{ "schemaVersion": "1.0", "item": { "slug": "system-integrity-and-backup", "name": "System Integrity And Backup", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/satoshistackalotto/system-integrity-and-backup", "canonicalUrl": "https://clawhub.ai/satoshistackalotto/system-integrity-and-backup", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/system-integrity-and-backup", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=system-integrity-and-backup", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "EVALS.json", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/system-integrity-and-backup" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/system-integrity-and-backup", "agentPageUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent", "manifestUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent.json", "briefUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "System Integrity and Backup", "body": "This skill protects everything the OpenClaw Greek Accounting system holds. It runs silently in the background — verifying that data has not been corrupted or unexpectedly deleted, managing encrypted backups to local storage, enforcing the retention obligations that Greek law places on accounting firms, and handling the schema migrations that keep the system consistent as skills evolve.\n\nNo accounting firm could professionally deploy a system handling client financial records without this layer. Greek accounting firms are legally obligated to retain certain records for up to 20 years. A backup that has never been tested is not a backup. An integrity system that only runs when something breaks is too late." }, { "title": "Setup", "body": "export OPENCLAW_DATA_DIR=\"/data\"\nexport OPENCLAW_ENCRYPTION_KEY=\"your-256-bit-key\" # Never store on disk\nwhich jq openssl tar || sudo apt install jq openssl tar\nmkdir -p $OPENCLAW_DATA_DIR/backups\n\nUses openssl for AES-256 backup encryption and SHA-256 integrity verification. The encryption key must be provided via environment variable — it is never written to disk." }, { "title": "Core Philosophy", "body": "Silent Until Needed, Auditable Always: Integrity checks run on schedule without interrupting accounting operations. Every result — pass or fail — is permanently logged so the firm can demonstrate to a regulator or auditor that the system has been actively monitored\nVerified Backups, Not Just Created Ones: A backup is only as good as its last successful restore test. This skill tests backup archives on a regular schedule and flags any that cannot be verified\nGreek Legal Retention by Default: The retention schedule is pre-configured for Greek accounting law. Records are not deleted at retention expiry — they are flagged for human review and then archived or deleted only with explicit approval\nMigrations Are Versioned and Reversible: When a skill update changes a data structure, the migration is applied as a numbered, logged operation. Every migration can be inspected; failed migrations are rolled back automatically\nNo Silent Failures: If a backup fails, if an integrity check finds corruption, if a retention flag is triggered — the firm is notified through the dashboard. Nothing fails quietly" }, { "title": "Integrity Checks", "body": "# Full system integrity check\nopenclaw integrity check --all\nopenclaw integrity check --all --verbose\n\n# Check specific data trees\nopenclaw integrity check --dir /data/clients/\nopenclaw integrity check --dir /data/compliance/\nopenclaw integrity check --afm EL123456789 # Single client full check\n\n# Hash registry operations\nopenclaw integrity hash-update --dir /data/clients/ # Rebuild hash registry after known change\nopenclaw integrity hash-verify --dir /data/clients/ # Verify current files against registry\nopenclaw integrity hash-diff --since yesterday # Show files changed since timestamp\n\n# Audit log\nopenclaw integrity audit-log --last 30-days\nopenclaw integrity audit-log --failures-only\nopenclaw integrity audit-log --afm EL123456789 --last 90-days\n\n# Generate integrity report (suitable for audit/regulatory inspection)\nopenclaw integrity report --period 2026-01 --format pdf\nopenclaw integrity report --year 2025 --full --format pdf\nopenclaw integrity report --format json --output /data/reports/system/" }, { "title": "Backup Management", "body": "# Manual backup triggers\nopenclaw backup run --type full\nopenclaw backup run --type incremental\nopenclaw backup run --type clients --afm EL123456789 # Single client snapshot\nopenclaw backup run --type compliance --period 2026-01 # Post-filing snapshot\n\n# Backup schedule configuration\nopenclaw backup schedule --full weekly --day sunday --time 02:00\nopenclaw backup schedule --incremental daily --time 03:00\nopenclaw backup schedule --event-driven --on submission-complete\nopenclaw backup schedule --show\n\n# Backup verification (restore test without overwriting live data)\nopenclaw backup verify --latest\nopenclaw backup verify --backup-id BACKUP-20260218-001\nopenclaw backup verify --all --last 30-days\nopenclaw backup verify --restore-test --target /tmp/verify-restore/ # Full restore to temp\n\n# Backup listing and status\nopenclaw backup list --all\nopenclaw backup list --type full --last 10\nopenclaw