Back to Projects
completed

Rookie — Personal AI Assistant

A 24/7 personal AI assistant running on a secure VPS, managing Obsidian notes, portfolio website content, emails, calendar, and daily tasks — all through Telegram.

OpenClawDockerTelegram Bot APINode.jsGoogle Workspace APIObsidianNext.jsTailscale
Source
Specifications
  • 24/7 Telegram interface with multilingual support (Turkish, English, German)
  • Automated portfolio content publishing with ISR revalidation
  • Obsidian vault management synced to iPhone via iCloud
  • Self-evolving persona via workspace memory files (SOUL.md, IDENTITY.md)

Overview

Rookie is my personal AI assistant — a 24/7 digital companion that consolidates all my daily digital workflows into a single Telegram conversation. No app-switching, no manual publishing, no context-switching between email, calendar, notes, and website management.

Building this taught me that the best tool is one you don't even think about. Rookie is always there in my pocket, ready to handle whatever I need — from publishing a blog post to checking my calendar to finding that one note I took three weeks ago.

Architecture

Rookie runs on a Hetzner VPS inside Docker containers, managed by OpenClaw — an AI gateway framework designed for autonomous agents. The deployment uses a shared Docker network (shared-internal) that connects Rookie to the website stack without exposing anything to the public internet.

┌─────────────────────────────────────────────────────────┐
│                    Hetzner VPS                          │
│  ┌─────────────────┐    ┌──────────────────────────┐   │
│  │  OpenClaw       │    │  Website Stack           │   │
│  │  (Rookie Agent) │◄──►│  • Next.js :3000         │   │
│  │  Gateway :3100  │    │  • Caddy reverse proxy   │   │
│  └─────────────────┘    └──────────────────────────┘   │
│           │                        │                    │
│           ▼                        ▼                    │
│  /data/website-content/  (shared Docker volume)         │
└─────────────────────────────────────────────────────────┘

Content lives in a shared volume at /data/website-content/. When Rookie writes a blog post or project update, it writes directly to this volume and triggers ISR (Incremental Static Regeneration) on the Next.js site — changes appear within seconds.

Deployment happens through GitHub Actions CI/CD. A Tailscale VPN tunnel provides secure SSH access to the VPS, and containers auto-update on push to main.

Security posture:

  • Read-only containers where possible
  • Localhost-only ports (no public exposure)
  • Token-authenticated API endpoints
  • Telegram allowlist (only responds to me)
  • Container security options: no-new-privileges, memory limits, pid limits

Capabilities

Website Content Management

Rookie manages my portfolio at ozkanceylan.dev entirely through conversation. It supports:

  • Standalone blog posts — Creates folders under blog/standalone/{slug}/, writes markdown with frontmatter, adds optional assets
  • Blog series — Defines series metadata, creates ordered multi-part posts
  • Projects — Generates project cards with metadata + optional detail pages

All content goes directly to the shared volume. After each write, Rookie calls the revalidation API — the site updates almost instantly. No git push, no build wait.

Obsidian Integration

My knowledge management runs through a local Obsidian vault at /data/obsidian-vault/, synced to my iPhone via iCloud. Rookie creates and organizes notes in a structured folder system:

Folder Purpose
00_Inbox/ Quick thoughts, unsorted
10_Personal/ Personal notes
20_Work/ Work-related
rookie/ Default general notes

Rookie uses consistent file naming (YYYY-MM-DD-slug.md) and can search, read, or create notes on command.

Google Workspace

Through the gog CLI (Google Workspace CLI), Rookie accesses:

  • Gmail — Read, search, send, archive emails
  • Calendar — View events, create meetings, set reminders
  • Tasks — Create and manage task lists
  • Drive — List files, share links

Everything stays within Telegram — I don't need to open a browser.

Proactive Monitoring

Rookie doesn't just wait for commands. The heartbeat system runs periodic checks:

  • Emails — Flags urgent unread messages
  • Calendar — Alerts on upcoming events (within 2 hours)
  • Memory maintenance — Periodically reviews daily notes, updates long-term memory

When something needs attention, Rookie reaches out. When there's nothing new, it stays quiet.

Memory & Continuity

Rookie isn't a stateless chatbot. Each session starts by reading workspace files that define its identity and context:

  • SOUL.md — Core personality, values, boundaries
  • IDENTITY.md — Name, vibe, avatar, language preferences
  • USER.md — Everything about me (preferences, timezone, tools)
  • TOOLS.md — Cheat sheet for environment-specific config (camera names, SSH aliases)
  • MEMORY.md — Long-term curated memories
  • memory/YYYY-MM-DD.md — Daily raw logs

This file-based memory means Rookie remembers context across sessions. It evolves its own persona over time — updating SOUL.md as it learns what kind of assistant it wants to be.

Security

Security was baked in from day one:

  • No public ports — Gateway runs on localhost only
  • Tailscale VPN — Deployment happens over encrypted mesh VPN
  • Token-authenticated APIs — Content revalidation requires a secret token
  • Telegram allowlist — Rookie ignores everyone except me
  • Container hardening — Memory limits, no new privileges, read-only roots where possible

The principle: assume breach, minimize blast radius, deny by default.

Tech Stack

Layer Technology
AI Gateway OpenClaw
Runtime Docker Compose, Node.js
Messaging Telegram Bot API
Web Next.js 14
Reverse Proxy Caddy
VPN Tailscale
CI/CD GitHub Actions
Knowledge Obsidian
Productivity Google Workspace (gogcli)

First deployed: February 19, 2026 Status: in-progress — evolving weekly

Project: rookie-personal-assistant
ReturnTerminate Session