# Openclaw dependency matrix

Every openclaw-provided capability that the current gitea-webhooks pipeline uses, and what Caret's replacement does with it. Source citations: R01 = RESEARCH-01, R02 = RESEARCH-02, R03 = RESEARCH-03, PLAN = PLAN.md.

Categories:
- **REMOVE** — Caret's replacement doesn't need this at all
- **REPLACE** — Caret builds a standalone equivalent
- **KEEP** — Caret continues depending on openclaw for this (and why that's safe)
- **BLOCKING** — Caret cannot move forward without resolving this first (Rooh action required)

## By capability

### 1. HTTP webhook ingress (port 18789, `/hooks/agent`)
**Category:** REPLACE
**What Caret does:** Stand up a bun HTTP listener at a Caret-owned port (e.g. 18790 or unix socket), with its own path. Mirrors openclaw's `/hooks/agent` shape so existing scripts can be reused. [R01 §Ingress path, R02 §HTTP endpoints]
**Risk if kept:** Hard-couples Caret's lifecycle to the openclaw gateway container. Defeats the entire migration.
**Effort:** 1 day. Stateless request/response, well-understood. [R02 difficulty matrix: Easy]

### 2. HMAC verification (currently NOT done by openclaw)
**Category:** REPLACE (net-new — openclaw never had it)
**What Caret does:** Real HMAC-SHA256 of the raw body using `X-Gitea-Signature` header, timing-safe compare, raw body preserved before JSON parse. [R01 §HMAC recipe, R03 confirms all 4 known webhooks have `Secret: NOT SET`]
**Risk if kept:** No HMAC at all today; protection is bearer + nginx ACL only. Caret should do better.
**Effort:** 0.5 day. ~30 lines.
**Depends on BLOCKING #1 (webhook secret provisioning).**

### 3. Bearer token authentication (`OPENCLAW_HOOKS_TOKEN`)
**Category:** REPLACE
**What Caret does:** Own bearer token (`CARET_HOOKS_TOKEN`) stored in Caret's credentials dir, validated on each request as a second factor alongside HMAC. [R01 §Ingress path layer 3]
**Risk if kept:** Sharing the openclaw token cross-couples secret rotation.
**Effort:** Trivial.

### 4. nginx TLS termination and path rewriting
**Category:** KEEP (with new location block)
**What Caret does:** Adds a new nginx `location /hooks/caret` block that proxies to the Caret listener, same TLS cert. Reuses existing Let's Encrypt setup. [R01 §Ingress path]
**Risk if kept:** None — nginx is host-level infra, not openclaw-specific.
**Effort:** 1 hour, but requires host root access.
**See BLOCKING #2.**

### 5. Event dedup cache (`X-Gitea-Delivery` 24h)
**Category:** REPLACE
**What Caret does:** Own JSON-on-disk dedup cache at `/host/root/.caret/state/dedup-cache.json`, identical 24h TTL semantics. [R01 §Ingress path layer 4, R01 gotcha 4]
**Risk if kept:** Sharing openclaw's cache file is fragile and couples crash recovery.
**Effort:** 0.5 day.

### 6. Rate limiting (5 concurrent per agent)
**Category:** REPLACE
**What Caret does:** Per-route concurrency limiter in the listener. Caret's routing is simpler (one "agent") so this is mostly a global semaphore. [R01 gotcha 7]
**Risk if kept:** N/A.
**Effort:** Trivial.

### 7. Session lock manager (`hooks/locks/`)
**Category:** REPLACE
**What Caret does:** Own lock dir at `/host/root/.caret/state/locks/`, same 2h TTL, same file naming `{owner}-{repo}-{issue}`, same IS_DONE 5min grace. [R01 §Session lock]
**Risk if kept:** Two writers to one lock dir = race.
**Effort:** 0.5 day.

### 8. Queue daemon (`queue-inbox/` + `queue-daemon.js`)
**Category:** REPLACE
**What Caret does:** In-process queue inside the listener (or a sidecar bun script reading from `/host/root/.caret/state/queue/`). Re-verifies spawn signatures off the hot path. [R01 gotcha 12, R03 §queue-daemon.js]
**Risk if kept:** Couples Caret's spawn pipeline to openclaw container restart.
**Effort:** 1 day.

