← Back to Skills Marketplace
Gateway Auto-Rollback
by
halfmoon82
· GitHub ↗
· v1.1.0
413
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install gateway-auto-rollback
Description
Automatic configuration rollback mechanism for OpenClaw Gateway. Provides three-layer protection: pre-modification backup, post-modification validation, and...
README (SKILL.md)
Gateway Auto-Rollback
Three-layer configuration protection for OpenClaw Gateway — never break your config again.
What It Does
Automatically protects your OpenClaw configuration files with:
- Pre-modification backup — SHA256 content-addressed snapshots before any change
- Post-modification validation — JSON syntax check + Gateway health probe
- Automatic rollback — instant restore if validation fails
When to Use
- Before modifying
openclaw.json,exec-approvals.json, orskills.json - When running automated config changes (cron jobs, scripts)
- As a background safety net during development
- When you want peace of mind that a bad config won't take down your agent
Quick Start
One-shot check (before manual edits)
python3 gateway-auto-rollback.py
This initializes the backup directory, validates current config, and logs status.
Watch mode (background daemon)
python3 gateway-auto-rollback.py --watch &
Monitors critical config files every 3 minutes. Auto-exits after 3 consecutive healthy checks (config is stable).
How It Works
Before Modification During After Modification
↓ ↓ ↓
Backup + Hash ───→ Execute Change ───→ JSON Validate + Health Check
│ │
└──────────────────────────────────────→ Auto-rollback on failure
Protected Files
| File | Description |
|---|---|
openclaw.json |
Main Gateway configuration |
exec-approvals.json |
Command execution approvals |
skills.json |
Skills registry |
Backup Naming
Backups are stored in ~/.openclaw/backup/ with content-addressed names:
openclaw.json.20260301_053612.a1b2c3d4.bak
↑ timestamp ↑ SHA256 prefix (dedup)
API Reference
Python Functions
from gateway_auto_rollback import (
pre_modification_check, # Call before modifying config
post_modification_verify, # Call after modifying config
create_backup, # Manual backup creation
validate_json, # JSON syntax validation
check_gateway_health, # Gateway health probe
rollback_to_backup, # Manual rollback
watch_config_files, # Start watch daemon
)
Pre-modification flow
from pathlib import Path
config = Path.home() / ".openclaw" / "openclaw.json"
# Returns backup path on success, False on failure
backup = pre_modification_check(config)
# ... make your changes ...
# Validates and auto-rolls back if needed
success = post_modification_verify(config, backup)
Watch mode details
The watcher:
- Polls every 3 minutes (gives Gateway time to restart)
- Detects changes via SHA256 hash comparison
- Auto-creates backup when change detected
- Validates JSON + health check after each change
- Auto-exits after 3 consecutive healthy checks (config stabilized)
- Logs all events to
~/.openclaw/logs/config-modification.log
Integration with Cron
Set up periodic health checks:
# Cron job example: check every hour
0 * * * * python3 /path/to/gateway-auto-rollback.py
Or use OpenClaw's built-in cron:
{
"name": "Gateway-Auto-Rollback",
"schedule": { "kind": "cron", "expr": "0 */6 * * *", "tz": "Asia/Shanghai" },
"payload": {
"kind": "agentTurn",
"message": "Run gateway health check. If unhealthy, rollback to latest backup."
