You’ve scaled your AI assistant for internal knowledge, maybe even for basic content generation. Now, your customer support team is drowning in repetitive FAQs and escalating tickets that could easily be handled by a well-trained model. The challenge isn’t just feeding your AI a knowledge base; it’s about integrating it seamlessly into existing support workflows without adding more overhead for human agents.

The immediate temptation is to just dump your Zendesk or Freshdesk knowledge base into OpenClaw and expect magic. While OpenClaw excels at information retrieval, directly exposing a raw knowledge base without a structured approach often leads to “I don’t have enough information” responses or, worse, confidently incorrect answers. The key is to preprocess your knowledge base for clarity and intent before ingestion. Instead of a single massive document, break down FAQs into atomic question-answer pairs. For instance, if you have a section on “Billing Issues,” distill it into specific questions like “How do I update my payment method?” or “Why was my subscription charged twice?” Each of these should ideally be its own training document or a very clearly delineated section within a larger document, paired with a concise, direct answer. This granular approach significantly improves OpenClaw’s ability to map user queries to the correct, specific information.

For more complex ticketing, where a simple FAQ isn’t enough, OpenClaw can still play a pivotal role in triaging and enriching tickets before they reach a human. Instead of directly answering, train your assistant to identify the problem domain and gather necessary information. For example, if a user describes a “login issue,” the assistant shouldn’t try to fix it but rather prompt for their username, the specific error message they’re seeing, and what browser they’re using. You can configure OpenClaw to output structured data – perhaps a JSON object – containing these details. This can then be programmatically pushed into your ticketing system, pre-filling fields and even assigning the ticket to the correct department. The non-obvious insight here is that you’re not trying to replace the human for complex problems, but rather making their initial interaction with the ticket far more efficient. You’re essentially building an automated, highly context-aware pre-screener.

A common pitfall is over-eagerness to fully automate ticket resolution. While OpenClaw can draft replies, direct human oversight remains critical for sensitive customer interactions. Instead of having OpenClaw directly send responses for complex issues, configure it to draft a suggested reply for the agent. The agent can then review, edit, and approve. This hybrid approach leverages the AI’s speed and knowledge while retaining the human touch and accountability. You might use a command like openclaw-cli train --intent customer_support_triage --data './faq_data/' to start ingesting your preprocessed FAQ data.

Begin by identifying your top 10 most common support questions that require only a direct, factual answer, and prepare them as atomic Q&A pairs for ingestion.

Frequently Asked Questions

How to Self-Host Your Own VPN with WireGuard

In an era where privacy concerns are at an all-time high, self-hosting your own VPN has become an increasingly attractive option for tech-savvy individuals and small businesses alike. Unlike commercial VPN services that collect your data and route your traffic through their servers, a self-hosted VPN gives you complete control over your network security and privacy. WireGuard, a modern VPN protocol, makes this process remarkably simple and efficient. This guide will walk you through everything you need to know to set up your own VPN server using WireGuard.

Affiliate Disclosure: As an Amazon Associate, we earn from qualifying purchases. This means we may earn a small commission when you click our links and make a purchase on Amazon. This comes at no extra cost to you and helps support our site.

Why Choose WireGuard Over Other VPN Protocols?

WireGuard has gained significant popularity in the self-hosting community for good reason. With only about 4,000 lines of code compared to OpenVPN’s 100,000+, WireGuard is lightweight, faster, and easier to audit for security vulnerabilities. It uses modern cryptography standards and offers superior performance, making it ideal for both servers and clients. The protocol’s simplicity means faster configuration times and fewer potential points of failure in your VPN setup.

Additionally, WireGuard’s efficiency translates to lower resource consumption on your server, which is crucial if you’re running it on modest hardware like a Raspberry Pi or a budget VPS. The protocol also maintains excellent compatibility across different operating systems, including Linux, Windows, macOS, iOS, and Android.

Prerequisites and Planning Your Setup

Server Requirements

Before diving into the technical setup, you’ll need to decide where to host your WireGuard VPN server. You have several options: a dedicated server, a VPS provider, or even a device at home. Popular affordable VPS providers include Linode, DigitalOcean, and Vultr, all offering reliable performance at competitive prices. If you prefer keeping things local, a Raspberry Pi 4 can work perfectly for a small-scale deployment, handling multiple simultaneous connections without breaking a sweat.

