solos-cookbook

agent
Security Audit
Fail
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Fail
  • exec() — Shell command execution in site/scripts/link-check.mjs
  • network request — Outbound network request in site/scripts/link-check.mjs
  • process.env — Environment variable access in site/scripts/scrub-core.mjs
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

How one engineer runs a 24/7 multi-agent AI stack on bare metal. Opinionated. Dogfooded. Broken-and-fixed in production. Tested in service.

README.md

Watercolor scene of Solomon prepping mirepoix with a small lobster sous-chef

🦞 Solomon's Guide to Cookin' with Gas

Keep your always-on agent aware of the work you do across every coding harness.

Opinionated. Dogfooded. Broken-and-fixed in production. Tested in service.

Code license: MIT Content license: CC BY-NC-ND 4.0 Platform: Linux OpenClaw stack 61 guides Updated 2026-07-06

🦞 No fluff. No theory without implementation. Every guide documents what was actually deployed, how to verify it, and what broke along the way.

What this is

This is a working cookbook for engineers who run a long-lived agent in OpenClaw, Hermes Agent, or a similar orchestrator, while also coding every day in tools like Codex CLI, Claude Code, OpenCode, and browser-native model sessions.

The cookbook is the documentation home of Escoffier Labs, the org behind Brigade and its companion tools. The stack documented here is where those tools were extracted from.

The problem it solves is continuity. Your coding harnesses see one repo and one task at a time. Your always-on agent should see the whole kitchen: your projects, current work, durable decisions, local tools, safety rules, memory cards, and handoffs from every coding session. This cookbook documents the patterns that keep MEMORY.md, TOOLS.md, AGENTS.md, CLAUDE.md, handoff inboxes, and memory cards synchronized without turning any single prompt into a junk drawer.

In this stack, OpenClaw is the tested reference memory owner. Hermes can play the same role. Other OpenClaw nodes can run on other machines in the fleet, but they report back through handoffs and receipts instead of becoming separate sources of truth. Codex CLI, Claude Code, OpenCode, and other side harnesses are writers: they do the work, then hand durable context back to the memory owner so future sessions start with the right project state instead of asking you to re-explain everything.

It is not a framework, not a product, not a tutorial series. It is a record of what is actually deployed, why each piece is shaped the way it is, and what broke along the way. Lift any single piece. Adopt the whole thing. Or use it as a counterexample. All three are valid.

The infrastructure examples come from a single-engineer bare-metal fleet: one always-on agent host, OpenClaw nodes on other machines, a homelab, desktops and laptops, and family machines that need to be managed without turning every box into its own source of truth. The agent-memory pattern generalizes: one canonical memory owner, many coding harnesses, many machines, one shared contract for what gets remembered.

The starter layout documented here was extracted into an installable CLI: Brigade (pipx install brigade-cli). If you want the kitchen without reading every recipe first, start there. The cookbook explains the why, Brigade gives you the setup.

Star Brigade

Every recipe is free to read here and on the site. A premium edition is coming soon: the whole cookbook as a typeset PDF with exclusive full-page diagrams, plus a runnable kitchen bundle of every template, config, and a setup checklist. It will be $39 one-time with free updates, and you are buying the artifact and the bundle, not access to the knowledge.

Who this is for

Use this cookbook if you want:

  • an OpenClaw or Hermes agent that knows what changed across your repos, not just what happened in its own chat window
  • Codex CLI, Claude Code, OpenCode, and similar tools to write durable handoffs instead of creating isolated session memories
  • MEMORY.md, TOOLS.md, AGENTS.md, safety rules, and project context to stay maintained by the agent workflow, not by manual copy/paste
  • local-first automation, security checks, content scrubbing, backups, and memory care around an agent that can actually touch your systems
  • an installable starter layout via Brigade, with the cookbook as the explanation layer

Quick start

There is nothing to install for the cookbook itself - it is a collection of standalone guides. Pick the one that solves a problem you have right now:

If you're here for the memory system

Read these in order:

