@aiassesstech/mighty-mark 0.6.26 → 0.6.27

package/src/scripts/upgrade-openclaw.sh

@@ -0,0 +1,263 @@
+#!/bin/bash
+# ============================================================================
+# OpenClaw Upgrade Script
+# Author: BB (via Greg)
+# Date: 2026-03-03
+# Purpose: Safely upgrade OpenClaw to latest version with backups and verification
+#
+# This script upgrades the OpenClaw gateway binary only.
+# For plugin/extension upgrades, use the manual sync pattern documented in:
+#   .cursor/rules/806-openclaw-extension-upgrade.mdc
+#
+# Mighty Mark monitors OpenClaw version and config integrity as part of
+# the morning health check. After running this script, the next morning
+# report will confirm the upgrade succeeded.
+# ============================================================================
+
+set -euo pipefail
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+DRY_RUN=false
+SKIP_GATEWAY_RESTART=false
+
+usage() {
+  echo "Usage: $0 [OPTIONS]"
+  echo ""
+  echo "Options:"
+  echo "  --dry-run          Show what would happen without making changes"
+  echo "  --skip-restart     Upgrade binary but don't restart the gateway"
+  echo "  -h, --help         Show this help"
+  echo ""
+  echo "This script upgrades the OpenClaw gateway binary."
+  echo "For plugin upgrades, see .cursor/rules/806-openclaw-extension-upgrade.mdc"
+}
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --dry-run)   DRY_RUN=true; shift ;;
+    --skip-restart) SKIP_GATEWAY_RESTART=true; shift ;;
+    -h|--help)   usage; exit 0 ;;
+    *)           echo "Unknown option: $1"; usage; exit 1 ;;
+  esac
+done
+
+echo -e "${CYAN}════════════════════════════════════════════════════${NC}"
+echo -e "${CYAN}  OpenClaw Upgrade Script                          ${NC}"
+echo -e "${CYAN}════════════════════════════════════════════════════${NC}"
+echo ""
+
+if $DRY_RUN; then
+  echo -e "${YELLOW}  ⚠  DRY RUN — no changes will be made${NC}"
+  echo ""
+fi
+
+# Step 1: Record current version
+echo -e "${YELLOW}[1/8] Recording current version...${NC}"
+CURRENT_VERSION=$(openclaw --version 2>&1 || echo "unknown")
+echo "  Current: $CURRENT_VERSION"
+
+LATEST_VERSION=$(npm view openclaw version 2>/dev/null || echo "unknown")
+echo "  Latest:  $LATEST_VERSION"
+
+if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ] && [ "$CURRENT_VERSION" != "unknown" ]; then
+  echo ""
+  echo -e "${GREEN}  Already on latest version — nothing to do.${NC}"
+  exit 0
+fi
+echo ""
+
+# Step 2: Backup config
+echo -e "${YELLOW}[2/8] Backing up configuration...${NC}"
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+
+if [ -f ~/.openclaw/openclaw.json ]; then
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would backup ~/.openclaw/openclaw.json"
+  else
+    cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.pre-upgrade-$TIMESTAMP
+    echo "  ✅ ~/.openclaw/openclaw.json → openclaw.json.pre-upgrade-$TIMESTAMP"
+  fi
+else
+  echo "  ⚠️  ~/.openclaw/openclaw.json not found — skipping"
+fi
+
+if [ -f ~/.clawdbot/openclaw.json ]; then
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would backup ~/.clawdbot/openclaw.json"
+  else
+    cp ~/.clawdbot/openclaw.json ~/.clawdbot/openclaw.json.pre-upgrade-$TIMESTAMP
+    echo "  ✅ ~/.clawdbot/openclaw.json → openclaw.json.pre-upgrade-$TIMESTAMP"
+  fi
+fi
+echo ""
+
+# Step 3: Backup extensions
+echo -e "${YELLOW}[3/8] Backing up extensions...${NC}"
+if [ -d ~/.openclaw/extensions ]; then
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would backup ~/.openclaw/extensions"
+  else
+    cp -r ~/.openclaw/extensions ~/.openclaw/extensions.pre-upgrade-$TIMESTAMP
+    echo "  ✅ ~/.openclaw/extensions → extensions.pre-upgrade-$TIMESTAMP"
+  fi
+else
+  echo "  ⚠️  ~/.openclaw/extensions not found — skipping"
+fi
+echo ""
+
+# Step 4: Backup agent workspaces (SOUL.md files etc.)