backup status --show-verified --show-unverified --show-failed\nopenclaw backup manifest --update # Rebuild manifest from actual backup files\n\n# Off-site export (manual — operator copies encrypted files to external media)\nopenclaw backup export --backup-id BACKUP-20260218-001 --output /mnt/external/\nopenclaw backup export --latest-full --output /mnt/external/" }, { "title": "Retention Management", "body": "# Check retention status\nopenclaw retention check --all-clients\nopenclaw retention check --afm EL123456789 --verbose\nopenclaw retention flagged --show-all # Records past retention date awaiting action\n\n# Retention schedule management\nopenclaw retention schedule-view # Show current retention rules\nopenclaw retention schedule-update --record-type financial-statements --years 10\n\n# Archiving and deletion (always requires explicit approval)\nopenclaw retention archive --afm EL123456789 --record-type invoices --older-than 7-years --approved-by \"yannis.k\"\nopenclaw retention delete --afm EL123456789 --record-type payroll-detail --older-than 5-years --approved-by \"yannis.k\" --confirm\nopenclaw retention report --period 2026-01 --records-archived --records-deleted" }, { "title": "Schema Migration", "body": "# Migration status\nopenclaw migrate status # Current schema version and pending migrations\nopenclaw migrate list --pending # Migrations not yet applied\nopenclaw migrate list --applied # Applied migrations with dates\n\n# Apply migrations\nopenclaw migrate run --next # Apply next pending migration\nopenclaw migrate run --all # Apply all pending migrations\nopenclaw migrate run --id v2.1_20260301_add-financial-statements-index\n\n# Rollback\nopenclaw migrate rollback --last # Rollback the most recent migration\nopenclaw migrate rollback --to v2.0\n\n# Migration inspection\nopenclaw migrate diff --migration v2.1_20260301_add-financial-statements-index\nopenclaw migrate dry-run --next # Show what would change without applying" }, { "title": "Health Dashboard Feed", "body": "# Status outputs consumed by the dashboard\nopenclaw integrity health-status # Single-call summary: backup age, last check, any failures\nopenclaw backup age # Time since last successful full backup\nopenclaw retention due # Records due for retention action this month" }, { "title": "What Is Checked", "body": "Integrity_Check_Scope:\n\n file_existence:\n description: \"Every file referenced in index files and registries actually exists on disk\"\n checks:\n - \"/data/clients/_index.json entries → /data/clients/{AFM}/ directories exist\"\n - \"/data/clients/{AFM}/documents/registry.json entries → files exist\"\n - \"/data/compliance/submissions/ receipts → referenced filing XML files exist\"\n - \"/data/clients/{AFM}/financial-statements/index.json → statement files exist\"\n\n hash_verification:\n description: \"SHA256 hash of every canonical data file matches the registered hash\"\n hash_registry: \"/data/system/integrity/hash-registry.json\"\n when_hash_registered: \"On every write to a canonical file (all skills call openclaw integrity hash-update on write)\"\n on_mismatch: \"Flag as CORRUPTION. Alert immediately. Do not proceed with accounting operations on affected client until resolved.\"\n on_new_file_not_in_registry: \"Flag as UNREGISTERED_WRITE. Log for investigation.\"\n\n structural_validation:\n description: \"Key JSON files conform to expected schema\"\n files_validated:\n - \"/data/clients/{AFM}/profile.json\"\n - \"/data/clients/{AFM}/compliance/filings.json\"\n - \"/data/clients/_index.json\"\n - \"/data/system/skill-versions.json\"\n on_schema_mismatch: \"Flag as SCHEMA_DRIFT. Usually indicates a migration is pending.\"\n\n referential_integrity:\n description: \"Cross-references between files are consistent\"\n checks:\n - \"Every AFM in _index.json has a corresponding directory\"\n - \"Every filing in filings.json has a corresponding submission receipt\"\n - \"Every financial statement in the index actually exists as a file\"\n - \"No orphaned files in /data/compliance/ without a corresponding client\"\n\n storage_health:\n description: \"Disk usage and growth rate\"\n checks:\n - \"Total /data/ usage against configured storage limit\"\n - \"Growth rate per directory — flag if growing faster than baseline\"\n - \"Memory directory size against configured maximum\"" }, { "title": "Check Scheduling", "body": "Integrity_Schedule:\n full_check:\n frequency: \"Weekly — Sunday 04:00 Athens time (after backup)\"\n scope: \"All directories, all files, all cross-references\"\n duration_estimate: \"5-15 minutes depending on data volume\"\n\n quick_check:\n frequency: \"Daily — 05:00 Athens time\"\n scope: \"Hash verification of client and compliance directories only\"\n duration_estimate: \"1-3 minutes\"\n\n event_driven:\n triggers:\n - \"After any government submission (verify submission receipt written correctly)\"\n - \"After any schema migration (verify migration applied cleanly)\"\n - \"After any backup restore test (verify restored data matches original)\"\n scope: \"Targeted — only the affected files and directories\"\n\n never_during:\n - \"Business hours (08:00-18:00 Athens time) — scheduled checks only\"\n - \"Active monthly processing run — wait for pipeline completion\"" }, { "title": "Backup Types and Schedule", "body": "Backup_Types:\n\n full_backup:\n frequency: \"Weekly — Sunday 02:00 Athens time\"\n scope: \"Complete /data/ tree excluding /data/processing/ (ephemeral)\"\n encryption: \"AES-256 with key stored in /data/auth/backup-key.enc\"\n filename: \"full_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep last 8 full backups (8 weeks rolling)\"\n verify_schedule: \"Tested within 24 hours of creation\"\n\n incremental_backup:\n frequency: \"Daily — Monday through Saturday, 03:00 Athens time\"\n scope: \"Files modified since last backup (using hash registry delta)\"\n filename: \"incremental_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep last 30 incremental backups\"\n verify_schedule: \"Spot-tested weekly (every 7th incremental)\"\n\n event_driven_snapshot:\n triggers:\n - \"After any government submission (VAT, EFKA, E1, corporate tax)\"\n - \"After any client onboarding (new client record created)\"\n - \"After any schema migration\"\n scope: \"Specific affected directories only\"\n filename: \"snapshot_{event-type}_{AFM}_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep indefinitely — these are milestone records\"\n verify_schedule: \"Verified immediately after creation\"" }, { "title": "Backup Verification", "body": "Backup_Verification:\n method: \"Restore to isolated temporary directory, run integrity check against restored data\"\n what_is_verified:\n - \"Archive can be decrypted with current key\"\n - \"Archive is not corrupted (tar integrity check)\"\n - \"File count matches manifest\"\n - \"Sample file hashes match registered hashes\"\n - \"No files present in manifest that are missing from archive\"\n\n result_states:\n VERIFIED: \"Archive passed all checks — recorded in manifest\"\n PARTIAL: \"Archive intact but some files could not be verified against hash registry\"\n FAILED: \"Archive corrupted, undecryptable, or missing files — immediate alert\"\n\n on_failed_backup:\n action_1: \"Alert dashboard immediately\"\n action_2: \"Trigger new backup attempt within 1 hour\"\n action_3: \"If second attempt also fails: alert senior accountant via dashboard critical alert\"\n action_4: \"Log failure to /data/system/integrity/audit-log.json\"\n never: \"Never silently mark a failed backup as OK\"" }, { "title": "Backup File Structure", "body": "Backup_Manifest_Entry_Fields:\n - backup_id # BACKUP-{YYYYMMDD}-{3digits}\n - type # full / incremental / snapshot\n - created_at_utc # ISO timestamp\n - filename # Exact filename in /data/backups/\n - size_bytes\n - file_count\n - scope # What directories were included\n - trigger # scheduled / event:submission / event:onboarding / manual\n - verified # true / false / pending\n - verified_at_utc # ISO timestamp of last verification\n - verify_result # VERIFIED / PARTIAL / FAILED / pending\n - event_reference # If event-driven: filing ID, AFM, etc." }, { "title": "Retention Schedule", "body": "Greek accounting law sets minimum retention periods. This skill enforces them with a conservative approach — when in doubt, retain longer and require human approval before deletion.\n\nRetention_Schedule:\n\n financial_records:\n types:\n - \"VAT returns and supporting documents\"\n - \"Financial statements (P&L, Balance Sheet)\"\n - \"Invoice records (sales and purchases)\"\n - \"Bank reconciliation reports\"\n minimum_retention_years: 5\n recommended_retention_years: 7\n legal_basis: \"Greek VAT Code Article 36, Law 4308/2014\"\n\n payroll_records:\n types:\n - \"Employee payroll records\"\n - \"EFKA contribution calculations\"\n - \"Employment contracts\"\n - \"Payslips\"\n minimum_retention_years: 5\n note: \"EFKA may audit up to 5 years back\"\n\n government_submission_receipts:\n types:\n - \"AADE submission references\"\n - \"myDATA transmission records\"\n - \"EFKA declaration receipts\"\n system_default: \"Retain indefinitely unless explicitly deleted\"\n note: \"Storage cost is negligible; risk of needing them is real\"\n\n client_contracts_and_identity:\n types:\n - \"Client engagement letters\"\n - \"AFM verification records\"\n - \"GDPR consent records\"\n minimum_retention_years: 5\n post_relationship_retention: 5\n note: \"5 years after end of client relationship, not from document creation\"\n\n correspondence:\n types:\n - \"Outgoing letters (Skill 16 sent records)\"\n - \"Inbound email classifications\"\n minimum_retention_years: 5\n\n audit_and_integrity_logs:\n types:\n - \"/data/system/integrity/audit-log.json\"\n - \"/data/auth/logs/\"\n retention: \"Permanent — never deleted\"\n reason: \"Regulatory and professional liability\"\n\n processing_and_temp_files:\n types:\n - \"/data/processing/ (all subdirectories)\"\n - \"/data/memory/episodes/ and /data/memory/failures/\"\n retention_days: 90\n action: \"Auto-purge after 90 days — these are operational, not legal records\"\n exception: \"Memory patterns/ and corrections/ — retained indefinitely as system learning assets\"" }, { "title": "Retention Action Workflow", "body": "Retention_Action:\n step_1: \"Flag records past retention date in /data/system/integrity/retention-schedule.json\"\n step_2: \"Alert dashboard — show which records are due for action\"\n step_3: \"Human reviews: openclaw retention flagged --show-all\"\n step_4: \"Human chooses: archive (cold storage) or delete\"\n step_5: \"Archive: openclaw retention archive --approved-by {username}\"\n \"Delete: openclaw retention delete --approved-by {username} --confirm\"\n step_6: \"Action logged permanently in integrity audit-log\"\n never: \"Auto-delete any client financial record without explicit human approval\"" }, { "title": "Schema Migration", "body": "Migration_System:\n\n version_format: \"v{MAJOR}.