← 返回 Skills 市场
Gateway Auto-Rollback
作者
halfmoon82
· GitHub ↗
· v1.1.0
413
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install gateway-auto-rollback
功能描述
Automatic configuration rollback mechanism for OpenClaw Gateway. Provides three-layer protection: pre-modification backup, post-modification validation, and...
使用说明 (SKILL.md)
Gateway Auto-Rollback
Three-layer configuration protection for OpenClaw Gateway — never break your config again.
What It Does
Automatically protects your OpenClaw configuration files with:
- Pre-modification backup — SHA256 content-addressed snapshots before any change
- Post-modification validation — JSON syntax check + Gateway health probe
- Automatic rollback — instant restore if validation fails
When to Use
- Before modifying
openclaw.json,exec-approvals.json, orskills.json - When running automated config changes (cron jobs, scripts)
- As a background safety net during development
- When you want peace of mind that a bad config won't take down your agent
Quick Start
One-shot check (before manual edits)
python3 gateway-auto-rollback.py
This initializes the backup directory, validates current config, and logs status.
Watch mode (background daemon)
python3 gateway-auto-rollback.py --watch &
Monitors critical config files every 3 minutes. Auto-exits after 3 consecutive healthy checks (config is stable).
How It Works
Before Modification During After Modification
↓ ↓ ↓
Backup + Hash ───→ Execute Change ───→ JSON Validate + Health Check
│ │
└──────────────────────────────────────→ Auto-rollback on failure
Protected Files
| File | Description |
|---|---|
openclaw.json |
Main Gateway configuration |
exec-approvals.json |
Command execution approvals |
skills.json |
Skills registry |
Backup Naming
Backups are stored in ~/.openclaw/backup/ with content-addressed names:
openclaw.json.20260301_053612.a1b2c3d4.bak
↑ timestamp ↑ SHA256 prefix (dedup)
API Reference
Python Functions
from gateway_auto_rollback import (
pre_modification_check, # Call before modifying config
post_modification_verify, # Call after modifying config
create_backup, # Manual backup creation
validate_json, # JSON syntax validation
check_gateway_health, # Gateway health probe
rollback_to_backup, # Manual rollback
watch_config_files, # Start watch daemon
)
Pre-modification flow
from pathlib import Path
config = Path.home() / ".openclaw" / "openclaw.json"
# Returns backup path on success, False on failure
backup = pre_modification_check(config)
# ... make your changes ...
# Validates and auto-rolls back if needed
success = post_modification_verify(config, backup)
Watch mode details
The watcher:
- Polls every 3 minutes (gives Gateway time to restart)
- Detects changes via SHA256 hash comparison
- Auto-creates backup when change detected
- Validates JSON + health check after each change
- Auto-exits after 3 consecutive healthy checks (config stabilized)
- Logs all events to
~/.openclaw/logs/config-modification.log
Integration with Cron
Set up periodic health checks:
# Cron job example: check every hour
0 * * * * python3 /path/to/gateway-auto-rollback.py
Or use OpenClaw's built-in cron:
{
"name": "Gateway-Auto-Rollback",
"schedule": { "kind": "cron", "expr": "0 */6 * * *", "tz": "Asia/Shanghai" },
"payload": {
"kind": "agentTurn",
"message": "Run gateway health check. If unhealthy, rollback to latest backup."
