openclaw-checkpoint

# OpenClaw Checkpoint Skill

Backup and restore your OpenClaw identity, memory, agents, and configuration across machines.

**Platform:** macOS and Linux only. Windows is not supported.

## Overview

This skill provides disaster recovery for OpenClaw by syncing your workspace and agents to a git repository. It preserves:

- **Identity**: SOUL.md, IDENTITY.md, USER.md (who you and the assistant are)
- **Memory**: MEMORY.md and memory/*.md files (conversation history and context)
- **Cron Jobs**: Scheduled tasks exported to memory/cron-jobs-backup.json (morning briefs, daily syncs, automations)
- **Configuration**: TOOLS.md, AGENTS.md, HEARTBEAT.md (tool setups and conventions)
- **Scripts**: Custom tools and automation you've built
- **Agents**: All agent folders from ~/.openclaw/agents/ (alex, blake, etc.)

**Not synced** (security): API keys (.env.*), credentials, OAuth tokens

## Installation

### Option 1: Git Clone (Recommended)

```bash
# Clone the skill repo
git clone https://github.com/AnthonyFrancis/openclaw-checkpoint.git ~/.openclaw/skills/openclaw-checkpoint

# Copy scripts to tools directory
mkdir -p ~/.openclaw/workspace/tools
cp ~/.openclaw/skills/openclaw-checkpoint/scripts/checkpoint* ~/.openclaw/workspace/tools/
chmod +x ~/.openclaw/workspace/tools/checkpoint*

# Add to PATH (also add to ~/.zshrc or ~/.bashrc for persistence)
export PATH="${HOME}/.openclaw/workspace/tools:${PATH}"

# Run setup wizard
checkpoint-setup
```

### Option 2: Quick Install

```bash
curl -fsSL https://raw.githubusercontent.com/AnthonyFrancis/openclaw-checkpoint/main/scripts/install-openclaw-checkpoint.sh | bash
```

This runs the install script -- review it first if you prefer to inspect before executing.

## Commands

### checkpoint
**Show all available commands and usage examples.**

```bash
checkpoint
```

**What it does:**
- Displays a quick reference of all checkpoint commands with descriptions and examples

**When to use:**
- When you can't remember the exact command name
- Quick reference for available options

### checkpoint-setup
**Interactive onboarding flow for first-time setup.**

```bash
checkpoint-setup
```

**What it does:**
- Guides you through creating a PRIVATE GitHub repository
- Sets up SSH authentication (recommended) or Personal Access Token
- Automatically detects if SSH key is already authorized on GitHub
- Detects agents in `~/.openclaw/agents/` and reports they will be included in backups
- Generates a README.md with recovery instructions and commands
- Commits workspace files within `~/.openclaw/workspace` (secrets excluded via .gitignore)
- Configures automatic backups
- Tests the backup system
- Shows final status

**When to use:**
- First time setting up checkpoint system
- After installing the skill
- After running `checkpoint-reset`
- Recommended starting point for new users

### checkpoint-auth
**Authenticate with GitHub (browser-based).**

```bash
checkpoint-auth
```

**What it does:**
- Option 1: GitHub CLI (opens browser automatically)
- Option 2: Personal Access Token (expires, needs renewal)
- Option 3: SSH Key (recommended - no token expiry)
- Automatically adds GitHub to known_hosts
- Tests authentication after setup

**When to use:**
- Authentication expired or failed
- Switching authentication methods
- Setting up on a new machine

**SSH is recommended** because:
- No token expiration to worry about
- Works reliably without password prompts
- GitHub no longer accepts password authentication for HTTPS

### checkpoint-backup
Save current state to remote repository.

```bash
checkpoint-backup                     # Backup workspace + all agents
checkpoint-backup --workspace-only    # Backup workspace only (skip agents)
checkpoint-backup --agents-only       # Backup agents only (skip workspace/cron)
checkpoint-backup --agent alex        # Backup only the 'alex' agent (+ workspace)
```

**What it does:**
- Backs up OpenClaw cron jobs to `memory/cron-jobs-backup.json` (requires `openclaw` CLI and running gateway)
- Copies agent folders from `~/.openclaw/agents/` into `agents/` in the workspace repo (strips nested `.git` dirs)
- Normalizes home-directory paths (`$HOME` -> `{{HOME}}`) for cross-machine portability
- Commits all changes in ~/.openclaw/workspace
- Pushes to origin/main
- Shows commit hash and timestamp

