My one-person OpenClaw company architecture v1.0 delegates all company accounting, compliance, and operations to AI.

Author: xiyu

If you don't want to read it, you can send it directly to your OpenClaw account.

One person + OpenClaw = a management team

Building a full-stack management system for a one-person company using open-source AI Gateway

Before the AI era, single-person companies

If you are running a one-person company or an independent business, the rhythm is probably like this: reconcile accounts in the morning, write proposals in the afternoon, process compliance documents in the evening, and in between, you also need to reply to customer messages, check server status, and update data reports.

You're not doing one job, you're doing five jobs at the same time.

Most people's first reaction is to find an AI chatbot for help. ChatGPT and Claude can indeed answer questions and write documents. But after using them for a while, you'll find that chatbots solve "question-answering" problems, not "management" problems.

What you need is not a smarter assistant, but an AI management system: capable of assigning tasks, remembering context, executing tasks automatically, and consulting you when necessary.

This article shares my complete thought process and experiences in building a full-stack management system for a one-person company using OpenClaw (an open-source AI Gateway). It's not a proof of concept, but a system that's actually running.

Why OpenClaw?

Advantages of OpenClaw:

Open source, self-hosted – all data resides on your own machine, without passing through a third party.
Native multi-agent architecture – different agents have independent personality files ( SOUL.md ), tool permissions, and memory space.
Discord integration – channels are departments, sending messages is issuing commands, a natural management interface.
Persistent operation – not a workflow that runs once and then ends, but a gateway that is online 24/7.

The most crucial point: Channel = Department, Message = Command. This model is naturally suited for management scenarios. If you say "Summary of this month's expenses" in the #accounting channel, the accounting agent will respond automatically; if you say "Check server status" in the #ops channel, the operations agent will take over. No need to remember any command syntax; it's as natural as sending a message to a subordinate.

Multi-Agent Architecture Design

Division of labor

My system currently has these roles planned:

CTO Agent – Technical Lead, responsible for system architecture, code, deployment, and tool development.
Accounting Agent – Bookkeeping, Reconciliation, Monthly Settlement, Report Generation
Business Agent – Customer communication, order tracking, and quote management
Compliance Agent – Regulatory review, document archiving, regular scanning
Monitoring Agent – System heartbeat, anomaly alerts, resource monitoring

Phased activation

Here's a very important design principle: Don't activate all agents at the beginning.

When business volume is low, it's sufficient for the CTO to handle accounting and compliance responsibilities. As business volume increases, these responsibilities can be gradually broken down.

Phase A (Initial Stage): CTO holds multiple roles, other agents are dormant.

Phase B (Stable Period): Activate Accounting and Compliance, CTO Focuses on Technology

Phase C (Expansion Phase): Everyone goes live, each performing their duties.

Phase switching can be automated using scheduled tasks to detect triggering conditions (such as the number of monthly transactions exceeding a threshold), or it can be done manually. The key is to build the architecture first, and then activate it as needed.

Channel Routing

#cto -office → CTO Agent

#accounting → Accounting Agent

#compliance → Compliance Agent

#ops -monitor → Monitoring Agent

#general → Visible to all agents, responds on demand.

The OpenClaw configuration file allows you to specify which channels each agent listens on. Messages are automatically routed upon arrival, eliminating the need for manual @ gestures.

Decision Authority Matrix

This is one of the most important designs in the entire system:

Inside the fence → Agent executes autonomously, with post-event logging.

Outside the guardrail → Agent paused, @boss requesting decision.

Uncertain → Consider it outside the guardrail; it's better to ask again.

For example:

Record a routine expense → Inside the guardrail, execute automatically.
Deleting a database record → Outside the guardrail, confirmation is required.
Encountering an unfamiliar tax category → Unsure, report.

Key principle: An agent should never act on its own initiative when uncertain. The cost of correcting a mistake far outweighs the cost of asking a question.

