johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: mark scope watchdog as automated in MEMORY.md

This commit is contained in:
James 2026-02-22 06:31:27 -05:00
parent 78c72f4905
commit 4417546159
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
MEMORY.md
View File

@ -165,10 +165,13 @@ Two patches must be reapplied to `dist/` files after each OpenClaw update:
1. **Scope preservation** (`dist/gateway-cli-DbznSfRg.js`): `if (scopes.length > 0)``if (scopes.length > 0 && !disableControlUiDeviceAuth)` — prevents `dangerouslyDisableDeviceAuth` from clearing scopes
2. **Deleted transcript indexing** (`dist/sqlite-C54NeA1C.js`): `.filter((name) => name.endsWith(".jsonl"))` → add `|| name.includes(".jsonl.deleted.")` — makes memory_search find old sessions
### ⚠️ sessions_spawn Scope Issue (every restart)
`operator.write+read` scopes are stripped from device-auth.json on EVERY gateway restart (not just OC updates).
**Fix each time:** patch 3 files: `~/.openclaw/identity/device-auth.json`, `devices/paired.json`, `devices/pending.json` → set `"scopes": ["operator.write", "operator.read"]`, then restart gateway.
**TODO:** automate as a post-start hook so this stops being manual.
### ✅ sessions_spawn Scope Issue — AUTOMATED (Feb 22)
`operator.write+read` scopes were stripped from device-auth.json on every gateway restart.
**Fixed:** `oc-scope-watchdog.service` runs continuously, restores scopes within 30s of any restart.
- Service: `systemctl --user status oc-scope-watchdog`
- Script: `~/clawd/scripts/scope-watchdog.py`
- Enabled on boot via `default.target.wants/`
No manual intervention needed anymore.
### Network
- Home lab behind UDM-Pro + Caddy
@ -808,11 +811,9 @@ Shannon's successful deployment and scan completion demonstrates security toolin
- Immich, ClickHouse, Jellyfin, Signal: all updated on 192.168.1.253
- qbittorrent-vpn: pulled only
### 🔧 sessions_spawn Scope Issue (ongoing)
- Every OpenClaw gateway restart strips `operator.write+read` scopes from device-auth.json
- Fix: patch `/home/johan/.openclaw/identity/device-auth.json` + `devices/paired.json` + `devices/pending.json` after EVERY restart
- This is not just post-update — it happens on every gateway restart
- **TODO:** automate scope restoration as a post-start hook
### 🔧 sessions_spawn Scope Issue — FIXED (Feb 22)
- Gateway was stripping `operator.write+read` scopes from device-auth.json on every restart
- **Fixed via `oc-scope-watchdog.service`** — auto-restores within 30s, runs on boot
---