**Agent backup details:**
- Auto-detects agents in `~/.openclaw/agents/` (e.g., alex, blake)
- Each agent folder is copied to `agents/<name>/` in the backup repo
- Nested `.git` directories are removed to avoid submodule issues
- If no agents exist, skips gracefully with an info message
- Uses `rsync --exclude='.git'` when available, falls back to `cp -r` + manual `.git` removal

**Cron job backup details:**
- Runs `openclaw cron list --json` to export all scheduled tasks
- Strips runtime state, keeps only configuration (name, schedule, target, payload)
- Non-blocking: if the CLI or gateway is unavailable, checkpoint-backup continues without cron backup

**Flags:**
- `--workspace-only` — skip agent backup
- `--agents-only` — skip workspace and cron backup, only back up agents
- `--agent <name>` — back up a single named agent only

**When to use:**
- Before switching computers
- After significant changes (new memory, updated SOUL.md)
- Any time you want to ensure changes are saved

### checkpoint-schedule
Set up automatic backups with configurable frequency.

```bash
checkpoint-schedule 15min      # Every 15 minutes
checkpoint-schedule 30min      # Every 30 minutes
checkpoint-schedule hourly     # Every hour (default)
checkpoint-schedule 2hours     # Every 2 hours
checkpoint-schedule 4hours     # Every 4 hours
checkpoint-schedule daily      # Once per day at 9am
checkpoint-schedule disable    # Turn off auto-backup
```

**What it does:**
- macOS: Creates launchd plist for reliable background backups
- Linux: Adds cron job for scheduled backups
- Logs all activity to ~/.openclaw/logs/checkpoint.log

**When to use:**
- First time setup: `checkpoint-schedule hourly`
- Change frequency: `checkpoint-schedule 15min`
- Stop backups: `checkpoint-schedule disable`

### checkpoint-status
Check backup health and status.

```bash
checkpoint-status
```

**What it shows:**
- Last backup time and commit
- Whether local is behind remote
- Uncommitted changes
- Agent backup status (which agents are backed up, which are missing)
- Auto-backup schedule status
- Recent backup activity log

**When to use:**
- Before switching machines (verify synced)
- Troubleshooting backup issues
- Regular health checks

### checkpoint-restore
Restore state from remote repository, with checkpoint selection and first-time onboarding.

```bash
checkpoint-restore                    # Select from recent checkpoints (interactive)
checkpoint-restore --latest           # Restore most recent checkpoint (skip selection)
checkpoint-restore --force            # Discard local changes before restoring
checkpoint-restore --workspace-only   # Restore workspace only (skip agents)
checkpoint-restore --agents-only      # Restore agents only (skip workspace/cron)
checkpoint-restore --agent alex       # Restore only the 'alex' agent
```

**What it does:**
- **First-time users:** Launches interactive restore onboarding flow
  - Guides you through GitHub authentication (SSH, GitHub CLI, or PAT)
  - Lets you specify your existing backup repository
  - Verifies access and restores your checkpoint
  - Handles merge/replace options if local files exist
  - Shows available checkpoints to pick from (if the repo has more than one commit)
  - Offers to restore cron jobs from backup
  - Offers to restore agents from backup
- **Returning users:** Shows a list of the 10 most recent checkpoints to choose from
  - Pick the latest or any older checkpoint to restore
  - Current checkpoint is marked in the list
  - Restoring an older checkpoint warns that the next backup will overwrite newer remote checkpoints
  - Use `--latest` flag to skip the interactive selection and restore the most recent checkpoint automatically
- **Uncommitted changes:** If you have local uncommitted changes, you're prompted to:
  1. Save changes first (runs `checkpoint-backup`)
  2. Discard local changes and continue restoring
  3. Cancel
- **Path portability:** Automatically expands `{{HOME}}` placeholders and rewrites old home-directory paths for the current machine
- **Cron jobs:** Automatically offers to restore cron jobs from `memory/cron-jobs-backup.json` after restoring (requires OpenClaw gateway to be running)
- **Agents:** Offers to restore agents from `agents/` directory in the backup to `~/.openclaw/agents/`

**Flags:**
- `--latest` — skip selection, restore most recent checkpoint
- `--force` — discard local changes without prompting
- `--workspace-only` — skip agent restore
- `--agents-only` — skip workspace and cron restore, only restore agents
- `--agent <name>` — restore a single named agent only

**When to use:**
- Starting OpenClaw on a new machine
- After hardware failure/disaster
- When resuming work on different computer
- First-time restore from an existing backup
- Rolling back to a previous checkpoint after unwanted changes