},
"sessionTarget": "isolated"
}
Manual Rollback
If you need to manually restore a config:
# List available backups (newest first)
ls -lt ~/.openclaw/backup/ | head -10
# Restore a specific backup
cp ~/.openclaw/backup/openclaw.json.20260301_053612.a1b2c3d4.bak \
~/.openclaw/openclaw.json
# Restart Gateway
openclaw gateway restart
# Verify
curl -s http://127.0.0.1:18789/api/health
Testing
Run the included test suite to verify the mechanism works:
bash test-rollback-mechanism.sh
Tests cover:
- Backup directory existence
- JSON validation
- SHA256 hash computation
- Backup creation and restore
- Watch daemon status
- Log file integrity
- Script permissions
Logs
All events are logged to ~/.openclaw/logs/config-modification.log:
[2026-03-01 05:37:00] INFO: ✅ 备份创建: openclaw.json.20260301_053612.a1b2c3d4.bak
[2026-03-01 05:37:01] INFO: ✅ 修改验证通过
[2026-03-01 05:40:00] WARN: ⚠️ 检测到修改: openclaw.json
[2026-03-01 05:40:01] ERROR: JSON 验证失败 — 触发回滚
Requirements
- Python 3.8+
- OpenClaw Gateway running (for health checks)
- No additional pip packages needed (stdlib only)
File Structure
gateway-auto-rollback/
├── SKILL.md # This file
├── _meta.json # ClawHub metadata
├── gateway-auto-rollback.py # Main script (backup/validate/rollback/watch)
└── test-rollback-mechanism.sh # Test suite
Usage Guidance
This skill appears to do what it says: local backups, JSON validation, health probes and rollback for OpenClaw config files. Before installing or running it: 1) review the Python script yourself (it's included) and run tests in a safe environment; 2) be aware it will create/modify files under ~/.openclaw (backup and log files) and will copy backups back into place on rollback; 3) ensure the local Gateway health endpoint (http://127.0.0.1:18789/api/health) is what you expect and that the system has 'curl' available (the script expects it but the metadata declares no required binaries); 4) run the bundled tests (test-rollback-mechanism.sh) manually to confirm behavior before enabling any daemon/watch mode; 5) if you do not trust the anonymous source, avoid running the watch/daemon mode or run it in a constrained/testing environment. If you see any unexpected network calls or references to remote endpoints in future versions, treat that as a red flag.
Capability Analysis
Type: OpenClaw Skill
Name: gateway-auto-rollback
Version: 1.1.0
The skill bundle implements an automatic configuration rollback mechanism for OpenClaw Gateway. It performs file system operations (read, write, copy) on critical configuration files (`openclaw.json`, `exec-approvals.json`, `skills.json`) and their backups within the `~/.openclaw/` directory. It uses `subprocess.run` in `gateway-auto-rollback.py` and `test-rollback-mechanism.sh` to execute `curl` for health checks, but this is strictly limited to `http://127.0.0.1:18789/api/health` with hardcoded arguments, posing no shell injection risk or external data exfiltration. The `SKILL.md` instructions, including the cron job payload for the agent, are clearly aligned with the skill's stated purpose of configuration protection and do not exhibit any prompt injection attempts to subvert the agent's behavior. All operations are transparent, well-documented, and directly support the intended protective functionality without evidence of malicious intent or exploitable vulnerabilities in their current implementation.
Capability Assessment
Purpose & Capability
Name/description (auto rollback for OpenClaw Gateway) aligns with included Python script and test script. The code operates on ~/.openclaw config files, creates backups, validates JSON, checks local Gateway health, and performs rollbacks — all coherent with the declared purpose.
Instruction Scope
SKILL.md instructions map directly to the script behavior: one-shot run, watch mode, manual rollback, cron examples, and test steps. The instructions only reference local files (~/.openclaw), the local Gateway health endpoint (127.0.0.1:18789), and local logging — they do not instruct the agent to read unrelated system files or to transmit data externally.
Install Mechanism
There is no install spec (instruction-only with included script files). This is low risk: no downloads or archives are fetched at install time. The skill does include runnable code, so users should still inspect/execute it in their environment before trusting it.
Credentials
The skill declares no required env vars and the code does not read secrets. One operational caveat: check_gateway_health() calls the external 'curl' binary; the registry metadata lists no required binaries, so the script will silently fail health checks if curl is absent. No credentials or unrelated environment access are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not modify other skills or global agent settings; it writes to ~/.openclaw (its own config area) which is consistent with its function.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gateway-auto-rollback - After installation, invoke the skill by name or use
/gateway-auto-rollback - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
v1.1.0: Improved watch daemon with auto-exit on stability, universal path support, comprehensive test suite
v1.0.0
Initial release: three-layer config protection with backup, validation, and auto-rollback
Metadata
Frequently Asked Questions
What is Gateway Auto-Rollback?
Automatic configuration rollback mechanism for OpenClaw Gateway. Provides three-layer protection: pre-modification backup, post-modification validation, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 413 downloads so far.
How do I install Gateway Auto-Rollback?
Run "/install gateway-auto-rollback" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Gateway Auto-Rollback free?
Yes, Gateway Auto-Rollback is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Gateway Auto-Rollback support?
Gateway Auto-Rollback is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Gateway Auto-Rollback?
It is built and maintained by halfmoon82 (@halfmoon82); the current version is v1.1.0.
More Skills