oc-config-gate
Approved OpenClaw config control for agents: stage patches, validate them, post native Discord approvals, write only after approval, bless, audit, and optionally request an official safe gateway restart.
OpenClaw >= 2026.5.7
13 tests passing
2 tools
1 guard hook
GitHub Actions
Branch protection
Wiki enabled
Control Plane
sequenceDiagram
participant Agent
participant Gate as oc_config_stage
participant Discord
participant Apply as Approval Handler
participant Config as OpenClaw Config
participant Guardian
Agent->>Gate: RFC 7396 patch + reason
Gate->>Config: Load raw openclaw.json
Gate->>Gate: Merge, validate, diff
Gate->>Discord: Native approval card
Discord->>Apply: Approve / Deny
Apply->>Config: Re-read raw config
Apply->>Apply: Recheck base hash
Apply->>Guardian: Safety check
Apply->>Config: writeConfigFile
Apply->>Guardian: Bless
Apply->>Discord: Update card
Runtime Surfaces
Stage
oc_config_stageRFC 7396 merge patches and Discord cards.
Status
oc_config_applyAgent-facing status only; no agent apply bypass.
Guard
before_tool_callBlocks non-meta direct edits and raw restarts.
Restart
approved onlyopenclaw gateway restart --safe --wait 5m --jsonRepository Controls
| Control | Status |
|---|---|
| CI | Node 22/24 typecheck and tests. |
| Security | CodeQL, npm audit, dependency review, Dependabot. |
| Governance | PR template, issue templates, CODEOWNERS, release workflow, branch protection. |
| Docs | README, Pages, wiki mirror, architecture, config, API, security model, release docs. |
Documentation
GitHub · Wiki Mirror · GitHub Wiki · Architecture · Configuration · Plugin API · Security Model · Release Process