Elegant Config Guardian

Safely apply OpenClaw config changes with automatic rollback and ack timeout guard. Use when editing ~/.openclaw/openclaw.json, restarting gateway, enabling cross-context routing, or any risky runtime config change that must auto-revert if health checks or explicit ack are missing.

Audits

Pass

ClawScanReview

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install elegant-config-guardian

Elegant Config Guardian

Use scripts/safe_apply.sh to enforce: backup → apply → restart → health check → optional ack wait → rollback on failure.

Run

bash scripts/safe_apply.sh \
  --config ~/.openclaw/openclaw.json \
  --apply-cmd 'python3 /tmp/patch.py' \
  --ack-timeout 60 \
  --require-ack

Ack mode

When --require-ack is enabled, the script prints an ack token file path. A successful manual ack is:

touch <ack-file-path>

If timeout expires without ack, rollback is triggered automatically.

Defaults

Health probe command: openclaw gateway status and require RPC probe: ok
Restart command: openclaw gateway restart
Backup file: <config>.bak.YYYYmmdd-HHMMSS

Recommended workflow

Prepare a deterministic patch command (--apply-cmd).
Run with --require-ack --ack-timeout 45 for production changes.
Verify health.
Ack explicitly only after end-to-end validation.
Let timeout auto-rollback if validation cannot complete in time.