hasamba----------------
🛠️ Tool
===================
Opening: openclaw-ops is an operational skill and script collection designed to manage local or self-hosted OpenClaw gateways. The package focuses on continuous monitoring, automated repair workflows, update/change detection, session-level analysis, and pre-installation security auditing of third-party skills. The bundle was tested against OpenClaw 2026.4.11 and documents a minimum supported baseline of v2026.2.12 due to prior critical fixes including CVE-2026-25253.
Key Features:
• Includes a dedicated skill /openclaw-ops to triage gateway configuration and runtime components: gateway, auth, exec approvals, cron jobs, channels, sessions, and installation state.
• Provides single-purpose scripts such as heal.sh (one-shot auto-fix), post-update.sh (post-update orchestrator), and watchdog.sh (periodic liveness restarter with escalation).
• Offers session tooling: session-monitor.sh for behavioral checks over JSONL session logs, session-search.sh for full-text search with structured, redacted output, and session-resume.sh to compact a session into a markdown resume with failure context.
• Supplies operational checks: check-update.sh for version-change detection and explainers, health-check.sh for declarative URL/process checks, and security-scan.sh to score configuration and credential exposure (0–100).
Technical Implementation:
• Scripts rely on standard runtime tools (Python3, curl, openssl, ripgrep) and read runtime metadata from ~/.openclaw/openclaw.json, with the option to override the gateway port via the OPENCLAW_GATEWAY_PORT environment variable.
• The post-update orchestrator sequences update detection, healing, workspace reconciliation (VPS-aware), security scan, and a sentinel trigger via a policy-guard state file (policy-guard.trigger).
• macOS-specific integration is provided for always-on supervision via a LaunchAgent installer wrapper (watchdog-install.sh), while non-macOS environments are expected to use scheduling alternatives.
Use Cases:
• Continuous operations for small self-hosted deployments invoking automated healing and watchdog restarts.
• Pre-installation vetting of third-party skills via skill-audit.sh to reduce risky dependencies.
• Incident summarization through daily-digest.sh and a shared incident-manager.sh helper for lifecycle flows.
Limitations:
• The watchdog installer is macOS-only; cross-platform uptime requires external schedulers.
• Several scripts depend on external binaries (e.g., rg, openssl, curl) and assume local file-system state in ~/.openclaw.
• No bundled remote orchestration; intended for local/self-hosted operators rather than managed SaaS.