**Onboarding flow triggers when:**
- No workspace exists
- Workspace exists but not a git repository
- Git repository exists but no remote configured

### checkpoint-init
Initialize workspace for checkpoint system.

```bash
checkpoint-init
```

**What it does:**
- Creates git repository in ~/.openclaw/workspace
- Generates .gitignore (excludes secrets and ephemeral files)
- Creates initial commit

**When to use:**
- First time setting up checkpoint system
- After restoring from backup to new machine

### checkpoint-reset
Reset checkpoint system for fresh setup.

```bash
checkpoint-reset
```

**What it does:**
- Option 1: Removes local git repository only (keeps SSH keys)
- Option 2: Removes everything (git repo + SSH keys + GitHub from known_hosts)
- Offers to remove backed-up agent copies from workspace `agents/` folder
- Reminds you to delete the GitHub repo manually

Note: Reset never touches your actual agent folders in `~/.openclaw/agents/` -- only the backup copies.

**When to use:**
- Starting over with a fresh setup
- Switching to a different GitHub repository
- Troubleshooting persistent authentication issues

### checkpoint-stop
Stop automatic backups.

```bash
checkpoint-stop
```

**What it does:**
- Disables scheduled automatic backups
- Removes cron job (Linux) or launchd agent (macOS)

**When to use:**
- Temporarily pausing backups
- Before making major workspace changes
- If backups are causing issues

**To restart:** `checkpoint-schedule hourly` (or any frequency)

## Setup

### Easy Setup (Recommended)

Just run the interactive wizard:

```bash
checkpoint-setup
```

This handles everything: git init, SSH keys, GitHub setup, and first backup.

### First Time Setup (Manual)

```bash
# 1. Initialize checkpoint system
checkpoint-init

# 2. Create PRIVATE GitHub repository
# Go to https://github.com/new
# Name: openclaw-state
# ⚠️  Visibility: PRIVATE (important - contains your personal data!)

# 3. Add remote (use SSH, not HTTPS)
cd ~/.openclaw/workspace
git remote add origin git@github.com:YOURUSER/openclaw-state.git
checkpoint-backup
```

### Setup on Second Machine

**Option 1: Interactive Restore (Recommended)**

```bash
# Install the checkpoint skill first
curl -fsSL https://raw.githubusercontent.com/AnthonyFrancis/openclaw-checkpoint/main/scripts/install-openclaw-checkpoint.sh | bash

# Run checkpoint-restore - it will guide you through the entire process
checkpoint-restore
```

This will:
- Help you authenticate with GitHub (if not already)
- Ask for your backup repository details
- Clone/restore your checkpoint automatically

**Option 2: Manual Clone**

```bash
# 1. Clone repository (use SSH)
git clone git@github.com:YOURUSER/openclaw-state.git ~/.openclaw/workspace

# 2. Restore secrets from 1Password/password manager
# Create ~/.openclaw/workspace/.env.thisweek
# Create ~/.openclaw/workspace/.env.stripe
# (Copy from secure storage)

# 3. Start OpenClaw
openclaw gateway start
```

## Automated Backups

### Easy Setup (Recommended)

```bash
# Enable hourly backups
checkpoint-schedule hourly

# Or choose your frequency:
checkpoint-schedule 15min   # Every 15 minutes - high activity
checkpoint-schedule 30min   # Every 30 minutes - medium activity  
checkpoint-schedule 2hours  # Every 2 hours - low activity
checkpoint-schedule daily   # Once per day - minimal activity
```

### Check Status

```bash
checkpoint-status
```

Shows:
- Last backup time
- Whether synced with remote
- Auto-backup schedule
- Recent activity log

## Multi-Agent Backup

The checkpoint system automatically detects and backs up all agents from `~/.openclaw/agents/`.

### How It Works

- On **backup**: Agent folders are copied from `~/.openclaw/agents/` into `agents/` inside the backup repo, with nested `.git` directories stripped
- On **restore**: Agent folders are copied from `agents/` in the backup repo back to `~/.openclaw/agents/`
- If no agents exist, all commands skip agent handling gracefully

### File Structure in Backup Repo

```
~/.openclaw/workspace/          (backup repo root)
  SOUL.md
  MEMORY.md
  memory/
  agents/                       (auto-created when agents exist)
    alex/                       (copied from ~/.openclaw/agents/alex/)
    blake/                      (copied from ~/.openclaw/agents/blake/)
```

