Skip to content

Instantly share code, notes, and snippets.

@HashWarlock
Created January 28, 2026 17:34
Show Gist options
  • Select an option

  • Save HashWarlock/3305e782c4b130ac6259e7c6466dc661 to your computer and use it in GitHub Desktop.

Select an option

Save HashWarlock/3305e782c4b130ac6259e7c6466dc661 to your computer and use it in GitHub Desktop.
Moltbot in CVM with Redpill Private Models
# Clawdbot on Phala Cloud CVM
# Deploy with: docker compose -f docker-compose.phala.yml up -d
#
# Access the web UI at http://<DSTACK_APP_ID>-18789.<DSTACK_GATEWAY_URL>
# Configure channels and API keys via /setup (password protected)
#
# If REDPILL_API_KEY is set, the container auto-configures Redpill
# as the default provider on first boot.
services:
clawdbot:
# Comment out if using pre-built image
build:
context: .
dockerfile: Dockerfile
image: hashwarlock/clawdbot:redpill
environment:
HOME: /home/node
TERM: xterm-256color
# Redpill API key - auto-configures provider on first boot
REDPILL_API_KEY: ${REDPILL_API_KEY:-}
# Channel tokens - auto-configures channels on first boot
TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN:-}
DISCORD_BOT_TOKEN: ${DISCORD_BOT_TOKEN:-}
# Pre-approved user IDs (optional, comma-separated)
TELEGRAM_ALLOWED_USERS: ${TELEGRAM_ALLOWED_USERS:-}
DISCORD_ALLOWED_USERS: ${DISCORD_ALLOWED_USERS:-}
# Gateway configuration
GATEWAY_BIND: ${GATEWAY_BIND:-lan}
GATEWAY_PORT: ${GATEWAY_PORT:-18789}
GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
GATEWAY_TOKEN: ${GATEWAY_TOKEN:-}
GATEWAY_PASSWORD: ${GATEWAY_PASSWORD:-}
# Persistence paths inside container
CLAWDBOT_STATE_DIR: /home/node/.clawdbot
CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
volumes:
# Persistent storage for credentials, agents, sessions
- clawdbot-data:/home/node
# Host network mode: container shares CVM's network stack
# Gateway binds to LAN (0.0.0.0) by default, accessible via dstack proxy
network_mode: host
restart: unless-stopped
user: root
command: >
bash -c "
mkdir -p /home/node/.clawdbot /home/node/clawd &&
chown -R node:node /home/node &&
su node -c '/bin/bash /app/scripts/docker-entrypoint-phala.sh'
"
volumes:
clawdbot-data:
#!/bin/bash
# Phala Cloud CVM entrypoint - auto-configures Redpill provider on first boot
set -e
CONFIG_DIR="${CLAWDBOT_STATE_DIR:-/home/node/.clawdbot}"
CONFIG_FILE="$CONFIG_DIR/clawdbot.json"
# Create state directory if it doesn't exist
mkdir -p "$CONFIG_DIR"
# Build gateway auth arguments
GATEWAY_AUTH_ARGS=""
if [ "${GATEWAY_AUTH:-off}" = "token" ]; then
if [ -z "$GATEWAY_TOKEN" ]; then
# Generate a random token if not provided
GATEWAY_TOKEN=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 32)
echo "Generated gateway token: $GATEWAY_TOKEN"
fi
GATEWAY_AUTH_ARGS="--gateway-auth token --gateway-token $GATEWAY_TOKEN"
elif [ "${GATEWAY_AUTH:-off}" = "password" ]; then
if [ -z "$GATEWAY_PASSWORD" ]; then
echo "Error: GATEWAY_AUTH=password requires GATEWAY_PASSWORD to be set"
