b0b4060bf9
- Installed hooks: boot-md, session-memory, command-logger, bootstrap-extra-files - Updated default model to litellm/copilot-claude-sonnet-4.6 - Added memory/startup-health.json + boot-last-run.json from boot check - Added memory/startup-health.md warning log - Captured new session memory files (2026-03-04/05) - Minor MEMORY.md + USER.md: added git preference line
3.6 KiB
Session: 2026-03-04 20:49:36 UTC
- Session Key: agent:main:main
- Session ID: 16b9385c-9aa8-4f4e-9c0a-0653f9e3b004
- Source: gateway:sessions.reset
Conversation Summary
user: Sender (untrusted metadata):
{
"label": "openclaw-tui (gateway-client)",
"id": "gateway-client",
"name": "openclaw-tui",
"username": "openclaw-tui"
}
[Wed 2026-03-04 20:48 UTC] Can we investigate why litellm (LAN - docker) doesn't work via the regular auth and agent models, when it works via curl?
user: You are running a boot check. Follow BOOT.md instructions exactly.
BOOT.md:
BOOT.md
On gateway startup, run a silent security + readiness check for this workspace.
Startup checklist
- Confirm core workspace files exist:
AGENTS.md,SOUL.md,USER.md,TOOLS.md,HEARTBEAT.md
- Confirm required local skill folders exist:
skills/searxng-local-searchskills/telegram-opsskills/homelab-service-healthskills/task-capture-and-followupskills/daily-briefskills/calendar-sentinelskills/inbox-triage
- Ensure task state exists:
memory/tasks.json(create[]if missing)
Security checks
- Check internal hooks enabled state:
session-memorycommand-loggerbootstrap-extra-filesboot-md- if any are disabled/missing, record warning with exact hook name
- Check permissions:
~/.openclawshould be700- credential files under
~/.openclaw/credentials/should be600 - if drift is found, log it as warning; do not auto-fix unless explicitly requested later
- Check network exposure:
- verify gateway is not unexpectedly exposed on
0.0.0.0 - capture a compact listener snapshot for OpenClaw-related ports
- verify gateway is not unexpectedly exposed on
- Check expected-service posture:
- expected local services should be present/reachable (OpenClaw runtime + documented core services)
- flag unexpected listeners only when confidence is high
- Check backup signal freshness:
- verify
memory/minio-backup.logcontainsBackup complete:within last 8 hours
- verify
- Check security-audit freshness:
- verify a recent
openclaw security audit --deepresult exists (target: within 24 hours) - if stale/missing, record reminder (warning level)
- verify a recent
- Check update status:
- run/read
openclaw update status - record whether update is available
State recording
- Write/update machine-readable status file:
memory/startup-health.jsonwith:last_run_utcstatus(ok|warn|critical)checks_passed(array)checks_failed(array)warnings(array)gateway_exposure(e.g.,local-only|public|unknown)last_backup_age_hourslast_security_audit_age_hoursupdate_status(short text)
- Write/update
memory/boot-last-run.jsonwith UTC timestamp + overall status.
Notification policy
- Stay silent when status is
okor non-actionablewarn. - Send one short proactive alert only for critical conditions:
- credential permission drift on sensitive files,
- unexpected public exposure of gateway,
- backup signal stale/missing beyond threshold,
- missing critical workspace files preventing normal operation.
Critical issue logging
If any warning/critical issue is found, append a concise line to memory/startup-health.md with UTC timestamp, failing check, and suggested fix.
If BOOT.md asks you to send a message, use the message tool (action=send with channel + target).
Use the target field (not to) for message tool destinations.
After sending with the message tool, reply with ONLY: NO_REPLY.
If nothing needs attention, reply with ONLY: NO_REPLY.