diff --git a/memory/2026-03-08.md b/memory/2026-03-08.md new file mode 100644 index 0000000..2aa6fa1 --- /dev/null +++ b/memory/2026-03-08.md @@ -0,0 +1,8 @@ +## OpenClaw maintenance + +- Ran `openclaw doctor` triage and fixed the gateway service issue by reinstalling the gateway service; this cleared the outdated entrypoint and embedded service token warnings. +- Replaced Telegram `channels.telegram.groups["*"]` with explicit numeric group IDs to clear the wildcard membership-probing warning. Current explicit Telegram group IDs in config: `-1003673132186`, `-5137521925`, `-5138922002`, `-5175865898`. +- Telegram config-side security warnings are now clean; the remaining Telegram doctor warning is only BotFather privacy mode (`/setprivacy -> Disable`) if unmentioned group messages should reach the bot. +- Installed local CLI deps to improve bundled skill readiness: `ffmpeg`, `gh`, `yt-dlp`, `sox`, and a local `fd` shim at `~/.local/bin/fd -> /usr/bin/fdfind`. +- Narrowed `skills.allowBundled` so doctor tracks only relevant bundled skills on this Linux host. After the allowlist change, remaining tracked missing skills are: `blogwatcher`, `discord`, `gog`, `nano-pdf`, `obsidian`, and `summarize`. +- Confirmed there is already a whisper service running on the LAN, so `whisper-local-safe` is the preferred transcription path here; no need to prioritize extra Whisper/OpenAI transcription skills right now. diff --git a/memory/boot-last-run.json b/memory/boot-last-run.json index 82c0166..218d708 100644 --- a/memory/boot-last-run.json +++ b/memory/boot-last-run.json @@ -1,4 +1,4 @@ { - "last_run_utc": "2026-03-09T03:32:32Z", - "status": "ok" + "last_run_utc": "2026-03-09T17:31:00Z", + "status": "warn" } diff --git a/memory/startup-health.json b/memory/startup-health.json index 4b3abb8..a59cede 100644 --- a/memory/startup-health.json +++ b/memory/startup-health.json @@ -1,29 +1,25 @@ { - "last_run_utc": "2026-03-09T03:32:32Z", - "status": "ok", + "last_run_utc": "2026-03-09T17:31:00Z", + "status": "warn", "checks_passed": [ - "core workspace files present", - "required local skill folders present", - "task state exists (memory/tasks.json)", - "hook ready: session-memory", - "hook ready: command-logger", - "hook ready: boot-md", - "~/.openclaw permissions are 700", - "credential file permissions are 600", - "gateway bind is local-only", - "service reachable: openclaw-gateway", - "service reachable: whisper-server", - "service reachable: brave-search-mcp", - "service reachable: searxng", - "service reachable: minio", - "backup signal fresh (<8h)", - "security audit --deep refreshed (<24h)", - "update status read: up-to-date" + "workspace_files_present", + "required_skill_folders_present", + "tasks_state_present", + "required_hooks_ready", + "permissions_ok_home_and_credentials", + "gateway_local_only_listener", + "expected_service_posture_ok", + "backup_signal_fresh_within_8h", + "security_audit_fresh_within_24h", + "update_status_checked" ], "checks_failed": [], - "warnings": [], + "warnings": [ + "security_audit_warn: security.trust_model.multi_user_heuristic", + "update_available: npm 2026.3.8" + ], "gateway_exposure": "local-only", - "last_backup_age_hours": 3.26, + "last_backup_age_hours": 5.44, "last_security_audit_age_hours": 0.0, - "update_status": "up-to-date (2026.3.7)" + "update_status": "available (npm 2026.3.8)" } diff --git a/memory/startup-health.md b/memory/startup-health.md index dba6742..5b17713 100644 --- a/memory/startup-health.md +++ b/memory/startup-health.md @@ -9,3 +9,5 @@ [2026-03-05T21:42:00Z] RESOLVED security-audit-findings: `openclaw security audit --deep` now reports 0 critical, 0 warn, 1 info. [2026-03-09T00:16:00 UTC] WARN security-audit-freshness: latest deep audit is ~74.56h old; run `openclaw security audit --deep`. [2026-03-09T00:16:00 UTC] WARN expected-service-posture: ports 18801/18802/18803 unreachable on localhost; verify containers are running or bound on expected LAN IPs. +2026-03-09T17:43:56Z | warning | security.trust_model.multi_user_heuristic | Review trust boundary; if multi-user, set agents.defaults.sandbox.mode=all and restrict runtime/fs tools. +2026-03-09T17:43:56Z | warning | update_available | Update available (npm 2026.3.8); run 'openclaw update' when approved.