exit 1
fi
GATEWAY_AUTH_ARGS="--gateway-auth password --gateway-password $GATEWAY_PASSWORD"
else
GATEWAY_AUTH_ARGS="--gateway-auth off"
fi
# Check if we need to run initial setup
if [ ! -f "$CONFIG_FILE" ] && [ -n "$REDPILL_API_KEY" ]; then
echo "First boot detected with REDPILL_API_KEY - running auto-configuration..."
# shellcheck disable=SC2086
node dist/index.js onboard \
--non-interactive \
--accept-risk \
--mode local \
--auth-choice redpill-api-key \
--workspace "${CLAWDBOT_WORKSPACE_DIR:-/home/node/clawd}" \
--gateway-bind ${GATEWAY_BIND:-loopback} \
$GATEWAY_AUTH_ARGS \
--skip-daemon \
--skip-skills \
--skip-health \
--skip-ui
echo "Auto-configuration complete."
# Enable password/token-only auth for remote Control UI access
# This allows the web UI to connect without device pairing (Web Crypto API)
# which is required for HTTPS proxy deployments like Phala dstack
node dist/index.js config set gateway.controlUi.allowInsecureAuth true --json
echo "✓ Control UI configured for remote access"
# Configure channel allowlists if user IDs are provided
if [ -n "$TELEGRAM_ALLOWED_USERS" ] || [ -n "$DISCORD_ALLOWED_USERS" ]; then
echo "Configuring channel allowlists..."
if [ -n "$TELEGRAM_ALLOWED_USERS" ]; then
# Convert comma-separated list to JSON array
TELEGRAM_IDS=$(echo "$TELEGRAM_ALLOWED_USERS" | sed 's/,/", "/g' | sed 's/^/"/' | sed 's/$/"/')
node dist/index.js config set channels.telegram.dmPolicy allowlist || true
node dist/index.js config set "channels.telegram.allowFrom" "[$TELEGRAM_IDS]" --json || true
echo "✓ Telegram allowlist configured: $TELEGRAM_ALLOWED_USERS"
fi
if [ -n "$DISCORD_ALLOWED_USERS" ]; then
# Convert comma-separated list to JSON array
DISCORD_IDS=$(echo "$DISCORD_ALLOWED_USERS" | sed 's/,/", "/g' | sed 's/^/"/' | sed 's/$/"/')
node dist/index.js config set channels.discord.dm.policy allowlist || true
node dist/index.js config set "channels.discord.dm.allowFrom" "[$DISCORD_IDS]" --json || true
echo "✓ Discord allowlist configured: $DISCORD_ALLOWED_USERS"
fi
fi
echo "Starting gateway..."
fi
# Clean orphaned session locks from previous gateway restarts
# Gateway SIGUSR1 restart keeps PID=1 but clears in-memory lock state,
# leaving lock files that appear valid but are actually orphaned.
SESSIONS_DIR="$CONFIG_DIR/agents/main/sessions"
if [ -d "$SESSIONS_DIR" ]; then
LOCK_COUNT=$(find "$SESSIONS_DIR" -name "*.lock" -type f 2>/dev/null | wc -l)
if [ "$LOCK_COUNT" -gt 0 ]; then
echo "Cleaning $LOCK_COUNT orphaned session lock(s)..."
find "$SESSIONS_DIR" -name "*.lock" -type f -delete 2>/dev/null || true
fi
fi
# Start the gateway
exec node dist/index.js gateway \
--bind ${GATEWAY_BIND:-loopback} \
--port "${GATEWAY_PORT:-18789}" \
--allow-unconfigured
summary read_when
Use Redpill AI GPU TEE models in Clawdbot
You want privacy-focused inference with hardware-verified security
You want GPU TEE model setup guidance
You want to deploy Clawdbot on Phala Cloud for full TEE privacy

