Config Guardian

Overview

Use this workflow whenever editing ~/.openclaw/openclaw.json or running openclaw config set/apply. It prevents invalid config, creates backups, validates against schema, and enables rollback.

Workflow (use every time)

Preflight

- Confirm the requested change and scope.
- Check for sensitive keys (tokens, credentials).

Backup

- Run scripts/backup_config.sh to create a timestamped snapshot.

Validate (before change)

- Run scripts/validate_config.sh.
- If validation fails, stop and report.

Apply change

- Prefer openclaw config set for small changes.
- For complex edits, edit the file directly and keep diffs minimal.

Validate (after change)

- Run scripts/validate_config.sh again.
- If it fails, restore from backup with scripts/restore_config.sh.

Restart (only with explicit approval)

- If change requires restart, ask for approval first.
- Use openclaw gateway restart.

Guardrails

• Never restart or apply config without explicit user approval.
• Never remove keys or reorder blocks unless requested.
• Always keep a backup before edits.
• If unsure about schema: run openclaw doctor --non-interactive and stop on errors.

Scripts

• scripts/backup_config.sh — create timestamped backup
• scripts/validate_config.sh — validate config via OpenClaw doctor
• scripts/diff_config.sh — diff current config vs backup
• scripts/restore_config.sh — restore backup

Validation

• Use openclaw doctor --non-interactive for schema validation
• This checks against the actual schema that the gateway uses
• Warns about unknown keys, invalid types, and security issues