Author: xiyu
If you don't want to read, you can send it directly to your OpenClaw
One Person + OpenClaw = A Management Team
Build a full-stack management system for a one-person company with open-source AI Gateway
Single-Person Companies Before the AI Era
If you are running a one-person company or independent business, it probably looks like this: mornings for reconciliation, afternoons for writing proposals, evenings for handling compliance documents, and in between, responding to client messages, checking server status, and updating data reports.
You are not doing one job; you are doing five jobs at the same time.
Most people's first reaction is to find an AI chatbot for help. ChatGPT, Claude, can indeed answer questions and write documents. But after a period of use, you will find that—chatbots solve "Q&A" problems, not "management" problems.
What you need is not a smarter assistant, but an AI management layer: one that can delegate, remember context, automatically execute tasks, and consult you when necessary.
This article shares my complete thoughts and pitfalls experience on building a full-stack management system for a one-person company using OpenClaw (an open-source AI Gateway). It is not a proof of concept; it is a system that is running in practice.
Why OpenClaw
Advantages of OpenClaw:
Open source, self-hosted—All data is on your own machine, not passing through third parties
Native multi-Agent—Different Agents have independent personality files (SOUL.md), tool permissions, and memory spaces
Discord integration—Channels serve as departments, sending messages is like issuing commands, serving as a natural management interface
Persistent operation—Not a workflow that ends after one run, but a 7×24 online Gateway
The most crucial point: channel = department, message = command. This model is inherently suitable for management scenarios. If you say "monthly expenditure summary" in the #accounting channel, the accounting Agent will respond automatically; if you say "check server status" in the #ops channel, the operations Agent will take over. There's no need to remember any command syntax; it’s as natural as sending messages to subordinates.
Multi-Agent Architecture Design
Role Assignment
My system currently includes the following roles:
CTO Agent—Technical lead, system architecture, code, deployment, tool development
Accounting Agent—Bookkeeping, reconciliation, monthly settlement, report generation
Business Agent—Client communication, order tracking, quote management
Compliance Agent—Regulatory checks, file archiving, periodic scanning
Monitoring Agent—System heartbeat, exception alerts, resource monitoring
Phased Activation
Here is an important design philosophy: do not activate all Agents at the beginning.
When the business volume is small, having the CTO act in the roles of accounting and compliance is sufficient. As the business volume increases, gradually split them:
Phase A (Startup Phase): CTO wears multiple hats, other Agents are dormant
Phase B (Stabilization Phase): Activate accounting + compliance, CTO focuses on technology
Phase C (Expansion Phase): All agents online, each performing their duties
Stage transitions can be triggered by scheduled tasks automatically detecting trigger conditions (e.g., monthly transaction volume exceeding a threshold) or manually. The key is to build the architecture first and activate as needed.
Channel Routing
#cto-office → CTO Agent
#accounting → Accounting Agent
#compliance → Compliance Agent
#ops-monitor → Monitoring Agent
#general → All Agents can see, respond as needed
The configuration file of OpenClaw can specify which channels each Agent listens to. Messages come in and are automatically routed, no need to manually @.
Decision Authority Matrix
This is one of the most important designs of the entire system:
Within the guardrails → Agent executes autonomously, records afterwards
Outside the guardrails → Agent pauses, @the boss requests a decision
Uncertain → Treated as outside guardrails, better to ask once more
For example:
Record a routine expense → Within guardrails, executed automatically
Delete a database record → Outside guardrails, must confirm
Encounter an unfamiliar tax classification → Uncertain, report up
Key principle: An Agent should never act on its own under uncertain circumstances. The cost of rectifying a mistake is much higher than the communication cost of asking once more.
Data Architecture
Single Data Source
All business data is stored in a local SQLite database. Why not use MySQL or PostgreSQL? Because a one-person company does not need concurrency, SQLite is zero configuration, zero maintenance, one file does it all, and backup is simply copying the file.
~/.openclaw/data/main.db
├── transactions # Transaction records
├── clients # Client information
├── documents # Document index
├── audit_log # Audit log
└── ...
Unified Operation Layer
All database operations must be done through a unified operation script (e.g., db_ops.py), direct SQL writing is prohibited. Benefits:
Automatic auditing—Every operation is automatically recorded: who, when, what was done, what was changed
Uniform format—There won’t be issues where one Agent uses one format and another uses a different one
Permission control—Can intercept unauthorized operations at the operation layer
Notion Mirror Backup
SQLite is the data source, but it is not convenient for humans to browse. So I use Notion to create a visual mirror:
Real-time sync: Key operations (new transactions, status changes) trigger instant sync
Daily assurance: Full verification daily at 23:00, ensuring no omissions
Read-only mirror: Notion can only view, not edit, avoiding the nightmare of two-way sync
Multi-Language Export
If your business involves multi-language scenarios, you can do language adaptation at the export layer:
db_ops.export_csv() # Chinese version
db_ops.export_csv() # English version
db_ops.export_csv() # Bilingual comparison
Column names, category names, status tags are all maintained in the mapping table in the configuration file, automatically translated during export.
Memory System
Dual-Layer Memory Architecture
Working memory has a capacity limit (e.g., 200 rows), once exceeded it must be eliminated. Long-term memory is theoretically infinite, but the quality of retrieval will decline as the volume of data increases, requiring regular cleaning.
Forgetting Curve: Expiration Mechanism Based on Reference Date
Each memory comes with a ref (reference date), recording the last time it was actually used. Note: Auto-loading does not count as referencing; it must be actually used in responses to count.
