romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8f0a3c662a
openclaw/README.md
Claude 8f0a3c662a
docs: rebrand README to AssureBot
2026-01-30 06:54:23 +00:00

3.4 KiB
Raw Blame History

AssureBot

Lean, secure, self-hosted AI assistant for Railway.

Your AI agent that runs on your infrastructure, answers only to you, and you can actually audit.

Deploy on Railway

Why AssureBot?

Full OpenClaw AssureBot
12+ channels Telegram only
File-based config Env vars only
Plugins/extensions None (locked down)
Desktop/mobile apps Headless server
Complex setup One-click deploy

Trade-off: Less features, more trust.

Features

  • Telegram Bot — Allowlist-only access, no public commands
  • Image Analysis — Send photos for AI analysis (Claude Vision / GPT-4V)
  • Webhook Receiver — Authenticated HTTP endpoint for integrations
  • Docker Sandbox — Isolated code execution (no network, dropped caps)
  • Cron Scheduler — Time-based recurring tasks
  • Full Audit Log — JSONL logs of every interaction

Quick Start

Environment Variables

# Required
TELEGRAM_BOT_TOKEN=your_bot_token
ALLOWED_USERS=123456789,987654321  # Telegram user IDs

# AI Provider (one required)
ANTHROPIC_API_KEY=sk-ant-...
# or
OPENAI_API_KEY=sk-...

# Optional
WEBHOOK_SECRET=auto-generated-if-empty
AUDIT_LOG_PATH=/data/audit.jsonl
SANDBOX_ENABLED=true

Deploy to Railway

  1. Click the deploy button above
  2. Set environment variables
  3. Your bot is live

Run Locally

cd secure
pnpm install
pnpm start

Docker

docker build -t assurebot -f secure/Dockerfile .
docker run -d \
  -e TELEGRAM_BOT_TOKEN=... \
  -e ALLOWED_USERS=... \
  -e ANTHROPIC_API_KEY=... \
  assurebot

Security Model

  • No config files — All secrets via environment variables
  • Allowlist only — Only specified Telegram user IDs can interact
  • Timing-safe auth — Webhook tokens compared safely
  • Sandbox isolation — Code runs in Docker with no network, read-only root, dropped capabilities
  • Audit everything — Every message, command, and action logged to JSONL

Architecture

┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  Telegram   │────▶│  AssureBot  │────▶│  AI Agent   │
│   (User)    │◀────│   (Core)    │◀────│  (Claude/   │
└─────────────┘     └─────────────┘     │   OpenAI)   │
                           │            └─────────────┘
                           │
              ┌────────────┼────────────┐
              ▼            ▼            ▼
        ┌──────────┐ ┌──────────┐ ┌──────────┐
        │ Webhooks │ │ Sandbox  │ │ Scheduler│
        └──────────┘ └──────────┘ └──────────┘

Commands

In Telegram, send:

  • Any text message → AI responds
  • Photo with caption → Image analysis
  • /sandbox <code> → Run code in isolated container
  • /schedule <cron> <task> → Create scheduled task
  • /tasks → List scheduled tasks

Based On

AssureBot is a hardened fork of OpenClaw, stripped down for security-first self-hosting.

License

MIT