### 9. `sessions_spawn` agent orchestration primitive
**Category:** REPLACE (with Claude Code Channels plugin)
**What Caret does:** Build a Channels plugin at `/host/root/.caret/channels/gitea-judgment/` that receives an HTTP POST and starts a Claude Code session with the payload as initial prompt. [R02 §Caret's conclusion, PLAN §Phase 3 J3.1]
**Risk if kept:** Openclaw's `sessions_spawn` is the deepest coupling — see R02 difficulty matrix "Hard" rating. Keeping it means Caret can never fully cut over.
**Effort:** 2-3 days for the minimum viable plugin. Full parity (wakeMode, thinking, model selection) is more like 1 week.

### 10. Tool allowlist enforcement per agent
**Category:** KEEP (judgment path runs inside Claude Code, which has its own tool config)
**What Caret does:** Caret's deterministic path runs scripts directly with no tools concept. The judgment path is a Claude Code session whose tool allowlist is configured in Claude Code's settings.json (not openclaw's). [R02 §Tool policy resolution]
**Risk if kept:** None — Caret never touches openclaw's tool policy resolver.
**Effort:** 0 (already separated).

### 11. Plugin SDK (`src/plugin-sdk/`)
**Category:** REMOVE
**What Caret does:** Doesn't load openclaw plugins. Caret's listener is a plain bun script with no plugin loader. Channels plugin uses Claude Code's plugin mechanism, not openclaw's. [R02 §Don't reinvent #2]
**Risk if kept:** N/A.
**Effort:** 0.

### 12. Delivery system (Telegram, Mattermost, Discord)
**Category:** REPLACE (use tg-stream + Mattermost direct calls)
**What Caret does:** Calls tg-stream HTTP API for Telegram alerts and Mattermost webhook URL directly for incident posts. No multi-channel abstraction layer. [R02 §Don't reinvent #4 warns it's tightly coupled — we don't replicate, we use simpler primitives]
**Risk if kept:** Hard coupling to openclaw outbound system.
**Effort:** 0.5 day (just curl calls).

### 13. Session storage (JSONL transcripts at `~/.openclaw/sessions/`)
**Category:** KEEP (judgment path only — Claude Code's own session store)
**What Caret does:** Deterministic path has no sessions. Judgment path uses Claude Code's native session JSONL under Claude Code's config dir, NOT openclaw's. [R02 §Don't reinvent #1]
**Risk if kept:** None — Caret never reads/writes openclaw's session files.
**Effort:** 0.

### 14. Heartbeat scheduler (`heartbeat-runner.ts`)
**Category:** REPLACE (use Claude Code `schedule` skill / cron)
**What Caret does:** Use systemd timer in the Caret container OR Claude Code's schedule mechanism for the 6h policy sweep and 15min webhook audit. No 28-item checklist — Caret's heartbeat is much smaller. [R02 §Heartbeat loop, R03 §Heartbeat checklists]
**Risk if kept:** Couples to openclaw gateway uptime, which R03 shows is currently degraded.
**Effort:** 0.5 day for the timer setup.

### 15. Cron service (`CronService` in gateway)
**Category:** REPLACE (same as #14 — single mechanism)
**What Caret does:** Same as heartbeat — systemd timers or Claude Code schedule. [R02 §Cron service, R03 §Active cron jobs shows 8 of 12 currently failing]
**Risk if kept:** R03 shows openclaw cron is currently degraded; depending on it inherits the breakage.
**Effort:** Combined with #14.

