🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
BytesAgain β€Ί Skills β€Ί OpenClaw Safe Change Flow
πŸ¦€ ClawHub

OpenClaw Safe Change Flow

by @1987566643

Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.

Versionv1.1.0
Downloads683
Installs1
#finance#legal#health#automation
TERMINAL
clawhub install openclaw-safe-change-flow

πŸ“– About This Skill

name: openclaw-safe-change-flow description: Safe OpenClaw config change workflow with backup, minimal edits, validation, health checks, and rollback. Single-instance first; secondary instance optional.

OpenClaw Safe Change Flow

Goal: avoid outages, keep rollback ready, verify every change. Use single-instance mode by default. Secondary-instance checks are optional.

Scope

Default (recommended): single instance

  • Main config: ~/.openclaw/openclaw.json

    • Optional (advanced): dual instance

  • Secondary config: ~/.openclaw-secondary/openclaw.json (or your custom path)

    • If you do not need high-availability validation, single-instance flow is enough.

    Required single-instance flow

    1. Backup first - Create timestamped backup: *.bak.safe-YYYYmmdd-HHMMSS 2. Make minimal edits - Change only necessary keys 3. Validate immediately - Run: openclaw status --deep 4. Auto rollback on failure - Restore backup and restart gateway 5. Confirm availability - Verify channels/interfaces respond correctly

    Agent execution convention (default behavior)

    After this skill is installed, treat this as default policy for config changes:

  • Default entrypoint: run config changes through safe-change.sh
  • Avoid direct edits + bare restart
  • If user explicitly asks to bypass: allow it, but warn about risk

    • Mental model:

  • Before: edit config directly
  • Now: create a small edit script and run safe-change.sh --main-script ./edit-main.sh

    • Optional dual-instance enhancement

    On top of single-instance flow, you may also verify a secondary instance:

  • OPENCLAW_HOME= openclaw gateway health --url --token "$SECONDARY_TOKEN"
  • If either instance validation fails, rollback

    • Use this only when change risk is high or HA checks are required.

    Automation script (v1.0.2+)

    This skill includes safe-change.sh to enforce:

    backup β†’ change β†’ validate β†’ rollback on failure

    Recommended: single-instance usage

    cat > ./edit-main.sh <<'SH'
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
    ./safe-change.sh --main-script ./edit-main.sh

    Optional: dual-instance usage

    cat > ./edit-main.sh <<'SH'
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
    cat > ./edit-secondary.sh <<'SH'
#!/usr/bin/env bash
python3 edit_secondary.py
SH
chmod +x ./edit-secondary.sh
    export SECONDARY_TOKEN=""
./safe-change.sh \
  --main-script ./edit-main.sh \
  --secondary-script ./edit-secondary.sh

    When secondary checks are enabled, set SECONDARY_TOKEN as an environment variable.

    Safety rules

  • Never hardcode tokens or secrets
  • Validate before announcing success
  • Restore service first, investigate later
  • Always keep a recent known-good backup in production

    • Manual quick template (single instance)

    TS=$(date +%Y%m%d-%H%M%S)
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.safe-$TS
    ...apply minimal config edits...
    openclaw status --deep

    If validation fails:

    cp ~/.openclaw/openclaw.json.bak.safe-$TS ~/.openclaw/openclaw.json
openclaw gateway restart