Hardware
The machine is a 2015 Dell Inspiron i7 with 16 GB DDR3 RAM and an SSD. It is enough to run the agent, the tool scripts, and a browser.
Operating system
I used Debian because the installer is plain and predictable.
Steps:
- Write the ISO to a USB drive.
- Set the USB as the boot device.
- Boot into the installer.
- Use wired ethernet for reliable downloads.
After installation, create a user and add to the sudo group:
bashsudo adduser tito
sudo usermod -aG sudo tito
OpenClaw installation
Install OpenClaw with curl:
bashsudo apt install curl
curl -fsSL https://openclaw.dev/install.sh | sh
Set the Telegram bot token in /etc/environment.d/openclaw.conf:
iniTELEGRAM_BOT_TOKEN=<token>
Access scope
Day 1 also defined what the agent was allowed to touch.
Website
Generate an SSH key for the GitHub repo:
bashssh-keygen -t ed25519 -C "tito@p0p-deb" -f ~/.ssh/id_ed25519_website
Add the public key as a deploy key with write access.
CRM
Two access patterns:
- Pattern A: Read-only access to D1 database (SQL) and R2 storage.
- Pattern B: REST API for creating and updating records, authenticated via API key:
bashcurl -X POST https://striping-app.<account>.workers.dev/api/customers \
-H "Authorization: Bearer <CRM_API_KEY>" \
-H "Content-Type: application/json" \
-d '{"name": "Acme Striping", "city": "Plano"}'
Architecture at the end of day 1
At this point, the credentials still lived in the agent's environment. Secrets isolation comes later in the series.