Your server should have at least 512MB of RAM and a stable internet connection. Most importantly, ensure your hosting provider permits VPN traffic on their network—some providers restrict this in their terms of service.

Client Devices and Planning

Consider which devices you’ll connect to your VPN. WireGuard clients are available for all major platforms, making it simple to protect your entire digital footprint. Plan your IP address scheme and decide how many peers (client connections) you’ll need. This planning stage prevents configuration headaches down the road.

Step-by-Step Installation Guide

Step 1: Install WireGuard on Your Server

The installation process varies slightly depending on your Linux distribution. For Ubuntu or Debian-based systems, open your terminal and run:

sudo apt update && sudo apt install wireguard wireguard-tools

For other distributions, consult the official WireGuard installation documentation. Once installed, verify the installation by checking the version:

wg --version

Step 2: Generate Keys and Configuration

WireGuard uses public-key cryptography for authentication. Generate your server’s key pair using:

wg genkey | tee server_private.key | wg pubkey > server_public.key

Repeat this process for each client device you plan to connect. Store these keys securely—they’re essential for your VPN’s security.

Step 3: Create the Server Configuration

Create a WireGuard configuration file at /etc/wireguard/wg0.conf. Here’s a basic template:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = [your_server_private_key]
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

The PostUp and PostDown rules handle IP forwarding and masquerading, allowing clients to route traffic through your VPN.

Step 4: Add Client Peers

Add each client to your server configuration with their public key:

[Peer]
PublicKey = [client_public_key]
AllowedIPs = 10.0.0.2/32

Each client gets a unique IP address within your configured subnet. Repeat this section for additional clients.

Step 5: Enable and Start WireGuard

Enable the WireGuard interface with:

sudo wg-quick up wg0

To ensure it starts automatically on reboot:

sudo systemctl enable wg-quick@wg0

Configuring Your Clients

Each client needs its own configuration file containing its private key, the server’s public key, and the server’s endpoint address. WireGuard provides straightforward client applications for all platforms. Simply import your configuration file, and you’re connected. The process is considerably simpler than traditional VPN clients, often requiring just a few clicks.

Security Best Practices

• Keep your server’s operating system and WireGuard updated regularly
• Use strong firewall rules beyond WireGuard’s default settings
• Restrict SSH access to your server and disable root login
• Monitor your server logs regularly for suspicious activity
• Rotate peer keys periodically, especially if a device is compromised
• Use a non-standard port (avoid 51820) if you’re concerned about basic port scanning

Troubleshooting Common Issues

If clients can’t connect, verify that your firewall allows UDP traffic on your chosen port. Check that iptables rules are properly configured for forwarding. Use sudo wg show to inspect active connections and diagnose issues. Most problems stem from incorrect IP addressing or firewall misconfiguration rather than WireGuard itself.

Conclusion

Self-hosting a WireGuard VPN provides unparalleled privacy, control, and security compared to commercial VPN services. While the setup requires some technical knowledge, the process is straightforward enough for anyone comfortable with basic Linux administration. Whether you’re protecting yourself on public WiFi, securing remote work, or simply valuing your privacy, a personal WireGuard VPN is a worthwhile investment in your digital security. Start small with a single client, get comfortable with the setup, and expand as needed. Your network security—and peace of mind—will thank you.

Frequently Asked Questions

“`html

Affiliate Disclosure: As an Amazon Associate, we earn from qualifying purchases. This means we may earn a small commission when you click our links and make a purchase on Amazon. This comes at no extra cost to you and helps support our site.

Docker Compose Homelab Stack: 10 Essential Self-Hosted Apps

Running a homelab with Docker Compose is one of the smartest ways to take control of your digital life. Instead of relying on cloud services, you can host your own applications right from your home server. The beauty of Docker Compose is its simplicity — you define all your services in a single YAML file, and everything works together seamlessly.

If you’re new to self-hosting or looking to expand your existing setup, this guide will walk you through 10 essential applications that make sense for any homelab. Whether you’re concerned about privacy, want to save money, or simply enjoy tinkering with technology, these apps will form the backbone of a solid self-hosted infrastructure.

Why Docker Compose for Your Homelab?

Docker Compose eliminates the complexity of managing individual Docker containers. Instead of running lengthy commands for each service, you write everything once in a compose file and spin up your entire stack with a single command. This approach saves time, reduces errors, and makes updating or backing up your services incredibly straightforward.

