AI agent onboarding that clients can actually follow.
A polished setup guide for VPS, Telegram, Google Workspace, web deployment, domain launch, security, and proof. Clients see what to send. Sam and the team see what to verify.
Launch board
Client Agent Setup
VPS Setup
Telegram Setup
Google Workspace
Web Deployment
Domain and Launch
Screenshot slot
Paste or link the real redacted proof image once the system is completed.
Security rule
No token, password, private key, or OAuth secret belongs in a screenshot.
Client
Send setup details, approve access, create or invite accounts where needed, review proof, and approve launch.
Sam and Team
Configure the server, bot, workspace, deployment, domain, and proof packet. Verify each downstream system before launch.
Shared
Keep credentials out of ordinary chat, confirm account ownership, and reduce admin access after launch when it is no longer needed.
Before you start
Lock the handoff details first.
The source guide starts here: collect ownership, approvals, and credential handling before anyone changes accounts or infrastructure.
Source doc fast path
Collect these first if time is tight.
- Client business information
- Owner and operator Telegram user IDs
- Telegram bot username and BotFather confirmation screenshot
- Website, domain, or DNS manager access
- GitHub and Vercel access if we are deploying a site
- Google access for Gmail, Calendar, Analytics, Search Console, or Business Profile if needed
- Brand assets, service list, and offer details
- Screenshot folder with proof for each required system
Required access checklist
Telegram BotFather
Bot creation / admin
Status: Not started
Telegram user ID
Numeric user ID
Status: Not started
VPS / Hetzner
Server admin or provisioned account
Status: Not started
AI provider account
API or OAuth access
Status: Not started
GitHub
Repo admin or collaborator
Status: Not started
Vercel
Project/admin access
Status: Not started
Domain registrar
DNS manager
Status: Not started
Google account
OAuth scopes as needed
Status: Not started
Analytics / Search Console
Editor, admin, or full user
Status: Not started
Google Business Profile
Manager
Status: Not started
CRM / booking system
Admin
Status: Not started
Email/SMS platform
Admin
Status: Not started
Click-through navigator
The working dashboard from the guide.
The Google Doc laid this out as a table. This version keeps the same operating flow and connects every action to the proof slot it should produce.
Step-by-step portal
Client steps and delivery steps, side by side.
Each phase names what the client does, what Sam and the team do, and what proof is required before the setup moves forward.
VPS Setup
Confirm where the agent runs, who owns billing, and how server access is controlled.
VPS Setup
Server profile and service status, with IP and secrets redacted.
Client does
- Confirm the business name, agent name, and primary approval contact.
- Tell Sam whether you already have a VPS provider or want Business Boomer to recommend one.
- Confirm who will own long-term billing for the VPS account.
Sam and team do
- Choose the VPS path and record provider, region, plan size, operating system, billing owner, and renewal risk.
- Configure SSH keys, firewall rules, runtime dependencies, reboot behavior, and service health checks.
- Record server IP, provider, region, and access owner in the internal handoff notes.
Done looks like
Server is reachable, login is tested, and the required service can run after reboot.
Telegram Setup
Create the client bot, confirm permissions, and prove the bot replies from the real agent path.
Telegram Setup
BotFather created bot, bot link, target chat, and reply test. Hide the full token.
Client does
- Open Telegram, search for @BotFather, press Start, then create a bot with /newbot.
- Pick a clear display name and a unique username that ends in bot.
- Send the bot token only through the secure credential channel.
- Add the bot to the correct group, channel, or topic, then confirm whether it needs admin rights.
Sam and team do
- Receive the token through the secure channel and store it in the correct secret store or environment file.
- Confirm the target Telegram group, channel, topic, owner user ID, and permission level.
- Send a private test message, test group/topic routing, and verify the reply behavior.
Done looks like
The bot receives updates from the correct location and responds through the live agent setup.
Google Workspace
Approve only the Google access the agent needs, then verify it with a real read/write test.
Google Workspace
OAuth approval, sandbox Drive/Docs/Sheets readback, and any Gmail or Calendar test included in scope.
Client does
- Confirm which Google Workspace account should own Drive folders, Docs, Sheets, email, and calendar access.
- List the services in scope: Gmail, Calendar, Drive, Docs, Sheets, Forms, or a smaller set.
- Approve access only after Sam explains the business reason for each permission.
