chore(memory): update boot last run and startup health data

2026-03-10 00:38:07 +00:00
parent 54b4435aaa
commit d74eae62bd
4 changed files with 30 additions and 24 deletions
@@ -0,0 +1,8 @@
 ## OpenClaw maintenance
 - Ran `openclaw doctor` triage and fixed the gateway service issue by reinstalling the gateway service; this cleared the outdated entrypoint and embedded service token warnings.
 - Replaced Telegram `channels.telegram.groups["*"]` with explicit numeric group IDs to clear the wildcard membership-probing warning. Current explicit Telegram group IDs in config: `-1003673132186`, `-5137521925`, `-5138922002`, `-5175865898`.
 - Telegram config-side security warnings are now clean; the remaining Telegram doctor warning is only BotFather privacy mode (`/setprivacy -> Disable`) if unmentioned group messages should reach the bot.
 - Installed local CLI deps to improve bundled skill readiness: `ffmpeg`, `gh`, `yt-dlp`, `sox`, and a local `fd` shim at `~/.local/bin/fd -> /usr/bin/fdfind`.
 - Narrowed `skills.allowBundled` so doctor tracks only relevant bundled skills on this Linux host. After the allowlist change, remaining tracked missing skills are: `blogwatcher`, `discord`, `gog`, `nano-pdf`, `obsidian`, and `summarize`.
 - Confirmed there is already a whisper service running on the LAN, so `whisper-local-safe` is the preferred transcription path here; no need to prioritize extra Whisper/OpenAI transcription skills right now.
@@ -1,4 +1,4 @@
 {
-  "last_run_utc": "2026-03-09T03:32:32Z",
+  "last_run_utc": "2026-03-09T17:31:00Z",
-  "status": "ok"
+  "status": "warn"
 }
@@ -1,29 +1,25 @@
 {
-  "last_run_utc": "2026-03-09T03:32:32Z",
+  "last_run_utc": "2026-03-09T17:31:00Z",
-  "status": "ok",
+  "status": "warn",
  "checks_passed": [
-    "core workspace files present",
+    "workspace_files_present",
-    "required local skill folders present",
+    "required_skill_folders_present",
-    "task state exists (memory/tasks.json)",
+    "tasks_state_present",
-    "hook ready: session-memory",
+    "required_hooks_ready",
-    "hook ready: command-logger",
+    "permissions_ok_home_and_credentials",
-    "hook ready: boot-md",
+    "gateway_local_only_listener",
-    "~/.openclaw permissions are 700",
+    "expected_service_posture_ok",
-    "credential file permissions are 600",
+    "backup_signal_fresh_within_8h",
-    "gateway bind is local-only",
+    "security_audit_fresh_within_24h",
-    "service reachable: openclaw-gateway",
+    "update_status_checked"
    "service reachable: whisper-server",
    "service reachable: brave-search-mcp",
    "service reachable: searxng",
    "service reachable: minio",
    "backup signal fresh (<8h)",
    "security audit --deep refreshed (<24h)",
    "update status read: up-to-date"
  ],
  "checks_failed": [],
-  "warnings": [],
+  "warnings": [
    "security_audit_warn: security.trust_model.multi_user_heuristic",
    "update_available: npm 2026.3.8"
  ],
  "gateway_exposure": "local-only",
-  "last_backup_age_hours": 3.26,
+  "last_backup_age_hours": 5.44,
  "last_security_audit_age_hours": 0.0,
-  "update_status": "up-to-date (2026.3.7)"
+  "update_status": "available (npm 2026.3.8)"
 }
@@ -9,3 +9,5 @@
 [2026-03-05T21:42:00Z] RESOLVED security-audit-findings: `openclaw security audit --deep` now reports 0 critical, 0 warn, 1 info.
 [2026-03-09T00:16:00 UTC] WARN security-audit-freshness: latest deep audit is ~74.56h old; run `openclaw security audit --deep`.
 [2026-03-09T00:16:00 UTC] WARN expected-service-posture: ports 18801/18802/18803 unreachable on localhost; verify containers are running or bound on expected LAN IPs.
 2026-03-09T17:43:56Z | warning | security.trust_model.multi_user_heuristic | Review trust boundary; if multi-user, set agents.defaults.sandbox.mode=all and restrict runtime/fs tools.
 2026-03-09T17:43:56Z | warning | update_available | Update available (npm 2026.3.8); run 'openclaw update' when approved.