Aegis

Personal Intelligence Platform
Self-hosted AI agents that connect your finances, calendar, academics, health, and social media — then deliver actionable insights over WhatsApp.

4 containers. ~2,700 lines of custom code. Zero public ports. Built on OpenClaw (53+ bundled skills, 24 messaging channels).

Table of Contents

• What You Get
• Architecture
• Quick Start
• Integrations
• Project Structure
• Security
• Customization
• Development
• Documentation
• Contributing
• License

---

What You Get

Feature	Description
Morning Briefings	Daily summary of calendar, deadlines, finances, and health goals — delivered to WhatsApp at 6 AM
Financial Tracking	Spending trends, recurring charges, subscription detection, affordability checks, and portfolio monitoring via Plaid and Schwab
Academic Tracking	Assignment deadlines, grade monitoring, and overdue alerts from Canvas LMS and Blackboard
Health Optimization	Steps, heart rate, sleep, calories, and protein tracking from Garmin Connect and Apple Health
Content Engine	AI-generated thought-leadership posts for LinkedIn and X, delivered for approval before publishing
Weekly Digest	End-of-week summary with spending trends, completion rates, health adherence, and recommendations
Security Audit	Weekly integrity check of the hash-chained audit log and LLM budget status

All data is encrypted with AES-256-GCM. All credentials are stored in an encrypted credential store. Nothing leaves your server unencrypted.

---

Architecture

+------------------------------------------------------------------+
|                  Single VPS (Docker Compose)                      |
|                                                                   |
|  +------------------+  +--------------+  +------------------+    |
|  | OpenClaw Gateway |  |   Data API   |  |   PostgreSQL     |    |
|  |                  |  |  (FastAPI +  |  |   + pgvector     |    |
|  | - 4 AI agents    |  |  encryption) |  |                  |    |
|  | - 8 skills       |  |              |  | - credentials    |    |
|  | - 3 hooks        |  | - 10 routers |  | - transactions   |    |
|  | - 8 cron jobs    |  | - 10 clients |  | - audit log      |    |
|  | - WhatsApp       |  | - 9 models   |  | - health data    |    |
|  | - Web UI         |  |              |  |                  |    |
|  +------------------+  +--------------+  +------------------+    |
|                                                                   |
|  +-----------------------------------------------------------+   |
|  |          Cloudflare Tunnel (zero public ports)             |   |
|  +-----------------------------------------------------------+   |
+------------------------------------------------------------------+

OpenClaw is the brain. It runs the AI agents, handles scheduling, makes LLM calls, manages WhatsApp via Baileys, provides a Control UI, and stores agent memory. You configure it with JSON5 and teach it new capabilities through skill files.

Data API is the vault. A thin FastAPI service (~1,500 LOC) that stores encrypted credentials, proxies integration APIs, and maintains a tamper-evident audit log. The AI does the reasoning — the data-api just stores and retrieves.

---

Quick Start

Prerequisites

• Docker and Docker Compose v2.29+ (install)
• An Anthropic API key (get one)
• A machine with 4 GB RAM and 2 CPU cores minimum

Option A: Docker (everything included)

git clone https://github.com/JiwaniZakir/aegis.git && cd aegis
./infrastructure/scripts/bootstrap.sh

Then add your Anthropic key:

# Edit .env and set ANTHROPIC_API_KEY=sk-ant-...
docker compose restart openclaw-gateway
open http://localhost:18789

Bootstrap auto-generates DATA_API_TOKEN, ENCRYPTION_MASTER_KEY, and POSTGRES_PASSWORD. You only need to add ANTHROPIC_API_KEY.

Option B: npm (OpenClaw native + Docker for data layer)

npm install -g openclaw@latest
git clone https://github.com/JiwaniZakir/aegis.git && cd aegis
openclaw onboard
docker compose up -d data-api postgres cloudflared
openclaw

For a complete walkthrough from zero, see docs/SETUP_FROM_SCRATCH.md.

---

Integrations

All integrations are optional. Enable only the ones you need.

View all 10 integrations

Integration	Credentials Needed	Where to Get Them
Plaid (banking)	PLAID_CLIENT_ID, PLAID_SECRET	Plaid Dashboard
Schwab (investments)	SCHWAB_APP_KEY, SCHWAB_APP_SECRET	Schwab Developer Portal
Canvas LMS	Personal access token	Canvas Settings > Access Tokens
Blackboard	BLACKBOARD_URL, username, password	Your institution
Google Calendar	GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET	Google Cloud Console
Outlook Calendar	AZURE_CLIENT_ID, AZURE_CLIENT_SECRET	Azure Portal
Garmin Connect	GARMIN_EMAIL, GARMIN_PASSWORD	Your Garmin account
Apple Health	iOS Shortcut	Create a Shortcut that POSTs to /health/ingest
LinkedIn	LINKEDIN_ACCESS_TOKEN	LinkedIn Developer Portal
X / Twitter	API v2 keys + tokens	X Developer Portal

Add credentials to .env or the encrypted credential store. See .env.example for all variables.