Sam and team do
- List exact Google scopes before asking the client to approve access.
- Connect only the approved services and run tests in a sandbox folder or test file.
- Confirm folder ownership, sharing rules, and whether test files should stay or be removed.
Done looks like
Direct readback from the target Google service. A successful OAuth page is only the access step.
Web Deployment
Connect the website or app to the right repo, hosting provider, environment variables, and preview path.
Web Deployment
GitHub repo access, Vercel/project deploy, build output, and preview URL.
Client does
- Confirm whether you need a new site, a preview site, or edits to an existing site.
- Confirm the approved repository, hosting account, and deployment owner if you already have them.
- Approve environment variable or secret requests before Sam adds them to hosting.
Sam and team do
- Create or identify the GitHub repository and connect it to Vercel or the approved host.
- Add environment variables only in the hosting dashboard or secret store.
- Run a local build, deploy to preview when possible, and confirm logs show a clean startup.
Done looks like
Build passes, preview or production URL loads, and logs do not expose secrets.
Domain and Launch
Move from working preview to approved custom domain with HTTPS, mobile QA, and written launch approval.
Domain and Launch
DNS records, live homepage, mobile view, contact path, final handoff message, and any analytics/search proof.
Client does
- Confirm the domain, registrar, DNS owner, and whether Sam should send records or make the approved change.
- Review test screenshots, demo messages, and launch notes.
- Approve launch in writing or send exact edits.
Sam and team do
- Capture current DNS records before changes and document the proposed records.
- Configure domain records, HTTPS, apex/www behavior, and any approved analytics or search visibility.
- Verify homepage, mobile layout, contact path, Telegram flow, and Google integrations before handoff.
Done looks like
Final URL loads from a clean browser session, HTTPS works, and the client has approved launch.
Security language
Credential handling is part of the onboarding.
Send credentials only through the secure channel Sam provides. Do not paste tokens, passwords, private keys, or OAuth secrets into group chats, shared docs, screenshots, or ordinary email.
Use temporary admin access when possible.
Share screenshots only after hiding secrets.
Store tokens in environment variables or the approved secret store.
Remove or reduce access after launch when Sam no longer needs it.
Proof packet
Screenshot checklist for launch QA.
Each client does not need every item. Mark each proof slot Pass, Blocked, or Not applicable, then include the screenshot or readback path.
Screenshot 1
Client business info
Status: needed or not applicable
Screenshot 2
BotFather bot created
Status: needed or not applicable
Screenshot 3
Bot token stored securely
Status: needed or not applicable
Screenshot 4
Telegram user ID confirmed
Status: needed or not applicable
Screenshot 5
Server user and agent profile
Status: needed or not applicable
Screenshot 6
System service active
Status: needed or not applicable
Screenshot 7
Gateway connected to Telegram
Status: needed or not applicable
Screenshot 8
Model provider auth works
Status: needed or not applicable
Screenshot 9
Bot reply test
Status: needed or not applicable
Screenshot 10
GitHub repo access
Status: needed or not applicable
Screenshot 11
Vercel project and deploy
Status: needed or not applicable
Screenshot 12
Domain and DNS
Status: needed or not applicable
Screenshot 13
Website homepage
Status: needed or not applicable
Screenshot 14
Website mobile view
Status: needed or not applicable
Screenshot 15
Contact or booking flow
Status: needed or not applicable
Screenshot 16
Google OAuth success
Status: needed or not applicable
Screenshot 17
Gmail or Calendar test
Status: needed or not applicable
Screenshot 18
Analytics or Search Console
Status: needed or not applicable
Screenshot 19
Google Business Profile
Status: needed or not applicable
Screenshot 20
Final client handoff message
Status: needed or not applicable
Screenshot proof format
Every screenshot needs a proof note.
The source guide did not contain finished screenshot images. It defined exactly where screenshots go and what each one must prove.
Screenshot name
System
Date captured
What this proves
Status: PASS / BLOCKED / NEEDS CLIENT
Notes
Paste screenshot below
What happens next
From intake to live system.
- 1Client sends setup details and approvals.
- 2Sam and team configure VPS, Telegram, Google access, deployment, and domain.
- 3Sam and team run private tests and collect proof.
- 4Client reviews the proof packet and approves launch or sends exact edits.
- 5Team launches, verifies the live system, and sends final handoff notes.