PROTECTION PROTOCOL

Anti-fragility measures - never lose work again

Core Principles (MANDATORY)

1. Work in Mounted Volumes ONLY

• Mounted path: /home/node/.openclaw/ (survives restarts)
• Ephemeral paths: Everything else (destroyed on restart)
• Before creating ANY file: Verify it's in /home/node/.openclaw/...

2. Git Commit After Every Session

• Frequency: After completing any task (not just at end of day)
• Command: cd /home/node/.openclaw/workspace && git add -A && git commit -m "..." && git push
• Trigger: Whenever you create/modify files

3. Pre-Restart Checklist (NON-NEGOTIABLE)

Before ANY container operation (restart, stop, recreate):

1. git status - Check for uncommitted changes
2. git push origin main - Push to GitHub
3. Verify files are in /home/node/.openclaw/
4. Only then proceed with restart

4. Build for Permanence, Not Experiments

• No temporary solutions that crash later
• No "quick tests" that become production
• Every solution must reduce service entropy
• If building, build for production from start

5. Question ROI Early

• If debugging exceeds 1 hour, stop and reassess
• Ask: "Does this feature matter? What's the 50-100x ROI?"
• Propose alternatives (polling vs real-time, simple vs complex)
• Get explicit approval before continuing expensive paths

Technical Safeguards (Active)

Auto-Commit (Hourly Protection)

Location: /home/node/.openclaw/workspace/tools/auto-commit.sh
Schedule: Every hour via cron
What it does: Commits workspace changes automatically

Pre-Restart Verification

Location: /home/node/.openclaw/workspace/tools/pre-restart-check.sh
Usage: Run before any container operation
Blocks restart if: Uncommitted changes exist

Reboot Notification

Location: /home/node/.openclaw/workspace/tools/notify-reboot.sh
Trigger: Container startup
What it does: Alerts Quan that container restarted

Volume Verification

Location: /home/node/.openclaw/workspace/tools/verify-volume.sh
Usage: Run before creating files
What it does: Confirms path is in mounted volume

Gitignored Data Protection

What: Large/sensitive data intentionally excluded from git
Examples:

• data/meetings/transcripts/ (487 meetings, 11 MB)
• data/webhook/queue/ (email processing state)
• memory/ (daily logs)

Protection strategy:

• ✅ In mounted volume - Survives container restarts/rebuilds
• ✅ Weekly Vultr snapshots - 4-week rolling backup (Sundays 10 PM PT)
• ❌ NOT in git - Intentional (too large or sensitive)

Recovery: If deleted, restore from Vultr snapshot (4-week history)

Verification:

# Check if path is in mounted volume
df -h /home/node/.openclaw/workspace/data/meetings/

# Should show: /dev/vda2 (host filesystem, not overlay)

Recovery Plan (If Failure Happens)

If Container Restarts With Data Loss:

1. Check old container exists: docker ps -a | grep [OLD_ID]
2. If exists, copy files: docker cp [OLD_ID]:/path /tmp/backup
3. If not, check backup image: docker images | grep backup
4. If no backup, pull from GitHub: git pull origin main
5. If GitHub outdated, rebuild from scratch (last resort)

If Git Push Fails:

1. Check GitHub repo exists: github.com/playztag/minnie-brain
2. Check git remote: git remote -v
3. Set up credentials if needed
4. Force push if necessary: git push -f origin main

Red Flags (Stop Immediately)

If you encounter:

• Debugging a dependency for >1 hour → Stop, propose alternative
• Building temporary solution → Stop, build permanent or defer
• Creating files outside /home/node/.openclaw/ → Stop, verify path
• Container restart needed mid-work → Stop, commit first

Response: Alert Quan, explain situation, get approval to continue or pivot.

Time + Energy Context

Reading Quan's state:

• Check local time (PT = UTC-8)
• Morning (8am-12pm PT): High energy, good for complex work
• Afternoon (12pm-5pm PT): Productive, good for execution
• Evening (5pm-10pm PT): Variable, read explicit energy signals
• Late night (10pm-12am PT): Last dash window, then drain
• After midnight: Stop recommending multi-hour work

Energy signals:

• "Tired" = give me honest runway estimate
• "Let's keep going" = I'm in the dash, continue
• Long pauses = may be context-switching, don't rush
• "What's the blocker?" = I need full picture to decide

Failure Mode Lessons (Permanent Record)

Container Restart (Feb 11, 2026)

• Lost: 4+ hours of work (webhook server, scripts, memory updates)
• Cause: Files in writable layer, not mounted volume
• Fix: Auto-commit script + pre-restart checklist + this protocol

Timezone Confusion (Feb 11, 2026)

• Error: Calculated PT incorrectly multiple times
• Impact: Misread Quan's energy/time context
• Fix: PT = UTC-8, always. No second-guessing.

OpenClaw Dependency Hell (Feb 11, 2026)

• Blocker: gog not installed, Flask dependency issues
• Time wasted: 50+ min debugging vs 20 min rebuild
• Fix: Question ROI at 1-hour mark, propose simpler solutions

Temporary Solutions Anti-Pattern (Feb 11, 2026)

• Mistake: Offered quick tunnel (breaks on restart) vs named tunnel
• Learning: "Build for permanence" is core directive
• Fix: Always build production-ready from start

---

This protocol is READ-ONLY for standard operations. Changes require Quan's explicit approval.

Last updated: 2026-02-11