Introduction
# Config Guardian
## Overview Use this workflow whenever editing `~/.openclaw/openclaw.json` or running `openclaw config set/apply`. It prevents invalid config, creates backups, validates against schema, and enables rollback.
## Workflow (use every time)
1. **Preflight** - Confirm the requested change and scope. - Check for sensitive keys (tokens, credentials).
2. **Backup** - Run `scripts/backup_config.sh` to create a timestamped snapshot.
3. **Validate (before change)** - Run `scripts/validate_config.sh`. - If validation fails, stop and report.
4. **Apply change** - Prefer `openclaw config set <path> <value>` for small changes. - For complex edits, edit the file directly and keep diffs minimal.
5. **Validate (after change)** - Run `scripts/validate_config.sh` again. - If it fails, restore from backup with `scripts/restore_config.sh`.
6. **Restart (only with explicit approval)** - If change requires restart, ask for approval first. - Use `openclaw gateway restart`.
## Guardrails - **Never** restart or apply config without explicit user approval. - **Never** remove keys or reorder blocks unless requested. - **Always** keep a backup before edits. - If unsure about schema: run `openclaw doctor --non-interactive` and stop on errors.
## Scripts - `scripts/backup_config.sh` — create timestamped backup - `scripts/validate_config.sh` — validate config via OpenClaw doctor - `scripts/diff_config.sh` — diff current config vs backup - `scripts/restore_config.sh` — restore backup
## Validation - Use `openclaw doctor --non-interactive` for schema validation - This checks against the actual schema that the gateway uses - Warns about unknown keys, invalid types, and security issues