alibaba
diff --git a/‎docs/extension/openclaw/README.md‎
Lines changed: 201 additions & 0 deletions b/‎docs/extension/openclaw/README.md‎
Lines changed: 201 additions & 0 deletions
diff --git a/‎docs/extension/openclaw/SKILL.md‎
Lines changed: 141 additions & 0 deletions b/‎docs/extension/openclaw/SKILL.md‎
Lines changed: 141 additions & 0 deletions
@@ -0,0 +1,201 @@
+# Agentic OS for OpenClaw Solution
+
+## Overview
+
+Agentic OS for OpenClaw is an integrated solution that connects existing Agentic OS capabilities to OpenClaw. The goal is to provide one installation path, one operational model, and one troubleshooting surface for capabilities that were originally developed as independent components.
+
+The solution is delivered through:
+
+- a one-click installer at `extension/openclaw/agenticos2openclaw.sh`
+- an OpenClaw-facing Skill at `extension/openclaw/SKILL.md`
+- this architecture and user-facing solution document
+
+## Component Mapping
+
+| Component | Capability | OpenClaw Integration |
+|---|---|---|
+| cosh | one-click installation and shell integration | provides the install entry pattern and can install OpenClaw itself |
+| SKILL | reusable Skill library | migrates Agentic OS Skills into the OpenClaw Skill directory |
+| sec-core | sandbox, asset verification, security Skills | attaches runtime security and security Skills to OpenClaw |
+| Sight | diagnostics and observability | diagnoses OpenClaw agent behavior, token usage, and runtime events |
+| osbase | system optimization | applies memory-side optimization for common small OpenClaw instances |
+| runtime | runtime optimization | provides ws-ckpt, skillfs, skvm, and other OpenClaw-oriented runtime improvements |
+| token-less | token reduction | integrates OpenClaw plugin paths and runtime hooks for context compression and output filtering |
+
+## Architecture
+
+The solution uses a layered architecture:
+
+1. OpenClaw Agent Gateway is the base runtime.
+2. The installer validates prerequisites and installs OpenClaw when needed.
+3. System modules such as osbase and Sight are checked or installed through RPMs.
+4. Runtime modules such as skillfs, ws-ckpt, and skvm are installed and exposed to OpenClaw as Skills or services.
+5. Security modules such as sec-core install their runtime components, plugin hooks, and Skills.
+6. Token optimization modules such as token-less register OpenClaw plugin paths and hooks.
+7. The state file records module results for status, retry, and rollback.
+
+Default paths:
+
+| Path | Purpose |
+|---|---|
+| `/usr/share/anolisa` | Agentic OS component root |
+| `/usr/share/anolisa/skills` | Agentic OS Skill source directory |
+| `/usr/share/anolisa/runtime/skills` | runtime Skill source directory |
+| `~/.openclaw/openclaw.json` | OpenClaw configuration |
+| `~/.openclaw/skills` | OpenClaw Skill target directory |
+| `~/.openclaw/agenticos-state.json` | installer state |
+| `~/.openclaw/backups` | OpenClaw config backups |
+
+## Deployment Topology
+
+Recommended single-node topology:
+
+```text
+OpenClaw host
+├── OpenClaw Agent Gateway
+├── Agentic OS installer
+├── OpenClaw Skills
+│   ├── migrated Agentic OS Skills
+│   ├── skillfs
+│   ├── ws-ckpt
+│   └── sec-core Skills
+├── system services
+│   ├── agentsight
+│   └── skvm-bridged
+└── OpenClaw plugins
+    ├── sec-core integration
+    └── token-less integration
+```
+
+Recommended resource profile:
+
+| Scenario | CPU | Memory | Notes |
+|---|---:|---:|---|
+| minimal validation | 2 vCPU | 2 GB | use `--mode sec-core` or targeted modules |
+| recommended production baseline | 2-4 vCPU | 4 GB | use `--mode recommended` |
+| full diagnostics | 4+ vCPU | 8 GB | use `--mode all` with Sight enabled |
+
+Small instances benefit from osbase memory tuning. If osbase is not present, the installer treats it as non-fatal outside the expected Anolis SWAS environment.
