OpenClaw Safe Change Flow
Goal: avoid outages, keep rollback ready, verify every change.
Use single-instance mode by default. Secondary-instance checks are optional.
Scope
Default (recommended): single instance
- - Main config: �INLINECODE0
Optional (advanced): dual instance
- - Secondary config:
~/.openclaw-secondary/openclaw.json (or your custom path)
If you do not need high-availability validation, single-instance flow is enough.
Required single-instance flow
- 1. Backup first
- Create timestamped backup:
*.bak.safe-YYYYmmdd-HHMMSS
- 2. Make minimal edits
- Change only necessary keys
- 3. Validate immediately
- Run:
openclaw status --deep
- 4. Auto rollback on failure
- Restore backup and restart gateway
- 5. Confirm availability
- Verify channels/interfaces respond correctly
Agent execution convention (default behavior)
After this skill is installed, treat this as default policy for config changes:
- - Default entrypoint: run config changes through �INLINECODE4
- Avoid direct edits + bare restart
- If user explicitly asks to bypass: allow it, but warn about risk
Mental model:
- - Before: edit config directly
- Now: create a small edit script and run �INLINECODE5
Optional dual-instance enhancement
On top of single-instance flow, you may also verify a secondary instance:
- - �INLINECODE6
- If either instance validation fails, rollback
Use this only when change risk is high or HA checks are required.
Automation script (v1.0.2+)
This skill includes safe-change.sh to enforce:
backup → change → validate → rollback on failure
Recommended: single-instance usage
CODEBLOCK0
Optional: dual-instance usage
CODEBLOCK1
When secondary checks are enabled, set SECONDARY_TOKEN as an environment variable.
Safety rules
- - Never hardcode tokens or secrets
- Validate before announcing success
- Restore service first, investigate later
- Always keep a recent known-good backup in production
Manual quick template (single instance)
CODEBLOCK2
If validation fails:
CODEBLOCK3
OpenClaw 安全变更流程
目标:避免服务中断,保持回滚就绪,验证每一项变更。
默认使用单实例模式。双实例检查为可选。
适用范围
默认(推荐):单实例
- - 主配置:~/.openclaw/openclaw.json
可选(高级):双实例
- - 从配置:~/.openclaw-secondary/openclaw.json(或自定义路径)
若无需高可用性验证,单实例流程已足够。
必需的单实例流程
- 1. 先备份
- 创建带时间戳的备份:*.bak.safe-YYYYmmdd-HHMMSS
- 2. 做最小化修改
- 只更改必要的键值
- 3. 立即验证
- 运行:openclaw status --deep
- 4. 失败时自动回滚
- 恢复备份并重启网关
- 5. 确认可用性
- 验证通道/接口响应正常
代理执行约定(默认行为)
安装此技能后,将其视为配置变更的默认策略:
- - 默认入口: 通过 safe-change.sh 执行配置变更
- 避免直接编辑 + 裸重启
- 若用户明确要求绕过: 允许,但需警告风险
思维模型:
- - 之前:直接编辑配置
- 现在:创建小型编辑脚本并运行 safe-change.sh --main-script ./edit-main.sh
可选的双实例增强
在单实例流程基础上,还可验证从实例:
- - OPENCLAIMHOME=<从实例主目录> openclaw gateway health --url <从实例URL> --token $SECONDARYTOKEN
- 若任一实例验证失败,则回滚
仅在变更风险较高或需要高可用性检查时使用。
自动化脚本(v1.0.2+)
此技能包含 safe-change.sh 以强制执行:
备份 → 变更 → 验证 → 失败时回滚
推荐:单实例用法
bash
cat > ./edit-main.sh <
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
./safe-change.sh --main-script ./edit-main.sh
可选:双实例用法
bash
cat > ./edit-main.sh <
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
cat > ./edit-secondary.sh <
#!/usr/bin/env bash
python3 edit_secondary.py
SH
chmod +x ./edit-secondary.sh
export SECONDARY_TOKEN=<你的从实例令牌>
./safe-change.sh \
--main-script ./edit-main.sh \
--secondary-script ./edit-secondary.sh
启用从实例检查时,将 SECONDARY_TOKEN 设置为环境变量。
安全规则
- - 切勿硬编码令牌或密钥
- 在宣布成功前先验证
- 先恢复服务,后排查问题
- 始终在生产环境中保留最近已知良好的备份
手动快速模板(单实例)
bash
TS=$(date +%Y%m%d-%H%M%S)
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.safe-$TS
...应用最小化配置修改...
openclaw status --deep
若验证失败:
bash
cp ~/.openclaw/openclaw.json.bak.safe-$TS ~/.openclaw/openclaw.json
openclaw gateway restart