### 16. Gitea API integration (token + curl wrappers)
**Category:** KEEP
**What Caret does:** Continue using the same `GITEA_TOKEN` and stateless curl calls. Wrapper scripts ported into `/host/root/.caret/tools/`. [R01 §Tools fan-out, PLAN B2.3]
**Risk if kept:** None — Gitea API is a third-party service, openclaw is not in the path.
**Effort:** Path-strip and copy, 1 hour.
**Depends on BLOCKING #3 (admin scope).**

### 17. Workspace directory (`/root/.openclaw/workspace/`)
**Category:** KEEP (155 projects stay owned by openclaw/Xen)
**What Caret does:** Caret's migration scope is the Gitea-facing slice ONLY. The 155-project workspace, the PROJ-XXX-* hierarchy, and Xen's project ownership stay as-is. Caret has its own `/host/root/.caret/workspace/` for migration artifacts only. [R03 §What the migration actually has to replace, PLAN §Goal]
**Risk if kept:** None for the in-scope migration.
**Effort:** 0.

### 18. Project registry (`projects/registry.json`)
**Category:** KEEP
**What Caret does:** Read-only access if needed (e.g., to look up which manager owns a project for a given issue). No writes. [R03 §Shared state]
**Risk if kept:** Stale reads possible but acceptable.
**Effort:** 0.

### 19. Memory system (`memory/`)
**Category:** REMOVE (from migration scope)
**What Caret does:** Caret's own memory is in `/root/.claude/projects/-app/memory/`. Doesn't touch openclaw's memory dir. [R03 §Shared state]
**Risk if kept:** N/A.
**Effort:** 0.

### 20. Credentials store (`credentials/`)
**Category:** KEEP (read-only for shared tokens like GITEA_TOKEN)
**What Caret does:** Read GITEA_TOKEN from openclaw credentials OR copy to Caret credentials store. Caret-owned secrets (HMAC webhook secret, CARET_HOOKS_TOKEN) live in `/host/root/.caret/credentials/`. [R03 §Shared state credentials]
**Risk if kept:** Cross-coupling on token rotation. Acceptable short-term.
**Effort:** Trivial.
**See BLOCKING #4 (secret rotation story).**

### 21. `post-repo-audit.sh`
**Category:** REPLACE (port the script verbatim)
**What Caret does:** Copy to `/host/root/.caret/tools/post-repo-audit.sh`, strip openclaw path prefixes, ship as-is. Pure script, zero tokens. [R01 §Tools fan-out, PLAN B2.3]
**Risk if kept:** Couples to openclaw tools dir lifecycle.
**Effort:** 1 hour.

### 22. `audit-repo-policies.sh`
**Category:** REPLACE (port verbatim)
**What Caret does:** Copy to Caret tools dir, point at sol/repo-policies template repo, run with `--fix` from Caret's heartbeat. [R01 §Tools fan-out]
**Risk if kept:** Same as #21.
**Effort:** 1 hour.

### 23. `spawn-manager.sh`
**Category:** REPLACE (port verbatim, but only after #9 is solved)
**What Caret does:** Copy script. Generates Manager spawn JSON from issue body, creates project workspace. Caret's listener calls it via execSync with same 30s timeout pattern. [R01 §Tools fan-out, R01 gotcha 9]
**Risk if kept:** Tightly coupled to openclaw workspace path conventions — depends on whether Caret keeps openclaw's PROJ-XXX scheme (R01 advises yes).
**Effort:** 0.5 day.

### 24. `create-implement-issue.sh`
**Category:** REPLACE (port verbatim)
**What Caret does:** Copy script. Creates signed `[IMPLEMENT]` issue with HMAC spawn signature using `/host/root/.caret/credentials/spawn-secret`. [R01 §Tools fan-out]
**Risk if kept:** Spawn secret coupling.
**Effort:** 1 hour.
**Depends on BLOCKING #5 (spawn secret ownership).**

### 25. `secret-scan.sh`
**Category:** REPLACE (port verbatim)
**What Caret does:** Copy script, used by both CI (`make check`) inside repos and Caret's push handler. [R01 §Tools fan-out]
**Risk if kept:** N/A.
**Effort:** 1 hour.

### 26. `check-implement-orphans.sh`
**Category:** REPLACE (port verbatim)
**What Caret does:** Copy script, run from Caret's 15min heartbeat to detect stale pending spawns and orphaned managers. [R01 §Tools fan-out]
**Risk if kept:** N/A.
**Effort:** 1 hour.