+
+## Installation
+
+Recommended remote install:
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh | bash -s -- --mode recommended
+```
+
+Full install:
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh | bash -s -- --mode all
+```
+
+Local development install:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --mode recommended
+```
+
+Preview the plan:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --mode recommended --dry-run
+```
+
+Use a custom Agentic OS component root:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --base-dir /opt/anolisa --mode recommended
+```
+
+Automatically install missing RPM dependencies when appropriate:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --mode recommended --install-deps
+```
+
+## Install Modes
+
+| Mode | Modules | Use Case |
+|---|---|---|
+| `recommended` | osbase, skill, skillfs, ws-ckpt, skvm, sec-core, token-less | default installation for most users |
+| `all` | osbase, skill, skillfs, ws-ckpt, sec-core, sight, token-less, skvm | full solution including Sight diagnostics |
+| module list | any selected modules, such as sec-core, token-less, skillfs | targeted deployment and troubleshooting |
+
+`openclaw` is the base dependency for OpenClaw-integrated modules. It is not shown as part of `recommended` or `all`, but the installer automatically adds it to the install queue when selected modules require OpenClaw and the `openclaw` command is not available.
+
+`recommended` intentionally excludes Sight to keep the default installation lightweight. Use `all` when diagnostics and observability are required by default.
+
+## Operations
+
+List modules:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --list
+```
+
+Check status:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --status
+```
+
+Retry failed modules:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --retry
+```
+
+Roll back failed modules:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --rollback
+```
+
+Full rollback:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --rollback --full
+```
+
+## Best Practices
+
+- Use `recommended` as the default production baseline.
+- Use `all` only when full observability is required.
+- Keep the Skill file concise and operation-focused; keep architecture and user documentation in `docs`.
+- Prefer explicit `bash -s -- --mode recommended` for remote install commands.
+- Run `--dry-run` before production rollout.
+- Keep the installer idempotent: every module should have detect, install, verify, and cleanup behavior.
+- Preserve OpenClaw config backups before plugin or config changes.
+- Use `--base-dir` for non-standard Agentic OS component layouts.
+
+## Troubleshooting
+
+If installation fails:
+
+1. Run `bash extension/openclaw/agenticos2openclaw.sh --status`.
+2. Retry failed modules with `bash extension/openclaw/agenticos2openclaw.sh --retry`.
+3. Check RPM availability with `rpm -q <package>`.
+4. Re-run with `--install-deps` only when automatic RPM installation is acceptable.
+5. Roll back failed modules with `bash extension/openclaw/agenticos2openclaw.sh --rollback`.
+6. Use `--rollback --full` only when restoring the whole OpenClaw integration state is desired.
+
+Common issues:
+
+| Symptom | Likely Cause | Action |
+|---|---|---|
+| `jq` missing | prerequisite not installed | install `jq` and rerun |
+| OpenClaw command missing | OpenClaw not installed or PATH not updated | install OpenClaw or rerun with OpenClaw module enabled |
+| Skill source missing | Agentic OS RPMs not installed or custom root path | install component RPMs or pass `--base-dir` |
+| token-less plugin not loaded | OpenClaw config path mismatch | pass `--config` and restart gateway |
+| sec-core sandbox degraded | `linux-sandbox` missing | verify `agent-sec-core` RPM installation |
+
+## Repository Layout
+
+```text
+extension/openclaw/
+├── README.md
+├── SKILL.md
+└── agenticos2openclaw.sh
+```
@@ -0,0 +1,141 @@
+---
+name: agenticos-deploy
+version: 0.2.0
+description: Deploy and manage Agentic OS for OpenClaw. Use when the user asks to install, configure, upgrade, verify, retry, roll back, or troubleshoot Agentic OS capabilities for OpenClaw, including osbase, SKILL, skillfs, ws-ckpt, sec-core, Sight, token-less, and skvm.
+layer: application
+lifecycle: usage
+---
+
+# Agentic OS for OpenClaw Deploy
+
+Use this skill to help users install and manage the integrated Agentic OS for OpenClaw solution.