{MINOR}_{YYYYMMDD}_{description}\"\n examples:\n - \"v1.0_20260101_initial-schema\"\n - \"v2.0_20260218_add-financial-statements\"\n - \"v2.1_20260301_add-correspondence-tree\"\n\n migration_file_contents:\n - description: \"Plain English description of what changes\"\n - affects: \"List of directories and file patterns affected\"\n - forward_steps: \"Ordered list of operations to apply the migration\"\n - rollback_steps: \"Ordered list of operations to reverse the migration\"\n - validation: \"Checks to run after applying — confirms migration succeeded\"\n - estimated_duration: \"Expected time to apply\"\n\n safety_rules:\n - \"Never modify production data without taking a snapshot backup first\"\n - \"Run dry-run before applying any migration to production\"\n - \"Apply one migration at a time — never batch-apply untested migrations\"\n - \"All migrations tested in an isolated restore before production application\"\n - \"Failed migration triggers automatic rollback — never leaves data in partial state\"\n\n current_schema_version:\n location: \"/data/system/skill-versions.json\"\n field: \"schema_version\"" }, { "title": "File System", "body": "Skill_17_File_Paths:\n owns:\n - \"/data/backups/\"\n - \"/data/system/integrity/\"\n - \"/data/system/backups/backup-manifest.json\"\n - \"/data/reports/system/\"\n\n writes_on_event:\n - \"/data/system/integrity/audit-log.json\"\n - \"/data/system/integrity/hash-registry.json\"\n - \"/data/system/integrity/last-check-results.json\"\n - \"/data/system/integrity/retention-schedule.json\"\n\n reports:\n location: \"/data/reports/system/\"\n files:\n - \"{YYYY-MM}_integrity_report.pdf\"\n - \"{YYYY-MM}_backup_status_report.pdf\"\n - \"{YYYY-MM}_retention_action_report.pdf\"" }, { "title": "Dashboard Integration", "body": "Dashboard_Feeds:\n health_status_card:\n data_source: \"/data/system/integrity/last-check-results.json\"\n fields_shown:\n - \"Last full check: [date] — [PASS / ISSUES FOUND]\"\n - \"Last backup: [date] — [VERIFIED / UNVERIFIED / FAILED]\"\n - \"Storage used: X GB of Y GB\"\n - \"Retention flags: N records awaiting action\"\n\n alerts:\n integrity_failure: \"CRITICAL — Data integrity issue detected in {directory}. Accounting operations suspended for affected clients.\"\n backup_failed: \"CRITICAL — Backup failed. Last verified backup: {N} days ago.\"\n backup_unverified: \"WARNING — Latest backup not yet verified.\"\n retention_due: \"INFO — {N} records are past retention date and require action.\"\n storage_at_80_percent: \"WARNING — Storage at {X}% capacity. Review and archive.\"" }, { "title": "Memory Integration (Phase 4 — Skill 19 hooks)", "body": "Memory_Integration:\n log_episodes: true\n episode_types:\n - backup_completed_and_verified\n - integrity_check_passed\n - migration_applied_successfully\n - retention_action_completed\n\n log_failures: true\n failure_types:\n - backup_failed\n - backup_verification_failed\n - integrity_check_found_corruption\n - migration_rollback_triggered\n - hash_mismatch_detected\n\n rate_limit_group: \"system_operations\"\n note: \"System integrity failures must always be logged regardless of rate limits — no token budget applies here\"" }, { "title": "Error Handling", "body": "Severity_Levels:\n\n CRITICAL:\n conditions:\n - Hash mismatch on any file in /data/clients/ or /data/compliance/\n - Backup archive corrupted or undecryptable\n - Schema migration failed and rollback also failed\n response:\n - Suspend accounting operations on affected data\n - Alert dashboard immediately with red banner\n - Log to audit-log with CRITICAL marker\n\n HIGH:\n conditions:\n - Backup verification failed (archive intact but hash mismatch on restore)\n - Retention-past-date records found\n - Storage above 90% capacity\n response:\n - Dashboard yellow alert\n - Log to audit-log\n - Retry backup verification once before escalating to CRITICAL\n\n INFO:\n conditions:\n - Unregistered write detected (file not in hash registry)\n - Schema drift detected (file does not match expected structure)\n - Storage above 80% capacity\n response:\n - Dashboard notification\n - Log to audit-log\n - Flag for human review at next session" }, { "title": "Success Metrics", "body": "A successful deployment of this skill should achieve:\n\n✅ Every backup verified within 24 hours of creation — zero unverified backups older than 48 hours\n✅ Full integrity check passes weekly with zero unexplained hash mismatches\n✅ Every schema migration applied cleanly with no data loss and full rollback capability\n✅ Retention schedule enforced — no record deleted without explicit human approval\n✅ Integrity audit log is continuous and permanent — no gaps\n✅ Dashboard always shows current backup age and last check result — never stale\n✅ The firm can produce an integrity report for a regulator or auditor at any time covering any past period\n\nRemember: This skill exists so the firm can say — to a client, a regulator, or an auditor — \"our systems are maintained, monitored, backed up, and compliant.\" That statement must be true and provable. Every feature in this skill exists to make it provable." } ], "body": "System Integrity and Backup\n\nThis skill protects everything the OpenClaw Greek Accounting system holds. It runs silently in the background — verifying that data has not been corrupted or unexpectedly deleted, managing encrypted backups to local storage, enforcing the retention obligations that Greek law places on accounting firms, and handling the schema migrations that keep the system consistent as skills evolve.\n\nNo accounting firm could professionally deploy a system handling client financial records without this layer. Greek accounting firms are legally obligated to retain certain records for up to 20 years. A backup that has never been tested is not a backup. An integrity system that only runs when something breaks is too late.\n\nSetup\nexport OPENCLAW_DATA_DIR=\"/data\"\nexport OPENCLAW_ENCRYPTION_KEY=\"your-256-bit-key\" # Never store on disk\nwhich jq openssl tar || sudo apt install jq openssl tar\nmkdir -p $OPENCLAW_DATA_DIR/backups\n\n\nUses openssl for AES-256 backup encryption and SHA-256 integrity verification. The encryption key must be provided via environment variable — it is never written to disk.\n\nCore Philosophy\nSilent Until Needed, Auditable Always: Integrity checks run on schedule without interrupting accounting operations. Every result — pass or fail — is permanently logged so the firm can demonstrate to a regulator or auditor that the system has been actively monitored\nVerified Backups, Not Just Created Ones: A backup is only as good as its last successful restore test. This skill tests backup archives on a regular schedule and flags any that cannot be verified\nGreek Legal Retention by Default: The retention schedule is pre-configured for Greek accounting law. Records are not deleted at retention expiry — they are flagged for human review and then archived or deleted only with explicit approval\nMigrations Are Versioned and Reversible: When a skill update changes a data structure, the migration is applied as a numbered, logged operation. Every migration can be inspected; failed migrations are rolled back automatically\nNo Silent Failures: If a backup fails, if an integrity check finds corruption, if a retention flag is triggered — the firm is notified through the dashboard. Nothing fails quietly\nOpenClaw Commands\nIntegrity Checks\n# Full system integrity check\nopenclaw integrity check --all\nopenclaw integrity check --all --verbose\n\n# Check specific data trees\nopenclaw integrity check --dir /data/clients/\nopenclaw integrity check --dir /data/compliance/\nopenclaw integrity check --afm EL123456789 # Single client full check\n\n# Hash registry operations\nopenclaw integrity hash-update --dir /data/clients/ # Rebuild hash registry after known change\nopenclaw integrity hash-verify --dir /data/clients/ # Verify current files against registry\nopenclaw integrity hash-diff --since yesterday # Show files changed since timestamp\n\n# Audit log\nopenclaw integrity audit-log --last 30-days\nopenclaw integrity audit-log --failures-only\nopenclaw integrity audit-log --afm EL123456789 --last 90-days\n\n# Generate integrity report (suitable for audit/regulatory inspection)\nopenclaw integrity report --period 2026-01 --format pdf\nopenclaw integrity report --year 2025 --full --format pdf\nopenclaw integrity report --format json --output /data/reports/system/\n\nBackup Management\n# Manual backup triggers\nopenclaw backup run --type full\nopenclaw backup run --type incremental\nopenclaw backup run --type clients --afm EL123456789 # Single client snapshot\nopenclaw backup run --type compliance --period 2026-01 # Post-filing snapshot\n\n# Backup schedule configuration\nopenclaw backup schedule --full weekly --day sunday --time 02:00\nopenclaw backup schedule --incremental daily --time 03:00\nopenclaw backup schedule --event-driven --on submission-complete\nopenclaw backup schedule --show\n\n# Backup verification (restore test without overwriting live data)\nopenclaw backup verify --latest\nopenclaw backup verify --backup-id BACKUP-20260218-001\nopenclaw backup verify --all --last 30-days\nopenclaw backup verify --restore-test --target /tmp/verify-restore/ # Full restore to temp\n\n# Backup listing and status\nopenclaw backup list --all\nopenclaw backup list --type full --last 10\nopenclaw backup status --show-verified --show-unverified --show-failed\nopenclaw backup manifest --update # Rebuild manifest from actual backup files\n\n# Off-site export (manual — operator copies encrypted files to external media)\nopenclaw backup export --backup-id BACKUP-20260218-001 --output /mnt/external/\nopenclaw backup export --latest-full --output /mnt/external/\n\nRetention Management\n# Check retention status\nopenclaw retention check --all-clients\nopenclaw retention check --afm EL123456789 --verbose\nopenclaw retention flagged --show-all # Records past retention date awaiting action\n\n# Retention schedule