{"id":50876127,"url":"https://github.com/bujosa/openclaw-ops","last_synced_at":"2026-06-15T10:01:38.768Z","repository":{"id":358459684,"uuid":"1204658876","full_name":"bujosa/openclaw-ops","owner":"bujosa","description":"Operational tooling for running openclaw bots in production: safe-update wrapper, runbooks, scripts.","archived":false,"fork":false,"pushed_at":"2026-04-08T07:56:33.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-17T14:58:28.526Z","etag":null,"topics":["openai","shell","telegram-bot"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bujosa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-08T07:56:32.000Z","updated_at":"2026-05-03T21:06:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bujosa/openclaw-ops","commit_stats":null,"previous_names":["bujosa/openclaw-ops"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/bujosa/openclaw-ops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bujosa%2Fopenclaw-ops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bujosa%2Fopenclaw-ops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bujosa%2Fopenclaw-ops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bujosa%2Fopenclaw-ops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bujosa","download_url":"https://codeload.github.com/bujosa/openclaw-ops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bujosa%2Fopenclaw-ops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34357282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-15T02:00:07.085Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openai","shell","telegram-bot"],"created_at":"2026-06-15T10:01:35.831Z","updated_at":"2026-06-15T10:01:38.760Z","avatar_url":"https://github.com/bujosa.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# openclaw-ops\n\nOperational tooling for running [openclaw](https://github.com/openclaw/openclaw) bots in production.\n\nThis repo collects scripts and runbooks I've battle-tested on a small fleet of always-on Macs running openclaw as Telegram bots. Everything here is designed for the **headless / SSH-only / \"Mac mini in the closet\"** use case.\n\nCurrently included:\n\n- [`safe-update.sh`](safe-update.sh) — opinionated wrapper for `openclaw update` that backs up your config, dry-runs first, restarts the gateway, verifies the bot survived, and gives you a one-command rollback path.\n- [`docs/safe-update-guide.md`](docs/safe-update-guide.md) — full walkthrough of what the script does and why, plus the exact commands to run by hand if you'd rather not use the script.\n\n## Quick start\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/bujosa/openclaw-ops/main/safe-update.sh -o /tmp/safe-update.sh\nbash /tmp/safe-update.sh           # interactive: dry-run + prompt + update + verify\n```\n\nOr if you trust the procedure and want it non-interactive (e.g. from cron or a remote SSH):\n\n```bash\nbash /tmp/safe-update.sh --yes\n```\n\nIf something breaks:\n\n```bash\nbash /tmp/safe-update.sh rollback\n```\n\n## Why a wrapper script\n\n`openclaw update` itself is fine. The wrapper exists to enforce the operational hygiene that \"fine\" doesn't include by default:\n\n| What openclaw update does | What the wrapper adds |\n|---|---|\n| ✅ Updates the npm package | ✅ Same |\n| ✅ Restarts the gateway | ✅ Same |\n| ✅ Runs doctor inline | ✅ Same |\n| ❌ No config backup | ✅ Timestamped `openclaw.json.pre-update-YYYYMMDD-HHMMSS` (chmod 600) |\n| ❌ No \"rollback\" command | ✅ `safe-update.sh rollback` restores from latest backup + restarts gateway |\n| ❌ Always asks the user something | ✅ `--yes` makes it fully non-interactive |\n| ❌ No structured log | ✅ `/tmp/openclaw-safe-update-\u003cts\u003e.log` capturing every phase |\n| ❌ No \"verify the bot survived\" step | ✅ Post-update sweep: plugin errors, channels reachable, log-error scan, session continuity, model auth status |\n| ❌ Single confirmation | ✅ Dry-run first, then prompt, then real update |\n\n## What this is NOT\n\n- **Not a fork of openclaw.** It's a thin shell wrapper. The actual update is done by `openclaw update` itself. If openclaw is broken, this script can't fix it — it just gives you better recovery.\n- **Not a replacement for the official docs.** Read [docs.openclaw.ai/cli/update](https://docs.openclaw.ai/cli/update) for the full picture.\n- **Not a CI/CD tool.** It's designed for hand-running on individual servers. If you have many openclaw nodes, wrap this in your own ansible/salt/whatever.\n\n## Tested versions\n\n| openclaw version | Date tested | Outcome |\n|---|---|---|\n| 2026.3.13 → 2026.4.5 | 2026-04-08 | ✅ clean, 1m 10s, 0 plugin errors, telegram + openai-codex auth survived |\n| 2026.4.5 → 2026.4.8  | 2026-04-08 | ✅ clean, 1m 30s, full safe-update.sh script run end-to-end, sessions preserved, no error lines in logs since restart |\n\n## What got me to write this\n\nA real-world incident: a Telegram bot running openclaw stopped responding overnight after the OAuth refresh token for `openai-codex` got into a \"reused\" state (`refresh_token_reused` 401 from the OpenAI auth server). The `openclaw models auth login` re-auth flow worked, but I realized I had no procedure for routinely keeping the bot up to date safely. The script + this guide are the result.\n\nThe companion forensic for the related freeze incident (claude-code + telegram bot, 5 chained bugs) lives in [`bujosa/claude-telegram-server/docs/postmortem-2026-04-07.md`](https://github.com/bujosa/claude-telegram-server/blob/main/docs/postmortem-2026-04-07.md).\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbujosa%2Fopenclaw-ops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbujosa%2Fopenclaw-ops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbujosa%2Fopenclaw-ops/lists"}