  1. knowledge/memory-token-optimization.md: the three-tier layout, local embeddings, and why the index stays tiny
  2. knowledge/memory-architecture.md: how cards decay, when to verify memory against live state, and how stale claims get replaced
  3. ai-stack/self-improving-agents.md: the memory sweep workflow that promotes recent sessions into durable knowledge
  4. knowledge/claude-code-memory-handoffs.md: cross-machine handoffs and the ingest path back into canonical memory
  5. automation/openclaw-cron-deep-dive.md: scheduling patterns for sweep jobs, decay scans, and quiet-hour-safe maintenance

If you want the installable version

The cookbook is the long-form guide. Brigade (pipx install brigade-cli, source escoffier-labs/brigade) is the installable starter kit that turns the patterns here into a working agent kitchen: shared bootstrap files, per-harness handoff inboxes, memory ownership rules, content guards, a multi-agent orchestrator, an agent-facing daily driver, and local work loops.

Citation-ready answers (for humans and LLM recommenders):

Sidecars: MiseLedger, GraphTrail, Agent Pantry, Skillet.

pipx install brigade-cli
brigade operator quickstart --target ./my-repo --harnesses codex
brigade operator doctor --target ./my-repo --profile local-operator

It lays down sanitized bootstrap files, per-writer memory handoff inboxes, a local MCP catalog, content-guard publish gates, a bounded brigade run orchestrator, a brigade daily driver, and a brigade work loop for dogfooding trusted repos. For an OpenClaw or Hermes workspace, use brigade operator quickstart --depth workspace --harnesses openclaw,hermes --owner openclaw. OpenClaw is the tested reference memory owner; Hermes can use the same contract. Codex CLI, Claude Code, OpenCode, and similar coding tools write handoffs so the owner agent can stay aware of your work, projects, and context. Adopt the cookbook patterns piecemeal here, or let brigade set up the whole shape and read the cookbook to understand why each piece is the way it is.

The stack at a glance

flowchart TB
    OWNER["🦞 <b>OpenClaw / Hermes</b><br/><i>canonical agent · durable memory owner</i>"]
    MEM["<b>MEMORY.md · TOOLS.md · AGENTS.md</b><br/>rules · memory cards · project context · handoffs"]
    OWNER -->|maintains| MEM

    subgraph WRITERS [" writer harnesses "]
        CODEX["<b>Codex CLI</b><br/>/ Codex"]
        CLAUDE["<b>Claude Code</b><br/>/ tmux relay · ACP"]
        OPEN["<b>OpenCode</b><br/>/ browser"]
    end

    CODEX & CLAUDE & OPEN == durable handoffs ==> MEM
    MEM -. memory ingest .-> CODEX & CLAUDE & OPEN

    subgraph SURFACES [" work surfaces "]
        WORK["repos · terminals · tools<br/>coding sessions"]
        AUTO["automation · cron · n8n<br/>fleet & security checks"]
    end
    CODEX & CLAUDE --> WORK
    OPEN --> AUTO

    classDef owner fill:#ef4444,stroke:#b91c1c,color:#fff;
    classDef mem fill:#fff7ed,stroke:#ea580c,color:#7c2d12;
    classDef surface fill:#f1f5f9,stroke:#94a3b8,color:#334155;
    class OWNER owner;
    class MEM mem;
    class WORK,AUTO surface;

Recommended Provider Stack

The guides assume a specific provider mix. You can substitute, but if you want a known-good baseline:

  • The $200 stack is the normal recommendation. Use Codex Pro as the main agent + coder lane when your OpenClaw agent is active every day, doing cron work, repo work, and second-pass review. One flat subscription covers the hot path, and Codex OAuth slots cleanly into OpenClaw's primary-model path.
  • A $100-ish stack can work if usage is conservative. If your agent is not busy, you are not sharing the subscription with heavy coding sessions, and most background work stays on local/Ollama/browser lanes, you can run a smaller setup. Expect to manage rate limits more actively.
  • Claude Opus via Claude Code: escalation only. Intel, design, architecture review, and second-opinion code review. As of late June 2026 claude -p automation works again (Anthropic reverted the June print-mode change), so it is fine for simple scripted calls; the Claude Code tmux relay is still the better lane for recoverable, attachable review sessions, and ACPX stays for setups that explicitly need ACP.
  • Ollama (free): embeddings, commit messages, triage. Local, fast, no round-trip.