},
"sessionTarget": "isolated"
}
Manual Rollback
If you need to manually restore a config:
# List available backups (newest first)
ls -lt ~/.openclaw/backup/ | head -10
# Restore a specific backup
cp ~/.openclaw/backup/openclaw.json.20260301_053612.a1b2c3d4.bak \
~/.openclaw/openclaw.json
# Restart Gateway
openclaw gateway restart
# Verify
curl -s http://127.0.0.1:18789/api/health
Testing
Run the included test suite to verify the mechanism works:
bash test-rollback-mechanism.sh
Tests cover:
- Backup directory existence
- JSON validation
- SHA256 hash computation
- Backup creation and restore
- Watch daemon status
- Log file integrity
- Script permissions
Logs
All events are logged to ~/.openclaw/logs/config-modification.log:
[2026-03-01 05:37:00] INFO: ✅ 备份创建: openclaw.json.20260301_053612.a1b2c3d4.bak
[2026-03-01 05:37:01] INFO: ✅ 修改验证通过
[2026-03-01 05:40:00] WARN: ⚠️ 检测到修改: openclaw.json
[2026-03-01 05:40:01] ERROR: JSON 验证失败 — 触发回滚
Requirements
- Python 3.8+
- OpenClaw Gateway running (for health checks)
- No additional pip packages needed (stdlib only)
File Structure
gateway-auto-rollback/
├── SKILL.md # This file
├── _meta.json # ClawHub metadata
├── gateway-auto-rollback.py # Main script (backup/validate/rollback/watch)
└── test-rollback-mechanism.sh # Test suite
安全使用建议
This skill appears to do what it says: local backups, JSON validation, health probes and rollback for OpenClaw config files. Before installing or running it: 1) review the Python script yourself (it's included) and run tests in a safe environment; 2) be aware it will create/modify files under ~/.openclaw (backup and log files) and will copy backups back into place on rollback; 3) ensure the local Gateway health endpoint (http://127.0.0.1:18789/api/health) is what you expect and that the system has 'curl' available (the script expects it but the metadata declares no required binaries); 4) run the bundled tests (test-rollback-mechanism.sh) manually to confirm behavior before enabling any daemon/watch mode; 5) if you do not trust the anonymous source, avoid running the watch/daemon mode or run it in a constrained/testing environment. If you see any unexpected network calls or references to remote endpoints in future versions, treat that as a red flag.
功能分析
Type: OpenClaw Skill
Name: gateway-auto-rollback
Version: 1.1.0
The skill bundle implements an automatic configuration rollback mechanism for OpenClaw Gateway. It performs file system operations (read, write, copy) on critical configuration files (`openclaw.json`, `exec-approvals.json`, `skills.json`) and their backups within the `~/.openclaw/` directory. It uses `subprocess.run` in `gateway-auto-rollback.py` and `test-rollback-mechanism.sh` to execute `curl` for health checks, but this is strictly limited to `http://127.0.0.1:18789/api/health` with hardcoded arguments, posing no shell injection risk or external data exfiltration. The `SKILL.md` instructions, including the cron job payload for the agent, are clearly aligned with the skill's stated purpose of configuration protection and do not exhibit any prompt injection attempts to subvert the agent's behavior. All operations are transparent, well-documented, and directly support the intended protective functionality without evidence of malicious intent or exploitable vulnerabilities in their current implementation.
能力评估
Purpose & Capability
Name/description (auto rollback for OpenClaw Gateway) aligns with included Python script and test script. The code operates on ~/.openclaw config files, creates backups, validates JSON, checks local Gateway health, and performs rollbacks — all coherent with the declared purpose.
Instruction Scope
SKILL.md instructions map directly to the script behavior: one-shot run, watch mode, manual rollback, cron examples, and test steps. The instructions only reference local files (~/.openclaw), the local Gateway health endpoint (127.0.0.1:18789), and local logging — they do not instruct the agent to read unrelated system files or to transmit data externally.
Install Mechanism
There is no install spec (instruction-only with included script files). This is low risk: no downloads or archives are fetched at install time. The skill does include runnable code, so users should still inspect/execute it in their environment before trusting it.
Credentials
The skill declares no required env vars and the code does not read secrets. One operational caveat: check_gateway_health() calls the external 'curl' binary; the registry metadata lists no required binaries, so the script will silently fail health checks if curl is absent. No credentials or unrelated environment access are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not modify other skills or global agent settings; it writes to ~/.openclaw (its own config area) which is consistent with its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gateway-auto-rollback - 安装完成后,直接呼叫该 Skill 的名称或使用
/gateway-auto-rollback触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
v1.1.0: Improved watch daemon with auto-exit on stability, universal path support, comprehensive test suite
v1.0.0
Initial release: three-layer config protection with backup, validation, and auto-rollback
元数据
常见问题
Gateway Auto-Rollback 是什么?
Automatic configuration rollback mechanism for OpenClaw Gateway. Provides three-layer protection: pre-modification backup, post-modification validation, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 413 次。
如何安装 Gateway Auto-Rollback?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gateway-auto-rollback」即可一键安装,无需额外配置。
Gateway Auto-Rollback 是免费的吗?
是的,Gateway Auto-Rollback 完全免费(开源免费),可自由下载、安装和使用。
Gateway Auto-Rollback 支持哪些平台?
Gateway Auto-Rollback 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gateway Auto-Rollback?
由 halfmoon82(@halfmoon82)开发并维护,当前版本 v1.1.0。
推荐 Skills