HeckLab
AI-for-Ops

I gave my homelab a Telegram brain

How a single Telegram bot wired to an AI agent became the control plane for my whole homelab — and the guardrails that stop it doing anything catastrophic.

The most useful thing I built this year isn’t a dashboard. It’s a Telegram bot called Steveo that I can message like a colleague — “is the NAS healthy?”, “restart the AVD pool”, “what’s eating CPU on the lab box” — and it just does it.

It’s an AI agent with hands. Here’s how it’s wired and, more importantly, how it’s fenced.

Why a chat box beats a dashboard

Dashboards make you go and look. A chat agent comes to you, and it collapses intent-to-action. I don’t want to open three tabs to bounce a service — I want to type “bounce it” from my phone on the couch and get a 👍 back.

The interface being dumb is the feature. Telegram is everywhere, it does push notifications for free, and inline buttons give me a clean approve/deny gate without building any UI.

The shape of it

me (Telegram) ──▶ bot ──▶ agent (Claude) ──▶ tools ──▶ homelab

                              └── anything risky? → ask me first (inline buttons)

The agent has a toolbox: read system health, query Home Assistant, run a whitelisted set of commands, hit a few internal APIs. Each tool is a small, well-defined function — never “run arbitrary shell.” That boundary is doing a lot of work.

The guardrails (this is the actual content)

The fun demo is the agent restarting a service. The reason it’s still running months later is the boring part:

  1. Allowlist, not shell. It can call the operations I’ve explicitly exposed. It cannot invent new ones. There is no “just run this command” escape hatch.
  2. Human gate on anything destructive. Reads and restarts are fine to do directly. Anything that deletes, wipes, or reconfigures comes back to me as an inline yes/no first.
  3. Least privilege per tool. The thing that reads NAS health can’t touch the firewall. Blast radius is capped at the tool, not the agent.
  4. It narrates. Every action gets a one-line “here’s what I did and why” in the thread, so there’s an audit trail in my pocket.

What it actually saves

Not hours of work — it saves activation energy. The cost of “ugh, I’ll deal with it later” drops to near zero when fixing it is one message. Small problems get handled while they’re small. That compounds more than any single automation.

Would I let it run unsupervised?

No — and that’s the point. The agent is fast and tireless and occasionally confidently wrong. The whole design assumes that last part is true. Give an agent hands, and the guardrails are the engineering. The chat is just the easy bit.

#agents#telegram#homelab#automation
// subscribe

Get the lab notes

New teardowns and tools, roughly weekly. No spam, no fluff — unsubscribe anytime.

// newsletter endpoint not yet configured