+
+## Installer
+
+Download the installer from GitHub and run it with explicit arguments:
+
+```bash
+curl -fsSL "${AGENTICOS_INSTALLER_URL:-https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh}" | bash -s -- --mode recommended
+```
+
+For local repository development, run:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --mode recommended
+```
+
+The installer requires Linux, Bash 4+, `jq`, and `npm` when OpenClaw itself must be installed.
+
+## When To Use
+
+Use this skill when the user asks for:
+
+- one-click Agentic OS installation for OpenClaw
+- OpenClaw integration with Agentic OS components
+- installing or migrating Agentic OS Skills into OpenClaw
+- enabling sec-core, Sight, osbase, runtime, ws-ckpt, token-less, or skvm for OpenClaw
+- checking install status, retrying failed modules, or rolling back an installation
+
+## Install Modes
+
+Recommend `recommended` for most users:
+
+```bash
+curl -fsSL "${AGENTICOS_INSTALLER_URL:-https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh}" | bash -s -- --mode recommended
+```
+
+`recommended` installs: `osbase`, `skill`, `skillfs`, `ws-ckpt`, `skvm`, `sec-core`, `token-less`.
+
+Use `all` when the user explicitly wants full observability and every supported capability:
+
+```bash
+curl -fsSL "${AGENTICOS_INSTALLER_URL:-https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh}" | bash -s -- --mode all
+```
+
+`all` installs: `osbase`, `skill`, `skillfs`, `ws-ckpt`, `sec-core`, `sight`, `token-less`, `skvm`.
+
+Use module names for a targeted install:
+
+```bash
+curl -fsSL "${AGENTICOS_INSTALLER_URL:-https://raw.githubusercontent.com/alibaba/anolisa/main/extension/openclaw/agenticos2openclaw.sh}" | bash -s -- --mode sec-core token-less skillfs
+```
+
+Available modules:
+
+| Module | Purpose |
+|---|---|
+| `openclaw` | OpenClaw Agent Gateway |
+| `osbase` | system memory tuning for small OpenClaw instances |
+| `skill` | migrate Agentic OS Skills into OpenClaw |
+| `skillfs` | compact Skill filesystem for token reduction |
+| `ws-ckpt` | workspace checkpoint and restore |
+| `sec-core` | sandbox, asset verification, and security Skills |
+| `sight` | diagnostics and observability for agent behavior |
+| `token-less` | context compression and output filtering |
+| `skvm` | skvm skill bank |
+
+`openclaw` is a base dependency. The installer automatically adds it to the install queue when a selected module depends on OpenClaw and the `openclaw` command is not found.
+
+## Operations
+
+Preview the plan:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --mode recommended --dry-run
+```
+
+Check status:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --status
+```
+
+Retry failed modules:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --retry
+```
+
+Roll back failed modules:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --rollback
+```
+
+Full rollback:
+
+```bash
+bash extension/openclaw/agenticos2openclaw.sh --rollback --full
+```
+
+If RPM dependencies are missing and the user approves automatic package installation, add:
+
+```bash
+--install-deps
+```
+
+## Decision Guide
+
+Choose `recommended` for first-time users and production defaults. It includes security, runtime acceleration, Skill migration, checkpoint support, token reduction, and small-instance tuning. It does not include Sight diagnostics.
+
+Choose `all` when the user wants the full solution including Sight diagnostics.
+
+Choose `sec-core` only for a minimal security-focused integration.
+
+Choose `skill skillfs ws-ckpt skvm` when the user wants Skill/runtime improvements without security or token plugins.
+
+Use `--base-dir DIR` when Agentic OS components are installed somewhere other than `/usr/share/anolisa`.
+
+Use `--config FILE` when OpenClaw uses a non-default config path.
+
+## Troubleshooting
+
+If installation fails:
+
+1. Run `bash extension/openclaw/agenticos2openclaw.sh --status`.
+2. Retry with `bash extension/openclaw/agenticos2openclaw.sh --retry`.
+3. Check missing RPMs with `rpm -q <package>`.
+4. If RPMs are unavailable, rerun with `--install-deps` only after confirming with the user.
+5. Roll back with `bash extension/openclaw/agenticos2openclaw.sh --rollback`.
+
+Modules `sec-core` and `token-less` may require an OpenClaw gateway restart. The installer attempts this automatically in non-interactive mode and reports the manual command if restart fails.