+echo -e "${YELLOW}[4/8] Backing up agent workspaces...${NC}"
+if [ -d ~/.openclaw/agents ]; then
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would backup ~/.openclaw/agents"
+  else
+    cp -r ~/.openclaw/agents ~/.openclaw/agents.pre-upgrade-$TIMESTAMP
+    echo "  ✅ ~/.openclaw/agents → agents.pre-upgrade-$TIMESTAMP"
+  fi
+else
+  echo "  ⚠️  ~/.openclaw/agents not found — skipping"
+fi
+
+# Also trigger a fleet backup if the system is installed (pre-upgrade safety net)
+if [ -x /opt/fleet-backup/fleet-backup.sh ]; then
+  echo ""
+  echo "  Fleet backup system detected — running pre-upgrade backup..."
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would run /opt/fleet-backup/fleet-backup.sh"
+  else
+    if /opt/fleet-backup/fleet-backup.sh 2>&1 | tail -3; then
+      echo "  ✅ Fleet backup completed"
+    else
+      echo -e "  ${YELLOW}⚠️  Fleet backup had issues (non-fatal, continuing)${NC}"
+    fi
+  fi
+fi
+echo ""
+
+# Step 5: Stop gateway
+echo -e "${YELLOW}[5/8] Stopping openclaw-gateway...${NC}"
+if $DRY_RUN; then
+  echo "  [DRY RUN] Would stop openclaw-gateway"
+elif $SKIP_GATEWAY_RESTART; then
+  echo "  Skipped (--skip-restart)"
+else
+  systemctl stop openclaw-gateway
+  sleep 2
+  if systemctl is-active --quiet openclaw-gateway; then
+    echo -e "  ${RED}❌ Gateway still running — aborting${NC}"
+    exit 1
+  fi
+  echo "  ✅ Gateway stopped"
+fi
+echo ""
+
+# Step 6: Upgrade
+echo -e "${YELLOW}[6/8] Upgrading OpenClaw to latest...${NC}"
+if $DRY_RUN; then
+  echo "  [DRY RUN] Would run: npm install -g openclaw@latest"
+else
+  npm install -g openclaw@latest 2>&1 | tail -5
+fi
+echo ""
+
+# Step 7: Start gateway and verify
+echo -e "${YELLOW}[7/8] Starting openclaw-gateway...${NC}"
+if $DRY_RUN; then
+  echo "  [DRY RUN] Would start openclaw-gateway"
+elif $SKIP_GATEWAY_RESTART; then
+  echo "  Skipped (--skip-restart)"
+else
+  systemctl start openclaw-gateway
+  echo "  Waiting 10 seconds for startup..."