### 27. `auditLog → logs/audit.jsonl`
**Category:** REPLACE
**What Caret does:** Caret's listener writes to `/host/root/.caret/log/audit.jsonl`, same JSONL line schema. Rotation by line count. [R01 §Logging, PLAN B2.5]
**Risk if kept:** Two writers to one file = corruption.
**Effort:** 0.5 day.

### 28. Incident flagging (`logs/incidents.jsonl`)
**Category:** REPLACE
**What Caret does:** Caret writes to `/host/root/.caret/log/incidents.jsonl`. Critical incidents also fan out to Telegram via tg-stream. [R01 §Logging, T2.23]
**Risk if kept:** Same as #27.
**Effort:** 0.5 day (combined with #27).

## Summary by category

| Category | Count |
|---|---|
| REMOVE   | 2  (#11, #19) |
| REPLACE  | 19 (#1, #2, #3, #5, #6, #7, #8, #9, #12, #14, #15, #21, #22, #23, #24, #25, #26, #27, #28) |
| KEEP     | 6  (#4, #10, #13, #16, #17, #18, #20) — note #20 partially |
| BLOCKING | 5  (see below) |

## BLOCKING items — Rooh action required

These five items must be resolved by Rooh before Caret can write the production code. They are not engineering decisions; they are policy / access decisions only Rooh can make.

### BLOCKING #1 — Webhook secret provisioning and storage location
**Question:** Where is the new HMAC webhook secret stored? `/host/root/.caret/credentials/webhook-secret`? A vault entry? Reused from an existing openclaw secret?
**Why it blocks:** Cannot ship HMAC verification (T1.06–T1.11) without the secret being authoritative somewhere. Cannot register webhooks on sol/* repos without knowing what secret to set on the Gitea side.
**Reference:** R01 §HMAC recipe, R03 confirms all current webhooks have `Secret: NOT SET`.

### BLOCKING #2 — nginx config write access for `/hooks/caret` location
**Question:** Does Caret have permission to edit `/host/etc/nginx/...` and reload nginx, or does Rooh do that one-time setup?
**Why it blocks:** Without an nginx route, Gitea cannot reach the Caret listener via HTTPS. Direct port exposure is the only alternative and that needs firewall changes.
**Reference:** R01 §Ingress path nginx termination, dependency #4.

### BLOCKING #3 — Gitea token admin scope OR manual system-webhook registration
**Question:** Will Rooh elevate the sol token to include `read:admin` + `write:admin`, or will Rooh manually register the system-level webhook one time?
**Why it blocks:** Without admin scope Caret cannot list system-level webhooks (R03 confirmed) and cannot create them. The sol/* per-repo webhooks can be registered with the existing token, but for new repo bootstrap to register Caret's webhook automatically (T1.02), the admin scope or manual setup is required.
**Reference:** R03 §Registered Gitea webhooks, PLAN §Dependencies token scope.

### BLOCKING #4 — Secret rotation story across openclaw + Caret
**Question:** When `GITEA_TOKEN` or the webhook secret rotates, what's the rollout? Does Caret read from openclaw's credentials dir live, or get its own copy that needs separate rotation? Who is responsible for rotation drills?
**Why it blocks:** PLAN §Risks #1 explicitly calls this out as a first-class deliverable. Without a documented rotation procedure, T3.13 cannot pass and the migration leaves a security debt.
**Reference:** PLAN §Risks #1, dependency #20.

### BLOCKING #5 — Spawn signature secret ownership (`/root/.openclaw/hooks/spawn-secret`)
**Question:** Does Caret get its own spawn secret (and `create-implement-issue.sh` is updated to use it), or does Caret read openclaw's existing secret? If the latter, what happens when openclaw rotates it?
**Why it blocks:** T1.15–T1.17 (spawn signature verification) require Caret and `create-implement-issue.sh` to share a secret. Cross-system sharing is the cleaner short-term answer but locks Caret to openclaw's lifecycle until cut-over completes.
**Reference:** R01 §Ingress path "spawn signatures", dependency #24.