10 lines
1.5 KiB
Markdown
10 lines
1.5 KiB
Markdown
# 2026-03-09
|
|
|
|
- OpenClaw stability check: gateway is currently stable enough to continue skill work after verification of systemd service, hook readiness (`5/5`), loopback-only gateway bind, and healthy `openclaw status --deep` / `security audit --deep` results.
|
|
- Applied config hardening to reduce shared-surface risk: `agents.defaults.sandbox.mode=non-main`, `agents.defaults.sandbox.workspaceAccess=none`, `agents.defaults.sandbox.sessionToolsVisibility=spawned`, and `tools.fs.workspaceOnly=true`.
|
|
- Confirmed the earlier Gemini repair for the gateway issue was primarily a runtime hook/dependency repair in `~/.openclaw` (large JS symlink layer), not a clean systemd-unit-only fix.
|
|
- Moved LiteLLM auth in OpenClaw config from inline `env.vars.LITELLM_API_KEY` to the existing file-based secret store (`secrets.providers.filemain` via `/models/providers/litellm/apiKey`) to improve secret hygiene.
|
|
- Remaining bundled skill requirements still missing: `blogwatcher`, `discord` (needs `channels.discord.token`), `gog`, `nano-pdf`, `obsidian`, and `summarize`.
|
|
- Attempt to install missing skill dependencies was blocked by Linuxbrew ownership/permission drift: `/home/linuxbrew/.linuxbrew` is owned by `claw:claw`, so brew taps/formulas could not be installed as `openclaw`.
|
|
- Follow-up still needed: regenerate/reinstall the gateway systemd service cleanly after the LiteLLM secret move so the unit file no longer embeds the old `LITELLM_API_KEY`, then revisit missing bundled skill installs once Linuxbrew permissions are fixed.
|