Download as Markdown: hey-siri-make-me-a-million-dollars-agents.md

OpenClaw voice-to-idea-log — agents file

Distilled from the blog post and project. Use this to understand or extend the setup. The full post: Hey Siri, Make Me a Million Dollars. The implementation repo is private; contact joseph.e.combs@gmail.com for access.

What this is

Voice (or text) from your phone becomes a timestamped line in idea-log.md on a Hetzner server. Two paths: (1) Apple Shortcut dictates, URL-encodes “log: <text>”, POSTs to Telegram Bot API; (2) you open Telegram and DM “log: my idea” to the bot. Both append to the same log. Zero taps on the Shortcut path.

Stack

• Hetzner Cloud — new project, own API token. Server + persistent volume via Terraform.
• Terraform — server, SSH key, volume, cloud-init (non-root user, Tailscale, UFW, Fail2ban, Node 22, OpenClaw, systemd gateway). Gateway bound to localhost/custom port; not on public internet.
• OpenClaw — profile main, runs on server only. Receives Telegram (DM and channel_post), appends to workspace notes.
• Two Telegram bots — LOGGER (OpenClaw bot you DM; receives channel_post from private channel). MESSENGER (Shortcut uses its token to post to the channel; LOGGER is channel admin so it sees posts). Bot-to-bot DM does not work; channel required.
• Private Telegram channel — only LOGGER and MESSENGER are members/admins. Shortcut sends to channel via MESSENGER token; LOGGER gets channel_post and appends to idea-log.
• Apple Shortcut — Dictate → URL-encode “log: <text>” → Get Contents of URL (Telegram sendMessage with MESSENGER token, channel ID). Must URL-encode body.

Concepts

• Never run as root. Planned to run on Mac under locked-down user; moved to dedicated server for blast radius. Server runs OpenClaw as non-root user.
• Validation before done. Every phase has a script. Run ./scripts/validate/run-all.sh from repo root; it runs phase 0.1–6 and stops at first failure. Do not mark a step done until its validation passes.
• Reproducibility. ./scripts/validate/recreate-and-validate.sh: destroy server (volume survives), terraform apply, cloud-init wait, run-all. Proves Terraform + push scripts restore working state. Re-push LOGGER token and Phase 2.2 config after recreate.

Repo layout (implementation repo)

• terraform/ — Hetzner server, SSH key, persistent volume, cloud-init.
• scripts/ — Phase scripts (e.g. phase-1.3-configure-anthropic.sh, phase-2.1-create-telegram-bot.sh, phase-2.2-configure-telegram-channel.sh), validation scripts in scripts/validate/ (phase-0.1.sh through phase-6.sh, run-all.sh, recreate-and-validate.sh).
• .env — local only, gitignored. HCLOUD_TOKEN, TELEGRAM_LOGGER_BOT_TOKEN, TELEGRAM_MESSENGER_BOT_TOKEN, TELEGRAM_LOGGER_BOT_ID, TELEGRAM_MESSENGER_BOT_ID, TELEGRAM_HUMAN_USER_ID, TELEGRAM_PASSIVE_CHANNEL_ID, ANTHROPIC_API_KEY, TF_VAR_tailscale_auth_key, etc. Copy from .env.example. LOGGER token is pushed to server; MESSENGER token stays on Mac and in Shortcut only.
• IMPLEMENTATION.md — full phased checklist and validation details.

Phases (summary)

1. Server and hardening — Terraform apply. Cloud-init: non-root user, Tailscale, UFW, Fail2ban, backups. Validate: SSH, run-all.
2. OpenClaw on server — Profile dir, config, Node 22, OpenClaw, systemd gateway. Push Anthropic key via script. Validate: phase-1.sh.
3. Telegram — Create LOGGER and MESSENGER bots. Push LOGGER token to server. Allowlist = your user ID + MESSENGER bot ID. Create private channel; add both bots as admins. Set TELEGRAM_PASSIVE_CHANNEL_ID. Shortcut uses MESSENGER token and channel ID. Validate: phase-2.sh, channel live test.
4. Notes log — Workspace notes/idea-log.md. AGENTS.md (or equivalent) instructs agent: on “log” or “log: …”, append line to idea-log. Bug fix: agent must read full file and write back with new line (in-place edit failed). Validate: phase-3.sh.
5. Anthropic — API key on server, model in config. Validate: phase-4.sh.
6. iPhone and Shortcut — Manual: DM “log: …”. Passive: Shortcut dictates, encodes, POSTs to Telegram. Validate: phase-5.sh, run Shortcut and check idea-log.
7. Audit and alerts — Not implemented. Placeholders only.

Key validations (copy-paste from repo root, .env sourced)

• ./scripts/validate/run-all.sh — run all phases, stop at first fail.
• ./scripts/validate/recreate-and-validate.sh — destroy, apply, run-all (re-push secrets when vars set).
• Phase 2 channel test: curl -X POST "https://api.telegram.org/bot${TELEGRAM_MESSENGER_BOT_TOKEN}/sendMessage" -d "chat_id=${TELEGRAM_PASSIVE_CHANNEL_ID}" -d "text=log%3A%20channel%20test" then on server cat /mnt/openclaw-data/workspace/notes/idea-log.md (or profile path).

Troubleshooting

• Bot-to-bot DM — Telegram returns “chat not found”. Use channel; LOGGER as channel admin.
• channel_post allowlist — OpenClaw must accept channel (or channel sender). Recent builds treat channel_post like message; may need allowlist/config patch for passive channel.
• Append to idea-log failed — Agent in-place edit can fail. AGENTS.md: read full file, write back with new line appended. Re-run phase-3.2 script.
• After recreate — Re-push LOGGER token (phase-2.1), re-run phase-2.2 (allowlist), restart gateway.
• Shortcut — URL-encode full “log: <text>”.

Paths on server

• Profile dir: ~/.openclaw-main/ (or equivalent).
• Config: ~/.openclaw-main/openclaw.json. Env: ~/.openclaw-main/.env.
• Idea log (volume): /mnt/openclaw-data/workspace/notes/idea-log.md. Or profile workspace: ~/.openclaw-main/workspace/notes/idea-log.md.

Links

• Blog post: Hey Siri, Make Me a Million Dollars
• OpenClaw: https://github.com/openclaw-ai/openclaw
• Implementation repo: private; email joseph.e.combs@gmail.com for access