As a fashion-forward and relentlessly trendy guy, I decided it was finally time to get my own copy of OpenClaw. There was simply too much noise around it to ignore. Naturally, I chose to incorporate an OpenClaw implementation into my broader Sovereign Domain experiment.

This was not a rushed decision.

OpenClaw is a massive experiment in autonomous AI agents. It is open source, fast-moving, and—let’s be honest—full of potential security holes. At the same time, it enables persistent, 24-hour AI agents capable of doing things that simply weren’t practical before.

After some research, I decided the risk was acceptable—with constraints.

I work with an informal AI advisory council consisting of Claude, Gemini, and ChatGPT. They assisted me throughout this process, particularly in designing a setup that prioritized control, reversibility, and containment.

Hosting Decisions: Control Over Convenience

The first major decision was where to host OpenClaw.

There were two primary options:

• A cloud environment (e.g., DigitalOcean or similar)
  
  

• Self-hosted hardware under my direct control
  
  

While I generally like cloud services, I do not trust OpenClaw enough—yet—to give it unrestricted access to cloud infrastructure. I wanted the ability to physically unplug the system from the network and shut it down instantly if needed.

The recommendation from my advisory council was straightforward:

Buy a used laptop.

Since this was a prototype, I sourced a used laptop with sufficient power to handle the workload. After reviewing several configurations, I purchased a capable machine for roughly $150 on eBay.

Design Goal: Secure, Replicable, Disposable

Because this setup would evolve over time, I wanted the environment to be:

• Secure
  
  

• Replicable
  
  

• Hardware-independent
  
  

• Easy to abandon or rebuild without loss
  
  

The most important requirement was preserving the trained state and configuration without having to retrain or reconstruct everything if the hardware failed.

This post documents the infrastructure phase of the project—before OpenClaw itself becomes interesting. I worked directly with ChatGPT on this stage, and the outline below captures the major architectural steps we implemented.

Sovereign Laptop → Encrypted, Hardware-Independent Backup

High-Level Process Summary

1. Baseline system

• Started with a fresh Ubuntu (Linux) installation.
  
  

• Designated the laptop as the primary Sovereign working machine.
  
  

2. Remote access foundation

• Installed and authenticated Tailscale.
  
  

• Enabled secure inbound remote access without public IPs or port forwarding.
  
  

• Verified access from iPad and mobile devices.
  
  

3. Sovereign directory architecture

• Designed and implemented a structured directory layout under /opt/sovereign.
  
  

• Organized by functional domains (advisory, content, documentation, archives, etc.).
  
  

• Ensured the layout supports long-term continuity and clarity.
  
  

4. Cloud provider integration

• Installed rclone.
  
  

• Authenticated Google Drive as a storage backend (gdrive remote).
  
  

• Verified read/write access to the cloud storage.
  
  

5. Encrypted backup layer

• Created an rclone crypt remote layered on top of Google Drive.
  
  

• Configured:
  
  

  • Encrypted file contents
    
    

  • Encrypted filenames
    
    

  • Encrypted directory names
    
    

• Ensured zero plaintext metadata leakage to the cloud.
  
  

6. Backup target definition

• Established a dedicated Google Drive folder for backups.
  
  

• Linked the crypt remote to that folder.
  
  

• Confirmed encrypted objects are unreadable in the Drive UI.
  
  

7. Initial synchronization

• Performed a dry-run sync to validate scope and behavior.
  
  

• Executed a live sync from /opt/sovereign to the encrypted remote.
  
  

• Verified successful transfer and integrity.
  
  

8. Verification & recovery check

• Listed contents through the crypt remote to confirm successful decryption.
  
  

• Verified files are readable and structurally intact via rclone.
  
  

• Confirmed restore feasibility on a future replacement machine.
  
  

9. Persistence & independence achieved

The resulting system is:

• Hardware-independent
  
  

• Location-independent
  
  

• Encrypted at rest
  
  

• Recoverable without retraining or reconstruction

• Nightly Automated back up to Google Drive
  
  

Why This Matters

Most conversations about AI agents start with capability and end with surprise. That is backwards.

Persistent AI systems are not just software experiments—they are operational entities. They run continuously, accumulate state, interact with external systems, and evolve over time. Treating them like disposable scripts or SaaS features is a mistake.

This project takes the opposite approach.

By designing the infrastructure first, I established a few non-negotiable principles:

• Control beats convenience
  
  If I cannot physically disconnect or shut down a system, I do not truly control it.
  
  

• State is more valuable than code
  
  Models can be reinstalled. Training, configuration, memory, and context often cannot.
  
  

• Backups are part of architecture, not an afterthought
  
  A system that cannot be cleanly restored is not a serious system.
  
  

• Sovereignty is practical, not ideological
  
  This is not about rejecting the cloud—it is about using it on my terms.
  
  

The result is an OpenClaw environment that can fail safely, migrate cleanly, and persist independently of any single machine, location, or vendor. If the laptop dies, nothing important is lost. If the network goes down, the system remains contained. If the experiment ends, it ends cleanly.

Only after those conditions are met does it make sense to let autonomous agents run.

Future posts will focus on OpenClaw itself—behavior, orchestration, guardrails, and long-running agents. But without this foundation, none of that would be worth doing.

Infrastructure is the difference between playing with AI and operating it.