🏗️ 1. Infrastructure & Linux Permissions We moved from a restricted "jail" environment to a fully autonomous workspace.
Filesystem Ownership Command:
sudo chown -R $USER:$USER ~/.openclaw/workspaceMeaning: CHange OWNer. This ensures your Arch user (zen) and the Docker user (node) have the same access rights to the code. Why: Prevents "Permission Denied" errors when the AI tries to create or edit files.
Sudo-less Tooling Command:
echo "node ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoersMeaning: Grants the internal node user administrative rights without requiring a password. Why: Allows the AI to install its own dependencies (like git or jq) automatically.
The Project Bridge (Symlink) Command:
ln -s /home/zen/projects/gmail-bot ~/.openclaw/workspace/Gmail-Automation-BotMeaning: Creates a Symbolic Link. Why: It makes your local project folder appear inside the Docker container's workspace without moving the actual files.
🐙 2. GitHub & Git Authentication We resolved the transition from a "Search-only" bot to a "Write-capable" agent.
Installing GitHub CLI (gh) Command:
docker compose exec -u root openclaw-gateway bash -c "curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg"- Meaning: Downloads and installs the GitHub security key.
- Why: So the container trusts the official GitHub software repository.
- Action: Updated GitHub Token permissions.
- Selection: Set Repository Access to "All repositories".
- Permission: Added "Contents" and set it to "Read and write".
- Why: Without this, the bot could "see" GitHub but wasn't allowed to "touch" or upload any files.
Linking Git to GH Command:
docker compose exec -u node openclaw-gateway gh auth setup-git- Meaning: Configures standard git to use the credentials stored in the gh tool.
- Why: Stops the bot from getting stuck at "Username/Password" prompts during a push.
| Tool | Purpose | Status |
|---|---|---|
gh |
GitHub Command Line Interface (Account management). | Installed ✅ |
jq |
JSON Processor (Used to read GitHub API data). | Installed ✅ |
git |
Version Control (Used to save and upload code). | Installed ✅ |
himalaya |
Email CLI (Used to read/send emails via Gmail). | Setup Pending ⏳ |
| Action | Command | Meaning |
|---|---|---|
| Start Bot | docker compose up -d |
Boots the AI in background mode. |
| Refresh Config | docker compose up -d --build |
Re-injects new .env keys or settings. |
| See Thinking | docker compose logs -f |
Opens the "Brain" of the AI to see what it's doing. |
| Stop Bot | docker compose stop |
Pauses operations safely. |
- Identity: Authenticated as
adarsh02oon GitHub. - Auth Method: Fine-grained Personal Access Token (PAT).
- Workspace: Full Read/Write access to
~/.openclaw/workspace. - Capability: Can create, edit, commit, and push code autonomously.
March 1, 2026: Updates based on changes outlined in the PDF record:
-
Moved to "Autonomous Engineer" setup.
- Command:
sudo chown -R $USER:$USER ~/.openclaw/workspace - Explanation: Adjusted ownership to avoid "Permission Denied" errors.
- Command:
-
Updated the Symlink Bridge:
- Symbolically linked Gmail-bot:
ln -s /home/zen/projects/gmail-bot ~/.openclaw/workspace/Gmail-Automation-Bot
- Symbolically linked Gmail-bot:
- Command refreshed for environment injection.
- Updated
.envand Docker keys securely through:docker compose up -d.
- Updated
- GitHub CLI (gh): Security key added for CLI sources.
- Added commands to install
ghandjqin the container. - Enabled full AI-driven GitHub support.
- Added configuration for Gmail App Password to parse email via Himalaya tool.
These changes were performed to solidify automation and security practices for the OpenClaw environment.