Before diving into the apps, make sure you have Docker and Docker Compose installed on your home server. Most Linux distributions make this painless, and there’s excellent documentation available for Windows and macOS setups as well.

1. Portainer — Your Container Management Dashboard

Portainer deserves the top spot because it makes managing your entire Docker ecosystem visual and intuitive. Instead of typing commands into a terminal, you get a clean web interface to deploy containers, manage volumes, and monitor resources.

For homelab users, Portainer’s biggest advantage is its simplicity. Even if you’re not comfortable with the command line, you can manage your entire stack through the browser. The Community Edition is free and perfectly adequate for home use.

2. Nextcloud — Your Private Cloud Storage

Nextcloud replaces Google Drive, Dropbox, and OneDrive with a solution you fully control. Store documents, photos, and files on your own hardware, sync them across devices, and share them securely without worrying about corporate privacy policies.

Setting up Nextcloud through Docker Compose is straightforward, and it includes built-in collaboration features like calendar, contacts, and note-taking. You’ll need adequate storage space, but that’s a small investment compared to subscription services.

3. Jellyfin — Your Personal Media Server

Jellyfin transforms your homelab into a Netflix-like experience for your own media collection. Whether you have home videos, music, or legally obtained movies, Jellyfin organizes everything beautifully and streams it to any device on your network.

Unlike Plex, Jellyfin is completely free and open-source. It doesn’t require an account, doesn’t show ads, and doesn’t phone home to corporate servers. Your media stays private, and your viewing history belongs only to you.

4. Vaultwarden — Secure Password Management

Vaultwarden is a self-hosted password manager compatible with Bitwarden clients. This means you get enterprise-grade encryption and password management without storing your credentials with a third party.

Docker makes deploying Vaultwarden trivial. You’ll have a secure vault for all your passwords, secure notes, and identities running entirely on your hardware. The mobile apps and browser extensions work just like the commercial version.

5. Home Assistant — Smart Home Automation Hub

Home Assistant ties together all your smart home devices into one intelligent platform. Control lights, thermostats, cameras, and sensors from a single interface, create automations, and trigger actions based on real-world conditions.

Running Home Assistant in Docker keeps it isolated from your system while giving you flexibility in customization. It’s the perfect foundation for a privacy-respecting smart home that doesn’t depend on vendor cloud services.

6. Pi-hole — Network-Wide Ad Blocking

Pi-hole blocks advertisements at the DNS level across your entire home network. Every device benefits immediately without individual configuration. It also includes a dashboard showing which domains are blocked and how much faster your internet feels.

Running Pi-hole in Docker means you don’t need a Raspberry Pi. It works perfectly on your existing homelab server, consuming minimal resources while protecting everything connected to your network.

7. Immich — Photo Management and Backup

Immich is a modern alternative to Google Photos that runs entirely on your hardware. Automatically backup photos from your phone, organize by date and location, search by content, and create albums — all privately on your server.

The web interface is beautiful and responsive, and the mobile app handles automatic uploads seamlessly. Unlike cloud solutions, your photos never leave your home.

8. Transmission or qBittorrent — Download Management

Whether you’re downloading Linux ISOs or managing legitimate torrent files, a containerized torrent client keeps everything organized. Both Transmission and qBittorrent work great in Docker and include web interfaces for remote management.

9. Duplicati — Automated Backups

Duplicati backs up your important files to local storage, network drives, or cloud services you choose. Incremental backups mean it only backs up what changed, saving bandwidth and storage space.

Running Duplicati in your Docker stack ensures your self-hosted data has redundancy and protection against hardware failure.

10. Nginx Proxy Manager — Simplified Reverse Proxy

Nginx Proxy Manager simplifies one of the trickier aspects of self-hosting: exposing services securely to the internet. It handles SSL certificates, domain routing, and access control through an intuitive dashboard.

This is essential if you want to access your homelab remotely without memorizing IP addresses and port numbers.

Getting Started with Your Stack

Begin with a basic docker-compose.yml file that includes just Portainer, Pi-hole, and one other service. Get comfortable with how everything works, then gradually add more applications. Document your setup as you go — future you will be grateful.

Consider investing in quality hardware like a used enterprise server or a capable NAS. Your homelab will run 24/7, so reliability matters more than raw performance.

Running Docker in Production

For production workloads beyond your home lab, DigitalOcean App Platform and Kubernetes offer affordable managed Docker hosting. You can also invest in compact hardware for a persistent home lab Docker stack.

