vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 19:00:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: guard gateway mutations from older binaries

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-26 06:07:27 +01:00
parent fbd6b3ce3c
commit 8c35e45c00
15 changed files with 457 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/gateway/doctor.md
View File

@@ -584,6 +584,9 @@ Notes:
- If token auth requires a token and the configured token SecretRef is unresolved, doctor blocks the install/repair path with actionable guidance.
- If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, doctor blocks install/repair until mode is set explicitly.
- For Linux user-systemd units, doctor token drift checks now include both `Environment=` and `EnvironmentFile=` sources when comparing service auth metadata.
- Doctor service repairs refuse to rewrite, stop, or restart a gateway service
from an older OpenClaw binary when the config was last written by a newer
version. See [Gateway troubleshooting](/gateway/troubleshooting#split-brain-installs-and-newer-config-guard).
- You can always force a full rewrite via `openclaw gateway install --force`.
### 16) Gateway runtime + port diagnostics

36
docs/gateway/troubleshooting.md
View File

@@ -30,6 +30,42 @@ Expected healthy signals:
- `openclaw channels status --probe` shows live per-account transport status and,
where supported, probe/audit results such as `works` or `audit ok`.
## Split brain installs and newer config guard
Use this when a gateway service unexpectedly stops after an update, or logs show
that one `openclaw` binary is older than the version that last wrote
`openclaw.json`.
OpenClaw stamps config writes with `meta.lastTouchedVersion`. Read-only commands
can still inspect a config written by a newer OpenClaw, but process and service
mutations refuse to continue from an older binary. Blocked actions include
gateway service start, stop, restart, uninstall, forced service reinstall,
service-mode gateway startup, and `gateway --force` port cleanup.
```bash
which openclaw
openclaw --version
openclaw gateway status --deep
openclaw config get meta.lastTouchedVersion
```
Fix options:
1. Fix `PATH` so `openclaw` resolves to the newer install, then rerun the action.
2. Reinstall the intended gateway service from the newer install:
```bash
openclaw gateway install --force
openclaw gateway restart
```
3. Remove stale system package or old wrapper entries that still point at an old
`openclaw` binary.
For intentional downgrade or emergency recovery only, set
`OPENCLAW_ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS=1` for the single command.
Leave it unset for normal operation.
## Anthropic 429 extra usage required for long context
Use this when logs/errors include: