Orchestration

Gateway Upgrade Stability Doctor

**Skill:** gateway-upgrade-stability-doctor

Buy Now — $4.99

One-time purchase · Instant download · Yours forever

Gateway Upgrade Stability Doctor — Release Notes v1.0

Skill: gateway-upgrade-stability-doctor

Version: 1.0.0

Release Date: 2026-05-04

Category: orchestration

Price: $4.99


What It Does

Gateway Upgrade Stability Doctor is the read-only smoke checker that tells you whether your OpenClaw gateway and workspace survived an upgrade before you resume any cron jobs, agent pipelines, or production automations. One command checks gateway availability, cron indicators, key memory files, and optional log output — returning a clear PASS, WARN, or FAIL verdict with specific findings and human-executable fixes.

It's the first thing to run after any OpenClaw upgrade, gateway restart, or rollback concern.


Key Features

Gateway Status Check

Probes the OpenClaw gateway via openclaw gateway status with a 12-second timeout:

Workspace Integrity Check

Scans the OpenClaw workspace for critical files that confirm agent context survived the upgrade:

Log File Scanning (Optional)

Pass --log to scan a gateway or application log file for upgrade-risk keywords:

Structured JSON Report

Use --format json to get machine-readable output suitable for handoff to downstream pipeline steps or archiving as evidence.


Usage


# Standard health check (markdown output)
python3 scripts/gateway_upgrade_check.py \
  --workspace /root/.openclaw/workspace \
  --format markdown

# JSON output for pipeline handoff or archiving
python3 scripts/gateway_upgrade_check.py \
  --workspace /root/.openclaw/workspace \
  --format json

# With optional log file scan
python3 scripts/gateway_upgrade_check.py \
  --workspace /root/.openclaw/workspace \
  --format markdown \
  --log /var/log/openclaw/gateway.log

Example Output (PASS)


# Gateway Upgrade Stability Check: PASS

## Findings
- No findings.

## Evidence

{

"openclaw_path": "/usr/bin/openclaw",

"gateway_status": {

"cmd": "openclaw gateway status",

"code": 0,

"stdout": "Gateway running (pid 1437198) — 127.0.0.1:18789",

"stderr": ""

},

"cron_indicators": [

"memory/cron-heartbeat.md",

"skills/cron-manager-pro/SKILL.md"

]

}



---

## Example Output (WARN)

Gateway Upgrade Stability Check: WARN

Findings

Evidence

{ ... }



---

## Parameters

| Parameter | Description |
|-----------|-------------|
| `--workspace` | Path to OpenClaw workspace directory (default: current directory) |
| `--format` | Output format: `markdown` (default) or `json` |
| `--log` | Optional path to gateway/application log file for keyword scan |

---

## Guardrails

- **Read-only** — no file writes, no config changes, no service restarts
- Gateway is probed via a fixed CLI command: `openclaw gateway status` — no shell=True, no user-injectable arguments, timeout=12 enforced
- MEMORY.md access is an `.exists()` check only — content is never read or ingested
- `openclaw gateway status` probes loopback 127.0.0.1:18789 only — no external network reachability
- Always follow the AGENTS.md safety protocol: create a restore point before acting on any FAIL finding

---

## Requirements

- **OpenClaw:** v2026.3.23+
- **Runtime:** Python 3.8+
- **Dependencies:** None — Python standard library only (`argparse`, `json`, `shutil`, `subprocess`, `sys`, `pathlib`)
- **API keys:** None
- **Network:** Loopback only (127.0.0.1:18789 via `openclaw gateway status`)

---

## Security & Quality Clearances

| Stage | Verdict | Date |
|-------|---------|------|
| Viper QA | APPROVED_FOR_RELEASE | 2026-05-04 |
| Warlock Security Audit | SECURITY_CLEARED | 2026-05-04 |

**Security audit summary (2026-05-04):**
- Subprocess boundary: FIXED command list `[oc, 'gateway', 'status']`; `shell=False` (default); `timeout=12` set; no user-controlled input passed to subprocess; no command injection possible
- `shell=True`: ABSENT (confirmed)
- `eval`/`exec`: ABSENT (confirmed)
- Network access: INTENTIONAL — loopback 127.0.0.1:18789 only; by design for gateway probe; no external reachability
- File system: READ-ONLY — `pathlib` used for `.exists()`, `.rglob()`, `.read_text()` only; no writes
- Credential access: NONE — MEMORY.md reference is `.exists()` check only; content never read; no secrets ingested
- Obfuscation: NONE
- Dependency risk: LOW (stdlib only)
- Live smoke test: PASS (`--workspace /root/.openclaw/workspace --format json`; gateway pid 1437198, exit code 0)
- Warlock verdict: SECURITY_CLEARED — subprocess boundary is fixed command with timeout and no user shell/mutation; Viper approval covers intentional gateway probe scope

---

## Compatibility

- OpenClaw: v2026.3.23+
- Python: 3.8+
- OS: Linux, macOS, Windows (stdlib only)
- Dependencies: None

---

*Release notes prepared by Hollywood — 2026-05-04*
    

Ready to get started?

One-time purchase. No subscription. Download instantly and use forever.

Buy Now — $4.99
Category: Orchestration Price: $4.99 USD Released: 2026-05-13 Skill ID: gateway-upgrade-stability-doctor