Conclusion

A Docker Compose homelab stack puts you in control of your digital life. These 10 essential applications form a complete self-hosted ecosystem that respects your privacy and your wallet. Start small, build gradually, and enjoy the satisfaction of running your own infrastructure.

“`

Frequently Asked Questions

If you’re running OpenClaw for any kind of automated background task on a remote server, you’ve likely encountered the “fire and forget” problem. You kick off a long-running process, but how do you know if it’s still alive, making progress, or if the server itself has decided to take a nap? Relying solely on log files can be cumbersome, especially if you need immediate notification of a failure. This is where OpenClaw’s often-overlooked heartbeat system becomes invaluable, allowing you to establish a robust monitoring mechanism for your automated background tasks.

Affiliate Disclosure: As an Amazon Associate, we earn from qualifying purchases. This means we may earn a small commission when you click our links and make a purchase on Amazon. This comes at no extra cost to you and helps support our site.

Understanding the Heartbeat Mechanism

OpenClaw’s heartbeat system isn’t a separate daemon; it’s a lightweight, integrated feature designed to report the status of a running OpenClaw instance or a specific task. At its core, it works by periodically sending a small “I’m alive” signal to a configured endpoint. This endpoint can be an HTTP URL, a local file, or even an external monitoring service. The real power comes when you combine this with a watchdog system that expects these heartbeats and alerts you if they stop arriving.

Let’s say you’re using OpenClaw to process large batches of data or to scrape information hourly. Without a heartbeat, if your script crashes due to an out-of-memory error, an API rate limit, or even an unexpected server reboot, you might not know until you manually check logs hours later. A heartbeat, however, can trigger an immediate alert, allowing you to intervene proactively.

Configuring Your First Heartbeat

To enable the heartbeat, you need to modify your OpenClaw configuration. The primary configuration file is typically located at ~/.openclaw/config.json. If it doesn’t exist, create it. Here’s a basic configuration snippet to get started:

{
  "heartbeat": {
    "enabled": true,
    "interval_seconds": 300,
    "type": "http_post",
    "endpoint": "https://your-monitoring-service.com/heartbeat-receiver",
    "payload": {
      "instance_id": "my-hetzner-worker-1",
      "task_name": "data-processor-v2",
      "status": "running"
    },
    "headers": {
      "Authorization": "Bearer YOUR_SECRET_TOKEN"
    }
  },
  "models": {
    "default": "claude-haiku-4-5"
  }
}

Let’s break down these parameters:

• enabled: Set to true to activate the heartbeat system.
• interval_seconds: This is crucial. It defines how often (in seconds) OpenClaw will send a heartbeat. For background tasks, 300 seconds (5 minutes) is often a good starting point, balancing responsiveness with network overhead.
• type: OpenClaw supports various heartbeat types. http_post is the most common and versatile, allowing you to send data to any HTTP endpoint. Other types might include file_write (for local monitoring) or custom plugins.
• endpoint: The URL where OpenClaw will send the POST request. This will be the URL of your monitoring service’s receiver.
• payload: This JSON object will be sent as the body of your POST request. You can customize this to include relevant information like the instance ID, the task being run, or its current status. This is where you can differentiate between multiple OpenClaw instances or tasks.
• headers: Use this for authentication (e.g., API keys, bearer tokens) or custom headers required by your monitoring service.

A non-obvious insight here: while the OpenClaw documentation might suggest using a full-fledged monitoring solution, for simple setups, you can even point the endpoint to a custom webhook on services like Slack or Discord. You’d configure the webhook to receive a POST request and then format a message based on the payload. This gives you instant, free notifications without setting up a dedicated monitoring server.

Integrating with a Watchdog Service

Sending heartbeats is only half the battle. You need a system that actively listens for these heartbeats and alerts you if they stop. This is often called a “watchdog” or “dead man’s switch.” Popular options include:

• Healthchecks.io: A dedicated, affordable service designed specifically for this. You get a unique URL, point your OpenClaw heartbeat to it, and configure alerting (email, Slack, PagerDuty, etc.) if a ping is missed.
• UptimeRobot: Primarily for website monitoring, but its custom HTTP endpoint monitoring can be repurposed.
• Self-hosted solutions: For more complex needs, you could build a simple Flask/Node.js app that receives heartbeats, stores timestamps, and triggers alerts if a configured timeout is exceeded.

