APIs without sending those tools’ specs to a third party.
Pitch: ClawQL’s Edge Agentic Gateway is a locally hosted MCP server with memory, audit, and governance built in. clawql inference serve --port 8080 and add http://localhost:8080/mcp to Cursor’s MCP settings.
Expansion: MCP-first users discover inference routing when they want cost controls on model calls their IDE is making. They discover the IDP when they want agents to read documents. Switching from “MCP only” to “MCP + inference” is enabling a feature, not installing new software.
Entry: Self-hosted is free. Managed Developer tier is $29/mo.
Segment 4: Teams replacing executor.sh
Entry trigger: Execution caps. executor.sh’s Team tier ($150/mo) caps at 250,000 executions/month and charges $0.20/1,000 overage. Heavy agent usage means watching a meter.
Migration pitch: ClawQL Teams ($99/mo) has unlimited executions, no caps, no overage, and costs less — plus persistent vault memory, Onyx semantic search, and 12-layer token efficiency that compounds savings executor.sh cannot offer at any price.
Expansion: Start by paying less for what you have. End up with a platform executor.sh can never be — memory, documents, then VDR.
Entry: clawql mcp-config --write cursor updates Cursor MCP config. clawql claude / clawql codex / clawql cursor / clawql opencode launch harnesses with ClawQL MCP pre-wired. One command.
Segment 5: Enterprise inference buyers (post-Palantir evaluation)
Entry trigger: The enterprise evaluated Palantir AIP and found it too expensive, too locked-in, or too opaque — or they’ve been using Palantir and want the transparent, auditable alternative.
Pitch: ClawQL Inference + Virtual Gateway is the governance-first inference layer with multi-tenant policy enforcement, audit trail requirements, and data sovereignty — with open, verifiable, independently auditable controls instead of proprietary black-box assurances. Detail lives in the Enterprise GTM playbook.
Expansion: Enterprise buyers move faster through the ladder because they have documented requirements at each tier. The Virtual Gateway conversation is often immediate.
Entry: 90-day structured pilot with success metrics. Inference observability in Phase 1. Virtual Gateway governance in Phase 2. IDP and full platform in Phase 3.
The competitive moat at each expansion stage
Each stage deepens switching cost in a way competitors can’t replicate without rebuilding their entire stack.
| Stage | Switching cost | Why |
|---|---|---|
| Inference only | Low | Any gateway offers OPENAI_BASE_URL compatibility; call store + spend report help but are recreatable |
| Semantic cache + PAL | Low–medium | Savings are visible and real; mechanism is still recreatable |
| First Flywheel cycle | Real | Custom fine-tuned Frugal model in tier-map trained on production data — the model is the moat |
| Memory vault adoption | Significant | Months of institutional knowledge in Obsidian; no other inference gateway has a memory layer to migrate to |
| IDP activation | Very high | Documents indexed in Onyx, correlated with the call store via correlation_id, linked to WORM; VDR links embedded in customer workflows |
| Virtual Gateway deployment | Extremely high | EnterpriseGovernance manifests, WORM sinks, and per-tenant audit trails become organizational — compliance evidence, not just tech debt |
The inference gateway is the entry. Each subsequent layer deepens the relationship until switching becomes functionally impossible for any rational buyer.
The “inference-optional” MCP path
ClawQL is genuinely useful to developers who never want to route inference through it.
A developer who uses Claude Code as their IDE agent but has a fleet of private internal APIs has a problem today: MCP servers for each API are either manually configured or don’t exist. ClawQL’s Virtual Gateway as a locally hosted MCP server solves this without requiring the developer to change their inference provider at all. Claude Code connects to http://localhost:8080/mcp. ClawQL exposes every configured API as MCP tools — with memory, audit, and governance — while Anthropic remains the model provider.
This developer is in the ClawQL ecosystem without paying for inference. When they want inference routing, the Flywheel, or document processing, they’re already connected. When their team grows and needs isolation, the Virtual Gateway architecture scales.
The inference-optional path means ClawQL competes in a segment nobody else owns: the governed local MCP server market — memory-enabled, audit-trailed, supply-chain-verified, with a clear upgrade path to a full platform.
GTM execution plan
Phase 1: Developer acquisition (months 1–6)
Goal: 1,000 active inference gateway installs · 200 active MCP server installs · 100 paid Developer tier conversions.
- Content on PragmaticVectors.com — use the Hardened Security Dossier as the funnel map: LiteLLM migration + twelve-layer cost posts for Inference Gateway buyers; Seatbelt / Tetragon / sandbox posts for Edge Gateway adopters (Hardened Agentic Stack)
- Anchor tweet: drop-in OpenAI replacement, semantic cache, PAL routing, Flywheel, virtual keys, plus
/mcpfor Cursor — everything else additive - LiteLLM migration guide: Replacing LiteLLM… — switch in five minutes, zero code changes, better supply chain posture, fine-tuning loop the current setup can’t close
- executor.sh comparison: factual, not aggressive — tools + inference + memory + documents + policies, no per-execution meter
Metrics: GitHub stars · npm downloads for clawql-inference · 14-day trial starts · Week-1 retention (first value moment reached)
Phase 2: Expansion revenue (months 6–12)
Goal: 50 Teams tier conversions · 10 Starter IDP conversions · first Enterprise pilot.
