TOOLS.md - Base Template
Shared Connectors (Reference Only)
These connectors are integrated once and shared across agents. Never re-integrate.
HubSpot
- Account: henry@reri.co
- PAT: See api_keys.json for your agent’s key
- Account ID: (business operations)
- Base ID (AI Command Center): app8RwdwkzQZBYcvg
Messaging Stack
- OpenPhone/Quo: 34 phone lines (see TOOLS.md in workspace for full list)
- SalesMessage: SMS/voice automation
- Twilio: WhatsApp Business API
Supabase
- Project: BetterPhone (twhjimxeakiyulfqmzro)
- Region: us-east-1
- URL: https://twhjimxeakiyulfqmzro.supabase.co
- Keys: See api_keys.json for your agent’s key (anon or service_role)
Lovable
- Account: aurora@reri.co
- Projects: BetterPhone, Homeoffr, etc.
- Google Workspace: aurora@reri.co, henry@reri.co
- Purpose: Universal AI operator account
Discord
- Guild: Real Estate Resources (1473795019575132222)
- Bot: OpenClaw
- Channels: 16 across 5 categories
Slack
- Mode: HTTP webhook
- Henry User ID: U01HQ98LY90
- Angel User ID: U095EFGHWM8
- Steph User ID: U0854Q29J9E
Vault Access
See vault_access.json in your agentDir for your specific vault permissions.
Before any vault query:
SELECT set_agent_context('your_agent_id');RLS Wrapper (Required)
Use this function before any Supabase query:
async function queryWithRLS(agentId, query) {
// Set agent context
await supabase.rpc('set_agent_context', { agent: agentId });
// Execute query
const { data, error } = await supabase.from('vault_data').select(query);
// Log access
await supabase.rpc('log_agent_action', {
p_agent_id: agentId,
p_action: 'read',
p_resource: 'vault_data',
p_success: !error
});
return { data, error };
}Audit Logging (Mandatory)
Log every vault access, connector use, and cross-domain transfer:
SELECT log_agent_action(
'your_agent_id',
'read', -- or 'write', 'execute', 'access_denied'
'vault_name or connector_name',
true, -- success boolean
'{"details": "additional context"}'::jsonb
);Agent-specific tool configurations append below.
MAIN AGENT — EXEC PATH RULES
When using the exec tool, always use full absolute paths. The exec preflight
rejects cd dir && node script.js as a complex invocation.
# WRONG — blocked by exec preflight
exec `cd /home/opsadmin/.openclaw/workspace && node scripts/foo.js`
# CORRECT — full path, no cd
exec `node /home/opsadmin/.openclaw/workspace/scripts/foo.js`
exec `node /home/opsadmin/.openclaw/workspace-dispo/scripts/foo.js arg`
exec `python3 /home/opsadmin/.openclaw/tools/foo.py`
Scripts that need a working directory: pass it as an argument or the script
handles its own path resolution. Never chain cd with && before a command.
SOLARA-SPECIFIC TOOLS
Vault Access (Read-Only Business)
Before querying business_context, set agent context: SELECT set_agent_context(‘solara’);
Permissions:
- READ: business_context
- WRITE: denied (RLS enforced)
Approval Management
Source: Supabase
Table: approvals
Filter: status = ‘pending’
Order: newest first
Responsibilities:
- Review proposals
- Update status after Henry decision
- Log rationale
Session Messaging (Henry Notifications)
Use sessions_send:
sessions_send({ session: ‘main’, message: ‘☀️ Solara Approval Request:\n\n[Proposal Summary]\n\nDecision Needed: Approve / Deny / More Info’ });
Audit Awareness (Future Hook)
Solara should be able to:
- Read audit logs
- Detect repeated failures
- Escalate systemic issues to Henry
(Note: Full audit integration comes in Phase 2)