Redpill AI

Redpill AI provides access to AI models running in GPU-based Trusted Execution Environments (TEEs) with cryptographic attestation. All models run inside secure hardware enclaves, ensuring memory encryption, tamper-proof execution, and verifiable computation.

Why Redpill in Clawdbot

  • Hardware-verified privacy via GPU TEE technology with cryptographic attestation
  • Zero trust architecture with memory encryption and isolated execution
  • 18 verified models across 4 TEE providers (Phala, Tinfoil, Chutes, Near-AI)
  • Verifiable computation ensuring your prompts and responses stay private
  • OpenAI-compatible /v1 endpoints

Privacy Tiers

Redpill offers two privacy levels:

Tier Description Models Status
GPU TEE Hardware-verified privacy with cryptographic attestation. Models run in secure enclaves with memory encryption and tamper-proof execution. 18 models across Phala, Tinfoil, Chutes, Near-AI ✅ Available
Extended Additional models with standard privacy (no TEE hardware guarantee). TBD 🔜 Coming soon

Features

  • GPU TEE security: All models run in hardware-secured enclaves with cryptographic attestation
  • Memory encryption: Data stays encrypted in GPU memory during inference
  • Tamper-proof execution: Verifiable computation guarantees no unauthorized access
  • 4 TEE providers: Phala Network (10 models), Tinfoil (4), Chutes (1), Near-AI (3)
  • OpenAI-compatible API: Standard /v1 endpoints for easy integration
  • Streaming: ✅ Supported on all models
  • Function calling: ✅ Supported on select models
  • Vision: ✅ Supported on Qwen3 VL 30B model
  • No hard rate limits: Fair-use throttling may apply for extreme usage

Setup

1. Get API Key

  1. Sign up at redpill.ai
  2. Navigate to API Keys in your dashboard
  3. Create a new API key
  4. Copy your API key (format: rp_xxxxxxxxxxxx)

2. Configure Clawdbot

Option A: Environment Variable

export REDPILL_API_KEY="rp_xxxxxxxxxxxx"

Option B: Interactive Setup (Recommended)

clawdbot onboard --auth-choice redpill-api-key

This will:

  1. Prompt for your API key (or use existing REDPILL_API_KEY)
  2. Show all available GPU TEE models
  3. Let you pick your default model
  4. Configure the provider automatically

Option C: Non-interactive

clawdbot onboard --non-interactive \
  --auth-choice redpill-api-key \
  --token "rp_xxxxxxxxxxxx"

3. Verify Setup

clawdbot agent --message "Hello, are you working?"

Model Selection

After setup, Clawdbot shows all available Redpill models. Pick based on your needs:

  • Default (our pick): redpill/deepseek/deepseek-v3.2 for strong reasoning with GPU TEE privacy.
  • Best reasoning: redpill/deepseek/deepseek-r1-0528 or redpill/moonshotai/kimi-k2-thinking for complex reasoning tasks.
  • Best coding: redpill/qwen/qwen3-coder-480b-a35b-instruct for code generation and analysis.
  • Vision tasks: redpill/qwen/qwen3-vl-30b-a3b-instruct for image understanding.
  • Fast + capable: redpill/meta-llama/llama-3.3-70b-instruct for balanced performance.

Change your default model anytime using the /model directive in chat:

/model redpill/deepseek/deepseek-r1-0528

List all available models:

clawdbot models list | grep redpill

GPU TEE Models (18 Total)

All models run in hardware-secured GPU TEE environments with cryptographic attestation.

Phala Network (10 models)

Model ID Name Context Max Output Features
z-ai/glm-4.7-flash GLM 4.7 Flash 203k 128k General, multilingual
qwen/qwen3-embedding-8b Qwen3 Embedding 8B 33k 512 Embeddings
phala/uncensored-24b Uncensored 24B 33k 8k Uncensored
deepseek/deepseek-v3.2 DeepSeek v3.2 164k 8k Default, reasoning
qwen/qwen3-vl-30b-a3b-instruct Qwen3 VL 30B 128k 8k Vision
sentence-transformers/all-minilm-l6-v2 All-MiniLM-L6-v2 512 512 Embeddings
qwen/qwen-2.5-7b-instruct Qwen 2.5 7B Instruct 33k 8k General
google/gemma-3-27b-it Gemma 3 27B IT 54k 8k General
openai/gpt-oss-120b GPT OSS 120B 131k 8k General
openai/gpt-oss-20b GPT OSS 20B 131k 8k General