management\nopenclaw retention schedule-view # Show current retention rules\nopenclaw retention schedule-update --record-type financial-statements --years 10\n\n# Archiving and deletion (always requires explicit approval)\nopenclaw retention archive --afm EL123456789 --record-type invoices --older-than 7-years --approved-by \"yannis.k\"\nopenclaw retention delete --afm EL123456789 --record-type payroll-detail --older-than 5-years --approved-by \"yannis.k\" --confirm\nopenclaw retention report --period 2026-01 --records-archived --records-deleted\n\nSchema Migration\n# Migration status\nopenclaw migrate status # Current schema version and pending migrations\nopenclaw migrate list --pending # Migrations not yet applied\nopenclaw migrate list --applied # Applied migrations with dates\n\n# Apply migrations\nopenclaw migrate run --next # Apply next pending migration\nopenclaw migrate run --all # Apply all pending migrations\nopenclaw migrate run --id v2.1_20260301_add-financial-statements-index\n\n# Rollback\nopenclaw migrate rollback --last # Rollback the most recent migration\nopenclaw migrate rollback --to v2.0\n\n# Migration inspection\nopenclaw migrate diff --migration v2.1_20260301_add-financial-statements-index\nopenclaw migrate dry-run --next # Show what would change without applying\n\nHealth Dashboard Feed\n# Status outputs consumed by the dashboard\nopenclaw integrity health-status # Single-call summary: backup age, last check, any failures\nopenclaw backup age # Time since last successful full backup\nopenclaw retention due # Records due for retention action this month\n\nIntegrity Check Design\nWhat Is Checked\nIntegrity_Check_Scope:\n\n file_existence:\n description: \"Every file referenced in index files and registries actually exists on disk\"\n checks:\n - \"/data/clients/_index.json entries → /data/clients/{AFM}/ directories exist\"\n - \"/data/clients/{AFM}/documents/registry.json entries → files exist\"\n - \"/data/compliance/submissions/ receipts → referenced filing XML files exist\"\n - \"/data/clients/{AFM}/financial-statements/index.json → statement files exist\"\n\n hash_verification:\n description: \"SHA256 hash of every canonical data file matches the registered hash\"\n hash_registry: \"/data/system/integrity/hash-registry.json\"\n when_hash_registered: \"On every write to a canonical file (all skills call openclaw integrity hash-update on write)\"\n on_mismatch: \"Flag as CORRUPTION. Alert immediately. Do not proceed with accounting operations on affected client until resolved.\"\n on_new_file_not_in_registry: \"Flag as UNREGISTERED_WRITE. Log for investigation.\"\n\n structural_validation:\n description: \"Key JSON files conform to expected schema\"\n files_validated:\n - \"/data/clients/{AFM}/profile.json\"\n - \"/data/clients/{AFM}/compliance/filings.json\"\n - \"/data/clients/_index.json\"\n - \"/data/system/skill-versions.json\"\n on_schema_mismatch: \"Flag as SCHEMA_DRIFT. Usually indicates a migration is pending.\"\n\n referential_integrity:\n description: \"Cross-references between files are consistent\"\n checks:\n - \"Every AFM in _index.json has a corresponding directory\"\n - \"Every filing in filings.json has a corresponding submission receipt\"\n - \"Every financial statement in the index actually exists as a file\"\n - \"No orphaned files in /data/compliance/ without a corresponding client\"\n\n storage_health:\n description: \"Disk usage and growth rate\"\n checks:\n - \"Total /data/ usage against configured storage limit\"\n - \"Growth rate per directory — flag if growing faster than baseline\"\n - \"Memory directory size against configured maximum\"\n\nCheck Scheduling\nIntegrity_Schedule:\n full_check:\n frequency: \"Weekly — Sunday 04:00 Athens time (after backup)\"\n scope: \"All directories, all files, all cross-references\"\n duration_estimate: \"5-15 minutes depending on data volume\"\n\n quick_check:\n frequency: \"Daily — 05:00 Athens time\"\n scope: \"Hash verification of client and compliance directories only\"\n duration_estimate: \"1-3 minutes\"\n\n event_driven:\n triggers:\n - \"After any government submission (verify submission receipt written correctly)\"\n - \"After any schema migration (verify migration applied cleanly)\"\n - \"After any backup restore test (verify restored data matches original)\"\n scope: \"Targeted — only the affected files and directories\"\n\n never_during:\n - \"Business hours (08:00-18:00 Athens time) — scheduled checks only\"\n - \"Active monthly processing run — wait for pipeline completion\"\n\nBackup Architecture\nBackup Types and Schedule\nBackup_Types:\n\n full_backup:\n frequency: \"Weekly — Sunday 02:00 Athens time\"\n scope: \"Complete /data/ tree excluding /data/processing/ (ephemeral)\"\n encryption: \"AES-256 with key stored in /data/auth/backup-key.enc\"\n filename: \"full_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep last 8 full backups (8 weeks rolling)\"\n verify_schedule: \"Tested within 24 hours of creation\"\n\n incremental_backup:\n frequency: \"Daily — Monday through Saturday, 03:00 Athens time\"\n scope: \"Files modified since last backup (using hash registry delta)\"\n filename: \"incremental_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep last 30 