100 lines
3.6 KiB
Markdown
100 lines
3.6 KiB
Markdown
# Session: 2026-03-04 20:49:36 UTC
|
|
|
|
- **Session Key**: agent:main:main
|
|
- **Session ID**: 16b9385c-9aa8-4f4e-9c0a-0653f9e3b004
|
|
- **Source**: gateway:sessions.reset
|
|
|
|
## Conversation Summary
|
|
|
|
user: Sender (untrusted metadata):
|
|
```json
|
|
{
|
|
"label": "openclaw-tui (gateway-client)",
|
|
"id": "gateway-client",
|
|
"name": "openclaw-tui",
|
|
"username": "openclaw-tui"
|
|
}
|
|
```
|
|
|
|
[Wed 2026-03-04 20:48 UTC] Can we investigate why litellm (LAN - docker) doesn't work via the regular auth and agent models, when it works via `curl`?
|
|
user: You are running a boot check. Follow BOOT.md instructions exactly.
|
|
|
|
BOOT.md:
|
|
# BOOT.md
|
|
|
|
On gateway startup, run a silent security + readiness check for this workspace.
|
|
|
|
## Startup checklist
|
|
|
|
1. Confirm core workspace files exist:
|
|
- `AGENTS.md`, `SOUL.md`, `USER.md`, `TOOLS.md`, `HEARTBEAT.md`
|
|
2. Confirm required local skill folders exist:
|
|
- `skills/searxng-local-search`
|
|
- `skills/telegram-ops`
|
|
- `skills/homelab-service-health`
|
|
- `skills/task-capture-and-followup`
|
|
- `skills/daily-brief`
|
|
- `skills/calendar-sentinel`
|
|
- `skills/inbox-triage`
|
|
3. Ensure task state exists:
|
|
- `memory/tasks.json` (create `[]` if missing)
|
|
|
|
## Security checks
|
|
|
|
4. Check internal hooks enabled state:
|
|
- `session-memory`
|
|
- `command-logger`
|
|
- `bootstrap-extra-files`
|
|
- `boot-md`
|
|
- if any are disabled/missing, record warning with exact hook name
|
|
5. Check permissions:
|
|
- `~/.openclaw` should be `700`
|
|
- credential files under `~/.openclaw/credentials/` should be `600`
|
|
- if drift is found, log it as warning; do not auto-fix unless explicitly requested later
|
|
6. Check network exposure:
|
|
- verify gateway is not unexpectedly exposed on `0.0.0.0`
|
|
- capture a compact listener snapshot for OpenClaw-related ports
|
|
7. Check expected-service posture:
|
|
- expected local services should be present/reachable (OpenClaw runtime + documented core services)
|
|
- flag unexpected listeners only when confidence is high
|
|
8. Check backup signal freshness:
|
|
- verify `memory/minio-backup.log` contains `Backup complete:` within last 8 hours
|
|
9. Check security-audit freshness:
|
|
- verify a recent `openclaw security audit --deep` result exists (target: within 24 hours)
|
|
- if stale/missing, record reminder (warning level)
|
|
10. Check update status:
|
|
- run/read `openclaw update status`
|
|
- record whether update is available
|
|
|
|
## State recording
|
|
|
|
11. Write/update machine-readable status file: `memory/startup-health.json` with:
|
|
- `last_run_utc`
|
|
- `status` (`ok|warn|critical`)
|
|
- `checks_passed` (array)
|
|
- `checks_failed` (array)
|
|
- `warnings` (array)
|
|
- `gateway_exposure` (e.g., `local-only|public|unknown`)
|
|
- `last_backup_age_hours`
|
|
- `last_security_audit_age_hours`
|
|
- `update_status` (short text)
|
|
12. Write/update `memory/boot-last-run.json` with UTC timestamp + overall status.
|
|
|
|
## Notification policy
|
|
|
|
13. Stay silent when status is `ok` or non-actionable `warn`.
|
|
14. Send one short proactive alert only for **critical** conditions:
|
|
- credential permission drift on sensitive files,
|
|
- unexpected public exposure of gateway,
|
|
- backup signal stale/missing beyond threshold,
|
|
- missing critical workspace files preventing normal operation.
|
|
|
|
## Critical issue logging
|
|
|
|
If any warning/critical issue is found, append a concise line to `memory/startup-health.md` with UTC timestamp, failing check, and suggested fix.
|
|
|
|
If BOOT.md asks you to send a message, use the message tool (action=send with channel + target).
|
|
Use the `target` field (not `to`) for message tool destinations.
|
|
After sending with the message tool, reply with ONLY: NO_REPLY.
|
|
If nothing needs attention, reply with ONLY: NO_REPLY.
|