Data Architecture

Single data source

All business data is stored in a local SQLite database. Why not use MySQL or PostgreSQL? Because a one-person company doesn't need concurrency. SQLite requires zero configuration, zero maintenance, and only one file is needed; backups are simply file copies.

~/.openclaw/data/main.db

├── transactions # Transaction records

├── clients # Client information

├── documents # Document Index

├── audit_log # Audit log

└── ...

Unified Operation Layer

All database operations must be performed through a unified operation script (such as db_ops.py), prohibiting direct SQL writing. Benefits:

Automated auditing – Every operation is automatically recorded: who, when, what was done, and what was changed.
Uniform format – This prevents the issue of one agent using one format while another uses a different format.
Access control – Unauthorized operations can be intercepted at the operational level.

Notion Mirror Backup

SQLite is a data source, but it's not user-friendly. Therefore, I used Notion to create a visual mirror:

Real-time synchronization: Key operations (adding a transaction, changing status) trigger instant synchronization.
Daily backup: A full verification is performed every day at 23:00 to ensure nothing is missed.
Read-only mirror: Notion allows viewing but not modification, avoiding the nightmare of bidirectional synchronization.

Multilingual export

If your business involves multilingual scenarios, you can perform language adaptation in the export layer:

db_ops.export_csv() # Chinese version

db_ops.export_csv() # English version

db_ops.export_csv() # Bilingual translation

Column names, category names, and status labels are all mapped in the configuration file and are automatically translated during export.

Memory system

Dual-layer memory architecture

Working memory has a capacity limit (e.g., 200 lines), and once it exceeds this limit, it needs to be discarded. Long-term memory is theoretically unlimited, but its retrieval quality decreases as the amount of data increases, requiring periodic cleanup.

Forgetting Curve: Expiration Mechanism Based on Reference Date

Each memory entry includes a ref (reference date), recording the last time it was actually used. Note: Autoloading does not count as a reference; only entries actually used in a reply are considered references.

- [2025-01-15][ref:2025-02-20] Supplier A's payment cycle is Net 30

- [2025-01-15][ref:2025-01-15] A temporary memo (not used for a month, about to expire)

Expiration rules:

High-priority memory: references expire after 90 days.
Temporary note: references expire after 30 days.
Core identity information: Never eliminated

Confidence score

Not all memories are equally reliable. I assigned a confidence score to each memory:

Source pricing (at write time):

User confirmed → 0.95
Manual entry → 0.85
Automatically extract from logs → 0.50

Time decay: ref memories that haven't been hit for more than 60 days, confidence multiplied by 0.95 per day.

Search enhancement: Each time a search result is found, the confidence level is multiplied by 1.05 (maximum 0.95).

Automatic deletion: Delete when confidence level is below 0.1.

Why are outdated memories more dangerous than no memories at all?

This is a lesson learned the hard way. Without memory, the agent will say "I don't know," and you'll have to look it up. But if the agent remembers outdated information (like a price from three months ago or a repealed regulation), it will confidently give you a wrong answer, and you might not even bother to verify it.

Outdated memories are like toxic caches. Therefore, forgetting mechanisms are not optional, but essential.

Automated Operation and Maintenance

Example of a scheduled task

cron:

- name: monthly-settlement

schedule: "0 10 1 * *" # 10 AM on the 1st of every month

action: Monthly settlement summary

- name: compliance-scan

schedule: "0 9 * * 1" # Every Monday at 9 AM

Action: Compliance Scan

- name: system-healthcheck

schedule: "*/30 * * * *" # Every 30 minutes

action: System heartbeat check

- name: data-sync

schedule: "0 23 * * *" # 11 PM every day

action: Synchronize data to Notion

- name: memory-cleanup

schedule: "30 23 * * *" # Every day at 23:30

Action: Memory Expiration Clearing

Heart rate monitoring

The monitoring agent checks the system status every 30 minutes: whether the Gateway is online, disk space, and database integrity. An alert is sent via Discord if any anomalies are detected.

