OpenClaw Manila · Show & Tell

OpenClaw as an
AI-Native
Agency

How we restructured Symph's entire operations around one AI — and what we learned along the way.

R
Raven Duran
CTO, Symph
The Problem

AI tools don't
scale with you.

Every chat starts from zero. No memory, no context, no continuity. And once you put a server online — the probes start within hours.

Two problems. One solution.
🧠
Context amnesia
Every new session forgets decisions, mistakes, and preferences made last week.
Tool, not teammate
AI answers questions. It doesn't proactively check on your business.
🔓
Public VPS = instant target
Port scans, SSH brute force, and recon scripts — within hours of going live.
→ We had to solve all three
The Solution

Meet ARIA.

Autonomous Reasoning & Intelligence Architecture

She isn't just a chatbot. She has a persistent identity, reads her own mistakes every morning, and clocks in every hour — whether you message her or not.

Core principle:
"Agents execute.
Humans decide."
📁 ARIA's identity files:
🧬
SOUL.md
Who she is. How she thinks. Her personality.
👥
USER.md
Who we are. What we're building. Key people.
🧠
MEMORY.md
Long-term memory. Decisions, learnings, patterns.
📋
error-log.md
Every mistake she made — so she never repeats them.
She reads all of these every session ↑
How It Works

The Heartbeat.

every hour, automatically →

ARIA wakes up on a schedule — no prompt needed. She checks the agency, processes jobs, monitors security, and reports back.

📥
Job Queue
Picks up pending pipeline jobs — discovery, design, build phases
Every heartbeat
🎨
QA & Assets
Runs marketing asset QA — brand compliance, platform fit, passes/fails
Every heartbeat
🔐
Security Watch
Checks for unknown processes, /dev/shm/ activity, high-CPU mystery scripts
Every heartbeat
📊
Usage & Cost
Logs token usage per model, estimated cost — full audit trail
Every heartbeat
Today: running 55 skills, managing 14+ products, processing jobs across 5 pipeline phases — simultaneously.
Security Learnings

Your VPS
will get probed.
Assume it.

Port scans, SSH brute force, privilege escalation scripts — they start within hours. This isn't targeting. It's the internet. The question is: are you watching?

Security isn't a setup. It's an ongoing check.
🔑
SSH key-only auth
Disable password login. Disable root. Keys only.
🧱
Firewall (ufw)
Only 80, 443, 22 open. Everything else blocked.
🚫
fail2ban
Auto-bans IPs after repeated failed logins.
📁
AIDE — File integrity
Detects if any system binary changes. Rootkit defense.
🤖
ARIA's hourly watchdog
Checks /dev/shm/, /tmp/, mystery high-CPU processes. DMs me if anything flags.
→ She watches so I don't have to
The Shift

Before vs. After

Before
AI resets every session
Manual job tracking
Security = blind spot
1 person = 1 task
After ARIA
Persistent memory & identity
Hourly automated pipeline
Proactive security watchdog
1 human + AI army = 10x output
"We didn't build AI into the agency.
We built the agency around AI."
— that's the whole pitch 😄
Live Demo

Let me show you
how it runs.

4 things in ~3 minutes. Each one showing a different layer of the system.

↓ Follow along on Discord / Symphony
1
Memory & Identity
Open SOUL.md, MEMORY.md, error-log — show what she reads every session
2
Live Heartbeat
Watch a heartbeat fire in Discord — job queue, QA check, security scan, cost log
3
Symphony Pipeline
Show a product moving through Discovery → Design → Build with agents doing each phase
4
Security Watchdog
Show the HEARTBEAT.md security check — what it flags, what she does, who she pings
Thanks for listening 👋

That's ARIA.

Built on OpenClaw · Running Symph Agency · Watching the server at 3am
🐦 @ravenduran
🔗 symphony.symph.co
💙 symph.co
Symph