incremental backups\"\n verify_schedule: \"Spot-tested weekly (every 7th incremental)\"\n\n event_driven_snapshot:\n triggers:\n - \"After any government submission (VAT, EFKA, E1, corporate tax)\"\n - \"After any client onboarding (new client record created)\"\n - \"After any schema migration\"\n scope: \"Specific affected directories only\"\n filename: \"snapshot_{event-type}_{AFM}_{YYYYMMDD}_{HHMMSS}.tar.enc\"\n retention: \"Keep indefinitely — these are milestone records\"\n verify_schedule: \"Verified immediately after creation\"\n\nBackup Verification\nBackup_Verification:\n method: \"Restore to isolated temporary directory, run integrity check against restored data\"\n what_is_verified:\n - \"Archive can be decrypted with current key\"\n - \"Archive is not corrupted (tar integrity check)\"\n - \"File count matches manifest\"\n - \"Sample file hashes match registered hashes\"\n - \"No files present in manifest that are missing from archive\"\n\n result_states:\n VERIFIED: \"Archive passed all checks — recorded in manifest\"\n PARTIAL: \"Archive intact but some files could not be verified against hash registry\"\n FAILED: \"Archive corrupted, undecryptable, or missing files — immediate alert\"\n\n on_failed_backup:\n action_1: \"Alert dashboard immediately\"\n action_2: \"Trigger new backup attempt within 1 hour\"\n action_3: \"If second attempt also fails: alert senior accountant via dashboard critical alert\"\n action_4: \"Log failure to /data/system/integrity/audit-log.json\"\n never: \"Never silently mark a failed backup as OK\"\n\nBackup File Structure\nBackup_Manifest_Entry_Fields:\n - backup_id # BACKUP-{YYYYMMDD}-{3digits}\n - type # full / incremental / snapshot\n - created_at_utc # ISO timestamp\n - filename # Exact filename in /data/backups/\n - size_bytes\n - file_count\n - scope # What directories were included\n - trigger # scheduled / event:submission / event:onboarding / manual\n - verified # true / false / pending\n - verified_at_utc # ISO timestamp of last verification\n - verify_result # VERIFIED / PARTIAL / FAILED / pending\n - event_reference # If event-driven: filing ID, AFM, etc.\n\nRetention Schedule\n\nGreek accounting law sets minimum retention periods. This skill enforces them with a conservative approach — when in doubt, retain longer and require human approval before deletion.\n\nRetention_Schedule:\n\n financial_records:\n types:\n - \"VAT returns and supporting documents\"\n - \"Financial statements (P&L, Balance Sheet)\"\n - \"Invoice records (sales and purchases)\"\n - \"Bank reconciliation reports\"\n minimum_retention_years: 5\n recommended_retention_years: 7\n legal_basis: \"Greek VAT Code Article 36, Law 4308/2014\"\n\n payroll_records:\n types:\n - \"Employee payroll records\"\n - \"EFKA contribution calculations\"\n - \"Employment contracts\"\n - \"Payslips\"\n minimum_retention_years: 5\n note: \"EFKA may audit up to 5 years back\"\n\n government_submission_receipts:\n types:\n - \"AADE submission references\"\n - \"myDATA transmission records\"\n - \"EFKA declaration receipts\"\n system_default: \"Retain indefinitely unless explicitly deleted\"\n note: \"Storage cost is negligible; risk of needing them is real\"\n\n client_contracts_and_identity:\n types:\n - \"Client engagement letters\"\n - \"AFM verification records\"\n - \"GDPR consent records\"\n minimum_retention_years: 5\n post_relationship_retention: 5\n note: \"5 years after end of client relationship, not from document creation\"\n\n correspondence:\n types:\n - \"Outgoing letters (Skill 16 sent records)\"\n - \"Inbound email classifications\"\n minimum_retention_years: 5\n\n audit_and_integrity_logs:\n types:\n - \"/data/system/integrity/audit-log.json\"\n - \"/data/auth/logs/\"\n retention: \"Permanent — never deleted\"\n reason: \"Regulatory and professional liability\"\n\n processing_and_temp_files:\n types:\n - \"/data/processing/ (all subdirectories)\"\n - \"/data/memory/episodes/ and /data/memory/failures/\"\n retention_days: 90\n action: \"Auto-purge after 90 days — these are operational, not legal records\"\n exception: \"Memory patterns/ and corrections/ — retained indefinitely as system learning assets\"\n\nRetention Action Workflow\nRetention_Action:\n step_1: \"Flag records past retention date in /data/system/integrity/retention-schedule.json\"\n step_2: \"Alert dashboard — show which records are due for action\"\n step_3: \"Human reviews: openclaw retention flagged --show-all\"\n step_4: \"Human chooses: archive (cold storage) or delete\"\n step_5: \"Archive: openclaw retention archive --approved-by {username}\"\n \"Delete: openclaw retention delete --approved-by {username} --confirm\"\n step_6: \"Action logged permanently in integrity audit-log\"\n never: \"Auto-delete any client financial record without explicit human approval\"\n\nSchema Migration\nMigration_System:\n\n version_format: \"v{MAJOR}.