Goal: avoid outages, keep rollback ready, verify every change.
Use single-instance mode by default. Secondary-instance checks are optional.
~/.openclaw/openclaw.json~/.openclaw-secondary/openclaw.json (or your custom path)If you do not need high-availability validation, single-instance flow is enough.
*.bak.safe-YYYYmmdd-HHMMSSopenclaw status --deepAfter this skill is installed, treat this as default policy for config changes:
safe-change.shMental model:
safe-change.sh --main-script ./edit-main.shOn top of single-instance flow, you may also verify a secondary instance:
OPENCLAW_HOME= openclaw gateway health --url --token "$SECONDARY_TOKEN" Use this only when change risk is high or HA checks are required.
This skill includes safe-change.sh to enforce:
backup → change → validate → rollback on failure
cat > ./edit-main.sh <<'SH'
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
./safe-change.sh --main-script ./edit-main.sh
cat > ./edit-main.sh <<'SH'
#!/usr/bin/env bash
python3 edit_main.py
SH
chmod +x ./edit-main.sh
cat > ./edit-secondary.sh <<'SH'
#!/usr/bin/env bash
python3 edit_secondary.py
SH
chmod +x ./edit-secondary.sh
export SECONDARY_TOKEN="<your-secondary-token>"
./safe-change.sh \
--main-script ./edit-main.sh \
--secondary-script ./edit-secondary.sh
When secondary checks are enabled, set SECONDARY_TOKEN as an environment variable.
TS=$(date +%Y%m%d-%H%M%S)
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak.safe-$TS
# ...apply minimal config edits...
openclaw status --deep
If validation fails:
cp ~/.openclaw/openclaw.json.bak.safe-$TS ~/.openclaw/openclaw.json
openclaw gateway restart
共 2 个版本