agent ops architecture (2 mac minis → n nodes)

separate decision + state from side effects. mini #1 is the brain. mini #2 is the hands.

• mini #1 (coordinator / research): planning, triage, drafting, approvals, canonical state, audit log.
• mini #2 (executor / side effects): x posting (api), email sends, calendar writes, deployments, credentials.
• rule: #1 never posts/sends/schedules. #2 never “decides.”

start with append-only intents + receipts on a shared path, and trigger execution via openclaw nodes. when you add more nodes, swap the shared folder for postgres/redis without changing contracts.

these constraints prevent double-posts, drift, and distributed chaos.

• idempotency key: every side-effect intent must have a stable key; receipts must reference it.
• lease + ttl: executor takes a lease before action; ttl allows safe takeover on crash.
• central rate limits: per account/channel throttles enforced on executor, not per worker.
• append-only receipts: every action writes a receipt (external id + url) or a failure record.
• secrets isolation: write-privileged tokens live only on executor box.

1. install openclaw on mini #2; pair it as a node.
2. create shared folder: ~/shared/openclaw/ with subdirs queues/state/receipts/deadletter.
3. set up syncthing (or sshfs) between minis for that folder.
4. move all write secrets to mini #2 only (.secrets is never synced; never committed).
5. wire producer on mini #1 to write intents into shared queues (x/email/calendar).
6. wire consumers on mini #2 to execute intents + write receipts + update state.
7. enforce approval gates (especially for @antifund).
8. add kill switch: shared executor_gate.json (enabled=false pauses side effects).
9. add global rate limiter + circuit breaker on executor.
10. add a “what’s live” dashboard script on mini #1 (reads receipts + state).

when scaling beyond 2 nodes, keep the same intent/receipt contract and swap storage: shared folder → postgres/redis streams. don’t rewrite the world.