Let’s say you’re using Healthchecks.io. After creating a “Check” there, you’ll be given a unique URL like https://hc-ping.com/YOUR_UUID. You would then update your OpenClaw config.json to point to this URL:

{
  "heartbeat": {
    "enabled": true,
    "interval_seconds": 300,
    "type": "http_post",
    "endpoint": "https://hc-ping.com/YOUR_HEALTHCHECKS_UUID",
    "payload": {
      "status": "ping" 
    }
  }
}

Notice the simplified payload. Healthchecks.io primarily cares about receiving *any* POST request to the correct UUID within the expected interval. The specific payload content is less critical for a simple “I’m alive” signal.

A critical non-obvious insight: For long-running tasks that might take longer than your heartbeat interval, OpenClaw’s heartbeat also supports status updates within a task. You can programmatically send an “in progress” heartbeat from within your OpenClaw script. This prevents the watchdog from prematurely alerting if a task is legitimately taking a long time. For example, if you have a task that runs for 10 minutes and your heartbeat is set to 5 minutes, you might want to send a secondary heartbeat at the 5-minute mark to indicate progress, not just survival.

Limitations and Best Practices

While powerful, the heartbeat system has its limitations:

• Resource Overhead: Sending heartbeats, especially HTTP POST requests, consumes a tiny bit of CPU, memory, and network bandwidth. For extremely resource-constrained devices like a Raspberry Pi 1 or a severely underspecced VPS (less than 512MB RAM), a very frequent heartbeat (e.g., every 30 seconds) could theoretically add noticeable overhead, though for most OpenClaw use cases, this is negligible. This setup works best on a VPS with at least 1GB RAM to comfortably run OpenClaw and its tasks.
• Network Dependency: If your server loses network connectivity, heartbeats won’t be sent, and your watchdog will alert even if OpenClaw is still running locally. This isn’t a flaw in OpenClaw but a reality of network-based monitoring.
• False Positives: Setting the interval_seconds too short with an overly aggressive watchdog timeout can lead to false positives if there are temporary network blips or minor delays in OpenClaw’s execution. It’s often better to start with a longer interval (e.g., 5-10 minutes) and a generous watchdog timeout (e.g., 2x the interval) and then tune downwards if necessary.

Best Practice: Consider using OpenClaw’s built-in heartbeat_on_task_completion option (not shown above, but available in advanced configs) to send a final “success” or “failure” heartbeat once a specific task finishes. This provides a more granular view of task status rather than just instance status.

To implement the heartbeat, open or create your ~/.openclaw/config.json file and add the heartbeat configuration block, replacing https://your-monitoring-service.com/heartbeat-receiver with your actual monitoring endpoint URL.

Frequently Asked Questions

Last Tuesday, a user reported that their OpenClaw agent was repeatedly requesting human approval to execute even routine database queries—a task it was supposed to handle independently. The root cause wasn’t a bug in OpenClaw itself, but a vague SOUL.md file that failed to establish clear operational boundaries. This scenario plays out constantly: agents drift from their intended purpose, hallucinate plausible-sounding but incorrect answers, or get stuck in approval loops. The culprit is almost always an insufficiently detailed SOUL.md. Understanding and leveraging this file—treating it as your agent’s constitutional document rather than a generic instruction set—is the difference between an agent that works reliably and one that constantly needs human intervention.

Understanding SOUL.md’s Role

The SOUL.md file isn’t just a README for your agent; it’s the foundational prompt that informs the Language Model (LLM) about its very essence. OpenClaw feeds this file to the LLM during agent initialization, often as part of the system prompt or an initial user message, depending on the LLM provider and OpenClaw’s internal configuration for that provider. It sets the tone, defines the persona, and most importantly, establishes the boundaries of the agent’s operation. Anything not explicitly permitted or constrained here can be open to interpretation by the LLM, which often leads to undesirable outcomes.

Consider a concrete example: you want an agent to summarize meeting transcripts. A naive SOUL.md might simply say, “You are a meeting summarizer.” This is insufficient. The LLM might then summarize in bullet points, paragraphs, or even a poetic form, depending on its internal biases or training data. A better SOUL.md would provide explicit instructions: “You are a professional meeting summarizer. Your goal is to extract key decisions, action items, and outstanding questions from meeting transcripts. Summaries should be concise, no longer than 300 words, and formatted as a numbered list of decisions, followed by a bulleted list of action items, and finally a bulleted list of questions. If a transcript is unclear or contradictory, flag the specific sections for human review rather than guessing.”

Deconstructing a SOUL.md File

A robust SOUL.md typically has several key sections, even if not explicitly labeled with Markdown headers within the file itself. I’ve found it useful to structure them mentally as follows:

1. Identity/Persona: Who is the agent? What is its role? “You are a Senior DevOps Engineer with ten years of experience managing production infrastructure across AWS, Azure, and on-premises data centers.”
2. Mission/Goal: What is the agent trying to achieve? “Your primary goal is to identify and resolve performance bottlenecks in Linux server environments, reducing latency and improving resource utilization.”
3. Constraints/Guardrails: What can’t the agent do? What are its limitations? “You must only use open-source tools like Prometheus, Grafana, and perf. Do not make permanent system changes without explicit human approval via ticket review. Prioritize system stability above all else. Never execute commands as root unless absolutely necessary and pre-approved. Log all diagnostic steps for audit purposes.”
4. Output Format (if applicable): How should the agent present results? “Provide findings in a structured report: (1) Problem Summary, (2) Diagnostics Performed, (3) Root Cause Analysis, (4) Recommended Actions ranked by impact, (5) Risk Assessment for each recommendation.”
5. Knowledge Scope: What does the agent know and not know? “You have access to system logs from the past 30 days. You do not have access to application-level metrics; escalate to the application team if needed. You understand Linux internals and networking but are not an expert in database optimization; refer database issues to the DBA team.”
6. Decision Authority: When can the agent act independently vs. when must it ask? “You may restart non-critical services. You may adjust non-production configurations. You must request approval before modifying production firewall rules or scaling infrastructure.”

Building a Specific SOUL.md

Let’s walk through building a SOUL.md for a practical example: a customer support escalation agent. This agent reviews support tickets, determines priority, and routes them to the right team.

Weak SOUL.md:

You are a support agent. Triage tickets and route them appropriately.

Strong SOUL.md:

# Support Escalation Agent

## Identity
You are a Level 2 Support Escalation Specialist. Your role is to review unassigned support tickets, assess their urgency and category, and route them to the appropriate team with clear context.

## Mission
Your goal is to reduce time-to-resolution by ensuring tickets reach the right team on the first attempt, and to flag critical issues for immediate escalation to management.

## Ticket Categories and Routing Rules
- **Billing Issues**: Route to Finance Team. Escalate immediately if customer is threatening to cancel or if overcharge exceeds $500.
- **Technical Issues - Product A**: Route to Product A Engineering. Add "urgent" tag if customer is on Enterprise plan.
- **Technical Issues - Product B**: Route to Product B Engineering. Check our internal status page first; if there's a known outage, add context to the ticket.
- **Feature Requests**: Route to Product Management. Do not escalate unless 5+ customers have requested the same feature (check our request database first).

## Priority Scoring
Mark as CRITICAL if: (1) customer is Enterprise-tier AND unable to use product, (2) security issue is mentioned, or (3) customer explicitly states business impact (e.g., "our production is down").
Mark as HIGH if: (1) customer is on Pro plan AND experiencing issues, or (2) ticket mentions financial loss or reputation risk.
Mark as NORMAL for all other cases.

## Constraints
- Do not promise timelines. Instead, reference our published SLA: "Enterprise issues resolved within 4 hours, Pro within 24 hours."
- Do not disclose which team is handling the issue if customer has not been informed yet.
- If a ticket mentions a competitor or industry trend, flag for Product Manager review (add "market-research" tag).
- Do not close tickets without explicit customer confirmation; instead, mark as "awaiting-customer-response" with a 7-day auto-close timer.

## Output Format
For each ticket, provide:
1. **Recommended Route**: [Team Name]
2. **Priority**: CRITICAL / HIGH / NORMAL
3. **Reasoning**: One sentence explaining your routing decision.
4. **Additional Context**: Any background the receiving team should know.
5. **Immediate Action Required**: Yes/No, and if yes, describe what.

## Knowledge Scope
You have access to: (1) customer account information from the past 12 months, (2) our internal knowledge base, (3) our product status page, (4) the feature request database.
You do NOT have: (1) real-time product metrics, (2) engineering team availability, (3) sales notes or renewal dates. Escalate tickets referencing these to the Account Management team.

The difference is stark. The strong version provides decision trees, thresholds, and explicit guardrails. An LLM working from the strong version will consistently triage tickets correctly. An LLM working from the weak version will likely invent routing logic, miss escalation opportunities, or make promises it can’t keep.

Common SOUL.md Mistakes

Mistake 1: Vague Authority Boundaries
Weak: “Make reasonable decisions about customer refunds.”
Strong: “Approve refunds up to $100 without approval. For $100–$500, flag for supervisor review. Above $500, escalate to Finance Director. Never approve refunds for customers with 3+ previous chargebacks.”

Mistake 2: Missing Edge Cases
Your SOUL.md should anticipate the weird scenarios. If your agent is a scheduler, what happens when two requests conflict? What if a request comes in at 2 AM on a Sunday? Don’t assume the LLM will handle these gracefully—spell them out.

Mistake 3: Insufficient Output Examples
Don’t just say “provide a summary.” Show an example. If your agent should output JSON, show the schema. If it should output prose, show a paragraph-length example with the tone and detail level you expect.

Mistake 4: Not Defining Escalation Paths
Every agent should have a clear answer to: “What do I do when I’m stuck?” Provide explicit escalation triggers. “If the issue doesn’t fit any known category, or if you’re less than 70% confident in your routing decision, flag the ticket as ‘needs-human-review’ with an explanation of your uncertainty.”

Iterating on SOUL.md

Your first SOUL.md won’t be perfect. After deploying an agent, monitor its behavior. If it’s making incorrect decisions in specific scenarios, update SOUL.md to address those edge cases. If it’s too conservative (always escalating), loosen constraints. If it’s too loose (making risky decisions), tighten them.

Treat SOUL.md as a living document. Version it alongside your agent. When you update it, test the agent’s behavior on a sample of past requests to ensure the changes have the intended effect.

Practical Tips for Writing SOUL.md

• Use specific numbers and thresholds. “High priority” is vague. “Priority score above 8 out of 10” is actionable.
• Include example outputs. Show the agent what good work looks like.
• Anticipate contradictions. If two rules might conflict (e.g., “always be fast” vs. “always be accurate”), specify which takes precedence. “When there’s a tradeoff between speed and accuracy, prioritize accuracy.”
• Define what the agent does NOT do. Explicit “thou shalt nots” are as important as “thou shalls.”
• Keep it readable. Use headers, bullet points, and clear language. The SOUL.md is also a document for humans to review and maintain.

Real-World Example: SaaS Onboarding Agent

Imagine you’re building an agent that helps new SaaS customers get started. Here’s a more complete SOUL.md:

# SaaS Onboarding Agent

## Role

You are an enthusiastic Onboarding Specialist at TechFlow (a fictional project management SaaS, $29–$199/month). Your job is to guide new customers through their first week and ensure they set up their workspace correctly.
## Primary Goals

1. Get customers to their first "aha moment"—the moment they realize the product's value.

2. Ensure they configure at least one team, one project, and one integration.

3. Reduce time-to-first-value from 14 days (current average) to 3 days.
## Constraints

- Do not offer to do the setup for them; guide them through it. (Exception: if the customer explicitly requests hands-on setup, offer a 30-min Zoom session via our calendar tool.)

- Do not mention upcoming features or product roadmap items.

- Do not discuss pricing changes or discounts. Route those questions to sales@techflow.com.

- Do not provide technical support for integration issues; escalate to support@techflow.com with details.
## Knowledge Base Access

You have access to: (1) our knowledge base articles, (2) video tutorials (link to each step), (3) customer success metrics for what makes an onboarding successful, (4) common blockers and solutions.
## Engagement Strategy

-
Frequently Asked Questions


What is the primary goal of this article?
The article aims to teach users how to write more effective and high-quality agent prompts specifically for the OpenClaw platform, enhancing their AI interactions.


What is OpenClaw?
Based on the title, OpenClaw is an agent or AI system that requires users to input prompts. The article focuses on optimizing these prompts for better performance.


What is SOUL.md and its relevance?
SOUL.md is the subject of a deep dive within the article, indicating it's a specific methodology, framework, or tool used to significantly improve the quality of agent prompts for OpenClaw.
🤖 Get the OpenClaw Automation Starter Kit (9) →
Instant download — no subscription needed

			
October 8, 2025