collective-memory-repo/shared/long-term/decisions/openclawd-infra-baseline.md

# OpenClaw Infra Baseline (Imported)

- imported_from: `/Users/lingyuzeng/openclawd/vaults/memory/infra.md`
- imported_at_utc: `2026-03-10T07:53:38Z`
- note: migrated from openclawd/vaults to collective-memory-repo.

---

# memory/infra.md

## OpenClaw Cluster Baseline (2026-03-18)

- **mac-5 = brain**：Control Plane / Gateway / Orchestrator（唯一 Gateway）
- **mac-6 = hands**：Execution Plane / General Compute Worker
- **mac-7 = eyes**：Verification Plane / Browser Automation Worker
- **mac-8 已下线**，不再参与当前集群调度

## Role Semantics

- `mac-5` 负责控制、编排、入口收敛、记忆系统主入口与全局调度。
- `mac-6` 负责执行、算力、构建、脚本、CLI agent、批处理等通用工作负载。
- `mac-7` 负责浏览器自动化、页面验证、验收检查，也可承接辅助执行任务，但主身份保持 browser-first。

## Access & Ingress

- Unified ingress via Caddy HTTPS/WSS.
- Known endpoints in docs/notes:
  - `https://mac5.hs.jmsu.top:8443`
  - `wss://mac5.hs.jmsu.top:8443`
  - runtime summary may use `bot.jmsu.top:443` (confirm active deployment before operations)

## Node Lifecycle

`openclaw node run/install -> Pending -> openclaw devices approve <request-id> -> Online -> openclaw nodes run ...`

## Operating Rules

1. Never run Gateway on mac-6/mac-7.
2. Remote commands must go through `openclaw nodes run`.
3. Keep node allowlist/approvals least-privileged by role.
4. For failures, check: unauthorized / pairing required / origin not allowed / trusted proxy / approval required.

## Memory Gateway Design (qmd-memory-gateway)

- Consistency model: query-time sync (`fetch -> workspace sync -> qmd update/embed -> query`).
- Workspace isolation by branch/profile, with per-workspace lock.
- Keep a **single gateway on mac-5** as default topology to avoid multi-writer index drift.
- Consider per-machine gateway only if:
  - cross-machine latency becomes a bottleneck, and
  - each machine can own an isolated branch/workspace and independent qmd cache/index.