Tinfoil (4 models)

Model ID Name Context Max Output Features
moonshotai/kimi-k2-thinking Kimi K2 Thinking 262k 8k Reasoning
deepseek/deepseek-r1-0528 DeepSeek R1 164k 8k Reasoning
qwen/qwen3-coder-480b-a35b-instruct Qwen3 Coder 480B 262k 8k Code
meta-llama/llama-3.3-70b-instruct Llama 3.3 70B Instruct 131k 8k General

Chutes (1 model)

Model ID Name Context Max Output Features
minimax/minimax-m2.1 MiniMax M2.1 197k 8k General

Near-AI (3 models)

Model ID Name Context Max Output Features
deepseek/deepseek-chat-v3.1 DeepSeek Chat v3.1 164k 8k General
qwen/qwen3-30b-a3b-instruct-2507 Qwen3 30B Instruct 262k 8k General
z-ai/glm-4.6 GLM 4.6 203k 128k General, multilingual

Which Model Should I Use?

Use Case Recommended Model Why
General chat deepseek/deepseek-v3.2 Default, strong reasoning, GPU TEE
Complex reasoning deepseek/deepseek-r1-0528 Reasoning-optimized with R1 architecture
Long context reasoning moonshotai/kimi-k2-thinking 262k context, reasoning-focused
Coding qwen/qwen3-coder-480b-a35b-instruct Code-specialized, 262k context
Vision tasks qwen/qwen3-vl-30b-a3b-instruct Only vision model, 128k context
Fast + balanced meta-llama/llama-3.3-70b-instruct Llama 3.3, good all-around
Uncensored phala/uncensored-24b No content restrictions
Embeddings qwen/qwen3-embedding-8b Text embeddings

Pricing

Redpill uses a credit-based system. Check redpill.ai/pricing for current rates.

All GPU TEE models incur costs based on:

  • Input tokens (per 1M tokens)
  • Output tokens (per 1M tokens)
  • TEE attestation overhead (minimal)

Usage Examples

# Use default model (configured in agents.defaults.model.primary)
clawdbot agent --message "Your question here"

# Configure a specific default model
clawdbot config set agents.defaults.model.primary redpill/deepseek/deepseek-r1-0528

# Use with local session
clawdbot agent --local --session-id my-session --message "Your question here"

# Switch model mid-chat using /model directive
> /model redpill/moonshotai/kimi-k2-thinking

Streaming & Tool Support

Feature Support
Streaming ✅ All models
Function calling ✅ Select models (check model capabilities)
Vision/Images ✅ Qwen3 VL 30B only
JSON mode ✅ Supported via response_format

Troubleshooting

API key not recognized

echo $REDPILL_API_KEY
clawdbot models list | grep redpill

Ensure the key starts with rp_.

Model not available

Run clawdbot models list | grep redpill to see currently available models. All 18 GPU TEE models should be listed.

Connection issues

Redpill API is at https://api.redpill.ai/v1. Ensure your network allows HTTPS connections.

TEE attestation failed

If you receive attestation errors:

  1. Try a different TEE provider model
  2. Verify your API key is valid
  3. Check the main Redpill website for service announcements

Config File Example

{
  env: { REDPILL_API_KEY: "rp_..." },
  agents: { defaults: { model: { primary: "redpill/deepseek/deepseek-v3.2" } } },
  models: {
    mode: "merge",
    providers: {
      redpill: {
        baseUrl: "https://api.redpill.ai/v1",
        apiKey: "${REDPILL_API_KEY}",
        api: "openai-completions",
        models: [
          {
            id: "deepseek/deepseek-v3.2",
            name: "DeepSeek v3.2 (GPU TEE)",
            reasoning: false,
            input: ["text"],
            cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
            contextWindow: 164000,
            maxTokens: 8192
          }
        ]
      }
    }
  }
}

Deploy on Phala Cloud (Full TEE Stack)

For maximum privacy, deploy Clawdbot itself inside a Phala Cloud CVM (Confidential Virtual Machine). This creates an end-to-end TEE stack where both the application and the AI inference run in hardware-secured enclaves.