### Agent Flags

These flags work on `checkpoint-backup` and `checkpoint-restore`:

| Flag | Description |
|------|-------------|
| `--workspace-only` | Skip agent backup/restore entirely |
| `--agents-only` | Skip workspace and cron, only operate on agents |
| `--agent <name>` | Operate on a single named agent only |

### Examples

```bash
# Backup everything (default)
checkpoint-backup

# Backup only agents
checkpoint-backup --agents-only

# Backup only the 'alex' agent
checkpoint-backup --agent alex

# Restore workspace but skip agents
checkpoint-restore --latest --workspace-only

# Restore only agents from backup
checkpoint-restore --agents-only

# Check which agents are backed up
checkpoint-status
```

### Backwards Compatibility

- If `~/.openclaw/agents/` does not exist or is empty, all commands skip agent handling with an info message
- Old backup repos without an `agents/` directory work fine -- restore simply skips agents
- No existing behavior changes when no agents are present

## Cross-Machine Portability

When you back up on one machine (e.g. `/Users/jerry`) and restore on another (e.g. `/Users/tom`), hardcoded absolute home-directory paths in workspace files would break. The checkpoint system handles this automatically.

### How It Works

- **On backup:** All occurrences of your `$HOME` path (e.g. `/Users/jerry`) are replaced with the placeholder `{{HOME}}` in text files. A `.checkpoint-meta.json` file is written with the source machine's details.
- **On restore:** The `{{HOME}}` placeholder is expanded to the current machine's `$HOME` (e.g. `/Users/tom`). For backwards compatibility with older backups that were created before normalization, any remaining literal old home paths are also rewritten.

### What Gets Processed

Only text files likely to contain paths are scanned:
- `*.md`, `*.json`, `*.sh`, `*.txt`, `*.yaml`, `*.yml`, `*.toml`, `*.cfg`, `*.conf`

Binary files, `.git/`, and `node_modules/` are never touched.

### .checkpoint-meta.json

This file is auto-generated on each backup and records the source machine:

```json
{
  "source_home": "/Users/jerry",
  "source_user": "jerry",
  "hostname": "Jerrys-MacBook-Pro"
}
```

On restore, this metadata tells the script which old paths to rewrite. The file is updated after restore to reflect the current machine.

### Manual Cron Setup (Advanced)

If you prefer manual cron:

```bash
# Edit crontab
crontab -e

# Add line for hourly backups:
0 * * * * /Users/$(whoami)/.openclaw/workspace/skills/openclaw-checkpoint/scripts/checkpoint-backup >> ~/.openclaw/logs/checkpoint.log 2>&1
```

## Disaster Recovery Workflow

**Scenario: Home server dies**

```bash
# On new machine:

# 1. Install OpenClaw
brew install openclaw  # or your install method

# 2. Install checkpoint skill and run interactive restore
curl -fsSL https://raw.githubusercontent.com/AnthonyFrancis/openclaw-checkpoint/main/scripts/install-openclaw-checkpoint.sh | bash
checkpoint-restore
# Follow the interactive prompts to:
# - Authenticate with GitHub
# - Enter your backup repository (e.g., YOURUSER/openclaw-state)
# - Restore your checkpoint

# 3. Restore secrets from 1Password (API keys are not backed up for security)
cat > ~/.openclaw/workspace/.env.thisweek << 'EOF'
THISWEEK_API_KEY=your_key_here
EOF

# 4. Start OpenClaw
openclaw gateway start

# 5. Cron jobs are restored automatically during checkpoint-restore
# (if the gateway is running and cron backup exists)

# 6. Enable automatic backups on this machine
checkpoint-schedule hourly

# 7. Verify
# Ask assistant: "What were we working on?"
# Should recall everything up to last checkpoint, with all scheduled tasks restored
```

## Security Considerations

### ⚠️ CRITICAL: Repository MUST be PRIVATE

Your backup contains sensitive personal data:
- SOUL.md, MEMORY.md (your identity & memories)
- Personal notes and conversation history
- Custom scripts and configurations

**If you make the repo public, anyone can see your data!**

**What gets backed up:**
- ✅ Memory files (conversation history)
- ✅ Identity files (SOUL.md, etc.)
- ✅ Cron jobs (memory/cron-jobs-backup.json)
- ✅ Scripts and tools
- ✅ Configuration
- ✅ Agents (~/.openclaw/agents/ -> agents/ in backup repo)

**What does NOT get backed up:**
- ❌ API keys (.env.*) — keep in 1Password
- ❌ OAuth tokens — re-authenticate on new machine
- ❌ Downloaded media — ephemeral
- ❌ Temporary files — ephemeral

