Click any layer to expand its details. The stack is organized from channels at the top down through policy, agents, orchestration to systems of record. A security governance wrapper covers the entire stack.

🛡
Security + Governance wraps everything
Identity & least privilege Secrets vault Policy checks Sandboxing Audit logs Approval gates
1
Input Channels
Where humans and systems talk to the stack
💬
Slack / Teams
Team chat channels, DMs and threads
📱
WhatsApp / Telegram
Mobile-first · field and ops
📧
Email / Calendar
Inboxes, scheduling, notifications
🖥
Web UI / TUI
Admin, testing, dashboards
normalised envelope
2
Chat / API Gateway
e.g. OpenClaw · normalises channels into one message envelope
🔀
Channel normalisation
One unified message envelope regardless of source channel
🔒
Session isolation
Each conversation is isolated; rate limits prevent abuse
🚦
Rate limiting
Per-user and per-channel limits; queues excess requests
policy-checked calls
3a
Policy Control
OPA — allow/deny tool actions
  • OPA sidecar evaluates every tool call against policy rules
  • Human approval gate for: payments, deletes, outbound blasts, prod writes
  • Egress allowlist from agent-runner (approved domains only)
  • All tool actions logged with provenance
3b
Secrets Vault
Inject creds at runtime, never in code
  • Separate service accounts per connector
  • Rotate tokens on a regular schedule
  • No hardcoded secrets in source or containers
  • Inject credentials only at task runtime
sandboxed execution
4
Agent Runtime
Sandboxed containers · LLM reasoning · tool router · no direct prod access
🧠
LLM reasoning
Prompt templates, context injection, model selection per task type
🔧
Tool router
Routes tool calls through policy layer; never calls prod systems directly
📦
Sandboxed containers
No host root access; private Docker network; isolated per-session
💡 Cost tip: Use deterministic workflows for most tasks; reserve LLM calls for text-heavy steps. Cache summaries to avoid reprocessing.
workflow triggers
5a
Workflow Orchestrator
n8n · cheap connectors · deterministic steps
  • Use for: most automations, API calls, file ops, notifications
  • Visual workflow builder with 400+ connectors
  • Approval nodes for human-in-the-loop steps
  • Self-hosted on Docker; no vendor lock-in
5b
Reliable Workflows
Temporal (optional) · stateful · retry-safe
  • Use for: payments, production writes, long-running critical flows
  • Idempotent execution; automatic retries with backoff
  • Durable state: survives restarts and crashes
  • Add only when you see real need — adds operational complexity
reads & writes
6
Systems of Record + Tools
GitHub · Jira · CRM · DBs · file storage · cloud · internal APIs
🐙 GitHub
📋 Jira
👥 CRM
🗄 Postgres
📁 File storage
☁️ Cloud APIs
🔗 Internal webhooks
📤 Email / chat outbound
⚠️ All writes to production systems go through the policy layer (OPA) — no direct prod access from agents.

Reference Deployment

A practical single-machine layout. Start here; split to multiple nodes only when you see real load or availability needs.

🖥
Home server baseline
8-core CPU · 16–32 GB RAM · 1 TB SSD · UPS recommended for customer-facing workloads · auto security updates on · workloads in containers

Container services

ServiceRoleNotes
reverse-proxyTLS termination, auth gateway, routingOnly public-facing container; Traefik or Nginx
vpnAdmin access via Tailscale / WireGuardNo open admin ports on public internet
gatewayChannel adapters (OpenClaw or equivalent)Receives all inbound from Slack, email, etc.
agent-runnerSandboxed tool executionNo host root access; private network only
workflown8n for most automations; Temporal optionalVisual builder; self-hosted
policyOPA sidecar / service for tool authorisationEvery tool call evaluated here
dbPostgres for state, sessions, workflow metadataInternal network only; no public port
queueRedis (optional) for job queues + rate limitingCan omit initially; add when needed
logsCentral logs (Loki/Vector) + retention policyShort retention; archive cold data
backupsRestic to external drive + encrypted cloud copyTest restore monthly

Cost levers

Deterministic first
Use deterministic workflows for most tasks; reserve LLM calls for text-heavy reasoning steps
🗂
Cache aggressively
Cache summaries and extractions; avoid re-processing the same documents
🤏
CPU inference first
Start with CPU inference or pay-per-call APIs; add GPU only if utilisation is high
🧹
Short retention
Keep retention windows short for logs and vector indexes; archive cold data

Setup Checklist

Work through these grouped tasks to get the stack running securely. Check each item off as you complete it.