+  sleep 10
+
+  if systemctl is-active --quiet openclaw-gateway; then
+    echo -e "  ${GREEN}✅ Gateway is running${NC}"
+  else
+    echo -e "  ${RED}❌ Gateway failed to start!${NC}"
+    echo ""
+    echo -e "${RED}  Checking logs:${NC}"
+    journalctl -u openclaw-gateway --no-pager -n 20
+    echo ""
+    echo -e "${YELLOW}  To rollback:${NC}"
+    CURRENT_SEMVER=$(echo "$CURRENT_VERSION" | grep -oP '\d+\.\d+\.\d+' || echo "")
+    echo "    systemctl stop openclaw-gateway"
+    if [ -n "$CURRENT_SEMVER" ]; then
+      echo "    npm install -g openclaw@$CURRENT_SEMVER"
+    else
+      echo "    npm install -g openclaw@<previous-version>"
+    fi
+    echo "    cp ~/.openclaw/openclaw.json.pre-upgrade-$TIMESTAMP ~/.openclaw/openclaw.json"
+    echo "    systemctl start openclaw-gateway"
+    exit 1
+  fi
+fi
+echo ""
+
+# Step 8: Verify new version and health
+echo -e "${YELLOW}[8/8] Post-upgrade verification...${NC}"
+if $DRY_RUN; then
+  echo "  [DRY RUN] Upgrade would go from $CURRENT_VERSION → $LATEST_VERSION"
+else
+  NEW_VERSION=$(openclaw --version 2>&1 || echo "unknown")
+  echo "  Previous: $CURRENT_VERSION"
+  echo "  Current:  $NEW_VERSION"
+fi
+echo ""
+
+# Check that config keys are intact
+echo "  Checking config integrity..."
+if [ -f ~/.openclaw/openclaw.json ]; then
+  if python3 -c "
+import json, sys
+with open('$HOME/.openclaw/openclaw.json') as f:
+    cfg = json.load(f)
+
+issues = []
+if not cfg.get('gateway', {}).get('controlUi', {}).get('allowedOrigins'):
+    issues.append('gateway.controlUi.allowedOrigins missing')
+
+if not cfg.get('plugins', {}).get('allow'):
+    issues.append('plugins.allow missing or empty')
+
+if issues:
+    for i in issues:
+        print(f'  ⚠️  {i}')
+    sys.exit(1)
+else:
+    print('  ✅ controlUi.allowedOrigins present')
+    print('  ✅ plugins.allow present')
+" 2>/dev/null; then
+    :
+  else
+    echo -e "  ${YELLOW}⚠️  Config may need manual review${NC}"
+  fi
+fi
+
+echo ""
+if $DRY_RUN; then
+  echo -e "${YELLOW}════════════════════════════════════════════════════${NC}"
+  echo -e "${YELLOW}  DRY RUN COMPLETE — no changes were made          ${NC}"
+  echo -e "${YELLOW}  Run without --dry-run to apply                   ${NC}"
+  echo -e "${YELLOW}════════════════════════════════════════════════════${NC}"
+else
+  echo -e "${GREEN}════════════════════════════════════════════════════${NC}"
+  echo -e "${GREEN}  Upgrade complete: ${NEW_VERSION:-$LATEST_VERSION}${NC}"
+  echo -e "${GREEN}════════════════════════════════════════════════════${NC}"
+  echo ""
+  echo "  Backups saved with timestamp: $TIMESTAMP"
+  echo "  To clean up old backups later:"
+  echo "    ls ~/.openclaw/*.pre-upgrade-*"
+  echo "    ls -d ~/.openclaw/extensions.pre-upgrade-* 2>/dev/null"
+  echo "    ls -d ~/.openclaw/agents.pre-upgrade-* 2>/dev/null"
+  echo ""
+  echo "  Mighty Mark's next morning check will verify the upgrade."
+  echo "  To check immediately:"
+  echo "    openclaw tool mark_health"
+fi
+echo ""

package/src/scripts/validate-openclaw-config.sh

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+#
+# validate-openclaw-config.sh — Validate openclaw.json before gateway restart
+#
+# Usage (on VPS):
+#   bash /opt/mighty-mark/validate-openclaw-config.sh
+#   bash /opt/mighty-mark/validate-openclaw-config.sh /path/to/openclaw.json
+#
+# This prevents Bug 10 (Rule 806): gateway crash from invalid config.
+# OpenClaw uses strict Zod validation. Unknown keys or out-of-range values
+# cause every agent to spam "Invalid config" errors on restart.
