Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
b4f8a457a8
- Rewrite Dockerfile to be fully standalone (no workspace deps) - Use npm install instead of pnpm workspace - Update README with step-by-step Railway deployment - Critical: Root Directory must be set to 'secure' in Railway - Add instructions for getting Telegram user ID https://claude.ai/code/session_015VqJ7gN4vaxtYfYc92UjLs |
||
|---|---|---|
| .agent/workflows | ||
| .github | ||
| apps | ||
| assets | ||
| docs | ||
| extensions | ||
| git-hooks | ||
| packages | ||
| patches | ||
| scripts | ||
| secure | ||
| skills | ||
| src | ||
| Swabble | ||
| test | ||
| ui | ||
| vendor/a2ui | ||
| .detect-secrets.cfg | ||
| .dockerignore | ||
| .env.example | ||
| .gitattributes | ||
| .gitignore | ||
| .npmrc | ||
| .oxfmtrc.jsonc | ||
| .oxlintrc.json | ||
| .pre-commit-config.yaml | ||
| .prettierignore | ||
| .secrets.baseline | ||
| .shellcheckrc | ||
| .swiftformat | ||
| .swiftlint.yml | ||
| AGENTS.md | ||
| appcast.xml | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| CONTRIBUTING.md | ||
| docker-compose.yml | ||
| docker-setup.sh | ||
| Dockerfile | ||
| Dockerfile.sandbox | ||
| Dockerfile.sandbox-browser | ||
| docs.acp.md | ||
| fly.private.toml | ||
| fly.toml | ||
| LICENSE | ||
| openclaw.mjs | ||
| package.json | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| railway-template.json | ||
| README-header.png | ||
| README.md | ||
| render.yaml | ||
| SECURE-BOT.md | ||
| SECURITY.md | ||
| tsconfig.json | ||
| vitest.config.ts | ||
| vitest.e2e.config.ts | ||
| vitest.extensions.config.ts | ||
| vitest.gateway.config.ts | ||
| vitest.live.config.ts | ||
| vitest.unit.config.ts | ||
| zizmor.yml | ||
AssureBot
Lean, secure, self-hosted AI assistant for Railway.
Your AI agent that runs on your infrastructure, answers only to you, and you can actually audit.
Why AssureBot?
| Full OpenClaw | AssureBot |
|---|---|
| 12+ channels | Telegram only |
| File-based config | Env vars only |
| Plugins/extensions | None (locked down) |
| Desktop/mobile apps | Headless server |
| Complex setup | One-click deploy |
Trade-off: Less features, more trust.
Features
- Telegram Bot — Allowlist-only access, no public commands
- Image Analysis — Send photos for AI analysis (Claude Vision / GPT-4V)
- Webhook Receiver — Authenticated HTTP endpoint for integrations
- Docker Sandbox — Isolated code execution (no network, dropped caps)
- Cron Scheduler — Time-based recurring tasks
- Full Audit Log — JSONL logs of every interaction
Quick Start
Environment Variables
# Required
TELEGRAM_BOT_TOKEN=your_bot_token
ALLOWED_USERS=123456789,987654321 # Telegram user IDs
# AI Provider (one required)
ANTHROPIC_API_KEY=sk-ant-...
# or
OPENAI_API_KEY=sk-...
# Optional
WEBHOOK_SECRET=auto-generated-if-empty
AUDIT_LOG_PATH=/data/audit.jsonl
SANDBOX_ENABLED=true
Deploy to Railway
- Click the deploy button above
- Set environment variables
- Your bot is live
Run Locally
cd secure
pnpm install
pnpm start
Docker
docker build -t assurebot -f secure/Dockerfile .
docker run -d \
-e TELEGRAM_BOT_TOKEN=... \
-e ALLOWED_USERS=... \
-e ANTHROPIC_API_KEY=... \
assurebot
Security Model
- No config files — All secrets via environment variables
- Allowlist only — Only specified Telegram user IDs can interact
- Timing-safe auth — Webhook tokens compared safely
- Sandbox isolation — Code runs in Docker with no network, read-only root, dropped capabilities
- Audit everything — Every message, command, and action logged to JSONL
Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Telegram │────▶│ AssureBot │────▶│ AI Agent │
│ (User) │◀────│ (Core) │◀────│ (Claude/ │
└─────────────┘ └─────────────┘ │ OpenAI) │
│ └─────────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Webhooks │ │ Sandbox │ │ Scheduler│
└──────────┘ └──────────┘ └──────────┘
Commands
In Telegram, send:
- Any text message → AI responds
- Photo with caption → Image analysis
/sandbox <code>→ Run code in isolated container/schedule <cron> <task>→ Create scheduled task/tasks→ List scheduled tasks
Based On
AssureBot is a hardened fork of OpenClaw, stripped down for security-first self-hosting.
License
MIT