sol/openclaw-to-caret-migration
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 0 — research #1

New Issue
Open
opened 2026-04-06 14:37:55 +02:00 by sol · 3 comments
sol commented 2026-04-06 14:37:55 +02:00
Owner
Copy Link

Deep-read gitea-webhooks, workspace-ops, agent-reliability, openclaw gateway internals, live system state. Produce ARCHITECTURE.md synthesizing the findings. Three Explore subagents spawned 2026-04-06. Exit: any architectural question answerable without re-grepping source.

Deep-read gitea-webhooks, workspace-ops, agent-reliability, openclaw gateway internals, live system state. Produce ARCHITECTURE.md synthesizing the findings. Three Explore subagents spawned 2026-04-06. Exit: any architectural question answerable without re-grepping source.
sol commented 2026-04-06 14:43:21 +02:00
Author
Owner
Copy Link

Subagent 1 (gitea-webhooks deep read) completed. Report: research/RESEARCH-01-gitea-webhooks-deep-read.md.

Key findings:

  • HMAC is NOT verified in openclaw pipeline; security is bearer token + nginx ACL + dedup cache.
  • Four webhooks registered on sol/* repos, all point to slack.solio.tech/hooks/gitea, all have Secret: NOT SET.
  • Pure-script deterministic side is portable (post-repo-audit.sh, audit-repo-policies.sh, etc).
  • Agent-spawn side (sessions_spawn) is the hard replacement — needs Channels plugin or worker pool.
  • Spawn signatures are a separate HMAC mechanism for sol account elevation, not Gitea HMAC.

Subagents 2 and 3 still running.

Subagent 1 (gitea-webhooks deep read) completed. Report: `research/RESEARCH-01-gitea-webhooks-deep-read.md`. Key findings: - HMAC is NOT verified in openclaw pipeline; security is bearer token + nginx ACL + dedup cache. - Four webhooks registered on sol/* repos, all point to `slack.solio.tech/hooks/gitea`, all have `Secret: NOT SET`. - Pure-script deterministic side is portable (post-repo-audit.sh, audit-repo-policies.sh, etc). - Agent-spawn side (sessions_spawn) is the hard replacement — needs Channels plugin or worker pool. - Spawn signatures are a separate HMAC mechanism for sol account elevation, not Gitea HMAC. Subagents 2 and 3 still running.
sol commented 2026-04-06 14:50:25 +02:00
Author
Owner
Copy Link

Subagents 2 and 3 completed. Reports saved: research/RESEARCH-02-gateway-internals.md, research/RESEARCH-03-live-state-audit.md.

CRITICAL finding from the live audit: openclaw is currently DEGRADED. The heartbeat config references a model claudehack/claude-sonnet-4-6 that does not exist, causing 8 of 12 cron jobs to fail (some with 20 consecutive failures). The webhook-verify cron and ws-sync are among those failing. This is not a clean-swap migration — the current pipeline is on thin ice and the migration timeline matters.

Good news from gateway internals: the migration scope is much smaller than feared. I do not need to replicate openclaws full orchestration (4-8 weeks). I only need the Gitea-facing slice — webhook ingress, event router, script fan-out, policy enforcement — which is a ~600-800 line bun listener (days, not weeks). Everything else stays owned by openclaw or uses Claude Code native primitives (Channels plugins, CronCreate).

Next step: synthesize the three reports into ARCHITECTURE.md and move to Phase 1 design.

Subagents 2 and 3 completed. Reports saved: `research/RESEARCH-02-gateway-internals.md`, `research/RESEARCH-03-live-state-audit.md`. **CRITICAL finding from the live audit:** openclaw is currently DEGRADED. The heartbeat config references a model `claudehack/claude-sonnet-4-6` that does not exist, causing 8 of 12 cron jobs to fail (some with 20 consecutive failures). The `webhook-verify` cron and `ws-sync` are among those failing. This is not a clean-swap migration — the current pipeline is on thin ice and the migration timeline matters. **Good news from gateway internals:** the migration scope is much smaller than feared. I do not need to replicate openclaws full orchestration (4-8 weeks). I only need the Gitea-facing slice — webhook ingress, event router, script fan-out, policy enforcement — which is a ~600-800 line bun listener (days, not weeks). Everything else stays owned by openclaw or uses Claude Code native primitives (Channels plugins, CronCreate). **Next step:** synthesize the three reports into `ARCHITECTURE.md` and move to Phase 1 design.
sol commented 2026-04-06 14:52:44 +02:00
Author
Owner
Copy Link

[DONE] Synthesized the three Phase 0 reports into ARCHITECTURE.md and pushed it on branch feat/architecture-synthesis.

Key conclusion: this is not a full OpenClaw replacement project. The migration boundary is the Gitea-facing slice only:

  • webhook ingress
  • event validation / routing
  • deterministic script fan-out
  • issue lock / workflow gates
  • optional judgment wake-up

That keeps the replacement in the "small standalone listener" category instead of a 4-8 week orchestrator rewrite.

[WARN] The live audit changed the risk picture:

  • OpenClaw is currently degraded
  • the configured model alias claudehack/claude-sonnet-4-6 is invalid
  • 8 of 12 cron jobs are failing
  • ws-sync is stale
  • webhook-verify is failing

So this is not just a clean migration for convenience. The surrounding automation is already on thin ice.

Recommended Phase 1 direction:

  1. Design only the Gitea-facing slice
  2. Keep deterministic work pure-script
  3. Add real raw-body Gitea HMAC verification in the new listener
  4. Keep judgment wake-ups narrow and explicit
  5. Make observability first-class

Branch: feat/architecture-synthesis
Commit: 416c575

[DONE] Synthesized the three Phase 0 reports into `ARCHITECTURE.md` and pushed it on branch `feat/architecture-synthesis`. Key conclusion: this is not a full OpenClaw replacement project. The migration boundary is the Gitea-facing slice only: - webhook ingress - event validation / routing - deterministic script fan-out - issue lock / workflow gates - optional judgment wake-up That keeps the replacement in the "small standalone listener" category instead of a 4-8 week orchestrator rewrite. [WARN] The live audit changed the risk picture: - OpenClaw is currently degraded - the configured model alias `claudehack/claude-sonnet-4-6` is invalid - 8 of 12 cron jobs are failing - `ws-sync` is stale - `webhook-verify` is failing So this is not just a clean migration for convenience. The surrounding automation is already on thin ice. Recommended Phase 1 direction: 1. Design only the Gitea-facing slice 2. Keep deterministic work pure-script 3. Add real raw-body Gitea HMAC verification in the new listener 4. Keep judgment wake-ups narrow and explicit 5. Make observability first-class Branch: `feat/architecture-synthesis` Commit: `416c575` <!-- openclaw-agent -->
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ROOH sol
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sol/openclaw-to-caret-migration#1
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?