Summary

• Problem: OpenClaw had only ad-hoc documentation for backups, but no first-class CLI backup workflow.
• Why it matters: reset and uninstall can remove local state, credentials, sessions, and workspaces, so recoverability depended on manual operator steps.
• What changed: added openclaw backup create, openclaw backup verify, optional openclaw backup create --verify, docs, archive manifest validation, atomic archive writes, and backup guidance in destructive flows.
• What did NOT change (scope boundary): this PR does not add backup restore yet.

Change Type (select all)

• Feature
• Docs
• Bug fix
• Refactor
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Memory / storage
• UI / DX
• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Integrations
• API / contracts
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #

User-visible / Behavior Changes

• New openclaw backup create command to archive local state/config/credentials/workspace into a timestamped .tar.gz.
• New openclaw backup verify <archive> command to validate backup structure and embedded manifest.json.
• New openclaw backup create --verify option to self-check an archive immediately after writing it.
• Backup archives are now written atomically through a temp file + rename, so failed runs do not strand partial final archives.
• reset and uninstall now recommend running openclaw backup create before state-destructive flows.
• Default backup output now falls back out of the source tree when the current working directory is inside backed-up state.

Security Impact (required)

• New permissions/capabilities? (Yes/No) Yes
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) Yes
• Data access scope changed? (Yes/No) Yes
• If any Yes, explain risk + mitigation:

This adds a local CLI capability that reads user state/config/workspace paths and writes a backup tarball. Mitigations:

• output paths inside backed-up source trees are rejected
• symlink/canonical-path containment is checked before writing
• final archive writes are atomic via temp file + rename
• existing archive files are never overwritten
• archive contents are rooted under a generated backup root and described by a manifest
• backup verify validates manifest/payload consistency

Repro + Verification

Environment

• OS: macOS
• Runtime/container: local Node 22
• Model/provider: N/A
• Integration/channel (if any): N/A
• Relevant config (redacted): temp home/state dirs in tests; custom config path for external-workspace coverage

Steps

1. Run openclaw backup create --output <dir>.
2. Inspect the generated .tar.gz and embedded manifest.json.
3. Run openclaw backup verify <archive>.
4. Run openclaw reset --dry-run or openclaw uninstall --dry-run and confirm backup guidance is shown for state-destructive scopes.

Expected

• Backup archive is created with canonicalized payload paths and manifest metadata.
• Verification succeeds for valid archives and fails for malformed archives.
• Failed writes do not leave a final partial archive behind.
• Destructive flows point users at the backup command first.

Actual

• Matches expected in targeted test coverage.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • backup archive creation for default state layout
  • backup archive creation when workspace is outside state
  • backup archive verification for valid and malformed archives
  • backup guidance emitted by reset and uninstall for state-destructive flows
  • create-time verification via --verify
  • failed archive creation does not leave a final partial archive behind
• Edge cases checked:
  • cwd inside backed-up source tree
  • dry-run with an already-existing target path
  • manifest references missing payload
  • archive missing manifest
  • symlink/canonical-path containment on macOS temp paths
  • temp archive cleanup on failure
• What you did not verify:
  • restore flow, because it is intentionally out of scope
  • full repo tsc, due to unrelated existing failures outside this PR

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly:
  • do not use the new backup commands
  • revert this PR to restore previous behavior
• Files/config to restore:
  • none required; this feature is additive
• Known bad symptoms reviewers should watch for:
  • backup output path accidentally resolving inside state/workspace trees
  • verify passing malformed archives
  • destructive-flow guidance showing for non-destructive scopes
  • partial final archives left behind after failed writes

Risks and Mitigations

• Risk: archive verification only validates manifest/payload structure, not file-level checksums.
  • Mitigation: keep restore out of scope for now; follow up with stronger integrity metadata if maintainers want it.
• Risk: backup now surfaces a larger local-data packaging capability.
  • Mitigation: keep it explicit CLI-only, local-only, non-overwriting, atomically written, and guarded against self-inclusion.

Testing

• AI-assisted
• pnpm exec vitest run src/commands/backup.atomic.test.ts src/commands/backup.test.ts src/commands/backup-verify.test.ts src/commands/reset.test.ts src/commands/uninstall.test.ts src/cli/program/register.backup.test.ts src/cli/program/command-registry.test.ts src/cli/program/preaction.test.ts src/cli/program/register.maintenance.test.ts
• pnpm exec tsc -p tsconfig.json --noEmit was attempted earlier, but the repo currently fails on unrelated pre-existing errors in extensions/tlon and existing agent/provider tests