🛡️ Avenger Initiative

Encrypted, branch-based GitHub backup and restore for any OpenClaw system.

When This Skill Triggers

1. 1. User says "setup avenger" / "configure backup" / "avenger init" → Run SETUP flow
2. User says "avenger backup" / "backup system" / "push to vault" → Run BACKUP
3. User says "restore from vault" / "avenger restore" → Run RESTORE flow
4. User says "avenger status" / "vault status" → Show STATUS
5. After any confirmed config change (gateway restart, config patch) → Run BACKUP silently

SETUP FLOW (Agent-Guided)

When setup is triggered, walk the user through it conversationally. Ask one question at a time.

Step 1 — Ask for the vault repo

"To set up Avenger Initiative, I need a private GitHub repo to use as your vault. Have you created one already? If so, share the URL (e.g. https://github.com/yourname/my-vault). If not, I can help you create one."

Step 2 — Handle the encryption key

"Your openclaw.json (which contains all API keys and bot tokens) will be encrypted with AES-256 before being pushed. Do you have an existing encryption key from a previous Avenger setup, or should I generate a new one?"

Step 3 — Run setup

CODEBLOCK0

Step 4 — Show key and insist they save it

"⚠️ Your encryption key is below — save it NOW in 1Password, Bitwarden, or a secure note.
Without this key, your backup cannot be decrypted."

Wait for user to confirm "saved" before proceeding.

Step 5 — Explain what will be backed up

• - 🔐 openclaw.json — encrypted (all API keys, bot tokens, agent configs)
• 🧠 All memory logs and workspace files (SOUL, IDENTITY, MEMORY, TOOLS)
• 👥 Per-agent files for all agents
• 🔧 All custom skills
• 📋 Cron job definitions

Retention policy:

• - Daily → 7 days
• Weekly → 8 weeks (created every Sunday)
• Monthly → 12 months (created 1st of each month)

Step 6 — Run first backup & install cron

CODEBLOCK1

BACKUP

CODEBLOCK2

Creates backup/daily/YYYY-MM-DD branch → merges to main → prunes per retention policy.
On Sundays: also creates backup/weekly/YYYY-WNN.
On 1st of month: also creates backup/monthly/YYYY-MM.

RESTORE

CODEBLOCK3

Supports --branch backup/daily/YYYY-MM-DD to restore from a specific snapshot.
Shows vault manifest, asks for confirmation, decrypts and restores all files.

After restore: openclaw gateway restart

STATUS

Check ~/.openclaw/workspace/memory/avenger-backup.log for last backup. Show timestamp, branch, and vault URL.

File Locations

CODEBLOCK4

Security Model

• - Vault repo should be private on GitHub
• INLINECODE10 → AES-256-CBC encrypted (PBKDF2, 100k iterations)
• All other files → plaintext (no secrets)
• Key lives only on the machine and in the user's password manager

See references/security.md for threat model and key rotation.