- [2025-01-15][ref:2025-02-20] Payment cycle of vendor A is Net 30
- [2025-01-15][ref:2025-01-15] A temporary memo (not used for a month, about to expire)
Expiration rules:
High-priority memory: Eliminated if ref exceeds 90 days
Temporary memo: Eliminated if ref exceeds 30 days
Core identity information: Never eliminated
Confidence Score
Not all memories are equally trustworthy. I assign a confidence score to each memory:
Source pricing (at the time of writing):
User confirmation → 0.95
Manual entry → 0.85
Automatically extracted from logs → 0.50
Time decay: Memories not hit for over 60 days will have confidence multiplied by 0.95 each day
Search enhancement: Each time hit in a search, confidence is multiplied by 1.05 (limit of 0.95)
Automatic deletion: Delete when confidence falls below 0.1
Why outdated memories are more dangerous than no memories
This is a hard lesson learned. With no memory, the Agent will say "I don't know," and then you go check. But if the Agent holds onto outdated information (like prices from three months ago, or regulations that have been repealed), it will confidently give you an incorrect answer, and you might not verify.
Outdated memories are toxic caches. Hence, forgetting mechanisms are not optional; they are essential.
Automated Operations and Maintenance
Examples of Scheduled Tasks
cron:
- name: monthly-settlement
schedule: "0 10 1 * *" # At 10 AM on the first of every month
action: Monthly settlement summary
- name: compliance-scan
schedule: "0 9 * * 1" # Every Monday at 9 AM
action: Compliance scan
- name: system-healthcheck
schedule: "*/30 * * * *" # Every 30 minutes
action: System heartbeat check
- name: data-sync
schedule: "0 23 * * *" # Daily at 23:00
action: Sync data to Notion
- name: memory-cleanup
schedule: "30 23 * * *" # Daily at 23:30
action: Clean expired memories
Heartbeat Monitoring
Every 30 minutes, the monitoring Agent checks the system status: whether the Gateway is online, disk space, database integrity. Alerts are sent through Discord in case of exceptions.
Automatic Upgrade Detection
Regularly check if there is a new version of OpenClaw, notify you if there is, but do not upgrade automatically (upgrading is considered an "outside guardrail" operation).
Security Design
In a one-person company's AI system, security design cannot be neglected. Because if something goes wrong, there is no one else to back you up.
Confirmation for Sensitive Operation Buttons
All dangerous operations (deleting, modifying critical configurations, executing shell commands) must pop up a confirmation button:
⚠️ Confirm execution?
Operation: Delete archived data for 2024
Impact: Irrecoverable
[✅ Confirm] [❌ Cancel]
It is not a text confirmation but an interactive component button on Discord. To prevent the Agent from "clicking confirm" on its own.
Command Whitelisting + Tiered Control
? Free execution: ls, cat, head, tail, sqlite3 (read-only)
? Requires logging: python3, node, file writing operations
? Requires confirmation: rm, chmod, network requests, database writing
⛔ Absolutely forbidden: sudo, modifying system files, accessing sensitive directories
Honeypot File Detection
Place several "honeypot files" in sensitive directories. If an Agent tries to access these files, it indicates it may have been prompted injected, immediately trigger an alert and pause that Agent.
PII Audit Scanning
Regularly scan all Agents' output logs for accidental leaks of personally identifiable information (PII). Once discovered, alert + automatic masking.
Pitfall Experiences
Mac Sleep Issues for Server
If you run OpenClaw Gateway on a Mac, you must address the sleep issue. By default, Macs will sleep when idle, causing the Gateway to disconnect. Solutions:
# Disable sleep (requires sudo)
sudo pmset -a sleep 0 displaysleep 0 disksleep 0
# Or use caffeinate to keep awake
caffeinate -s &
But be aware of heat dissipation and electricity costs; for long-term running, consider a low-power Linux device.
Balancing Exec Permissions
Giving Agents too much exec permission may cause them to misoperate and crash the system; too little, and many automation tasks won't run. My experience is:
Default to minimum permissions
Open as needed, record the reason for each opening
Use whitelisting instead of blacklisting
Session Disconnection After Gateway Restart
After restarting the OpenClaw Gateway, previous conversation sessions will be lost. If you have long tasks that rely on session context, either design for breaking resuming or write critical context to a file.
Various Limitations of Notion API
Limited number of requests per minute (rate limit)
Maximum text length for a single block (2000 characters)
Some rich text formats are not supported
Changing database property types can cause sync script errors
Recommendation: Ensure that sync scripts have error handling and retry logic; do not assume that API calls will always succeed.
Configuration merging can only append, not replace
The configuration file merging logic of OpenClaw is additive, not substitutional. This means that if the same field is defined in both local and global configurations, the result is merged rather than overwritten. After hitting a pitfall, I learned: define critical configurations in one place, avoid scattering them.
Running a company alone, the biggest bottleneck is not ability, but bandwidth. You cannot be proficient in accounting, law, technology, and business while ensuring that nothing goes wrong.
One Person + A Well-Designed AI System = A Complete Management Team.
But the key word is "well-designed." This means:
Clear permission boundaries—Agents know what they can do, what they cannot do, and what they need to ask
Data flow is traceable—Every operation has a record, problems can be traced
Security is uncompromising—Honeypots, whitelisting, PII scanning, all cannot be lacking
Memories will expire—Outdated information is more dangerous than having no information
Phased evolution—Don’t strive for too much, activate as needed, keep the system simple
This is not a story about "using AI to replace people" but a practice of "using AI to allow one person to manage a workload."
The system is still in continuous iteration, but the core architecture has been running stably for some time. If you are also considering using AI to manage your independent business, I hope these experiences are helpful to you.
Tech Stack: OpenClaw + SQLite + Notion + Discord + Python
Applicable Scenarios: one-person companies, independent developers, freelancers, small studios
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
