VPS Specifications (Per Insurance Client)

# Recommended: Hetzner CPX51 or AWS equivalent- CPU: 16 vCores- RAM: 32 GB- Storage: 500 GB NVMe (encrypted)- Network: VPN-only access, dedicated VLAN- OS: Ubuntu 22.04 LTS- Cost: ~€65/month ($70) per client

Security Hardening (PII/PHI Protection - HIPAA Compliance

# 1. Complete isolation per insurersudo adduser clawbot-insurance --disabled-passwordsudo mkdir -p /home/clawbot-insurance/{Memory,Skills,Workflows,Logs,Temp}sudo chown -R clawbot-insurance:clawbot-insurance /home/clawbot-insurancesudo chmod 700 /home/clawbot-insurance
# 2. Full disk encryption (HIPAA requirement)sudo cryptsetup luksFormat /dev/nvme1n1sudo cryptsetup open /dev/nvme1n1 insurance-cryptsudo mkfs.ext4 /dev/mapper/insurance-crypt
# 3. VPN-only accesssudo ufw default deny incomingsudo ufw allow from 10.8.0.0/24sudo ufw enable
# 4. Audit logging (HIPAA compliance)sudo auditctl -w /home/clawbot-insurance/ -p rwxa -k insurance-accesssudo auditctl -w /home/clawbot-insurance/Memory/Claims/ -p rwxa -k claim-data
# 5. Immutable audit logssudo mkdir -p /var/log/clawbot-auditsudo chattr +a /var/log/clawbot-audit
# 6. Daily key rotation0 0 * * * /home/clawbot-insurance/Scripts/rotate-keys.sh
# 7. Data retention (7 years for insurance - state requirements)# Auto-archive after 7 years, secure deletion

Required API Keys & Credentials

mkdir -p /home/clawbot-insurance/.secrets/chmod 700 /home/clawbot-insurance/.secrets/
# Required:# - ANTHROPIC_API_KEY (Claude Opus 4.5)# - GUIDEWIRE_API_KEY (or Duck Creek/Salesforce)# - LEXISNEXIS_API_KEY (fraud detection)# - ISO_CLAIMSEARCH_API_KEY (claims history)# - GOOGLE_VISION_API_KEY (document OCR)# - STRIPE_API_KEY (payments)# - SLACK_BOT_TOKEN