Skip to content
Le Sanctum

Health Monitoring

The health dashboard — your house gets more checkups than you do, and it doesn't even complain about the copay

Your house already monitors itself. It seemed only fair to let it monitor you too. Sanctum includes a health data pipeline that ingests Apple Health metrics from your iPhone and feeds them into the Cilghal health agent for analysis. The pipeline uses the Health Auto Export iOS app to push data to a FastAPI service running on the VM — through a Cloudflare tunnel, because your resting heart rate deserves enterprise-grade security.

Architecture

Section titled “Architecture”
iPhone (Health Auto Export)
  │ HTTPS POST (hourly)
  
Cloudflare Tunnel (health.nepveu.name)
  │ CF Access (OTP + Service Token)
  
Mac Mini (SSH tunnel, port 10101)
  
  
Ubuntu VM (health-ingester.py, FastAPI)
  
  ├── Rolling JSON files (~/.openclaw/health-data/)
  └── Graphiti knowledge graph (for Cilghal agent)

Five hops between your wrist and the knowledge graph. Each one encrypted. The Cold War had simpler supply chains.

Prerequisites

Section titled “Prerequisites”
  • Health Auto Export app installed on iPhone (App Store)
  • Health ingester running on VM (part of standard Sanctum setup)
  • Cloudflare tunnel with CF Access configured for health.nepveu.name

iPhone Setup

Section titled “iPhone Setup”

  1. Install Health Auto Export from the App Store

  2. Open the app and grant access to Apple Health data

  3. Go to Automations tab

  4. Tap + to create a new automation

  5. Select REST API as the type

  6. Configure the endpoint:

    FieldValue
    URLhttps://health.nepveu.name/ingest
    MethodPOST

  7. Add three headers:

    HeaderValue
    AuthorizationBearer <HEALTH_INGESTER_TOKEN>
    CF-Access-Client-Id<from Keychain: cf-access-health-client-id>
    CF-Access-Client-Secret<from Keychain: cf-access-health-client-secret>

  8. Select metrics to export (recommended minimum):

    • Heart Rate
    • Resting Heart Rate
    • Steps
    • Active Energy
    • Sleep Analysis
    • Weight
    • Blood Pressure (if available)
    • Blood Oxygen (if available)

  9. Set schedule to every 1 hour

  10. Save and tap Test to verify

Health Ingester Service

Section titled “Health Ingester Service”

The ingester is a FastAPI service on the VM that receives health data, extracts key metrics, and stores them for the Cilghal agent.

SettingValue
LocationVM (~/.openclaw/health-ingester.py)
Port10101 (bound to 10.10.10.10)
AuthBearer token (from SOPS)
Max payload5 MB
Rate limit20 ingests/minute
Data storage~/.openclaw/health-data/ (rolling JSON)

Endpoints

Section titled “Endpoints”
EndpointMethodAuthPurpose
/healthGETNoneHealth check
/ingestPOSTBearerReceive health data from iOS

Starting the Service

Section titled “Starting the Service”

The ingester is started via the SOPS wrapper which injects secrets as environment variables:

Terminal window
SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt \
  HEALTH_INGESTER_HOST=10.10.10.10 \
  ~/.openclaw/sops-start.sh health-ingester \
  ~/.openclaw/health-ingester-venv/bin/python3 \
  ~/.openclaw/health-ingester.py

Verifying

Section titled “Verifying”

Test the endpoint from the Mac:

Terminal window
curl -s -H "CF-Access-Client-Id: $(security find-generic-password -a sanctum -s cf-access-health-client-id -w)" \
     -H "CF-Access-Client-Secret: $(security find-generic-password -a sanctum -s cf-access-health-client-secret -w)" \
     https://health.nepveu.name/health

A successful response returns {"status": "ok"}.

Cloudflare Access

Section titled “Cloudflare Access”

The health endpoint is protected by Cloudflare Access with two authentication methods:

  • OTP (email) for browser access by the owner
  • Service Token for automated sync from Health Auto Export

The service token expires annually and credentials are stored in the Mac Keychain. Mark your calendar, or don’t — the watchdog will let you know when it stops working.

Cilghal Agent

Section titled “Cilghal Agent”

The Cilghal agent on the VM reads ingested health data and maintains a knowledge graph of health trends. It provides daily health briefings and can answer questions about historical health metrics.

Data flows: Health Auto Export → ingester → JSON files + Graphiti KG → Cilghal agent queries.

An AI named after a Mon Calamari healer, running inside a virtual machine, inside a Mac Mini, analyzing your sleep patterns through a knowledge graph. If you find this normal, you’ve been reading these docs too long.