---

Project Structure

View directory layout

aegis/
├── config/                         # OpenClaw configuration
│   ├── openclaw.json               # Agents, channels, cron, hooks
│   ├── cron/jobs.json              # 8 scheduled jobs
│   ├── BOOT.md                     # Agent orientation (loaded on startup)
│   ├── USER.md                     # User profile and preferences
│   └── MEMORY.md                   # Persistent agent memory
├── skills/                         # 8 custom skill definitions
│   ├── aegis-finance/SKILL.md
│   ├── aegis-calendar/SKILL.md
│   ├── aegis-lms/SKILL.md
│   ├── aegis-health/SKILL.md
│   ├── aegis-social/SKILL.md
│   ├── aegis-content/SKILL.md
│   ├── aegis-briefing/SKILL.md
│   └── aegis-security/SKILL.md
├── hooks/                          # 3 custom hooks (TypeScript)
│   ├── audit-logger/               # Hash-chained audit logging
│   ├── pii-guard/                  # PII redaction on outbound messages
│   └── budget-guard/               # LLM spend tracking + alerts
├── data-api/                       # Encrypted persistence (FastAPI)
│   ├── app/
│   │   ├── main.py                 # App + auth middleware
│   │   ├── security/               # AES-256-GCM + audit log
│   │   ├── models/                 # 9 SQLAlchemy models
│   │   ├── api/                    # 10 routers (31 endpoints)
│   │   └── integrations/           # 10 API clients
│   ├── alembic/                    # Database migrations
│   └── tests/                      # 113 tests
├── infrastructure/
│   ├── Dockerfile.data-api
│   └── scripts/                    # bootstrap, deploy, backup, restore
├── docs/                           # Comprehensive documentation
├── docker-compose.yml              # 4 services
└── Makefile                        # dev, test, lint, deploy shortcuts

---

Scheduled Tasks

Task	Schedule	Agent	Delivery
Financial sync	Every 6 hours	sync	Silent
Calendar sync	Every 15 min	sync	Silent
LMS sync	Every 30 min	sync	Silent
Health sync	Hourly	sync	Silent
Morning briefing	6:00 AM ET	briefing	WhatsApp
Content drafts	7:00 AM ET	content	WhatsApp
Weekly digest	Sun 8:00 PM ET	briefing	WhatsApp
Security audit	Mon 9:00 AM ET	briefing	WhatsApp

Schedules are configured in config/cron/jobs.json.

---

Security

Layer	Implementation
Network	Zero public ports. All access via Cloudflare Tunnel.
Encryption	AES-256-GCM with AAD for credentials and sensitive fields
Auth	Bearer token with constant-time comparison (hmac.compare_digest)
Audit	SHA-256 hash-chained tamper-evident log, verifiable via API
PII	Regex hook scans outbound messages for SSNs, card numbers, account numbers
Budget	Daily/monthly LLM spend tracking with alerts at 80/95/100%
Containers	cap_drop: [ALL], no-new-privileges: true, internal-only networks
Secrets	SOPS + age for encrypted secret files in version control

See SECURITY.md for the full threat model and vulnerability reporting policy.

---

Customization

Add a skill

Create skills/my-skill/SKILL.md:

---
name: my-skill
description: "What this skill teaches the agent"
---

# My Skill

Instructions for the agent. Document the endpoints, request/response
shapes, and when the agent should use this skill.

OpenClaw auto-discovers skills at startup.

Add a hook

Create hooks/my-hook/HOOK.md and hooks/my-hook/handler.ts. Hooks intercept events like message:sent to add behavior (redaction, logging, budget tracking). See existing hooks for examples.

Add an integration

1. Create a client in data-api/app/integrations/ (extends BaseIntegration)
2. Add a router in data-api/app/api/
3. Create an Alembic migration
4. Write a skill in skills/ to teach agents the new endpoints
5. Add tests

See docs/DEVELOPMENT.md for step-by-step instructions.

Modify agents

Edit config/openclaw.json to change models, tool permissions, cron schedules, or channel settings.

---

Development

make help          # Show all available commands
make dev           # Start all services
make test          # Run 113 tests
make lint          # Ruff linter
make format        # Ruff formatter
make health        # Check all services
make logs          # Follow logs
make backup        # Encrypted database backup
make security      # Trivy vulnerability scan

---

Documentation

Document	Description
Setup from Scratch	Complete guide from zero to running (779 lines)
OpenClaw Guide	How OpenClaw works + how to add Aegis features to any installation
Deployment	Production deployment checklist
Development	Developer guide: adding integrations, skills, hooks
Troubleshooting	Common issues and fixes
Security	Threat model, encryption, vulnerability reporting
Features	Complete feature map (what moved where in the rebuild)
Contributing	How to contribute
CLAUDE.md	AI-assisted development reference

---

Contributing

We welcome contributions. See CONTRIBUTING.md for guidelines.

# Before submitting a PR
make lint test

---

License

MIT