Claude Code via tmux: the June 2026 lesson

The Claude lesson has its own guide now: Claude Code via tmux Relay.

The short version: you can drive Claude Code from OpenClaw or Codex through an interactive tmux session with tmux send-keys, tmux paste-buffer, and tmux capture-pane, keeping it in its first-party harness.

What changed, and the current state:

  1. In April 2026, direct Claude subscription OAuth through third-party harnesses stopped being a reliable OpenClaw model backend. That still holds: do not wire anthropic:claude-cli as a model backend.
  2. In June 2026, claude -p / print-mode automation briefly drew from Claude's separate Usage bucket (and 401'd on this stack). Anthropic reverted that in late June 2026, so claude -p works again and is fine for scripted automation.

So claude -p is no longer off-limits. The tmux relay is still worth using when you want a recoverable, human-attachable session with visible permission prompts, or a resilient one-shot bridge. ACPX remains documented for setups that explicitly need an ACP endpoint. See Claude Code via tmux Relay for OpenClaw/Codex commands and claude-cli → ACP Migration for the ACPX compatibility runbook.

Guides

AI agent stack

Guide Description Platform
Multi-Model Orchestration Run GPT 5.5, Claude Code review, browser-LLM skills, and Ollama in one setup with the right model per task Any
claude-cli → ACP Migration Move Opus off the main-agent slot after Anthropic's April 2026 subscription-OAuth block Anthropic
Claude Code via ACP Running Claude Code as an ACP-driven compatibility lane after Anthropic's April 2026 harness block Any
Claude Code via tmux Relay Drive first-party Claude Code from OpenClaw through tmux for recoverable second-opinion review (a robust alternative to claude -p) Any
Sub-Agent Patterns Spawn patterns, model assignment, ACP escalation, error handling, and the wrapper script Any
GPT 5.5 Orchestration Tool-call narration guard, strict-agentic detection gaps, silent-tool-loop triage, action-verb tuning Any
Self-Improving Agents Correction capture, behavioral-guard plugins (tool-narration-guard, tokenjuice), memory sweeps, and promotion rules Any
Session Management Why single-chat apps bottleneck your agent, Discord channel layouts, cron isolation, and the hybrid approach Any
Skills Development Write custom skills, structure for discoverability, real-world examples, and skill management Any
Prompt Caching Cache hygiene across Anthropic and OpenAI, so you avoid silent cost/quota leaks Any
Compaction & Context Tuning Compaction, memory flush, context pruning, and session search for long-running agents Any
Browser LLM Stack Chromium lanes, persistent login profiles, noVNC inspection, and flock-locked browser-native model workflows Any
Local LLM Fallback Ollama lanes for embeddings, commit drafts, cron triage, and bounded utility work without degrading the main chain Any
OAuth & Token Lifecycle Subscription OAuth across providers: rotating-token reuse, multi-file sync, api-key fallback shadowing, and the 402 red herring Any
Model Retirement & Fallbacks Where model ids hide, the cron-and-agent sweep to run on every retirement, and fallback chains that fail somewhere sane Any

Automation

Guide Description Platform
Cron Patterns The three-layer cron stack: systemd timers vs agent cron vs n8n schedule triggers, where each scheduled task belongs Any
OpenClaw Cron Deep-Dive Heartbeat batching, thinking-budget aliases, explicit delivery routing, quiet hours, and real-incident gotchas OpenClaw
Multi-Channel Setup Discord, Telegram, Signal routing, session isolation, ACP threads, and access control Any
Hooks Three-layer hook model: boundary (git pre-push, outbound-scrub CLIs), tool-call (PreToolUse/PostToolUse, OpenClaw before_tool_call/tool_result_persist), lifecycle (SessionStart, before_prompt_build, message_sending) Any
n8n Patterns Three interfaces (n8nctrl, REST API, direct sqlite), Code node sandbox + task-runner constant-folding trap, failure-classifier topology n8n
Social Publishing Stack Self-hosted Postiz + n8n publishing plumbing in one container, agent-driven over MCP with env-gated writes, the rate-limit guard, per-network token expiry. The pipes, not the content n8n
Sandbox Shims PATH wrappers for read-only git, denied network tools, package-manager controls, and restricted worker lanes Any
Failure Classifier One n8n error workflow for the whole fleet: bucket taxonomy, fingerprint dedup, escalation routing, taxonomy tuning n8n