- Flywheel case study — cost and quality impact of the first fine-tuning cycle
- Dedicated Virtual Gateway + Agentic Fabric webinar for platform engineering leads
- Welcome sequence for Regional Hub → Dedicated VG upgrades: assign Zero-Trust Ingest and Anomalous Tool Use as foundational reading for the team’s new security posture
- IDP upsell sequence when a user runs
clawql sources add <url>against a document store
Metrics:Developer → Teams (>15%) · Teams → Starter (>8%) · Flywheel adoption · MCP-entry users who add inference routing
Phase 3: Enterprise and platform (months 12–24)
Goal: 3 Enterprise pilots · 1 signed Enterprise contract · Dedicated Virtual Gateway (Layer 2) as the primary enterprise entry point, with Regional Hubs remaining the billing/routing plane.
- Enterprise inference brief for CTOs — Zero-Trust Agentic Fabric (Regional Hubs → Dedicated VG → Edge swarm), WORM, EnterpriseGovernance, Palantir comparison (Enterprise GTM)
- Dedicated VG pilots with NATS JetStream + Valkey swarm demos — parallel problem-solving and CTO/CISO org-task broadcasts
- Compliance vertical push — HIPAA, GDPR, SOC 2 Type II; FedRAMP Moderate on roadmap
- System integrator partnership — white-label and reseller for healthcare, finance, and defense
Metrics:Pilot starts · contract conversion · ACV · NRR target >110% · Edge fleet adoption in pilots
Phase 4: Edge swarm at scale (months 18–36)
Goal: Fleet Edge Gateways across customer engineering orgs; federated multi-VG meshes where sovereignty requires them; swarm workflows as the default for org-wide agentic tasks.
- Edge Gateway packaging for developer laptops — mTLS identity pinning, policy push, audit-bundle sync
- Federated mesh playbooks — peer Virtual Gateways, local WORM, mesh observability without raw centralization
- Marketplace and payment-rail distribution on top of the fabric
Metrics: Edge nodes per Enterprise account · swarm task completion rate · multi-VG federation deals
One-sentence positioning for each entry point
| Buyer | Positioning |
|---|---|
| Inference gateway | Stop paying for opaque tokens — the ClawQL Agentic Gateway routes traffic to the optimal model, caches semantically similar requests, and converts your production traffic into a verified, fine-tuned model that gains value every month. |
| MCP server | The Foundational Platform for your IDE — one Agentic Gateway gives Cursor and Claude Code governed access to every private API you own, with persistent memory, full audit trails, and a clear path to production-grade governance. |
| executor.sh replacement | Everything executor.sh provides, plus persistent memory, semantic search, 12-layer token efficiency, and a zero-meter execution model — providing a lower total cost of ownership for production agents. |
| LiteLLM migration | Zero code changes, superior supply chain posture, and a fine-tuning Flywheel that turns your production logs into proprietary model assets. |
| Enterprise | The Foundational Platform for Auditable Production AI — Regional Hubs for routing and billing, Dedicated Virtual Gateways as Audit-Trail Enforcement Points with NATS/Valkey swarm coordination, and Edge Gateways on every laptop so CISOs get WORM-verified control of the entire agentic fabric. |
| CISO | Verify us, don’t trust us — every agent decision in the WORM log, every policy in the EnterpriseGovernance manifest, Cosign-signed releases, and the audit trail lives in your VG boundary. |
| CTO | The Agentic Fabric turns your engineering org into a governed swarm — publish a mandate from the VG; every Edge Gateway pulls it, executes, and reports back with a non-repudiable trail. |
Vision line for executive briefings: Most AI platforms are individual tools. ClawQL is the operating system the tools run on — Auditable Production AI at organizational scale.
Summary: the Agentic Gateway as Foundational Platform
ClawQL is not an inference gateway that happens to have an MCP server, or an MCP server that happens to have an inference gateway. It is an Agentic Gateway — the Foundational Platform for Auditable Production AI, delivered as a Zero-Trust Agentic Fabric. One binary speaks both HTTP/REST for inference and MCP for IDE-native tool access, with memory, audit, payments, and governance integrated at the transport layer — then scales across Regional Hubs, Dedicated Virtual Gateways, and Edge swarm nodes.
Developers start on multi-tenant Regional Hubs. Enterprises graduate to Dedicated Virtual Gateways — isolated policy, WORM, and NATS JetStream + Valkey for event-driven swarm intelligence — while usage and billing still flow through the Regional plane. Edge Gateways on every laptop make the fabric a distributed agentic operating system: offline-first locally, online-governed through mTLS sync. The same architecture, the same upgrade path — from three-minute install to regulated production swarm.
Start with three minutes. End with Auditable Production AI on a Zero-Trust Agentic Fabric.
July 2026 · ClawQL · docs.clawql.com/inference · Pricing · Free trial · Self-host
Start with three minutes. Reach auditable production.
Drop in an OpenAI-compatible base URL or connect Cursor to /mcp. Expand product-led into infrastructure optimization, model provenance, memory, Dedicated Virtual Gateways, and Edge swarm coordination — without changing your endpoint.