{MINOR}_{YYYYMMDD}_{description}\"\n examples:\n - \"v1.0_20260101_initial-schema\"\n - \"v2.0_20260218_add-financial-statements\"\n - \"v2.1_20260301_add-correspondence-tree\"\n\n migration_file_contents:\n - description: \"Plain English description of what changes\"\n - affects: \"List of directories and file patterns affected\"\n - forward_steps: \"Ordered list of operations to apply the migration\"\n - rollback_steps: \"Ordered list of operations to reverse the migration\"\n - validation: \"Checks to run after applying — confirms migration succeeded\"\n - estimated_duration: \"Expected time to apply\"\n\n safety_rules:\n - \"Never modify production data without taking a snapshot backup first\"\n - \"Run dry-run before applying any migration to production\"\n - \"Apply one migration at a time — never batch-apply untested migrations\"\n - \"All migrations tested in an isolated restore before production application\"\n - \"Failed migration triggers automatic rollback — never leaves data in partial state\"\n\n current_schema_version:\n location: \"/data/system/skill-versions.json\"\n field: \"schema_version\"\n\nFile System\nSkill_17_File_Paths:\n owns:\n - \"/data/backups/\"\n - \"/data/system/integrity/\"\n - \"/data/system/backups/backup-manifest.json\"\n - \"/data/reports/system/\"\n\n writes_on_event:\n - \"/data/system/integrity/audit-log.json\"\n - \"/data/system/integrity/hash-registry.json\"\n - \"/data/system/integrity/last-check-results.json\"\n - \"/data/system/integrity/retention-schedule.json\"\n\n reports:\n location: \"/data/reports/system/\"\n files:\n - \"{YYYY-MM}_integrity_report.pdf\"\n - \"{YYYY-MM}_backup_status_report.pdf\"\n - \"{YYYY-MM}_retention_action_report.pdf\"\n\nDashboard Integration\nDashboard_Feeds:\n health_status_card:\n data_source: \"/data/system/integrity/last-check-results.json\"\n fields_shown:\n - \"Last full check: [date] — [PASS / ISSUES FOUND]\"\n - \"Last backup: [date] — [VERIFIED / UNVERIFIED / FAILED]\"\n - \"Storage used: X GB of Y GB\"\n - \"Retention flags: N records awaiting action\"\n\n alerts:\n integrity_failure: \"CRITICAL — Data integrity issue detected in {directory}. Accounting operations suspended for affected clients.\"\n backup_failed: \"CRITICAL — Backup failed. Last verified backup: {N} days ago.\"\n backup_unverified: \"WARNING — Latest backup not yet verified.\"\n retention_due: \"INFO — {N} records are past retention date and require action.\"\n storage_at_80_percent: \"WARNING — Storage at {X}% capacity. Review and archive.\"\n\nMemory Integration (Phase 4 — Skill 19 hooks)\nMemory_Integration:\n log_episodes: true\n episode_types:\n - backup_completed_and_verified\n - integrity_check_passed\n - migration_applied_successfully\n - retention_action_completed\n\n log_failures: true\n failure_types:\n - backup_failed\n - backup_verification_failed\n - integrity_check_found_corruption\n - migration_rollback_triggered\n - hash_mismatch_detected\n\n rate_limit_group: \"system_operations\"\n note: \"System integrity failures must always be logged regardless of rate limits — no token budget applies here\"\n\nError Handling\nSeverity_Levels:\n\n CRITICAL:\n conditions:\n - Hash mismatch on any file in /data/clients/ or /data/compliance/\n - Backup archive corrupted or undecryptable\n - Schema migration failed and rollback also failed\n response:\n - Suspend accounting operations on affected data\n - Alert dashboard immediately with red banner\n - Log to audit-log with CRITICAL marker\n\n HIGH:\n conditions:\n - Backup verification failed (archive intact but hash mismatch on restore)\n - Retention-past-date records found\n - Storage above 90% capacity\n response:\n - Dashboard yellow alert\n - Log to audit-log\n - Retry backup verification once before escalating to CRITICAL\n\n INFO:\n conditions:\n - Unregistered write detected (file not in hash registry)\n - Schema drift detected (file does not match expected structure)\n - Storage above 80% capacity\n response:\n - Dashboard notification\n - Log to audit-log\n - Flag for human review at next session\n\nSuccess Metrics\n\nA successful deployment of this skill should achieve:\n\n✅ Every backup verified within 24 hours of creation — zero unverified backups older than 48 hours\n✅ Full integrity check passes weekly with zero unexplained hash mismatches\n✅ Every schema migration applied cleanly with no data loss and full rollback capability\n✅ Retention schedule enforced — no record deleted without explicit human approval\n✅ Integrity audit log is continuous and permanent — no gaps\n✅ Dashboard always shows current backup age and last check result — never stale\n✅ The firm can produce an integrity report for a regulator or auditor at any time covering any past period\n\nRemember: This skill exists so the firm can say — to a client, a regulator, or an auditor — \"our systems are maintained, monitored, backed up, and compliant.\" That statement must be true and provable. Every feature in this skill exists to make it provable." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/satoshistackalotto/system-integrity-and-backup", "publisherUrl": "https://clawhub.ai/satoshistackalotto/system-integrity-and-backup", "owner": "satoshistackalotto", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/system-integrity-and-backup", "downloadUrl": "https://openagent3.xyz/downloads/system-integrity-and-backup", "agentUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent", "manifestUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent.json", "briefUrl": "https://openagent3.xyz/skills/system-integrity-and-backup/agent.md" } }