Automatic upgrade detection

Regularly check for new versions of OpenClaw and notify you if they are available, but do not upgrade automatically (upgrading is an "outside the fence" operation).

Safety Design

For an AI system in a one-person company, security design is crucial. Because if something goes wrong, there's no one else to bail you out.

Confirm sensitive operation button

All dangerous operations (deleting or modifying critical configurations, executing shell commands) must prompt for confirmation:

⚠️ Confirm execution?

Operation: Delete archived data from 2024

Impact: Irreversible

[✅ Confirm] [❌ Cancel]

This is not a text confirmation, but a button in Discord's interactive component. It prevents the Agent from clicking "confirm" on its own.

Command whitelist + hierarchical control

🟢 Freely execute: ls, cat, head, tail, sqlite3 (read-only)

🟡 Requires documentation: Python 3, Node.js, file writing operations

🔴 Requires confirmation for: rm, chmod, network requests, and database writes.

⛔ Absolutely prohibited: sudo, modifying system files, accessing sensitive directories

Honeypot file detection

Place several honeypot files in sensitive directories. If the agent attempts to read these files, it indicates that it may have been subjected to prompt injection, immediately triggering an alert and suspending the agent.

PII Audit Scan

Regularly scan the output logs of all agents to check for accidental leakage of personally identifiable information (PII). Once detected, issue an alert and automatically remove the PII.

Experiences of falling into pitfalls

Mac hibernation issue when used as a server

If you're running OpenClaw Gateway on a Mac, you must address the hibernation issue. Macs hibernate by default when idle, disconnecting the gateway. Solution:

# Disable hibernation (sudo required)

sudo pmset -a sleep 0 displaysleep 0 disksleep 0

# Alternatively, use caffeinate to keep the person awake.

caffeinate -s &

However, you should pay attention to heat dissipation and power costs. For long-term operation, it is recommended to use a low-power Linux device.

exec permission balancing

Giving the agent too much execute privileges could lead to accidental system crashes; giving it too little privileges will prevent many automated tasks from running. My experience is:

Minimum permissions by default
Open only as needed, and record the reason for each opening.
Use a whitelist instead of a blacklist.

Session disconnected after Gateway restart

After OpenClaw Gateway restarts, previous session conversations will be lost. If you have long-running tasks that rely on session context, you should either implement a resumable interruptible design or write the critical context to a file.

Various limitations of the Notion API

There is a rate limit on the number of requests per minute.
There is a maximum text length limit for a single block (2000 characters).
Some rich text formats are not supported.
Changing the database attribute type can cause the synchronization script to throw an error.

Recommendation: Synchronous scripts should have robust error handling and retry logic, and should not assume that API calls will always succeed.

Configuration merging only allows appending, not replacing.

OpenClaw's configuration file merging logic is append-based, not replacement-based. This means that if you define the same field in both your local and global configurations, the result is a merge, not an overwrite. After experiencing this pitfall, I learned: define critical configurations only in one place, don't scatter them around.

When running a company alone, the biggest bottleneck isn't ability, but bandwidth. You can't be proficient in accounting, legal affairs, technology, and business operations at the same time, and also ensure that everything goes smoothly.

One person + a well-designed AI system = a complete management team.

But the key phrase is "well-designed." This means:

Clearly defined permission boundaries – the agent knows what it can do, what it cannot do, and what questions it needs to ask.
Data flow is traceable – every operation is recorded, and problems can be investigated.
No compromise on security – honeypots, whitelists, and PII scanning are all essential.
Memories expire—outdated information is more dangerous than no information at all.
Phased evolution – avoid over-progression, activate only as needed, and keep the system simple.

This is not a story of "replacing humans with AI", but a practice of "using AI to enable one person to manage a whole set of things".

The system is still undergoing continuous iterations, but the core architecture has been running stably for some time. If you are also considering using AI to manage your own independent business, I hope these experiences will be helpful to you.

Technology stack: OpenClaw + SQLite + Notion + Discord + Python

Suitable scenarios: One-person companies, independent developers, freelancers, small studios