Why Phala Cloud + Redpill

Layer TEE Protection
Application Clawdbot runs in Phala Cloud CVM with Intel TDX
AI Inference Redpill routes to GPU TEE models (Phala, Tinfoil, etc.)
Result Your prompts never leave secure enclaves from input to output

Prerequisites

  1. Phala Cloud account with API key
  2. Redpill AI API key
  3. Docker installed locally
  4. Phala CLI: npm install -g phala

Quick Deployment

1. Authenticate with Phala Cloud

phala auth login <your-phala-cloud-api-key>

2. Create docker-compose.phala.yml

The container auto-configures Redpill as the default provider when REDPILL_API_KEY is set on first boot.

# docker-compose.phala.yml for Phala Cloud CVM
services:
  clawdbot:
    image: hashwarlock/clawdbot:redpill
    environment:
      HOME: /home/node
      TERM: xterm-256color
      # Auto-configures Redpill provider on first boot
      REDPILL_API_KEY: ${REDPILL_API_KEY}
      # Auto-configures messaging channels when tokens are provided
      TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN:-}
      DISCORD_BOT_TOKEN: ${DISCORD_BOT_TOKEN:-}
      # Gateway configuration
      GATEWAY_PORT: ${GATEWAY_PORT:-18789}
      GATEWAY_AUTH: ${GATEWAY_AUTH:-off}
      # Persistence paths
      CLAWDBOT_STATE_DIR: /home/node/.clawdbot
      CLAWDBOT_WORKSPACE_DIR: /home/node/clawd
    volumes:
      - clawdbot-data:/home/node
    network_mode: host
    restart: unless-stopped

volumes:
  clawdbot-data:

3. Create .env file

# .env - secrets are encrypted to the TEE
REDPILL_API_KEY=rp_xxxxxxxxxxxx
# Optional: messaging channels (auto-configure on boot)
# TELEGRAM_BOT_TOKEN=your-telegram-bot-token
# DISCORD_BOT_TOKEN=your-discord-bot-token
# Optional: pre-approve specific users (skips pairing step)
# TELEGRAM_ALLOWED_USERS=123456789,987654321
# DISCORD_ALLOWED_USERS=123456789012345678,987654321098765432
# Optional: protect the web UI with password auth
# GATEWAY_AUTH=password
# GATEWAY_PASSWORD=your-secure-password

4. Deploy to Phala Cloud

phala deploy \
  --name clawdbot-tee \
  --compose ./docker-compose.phala.yml \
  --env-file ./.env \
  --vcpu 2 \
  --memory 4G \
  --disk-size 20G

5. Access the Gateway

After deployment, get your CVM's public URL:

phala cvms get clawdbot-tee

The gateway URL follows the Phala Cloud dstack format: https://<DSTACK_APP_ID>-18789.<DSTACK_GATEWAY_URL>. If you enabled GATEWAY_AUTH=password, add ?password=your-password to the URL.

Managing Your Deployment

# View logs
phala cvms logs clawdbot-tee

# Check status
phala cvms get clawdbot-tee

# SSH into CVM (if deployed with --dev-os)
phala ssh clawdbot-tee

# Update deployment (use CVM ID from phala cvms get)
phala deploy --cvm-id app_xxxxx --compose ./docker-compose.phala.yml

# Or if phala.toml exists from initial deploy, just run:
phala deploy

Configuration via Web UI

Redpill is automatically configured as the default provider on first boot. If you provided TELEGRAM_BOT_TOKEN or DISCORD_BOT_TOKEN, those channels are also auto-configured and running.

