BuildLeanSaaS Pro launch deal: $99 lifetime until Dec 31.225d 08h 01m left.Unlock agent courses + skills
Build Lean SaaS cube logoBuild Lean SaaS

Free setup checklist

Set up an always-on AI agent without giving it a loaded weapon.

A practical preflight checklist for setting up a private AI agent workspace with state, logs, approval gates, and safe operating boundaries before you automate real work.

Know what must exist before an agent runs unattended.

Separate secrets, state, logs, and prompts before they become a mess.

Add human approval gates before the agent touches customers, tickets, or email.

Server and repo foundation

  • Private VPS or always-on server selected for agent work, not your personal laptop.
  • Dedicated repo/worktree directory with clear ownership and no unrelated dirty changes.
  • Node, pnpm, Python, GitHub CLI, and process manager baseline installed and documented.
  • A persistent logs directory and state directory exist before the first scheduled job runs.

Secrets and access boundaries

  • Secrets live in environment files or platform env vars, never inside prompts, notes, or committed scripts.
  • GitHub, Discord, email, X, Linear, and Google access are scoped to the minimum permissions needed.
  • Every credential has an owner, a rotation path, and a note about what breaks if it is revoked.
  • Agent-generated output is reviewed before it can spend money, send messages, delete data, or change customer-facing systems.

Control room and approvals

  • Discord or another control channel receives summaries, blockers, links, and proposed side effects.
  • Human approval is required before sending email, posting social updates, opening outreach, or editing paid/customer data.
  • Work requests become GitHub Issues, Obsidian notes, or another durable queue instead of disappearing into chat.
  • Each workflow has a dry-run mode so you can inspect what would happen before enabling writes.

Heartbeat, monitoring, and recovery

  • Recurring jobs are deduped, quiet when nothing changed, and noisy only when action is needed.
  • Failures produce an alert with enough context to debug: job name, command, exit code, and recent logs.
  • Processed IDs, cursors, and timestamps are stored so reruns do not duplicate tickets or messages.
  • There is a rollback note for disabling each automation without taking the whole site or server down.

After the checklist

Use the public course path to wire the first workflow.

The checklist is the preflight. The Always-On Agents course walks through the VPS, Codex, Hermes/OpenClaw, Discord, Google Workspace, X bookmark capture, and daily heartbeat path one layer at a time.

Preview the course pathJoin preorder waitlist — 50% off