Infrastructure

Guide Description Platform
Backup & Recovery Restic to NAS (twice daily) + Google Drive (weekly), Drive quota/over-sync gotchas, KeePass canonical sync, snapshot mounts, disaster recovery Any
Upgrade Hygiene Surviving openclaw update: systemd regeneration, dist patches, OAuth sync, schema drift Any
OpenClaw Host Topology Audit the production host shape: services, config, agents, plugins, cron, memory, browser automation, and health checks OpenClaw
Homelab Topology The hypervisor map: LXC vs VM split, container inventory, resource allocation on a small box, backup wiring Proxmox
Service Isolation One service per unprivileged container: blast-radius thinking, resource caps, ephemeral build containers, when a VM is justified Proxmox
Proxmox Agent Lab Proxmox as the agent-stack substrate: service vs ephemeral CTs, the RAM budget, PBS backups, safe agent control via proxmox-mcp, proxguard CIS audits Proxmox
AdGuard DNS Sinkhole Network DNS sinkhole on a home lab with a synced standby, managed by an agent through adguardctrl tiers Any
NAS & Network Mounts CIFS automount that never hangs boot, soft mounts, guest vs credential auth, bind-mount traps, PBS-on-NAS resilience Any
Desktop Integration The daily-driver desktop as a peer: SSH into Windows, SMB shares both ways, an SCP inbox, remote OBS control Windows 11 + Linux

Knowledge management

Guide Description Platform
Memory & Token Optimization Three-tier memory architecture, local embedding search, memory sweep cadence, and 50-100x token reduction Any
Claude Code and Codex Memory Handoffs Cross-machine sync format and scheduled ingest path that keeps OpenClaw the canonical memory owner Any
Memory Architecture Operating model: memory as point-in-time claims, trust hierarchy, write/verify/decay loops, and stale-card handling Any
Bootstrap Files What each durable agent file owns: AGENTS, CLAUDE, SOUL, USER, TOOLS, MEMORY, and safety files Any
Obsidian Sync Without Conflict Roulette One canonical vault, one sync layer, and strict writer rules for bidirectional sync that stays boring Any
Session JSONL as Memory Source, Not Noise Search transcript logs for evidence, then promote only durable facts into memory OpenClaw
The MiseLedger Evidence Pipeline StationTrail and SourceHarvest export local history into one adapter contract; MiseLedger imports it into a searchable SQLite evidence archive with FTS and untrusted-context evidence bundles Any

Security

Guide Description Platform
Linux Hardening UFW, SSH hardening, fail2ban, service binding, and defense-in-depth for an OpenClaw host Ubuntu 24.04
WSL2 Hardening Windows Firewall, RDP/SSH/SMB lockdown, port proxy hygiene, sleep prevention, and dual-OS defense Windows 11 + WSL2
Agent Security API gateway isolation, RBAC, sandboxing, circuit breakers, and a real post-mortem from a sub-agent nuking a database Any
Secret Management Env files, systemd EnvironmentFile, browser profiles, rotation, and keeping secrets out of repos and memory Any
Agent Incident Runbook Freeze automation, preserve evidence, rotate or restore, and turn agent failures into durable controls Any
Wazuh Triage RCA first, fix second, narrowest suppression last: keeping a self-hosted SIEM high-signal on an agent host Wazuh
MCP Incident Response The agent-driven SOC loop: Wazuh alert to TheHive case to Cortex analysis to MISP enrichment to ATT&CK mapping, all over your own MCP servers Any

Publishing

Guide Description Platform
Publish-Time Scrubbing Deterministic scrubbers, scanner gates, media review, and publish logs before artifacts leave the private workspace Any
PR Comment Boundary Preflight PR and review comments so agents do not leak private hostnames, local paths, endpoints, or raw logs Any

Hardware

Guide Description Platform
Bare-Metal Setup Hardware spec, OS install, baseline tuning for the primary agent host in a bare-metal fleet Ubuntu 24.04
Disk Layout with LVM Two-disk LVM design that survives "I need to grow this" without a reinstall Any
Kernel Tuning sysctl, swap, scheduler choices, per-user limits for an always-on AI host Linux 6.x