**Best practices:**
- **Always use a PRIVATE repository**
- Use SSH authentication (no token expiry)
- Store API keys in password manager, not in backed-up files
- Enable 2FA on GitHub account
- Consider encrypting sensitive notes before adding to memory

### Permissions and Scheduling

This skill uses standard system scheduling to automate backups:

- **macOS**: Creates a launchd plist at `~/Library/LaunchAgents/com.openclaw.checkpoint.plist`
- **Linux**: Adds a user-level cron job (visible via `crontab -l`)

Auto-backup is **opt-in only** -- it is never enabled unless you explicitly run `checkpoint-schedule`. You can disable it at any time with `checkpoint-stop` or `checkpoint-schedule disable`.

The skill does **not** install any background daemons, system services, or root-level processes. All scheduling runs under your user account.

**File access scope**: The skill reads from `~/.openclaw/workspace` and `~/.openclaw/agents/` (for multi-agent backup). It writes backup copies of agents into `~/.openclaw/workspace/agents/`. On restore, it copies agents back to `~/.openclaw/agents/`. Sensitive files (.env.*, credentials, OAuth tokens) are excluded from backups via .gitignore.

## Troubleshooting

### "Not a git repository" or "'origin' does not appear to be a git repository"
Running `checkpoint-restore` will now automatically start the interactive restore onboarding flow to help you connect to your backup repository. Alternatively, run `checkpoint-setup` to create a new backup from scratch.

### "Failed to push checkpoint"
Another machine pushed changes. Run `checkpoint-restore` first, then `checkpoint-backup`.

### "You have uncommitted changes"
`checkpoint-restore` will prompt you to choose:
1. Save changes first (runs `checkpoint-backup`)
2. Discard local changes and continue
3. Cancel

You can also skip the prompt with `checkpoint-restore --force` to discard changes directly.

### Behind remote after restore
This is expected if another machine checkpointed since you last synced.

### GitHub prompting for username/password
GitHub no longer accepts password authentication for HTTPS. Switch to SSH:
```bash
cd ~/.openclaw/workspace
git remote set-url origin git@github.com:YOURUSER/REPO.git
```

### "Host key verification failed"
GitHub's SSH host key isn't in your known_hosts. Fix with:
```bash
ssh-keyscan -t ed25519 github.com >> ~/.ssh/known_hosts
```

### "Permission denied (publickey)"
Your SSH key isn't added to GitHub. Run `checkpoint-auth` and choose SSH option.

### GitHub repo is empty after setup
The old `checkpoint-init` only committed `.gitignore`. This is fixed now. Run:
```bash
cd ~/.openclaw/workspace && git add -A && git commit -m "Full backup" && git push
```

### Starting fresh
Run `checkpoint-reset` to remove local git repo and optionally SSH keys, then `checkpoint-setup`.

### Agents not being backed up
Check that your agents are in `~/.openclaw/agents/` (not somewhere else). Run `checkpoint-status` to see which agents are detected and which are backed up. Make sure you're not passing `--workspace-only`.

### Agent has nested .git errors
The backup process automatically strips `.git` directories from agent copies. If you see submodule warnings, run a fresh backup:
```bash
rm -rf ~/.openclaw/workspace/agents
checkpoint-backup
```

### Restored agents missing files
Agent restore copies the backup as-is. If the backup was taken before certain files were added to the agent, those files won't be present. Run `checkpoint-backup` on the source machine first to capture the latest state.

### "Permission denied, mkdir '/Users/olduser'" after restoring on a new machine
This means files contain hardcoded paths from the original machine. If the backup was created before path normalization was added, run:
```bash
cd ~/.openclaw/workspace
grep -rl "/Users/olduser" --include="*.md" --include="*.json" --include="*.sh" | \
  xargs sed -i '' "s|/Users/olduser|$HOME|g"
```
Future backups will normalize paths automatically.

### Files show {{HOME}} instead of real paths
This is expected **in the backup repo on GitHub**. The `{{HOME}}` placeholder is replaced with the real `$HOME` path on each restore. If you see `{{HOME}}` in your local workspace after a restore, run `checkpoint-restore --latest` again.

## Limitations

- **Single machine at a time**: Don't run OpenClaw on multiple machines simultaneously
- **Max data loss**: 1 hour if using hourly backups (cron)
- **Secrets not synced**: Must restore API keys manually on new machine
- **Large files**: GitHub has 100MB file limit (your text files are fine)

## File Reference

See [references/setup.md](references/setup.md) for detailed setup instructions.