+#
+# Known schema constraints (OpenClaw 2026.3.x):
+#   agents.defaults.subagents.maxSpawnDepth:      1-5
+#   agents.defaults.subagents.maxChildrenPerAgent: 1-20
+#   agents.defaults.subagents:                     .strict() (no unknown keys)
+#   session.dmScope:                               "main" | "per-channel-peer"
+#   tools.exec.security:                           "full" | "allowlist" | "none"
+
+set -euo pipefail
+
+CONFIG_FILE="${1:-/root/.openclaw/openclaw.json}"
+
+if [ ! -f "$CONFIG_FILE" ]; then
+  echo "❌ Config file not found: $CONFIG_FILE"
+  exit 1
+fi
+
+echo "=== OpenClaw Config Validation ==="
+echo "File: $CONFIG_FILE"
+echo ""
+
+ERRORS=0
+WARNINGS=0
+
+# Check valid JSON
+if ! python3 -c "import json; json.load(open('$CONFIG_FILE'))" 2>/dev/null; then
+  echo "❌ FATAL: File is not valid JSON"
+  exit 1
+fi
+echo "✅ Valid JSON"
+
+# Check known schema constraints using python3
+python3 << 'PYEOF'
+import json, sys
+
+config_file = sys.argv[1] if len(sys.argv) > 1 else "/root/.openclaw/openclaw.json"
+with open(config_file) as f:
+    cfg = json.load(f)
+
+errors = []
+warnings = []
+
+# Check agents.defaults.subagents
+defaults = cfg.get("agents", {}).get("defaults", {})
+subagents = defaults.get("subagents", {})
+
+if subagents:
+    known_keys = {"maxSpawnDepth", "maxChildrenPerAgent"}
+    unknown = set(subagents.keys()) - known_keys
+    for k in unknown:
+        errors.append(f"agents.defaults.subagents.{k}: Unknown key (OpenClaw uses .strict() — will be rejected)")
+
+    depth = subagents.get("maxSpawnDepth")
+    if depth is not None:
+        if not isinstance(depth, (int, float)) or depth < 1 or depth > 5:
+            errors.append(f"agents.defaults.subagents.maxSpawnDepth={depth}: must be 1-5")
+
+    children = subagents.get("maxChildrenPerAgent")
+    if children is not None:
+        if not isinstance(children, (int, float)) or children < 1 or children > 20:
+            errors.append(f"agents.defaults.subagents.maxChildrenPerAgent={children}: must be 1-20")
+
+# Check session.dmScope
+session = cfg.get("session", {})
+dm_scope = session.get("dmScope")
+if dm_scope and dm_scope not in ("main", "per-channel-peer"):
+    errors.append(f"session.dmScope={dm_scope}: must be 'main' or 'per-channel-peer'")
+
+# Check tools.exec.security
+tools = cfg.get("tools", {}).get("exec", {})
+security = tools.get("security")
+if security and security not in ("full", "allowlist", "none"):
+    errors.append(f"tools.exec.security={security}: must be 'full', 'allowlist', or 'none'")
+
+# Check agents.list exists and has entries
+agents_list = cfg.get("agents", {}).get("list", [])
+if not agents_list:
+    warnings.append("agents.list is empty — no agents configured")
+
+# Report
+if errors:
+    print("")
+    for e in errors:
+        print(f"❌ {e}")
+    print("")
+    print(f"RESULT: {len(errors)} error(s) found — DO NOT restart the gateway!")
+    print("Fix the config and re-run this script.")
+    sys.exit(1)
+
+if warnings:
+    print("")
+    for w in warnings:
+        print(f"⚠️  {w}")
+
+print("")
+print("✅ Config passes known schema constraints")
+print("   Run 'openclaw doctor' for full validation (includes constraints this script doesn't check)")
+PYEOF
+
+echo ""
+echo "=== Also running 'openclaw doctor' for full validation ==="
+if command -v openclaw &>/dev/null; then
+  openclaw doctor 2>&1 || true
+else
+  echo "⚠️  'openclaw' command not found — skipping full validation"
+  echo "   Install with: npm install -g @aiassesstech/openclaw"
+fi