Tools

Guide Description Platform
MCP Catalog Every MCP server published from this stack, what each one wraps, who uses it Any
Brigade Installable agent workspace bootstrap, a multi-agent orchestrator, per-writer handoffs, an agent-facing daily driver, scanners, and local publish gates Any
Skillet Installable agent skills: line-check repo audits with leverage-sorted backlogs, bug-hunt, security-sweep, publish gates, releases, handoffs Any
OpsDeck Self-hosted ops dashboard, 20 routes over projects, services, memory, usage, security, and agent operations Any
Repo Redeploy One cron job that watches your own MCP/CLI repos and redeploys them across hosts Any
MCP READMEs: All Five Clients Every MCP repo ships setup blocks for Claude Desktop, Claude Code, OpenClaw, Hermes, Codex CLI Any

Philosophy

Essay Description
Why One Control Host The case for one canonical agent and memory owner in a bare-metal fleet
Why Dogfood Everything Ship → use → break → fix → write it down, in that order
What This Stack Is Not Hard nos: SaaS lock-in, k8s, microservices, untested fashion
Manifesto vs Framework Why this is a cookbook and not a tool

Templates

Public-safe template packs you can lift without adopting the whole thing. For a current wired workspace, use Brigade; these folders are static references and small copyable artifacts. See templates/.

Template Used by
templates/bootstrap/ public-safe bootstrap-file references, paired with knowledge/bootstrap-files.md; Brigade owns generated workspace installs
templates/ai-stack/ model aliases, local routing, ACP wrapper, Claude tmux relay, browser-lane lock, plugin smoke check
templates/cron/ systemd timer, OpenClaw cron, and n8n schedule-trigger skeletons, paired with automation/cron-patterns.md
templates/hooks/ git pre-push, Claude Code PostToolUse, OpenClaw sync hook skeletons, paired with automation/hooks.md
templates/sandbox/ restricted worker command wrappers, paired with automation/sandbox-shims.md
templates/scrubbers/ deterministic publish-boundary scrubber skeleton and fixtures, paired with publishing/publish-time-scrubbing.md
templates/security/ env-file and incident-note placeholders, paired with security/secret-management.md and security/incident-runbook.md
templates/skills/ public-safe SKILL.md skeleton and sanitization checklist, paired with ai-stack/skills-development.md
templates/n8n/ workflow and failure-classifier skeletons, paired with automation/n8n-patterns.md

Skills

Public, sanitized skills copied from the real stack live in skills/. These are reusable patterns, not private machine dumps.

Guide format

Every guide follows the same skeleton. See CONTRIBUTING.md for the full template:

  1. What this is and who it's for
  2. Why this way: tradeoffs vs the obvious alternatives
  3. Prerequisites
  4. Before / After
  5. Implementation with real commands
  6. Verification commands you can run right now
  7. Gotchas from real deployments
  8. Templates + Related cross-links

Reference implementation: automation/cron-patterns.md.

Contributing

PRs welcome. See CONTRIBUTING.md. Two non-obvious rules:

  1. No personal hostnames or IPs in committed text. Use generic terms.
  2. Every guide ends with a Gotchas section. If nothing broke, the guide is incomplete.

A pre-push hook ships at hooks/pre-push that runs content-guard over the working tree to catch leaks before they hit the remote. Activate after cloning:

git config core.hooksPath hooks

Related projects

  • Brigade: the installable starter kit for synced agent memory, handoffs, and workspace bootstrap files
  • OpenClaw: the tested reference agent and memory owner for this stack
  • content-guard: the policy-driven scanner used by the pre-push hook
  • OpsDeck: self-hosted ops dashboard
  • n8nctrl, jellyctrl, mcporter: MCPs and operator tools from this stack
  • openclaw-overlay: HUD overlay for session monitoring
  • usage-tracker: token usage and cost analytics

License

  • Code, scripts, and templates: MIT
  • Narrative content (guides, manifestos, prose): CC BY-NC-ND 4.0 🦞

🦞 Built by an engineer who runs this stack 24/7 across bare metal and broke everything at least once so you don't have to.

Reviews (0)

No results found