Enterprise AI agents: OpenClaw for channels, custom MCP tools, Cursor CLI runtime

Running AI agents in production for compliance, DevOps, and finance demands more than "give the model API access and hope." Raw OpenClaw didn't cut it. Here's the enterprise recipe that works.

Laser-focused MCP, not provider MCP

Generic MCP servers wrapping vendor APIs don't scale. The model ends up doing integration work: call endpoint, paginate, retry, handle errors, loop 1000 times. Example: exposing BoldSign API through MCP and letting the agent send 1000 docs individually leads to hallucinations, dropped calls, and partial batches.

What works: a deterministic tool that handles batch sending. The agent decides what to send and when; the tool does the boring, reliable part. Same pattern for Jira, Graph, cost reports. Build MCP tools per process, not per API. AI makes wiring an API to MCP near zero cost.

Example with Microsoft Graph API: agents can deploy apps through Intune, configure security policies, handle incidents, add indicators to security, query Sentinel logs, reset user MFA and credentials. But every process needs detailed lock-down and privilege boundaries — e.g., it can reset credentials except for admins. This is enforced through tooling and settings, not baked into the prompt.

OpenClaw for channels, not for everything

OpenClaw handles Teams, webhooks, routing, and sessions — that was kept. Credentials stay out of model context. Each agent gets a tight tool list. A single shared tool gateway replaces one MCP process per agent.

Cursor CLI as the runtime via ACPX

The actual agent loop runs on cursor-agent and is wired into OpenClaw through ACPX. Cursor CLI holds up better on long tasks, subagent spawning, and staying on track than generic agent loops. Tiered model pricing helps — some steps run on cheaper/faster models. If OpenClaw improves, switching is trivial since everything is already in place.

Running the CLI gives detailed agent logs (internal thinking, agent calls, etc.), fed back to a quality loop agent that detects target drift, hallucinations, etc., and proposes pull requests with fixes in tools and prompts.

Self-hosted and deterministic rules

Everything runs self-hosted in Kubernetes. Agent code is immutable, baked into the image, and tested in CI — agent behavior is part of test coverage. Managed identities in Azure are used when possible. Forget "self-learning" agents — rely on a good memory system plus deterministic, well-grounded prompts, rules, and tools.

1 agent = 1 backend

Processes need state that is well thought-out, deterministic, and durable. Each agent gets, through its MCP, an API specific to the task. First build the "backend" for the agent (deterministic tooling and data storage), then build the agent on top. Don't expect an agent to perform long-term by operating on YAML, markup files, or whatever it improvises.