will/swarm-zap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
165e987dbcdfa292677f9fee2fed82ca07698eac
swarm-zap/memory/ops/2026-03-04-git-workflow.md

7.9 KiB
Raw Blame History

Session: 2026-03-04 23:30:26 UTC

  • Session Key: agent:main:main
  • Session ID: 8e27dc5c-a962-4c29-b6be-2973dafd8c65
  • Source: gateway:sessions.reset

Conversation Summary

user: Sender (untrusted metadata):

{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:14 UTC] Also, we want to merge rebase, add this to the instructions assistant: reply_to_current Done — added

I updated the instructions to enforce:

  • Rebase-first workflow (git pull --rebase)
  • Rebase onto latest origin/main before push/PR
  • Preferred PR merge mode: Rebase and merge
  • Avoid merge commits unless explicitly needed

Updated files:

  • AGENTS.md
  • scripts/openclaw-upstream-workflow.md

Committed on workspace branch:

  • b36ab89
  • docs(workflow): require rebase-first + rebase-and-merge policy user: Sender (untrusted metadata):
{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:18 UTC] Also, when we rebase we need to delete the feature/fix branch... assistant: reply_to_current Agreed — added

I updated the instructions to require branch cleanup after rebase-merge:

  • AGENTS.md: policy now says feature/fix branches are temporary and must be deleted after merge.
  • scripts/openclaw-upstream-workflow.md: added a Post-merge branch cleanup (required) section with commands for:
    • updating main
    • deleting remote branch
    • deleting local branch
    • safe note about -D only when needed

Committed as:

  • 49f9c0c
  • docs(workflow): require branch deletion after rebase-merge user: Sender (untrusted metadata):
{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:21 UTC] Check updates for OpenClaw git upstream assistant: reply_to_current Checked.

  • OpenClaw runtime update status: stable channel, latest is 2026.3.2 (no update available via openclaw update status).
  • Git upstream (external/openclaw-upstream):
    • main is fully up to date with origin/main (ahead/behind: 0/0).
    • Your working branch fix/tui-hide-internal-runtime-context is 1 commit ahead of origin/main (the TUI fix commit), as expected. user: Sender (untrusted metadata):
{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:23 UTC] Let's make sure we fetch upstream before implementing, that make sense? assistant: reply_to_current Yep — 100% makes sense. That should be the default habit.

Ive already baked that into the workflow docs (git fetch --all --prune + update main before branch work), but we can make it even stricter:

  • Rule: no code changes until fetch+sync succeeds.
  • Preflight command block:
    • git fetch --all --prune
    • git checkout main
    • git pull --rebase
    • verify clean state, then branch.

If you want, Ill add a tiny scripts/openclaw-upstream-preflight.sh that enforces this automatically. user: Sender (untrusted metadata):

{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:24 UTC] Sure user: You are running a boot check. Follow BOOT.md instructions exactly.

BOOT.md:

BOOT.md

On gateway startup, run a silent security + readiness check for this workspace.

Startup checklist

  1. Confirm core workspace files exist:
    • AGENTS.md, SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md
  2. Confirm required local skill folders exist:
    • skills/searxng-local-search
    • skills/telegram-ops
    • skills/homelab-service-health
    • skills/task-capture-and-followup
    • skills/daily-brief
    • skills/calendar-sentinel
    • skills/inbox-triage
  3. Ensure task state exists:
    • memory/tasks.json (create [] if missing)

Security checks

  1. Check internal hooks enabled state:
    • session-memory
    • command-logger
    • bootstrap-extra-files
    • boot-md
    • if any are disabled/missing, record warning with exact hook name
  2. Check permissions:
    • ~/.openclaw should be 700
    • credential files under ~/.openclaw/credentials/ should be 600
    • if drift is found, log it as warning; do not auto-fix unless explicitly requested later
  3. Check network exposure:
    • verify gateway is not unexpectedly exposed on 0.0.0.0
    • capture a compact listener snapshot for OpenClaw-related ports
  4. Check expected-service posture:
    • expected local services should be present/reachable (OpenClaw runtime + documented core services)
    • flag unexpected listeners only when confidence is high
  5. Check backup signal freshness:
    • verify memory/minio-backup.log contains Backup complete: within last 8 hours
  6. Check security-audit freshness:
    • verify a recent openclaw security audit --deep result exists (target: within 24 hours)
    • if stale/missing, record reminder (warning level)
  7. Check update status:
  • run/read openclaw update status
  • record whether update is available

State recording

  1. Write/update machine-readable status file: memory/startup-health.json with:
    • last_run_utc
    • status (ok|warn|critical)
    • checks_passed (array)
    • checks_failed (array)
    • warnings (array)
    • gateway_exposure (e.g., local-only|public|unknown)
    • last_backup_age_hours
    • last_security_audit_age_hours
    • update_status (short text)
  2. Write/update memory/boot-last-run.json with UTC timestamp + overall status.

Notification policy

  1. Stay silent when status is ok or non-actionable warn.
  2. Send one short proactive alert only for critical conditions:
    • credential permission drift on sensitive files,
    • unexpected public exposure of gateway,
    • backup signal stale/missing beyond threshold,
    • missing critical workspace files preventing normal operation.

Critical issue logging

If any warning/critical issue is found, append a concise line to memory/startup-health.md with UTC timestamp, failing check, and suggested fix.

If BOOT.md asks you to send a message, use the message tool (action=send with channel + target). Use the target field (not to) for message tool destinations. After sending with the message tool, reply with ONLY: NO_REPLY. If nothing needs attention, reply with ONLY: NO_REPLY. user: Sender (untrusted metadata):

{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:25 UTC] done? assistant: reply_to_current Almost.

  • Done: instructions now explicitly require fetch/sync before coding.
  • Not done yet: I havent added the optional auto-enforcing preflight script.

If you want, I can add that script now in one quick commit. user: Sender (untrusted metadata):

{
  "label": "openclaw-tui (gateway-client)",
  "id": "gateway-client",
  "name": "openclaw-tui",
  "username": "openclaw-tui"
}

[Wed 2026-03-04 23:27 UTC] Finish the script and commit assistant: NO_REPLY assistant: reply_to_current Done — finished and committed.

Added script

  • scripts/openclaw-upstream-preflight.sh

What it does:

  • Verifies external/openclaw-upstream exists
  • Runs:
    • git fetch --all --prune
    • git checkout main
    • git pull --rebase
  • Refuses to proceed if main isnt clean
  • Optional branch arg:
    • creates branch if missing
    • or switches + rebases existing branch onto origin/main

Usage:

scripts/openclaw-upstream-preflight.sh
scripts/openclaw-upstream-preflight.sh fix/my-change

Docs wired

  • AGENTS.md
  • scripts/openclaw-upstream-workflow.md

Commit

  • d31bb80
  • chore(workflow): add upstream preflight sync script