Access your gateway URL to:

  1. Configure additional channels (Slack, Signal, WhatsApp) via the Channels page
  2. Start chatting with full TEE privacy (Redpill is already set as default)
  3. View and switch models via the Config page (/config)

Environment Variables

Variable Required Description
REDPILL_API_KEY Yes Your Redpill API key (auto-configures all 18 GPU TEE models on first boot)
TELEGRAM_BOT_TOKEN No Telegram bot token (auto-configures and starts Telegram channel on boot)
DISCORD_BOT_TOKEN No Discord bot token (auto-configures and starts Discord channel on boot)
TELEGRAM_ALLOWED_USERS No Comma-separated Telegram user IDs to pre-approve (e.g. 123456789,987654321)
DISCORD_ALLOWED_USERS No Comma-separated Discord user IDs to pre-approve (e.g. 123456789012345678,987654321098765432)
GATEWAY_PORT No Gateway port (default: 18789)
GATEWAY_AUTH No Gateway auth mode: off, token, or password (default: off)
GATEWAY_TOKEN No Gateway token (required when GATEWAY_AUTH=token)
GATEWAY_PASSWORD No Gateway password (required when GATEWAY_AUTH=password)
CLAWDBOT_STATE_DIR No Config/credentials path (default: /home/node/.clawdbot)
CLAWDBOT_WORKSPACE_DIR No Workspace path (default: /home/node/clawd)

Securing Your Deployment

For production deployments, enable gateway authentication to protect the web UI:

# .env - with password auth enabled
REDPILL_API_KEY=rp_xxxxxxxxxxxx
GATEWAY_AUTH=password
GATEWAY_PASSWORD=your-secure-password

Access the UI: https://<DSTACK_APP_ID>-18789.<DSTACK_GATEWAY_URL>?password=your-secure-password

For token-based auth (alternative):

GATEWAY_AUTH=token
GATEWAY_TOKEN=your-secret-gateway-token

Access with: https://<DSTACK_APP_ID>-18789.<DSTACK_GATEWAY_URL>?token=your-secret-gateway-token

Adding Messaging Channels

The following channels work in Docker/Linux environments (no Mac services required):

Channel Setup Environment Variables
Telegram Easy TELEGRAM_BOT_TOKEN
Discord Easy DISCORD_BOT_TOKEN
Slack Medium SLACK_APP_TOKEN, SLACK_BOT_TOKEN
WhatsApp Medium QR code login via /setup wizard
Signal Hard Requires signal-cli + Java

Configure channels via the /setup wizard at https://<cvm-url>:18789/setup.

Finding Your User IDs

To pre-approve users (skip pairing), you need their platform-specific user IDs:

Telegram User ID:

  1. Send a message to your bot on Telegram
  2. The bot will reply with a pairing code and show your user ID:
    Clawdbot: access not configured.
    
    Your Telegram user id: 1868695838
    
    Pairing code: ABCD1234
    
  3. Copy the user ID (e.g., 1868695838)
  4. Add it to .env: TELEGRAM_ALLOWED_USERS=1868695838

Discord User ID:

  1. Send a message to your bot on Discord
  2. The bot will reply with a pairing code and show your user ID:
    Clawdbot: access not configured.
    
    Your Discord user id: 723570216251949194
    
    Pairing code: XYZW5678
    
  3. Copy the user ID (e.g., 723570216251949194)
  4. Add it to .env: DISCORD_ALLOWED_USERS=723570216251949194

Alternative Methods:

Telegram:

  • Use @userinfobot on Telegram
  • Forward a message to the bot to get the sender's ID

Discord:

  • Enable Developer Mode: Settings → Advanced → Developer Mode
  • Right-click your username → Copy User ID

Persistent Storage

The clawdbot-data volume stores:

  • Channel credentials and tokens
  • Agent configurations
  • Session history
  • Workspace files

Data persists across CVM restarts and upgrades.

More Information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment