OpenClaw and VNCMac Telegram automation for Mac App Store uploads

OpenClaw + VNCMac Hands-On: Telegram Remote Control for Mac App Store Automation

8 min read
OpenClaw Telegram Bot Mac Automation

This guide walks through building a complete hands-free iOS development pipeline: send a message to a Telegram bot, trigger an automated build on a remote Mac, and upload the signed IPA to App Store Connect. We combine OpenClaw AI agent with VNCMac dedicated Macs and Fastlane to create a workflow that runs without manual Xcode interaction.

Why Telegram + OpenClaw + Remote Mac?

Telegram offers a free bot API with unlimited messages, cross-device sync, and rich message formatting. OpenClaw is an autonomous AI agent that runs on macOS, integrates with Telegram, and can execute system commands, AppleScript, and shell tasks with approval workflows. A dedicated remote Mac from VNCMac provides bare-metal hardware with full accessibility APIs and persistent environment for builds, certificates, and signing assets.

Traditional CI/CD platforms charge per build minute or require complex YAML configurations. With Telegram as your control interface, you get natural-language commands and instant feedback. OpenClaw acts as the execution layer, calling Fastlane or Xcode build scripts on command. The remote Mac stays online 24/7, eliminating local machine dependency and hardware costs.

Architecture Overview

The stack consists of three components: a Telegram bot (created via @BotFather), the OpenClaw Gateway running on a VNCMac remote Mac, and Fastlane lanes for build and distribution. You interact with the Telegram bot; OpenClaw receives messages, validates commands, and triggers shell scripts that invoke Fastlane. Fastlane handles Xcode archive, signing, and upload to App Store Connect.

"Telegram's bot API is free, reliable, and requires no server infrastructure. OpenClaw turns the remote Mac into a conversational agent that responds to build requests, error reports, and status queries." — OpenClaw community docs

Prerequisites

Before starting, ensure you have the following:

  • Remote Mac mini: VNCMac dedicated instance with SSH access and Remote Login enabled. M4 16GB or higher recommended for parallel builds.
  • Xcode installed: Latest stable version with Command Line Tools. Verify with xcode-select -p.
  • Apple Developer Account: Valid signing certificates and provisioning profiles in Keychain or Fastlane Match.
  • Fastlane: Install via sudo gem install fastlane or bundler. Configure Appfile and Fastfile for your project.
  • Telegram account: Create a bot with @BotFather and save the API token.
  • OpenClaw installed: On the remote Mac, follow official installation for the Gateway CLI. Node.js 22+ required.

Step 1: Create Telegram Bot

Open Telegram, search for @BotFather, and send /newbot. Follow prompts to name the bot and choose a username (must end in "bot"). BotFather returns an API token. Save this securely; you will add it to OpenClaw config. 

Use this token to access the HTTP API:
1234567890:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw

Set privacy mode with /setprivacy to Disable if you plan to use the bot in group chats. For solo use, default privacy is sufficient.

Step 2: Configure OpenClaw on Remote Mac

SSH into the VNCMac instance. Install OpenClaw CLI globally and configure the Gateway. Edit the OpenClaw config file (typically ~/.config/openclaw/config.json or in the app settings directory). Add the Telegram token under channels.telegram: 

{
  "channels": {
    "telegram": {
      "token": "1234567890:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw",
      "dmPolicy": "pairing"
    }
  }
}

The dmPolicy: "pairing" setting requires you to approve the bot via a pairing code sent by DM. For automated CI, you can use "allowlist" with a list of approved chat IDs. Start the Gateway with the Launch Agent or manually in a tmux session for testing. The Gateway will poll Telegram and respond to messages.

Step 3: Set Up Fastlane

In your iOS project directory on the remote Mac, initialize Fastlane if not already configured: 

cd ~/projects/YourApp
fastlane init

Choose option 2 for manual setup. Edit fastlane/Fastfile to define lanes for build and upload: 

default_platform(:ios)

platform :ios do
  desc "Build and upload to TestFlight"
  lane :release do
    increment_build_number(xcodeproj: "YourApp.xcodeproj")
    build_app(scheme: "YourApp")
    upload_to_testflight(
      api_key_path: "fastlane/AuthKey_ABCDEFGH.json",
      skip_waiting_for_build_processing: true
    )
  end
end

Place your App Store Connect API key JSON in the fastlane/ directory. Verify the lane runs locally: fastlane release. First run may prompt for Keychain access; approve and save the password to avoid future prompts.

Step 4: Create Telegram Command Handler

OpenClaw can execute shell commands when you send specific messages. Define a simple script that OpenClaw will call. Create ~/scripts/build-release.sh: 

#!/bin/bash
set -e
cd ~/projects/YourApp
git pull origin main
fastlane release
echo "Build and upload completed successfully"

Make it executable: chmod +x ~/scripts/build-release.sh. In OpenClaw, configure an approval rule or use the interactive approval flow. When you message the bot with "run release build", OpenClaw will prompt for approval, then execute the script and stream output back to Telegram.

Step 5: Test the Workflow

Open Telegram and start a chat with your bot. Send: "run release build". OpenClaw will parse the request and, if configured, ask for confirmation. Approve the command. The Gateway executes build-release.sh, streams logs, and reports success or failure. Check App Store Connect TestFlight after a few minutes; the build should appear with the incremented build number.

For debugging, you can query OpenClaw for recent command output or check the remote Mac logs. OpenClaw maintains a history of executions and can show stdout/stderr in Telegram. Add logging to the shell script for detailed diagnostics.

Workflow Optimizations

Once the basic pipeline works, consider these enhancements:

  • Pre-approval patterns: Configure OpenClaw with glob-based exec approvals to auto-allow specific scripts. Example: /Users/youruser/scripts/* for all scripts in that directory.
  • Parallel builds: For multiple apps, create separate Fastlane lanes and scripts. Send commands like "build app1" or "build app2" to trigger different projects.
  • Notifications: Add Telegram notification steps in Fastlane using the telegram action or curl to post updates at each build stage (archive complete, upload started, etc.).
  • Branch selection: Pass parameters to the script. Modify build-release.sh to accept a branch name: git pull origin $1, then send "run release build develop" to build the develop branch.
  • Test runs: Create a separate lane for unit/UI tests. Trigger with "run tests" to validate code before release builds.

Performance and Cost Analysis

On a VNCMac M4 16GB Mac mini, a typical Xcode archive for a medium-sized Swift app takes 2-4 minutes. Upload to App Store Connect adds another 1-2 minutes depending on IPA size and network. Total end-to-end time from Telegram command to TestFlight availability: 5-8 minutes. Compare this to Xcode Cloud, which averages 10-15 minutes per build and charges per build hour. A dedicated Mac mini rental eliminates per-build fees and allows unlimited builds.

VNCMac hourly billing means you pay only when the instance is running. For teams doing 5-10 builds per day, a monthly subscription often costs less than half of Xcode Cloud or other third-party Mac CI. Plus, you control the environment: install any tools, use custom certificates, and integrate with private services without network restrictions.

Security Best Practices

Telegram bot tokens are sensitive. Never commit them to source control. Use environment variables or OpenClaw's secure config storage. Enable Telegram 2FA on your account to prevent unauthorized access. For production pipelines, restrict bot access with IP allowlists or VPN tunneling to the remote Mac.

OpenClaw's exec approval system is critical: review each shell command before auto-approving. Avoid running user-supplied code directly. Use a whitelist of allowed scripts and validate inputs. Keep the remote Mac OS and Xcode up to date with the latest security patches. VNCMac instances support SSH key authentication; disable password login for added security.

Troubleshooting Common Issues

If the Telegram bot does not respond, verify the Gateway is running: ps aux | grep openclaw. Check network connectivity and firewall rules. Telegram requires outbound HTTPS access; ensure port 443 is open. For Fastlane errors, review logs in ~/Library/Logs/fastlane/. Common issues include expired certificates, missing provisioning profiles, or Keychain access denials. Run security unlock-keychain ~/Library/Keychains/login.keychain-db before builds if prompted repeatedly.

If builds succeed but uploads fail, check App Store Connect API key permissions. The key needs App Manager or Developer role. Verify the JSON file path in Fastfile. For slow builds, profile Xcode with Instruments or enable build timing: defaults write com.apple.dt.Xcode ShowBuildOperationDuration -bool YES. Upgrade to an M4 Pro instance for CPU-intensive compilations.

Summary

Combining Telegram, OpenClaw, and a VNCMac remote Mac creates a powerful, hands-free iOS CI/CD pipeline. Trigger builds from anywhere with a simple message, automate Xcode archiving and App Store uploads with Fastlane, and eliminate per-build costs with dedicated hardware. This setup scales from solo developers to small teams, providing full control, instant feedback, and predictable performance.

Deploy Your Telegram Bot on a Dedicated Mac

VNCMac offers bare-metal Mac minis for OpenClaw Gateway, Fastlane, and iOS CI. Full SSH access, persistent environment, and hourly billing with no build-minute charges.

  • M4 16GB / 24GB or M4 Pro 64GB Mac minis
  • Pre-installed Xcode and SSH access ready
  • Hourly billing, no long-term lock-in
  • 24/7 technical support and security updates