Add OpenClaw ecosystem division to Armory

.seven-shadow/trust-rollout/pr-template.md

@@ -1,7 +1,7 @@
 # Trust Rollout Bootstrap PR
 
 Generated at: `2026-02-21T20:46:25Z`  
-Target repository: `/Users/vonta/Documents/Code Repos/armory`  
+Target repository: `~/armory`  
 Submodule path: `governance/seven-shadow-system`
 
 ## Summary

BUILD-SPECS.md

@@ -96,8 +96,8 @@ warp set-default <name>      # Change default machine
 {
   "default": "windows",
   "machines": {
-    "windows": { "host": "192.168.1.188", "user": "devon", "key": "~/.ssh/id_ed25519" },
-    "pi": { "host": "192.168.1.50", "user": "pi" },
+    "windows": { "host": "10.0.0.100", "user": "youruser", "key": "~/.ssh/id_ed25519" },
+    "pi": { "host": "10.0.0.50", "user": "pi" },
     "vps": { "host": "my.server.com", "user": "root", "port": 2222 }
   }
 }

docs/audits/deep-qa-fix-wave-2026-02-22.md

@@ -7,7 +7,7 @@
 - Mac runtime is mandatory; Windows remains courtesy coverage.
 
 ## Required Sequence
-1. `git -C /Users/vonta/Documents/Code Repos/armory pull --ff-only` -> PASS (`Already up to date.`)
+1. `git -C ~/armory pull --ff-only` -> PASS (`Already up to date.`)
 2. Baseline Armory-native checks (pre-change) -> PASS
 3. Logic fixes -> completed
 4. Security fixes -> completed
@@ -28,7 +28,7 @@
 
 ## Logic Fixes Shipped
 ### 1) Jutsu vault mutation hardening
-- File: `/Users/vonta/Documents/Code Repos/armory/weapons/jutsu/jutsu.sh`
+- File: `~/armory/weapons/jutsu/jutsu.sh`
 - Changes:
   - Removed unsafe inline Python string interpolation from `add/remove/swap`.
   - Switched to argument-safe Python calls (`sys.argv`) for provider/name/key inputs.
@@ -40,44 +40,44 @@
   - Malformed vault JSON now fails with exit `1` and no false success message.
 
 ### 2) Dispatcher help contract
-- File: `/Users/vonta/Documents/Code Repos/armory/scripts/lib/dispatch_routes.sh`
+- File: `~/armory/scripts/lib/dispatch_routes.sh`
 - Change:
   - Added `-h|--help` routing to the normal help path with exit `0`.
 
 ### 3) Mac smoke coverage extension
-- File: `/Users/vonta/Documents/Code Repos/armory/scripts/ci/mac-smoke.sh`
+- File: `~/armory/scripts/ci/mac-smoke.sh`
 - Changes:
   - Added `dispatcher --help` assertion.
   - Added zsh Jutsu help smoke.
   - Added quoted-provider Jutsu add scenario and persisted-vault assertion.
 
 ## Security Fixes Shipped
 ### 1) Dashboard HTML injection hardening
-- File: `/Users/vonta/Documents/Code Repos/armory/docs/assets/app.js`
+- File: `~/armory/docs/assets/app.js`
 - Changes:
   - Replaced manifest-driven card/cart `innerHTML` rendering with DOM node creation and `textContent`.
   - Replaced error-state `innerHTML` with safe text-node rendering.
 - Result:
   - Manifest text can no longer be interpreted as HTML in dashboard card/cart/error rendering paths.
 
 ### 2) CI guard for unsafe dashboard HTML APIs
-- File: `/Users/vonta/Documents/Code Repos/armory/scripts/ci/validate_dashboard_security.py` (new)
+- File: `~/armory/scripts/ci/validate_dashboard_security.py` (new)
 - Behavior:
   - Fails if `docs/assets/app.js` contains `innerHTML=`, `outerHTML=`, or `insertAdjacentHTML(`.
 - Wiring:
   - Added to CI workflow step:
-    - `/Users/vonta/Documents/Code Repos/armory/.github/workflows/armory-ci.yml`
+    - `~/armory/.github/workflows/armory-ci.yml`
   - Added to Alexander preflight checks:
-    - `/Users/vonta/Documents/Code Repos/armory/summons/alexander/alexander.py`
+    - `~/armory/summons/alexander/alexander.py`
   - Updated Alexander docs to include new skip/check name:
-    - `/Users/vonta/Documents/Code Repos/armory/summons/alexander/README.md`
+    - `~/armory/summons/alexander/README.md`
 
 ## Accessibility Fixes Shipped
 ### Dashboard semantics and keyboard support
 - Files:
-  - `/Users/vonta/Documents/Code Repos/armory/docs/index.html`
-  - `/Users/vonta/Documents/Code Repos/armory/docs/assets/app.js`
-  - `/Users/vonta/Documents/Code Repos/armory/docs/assets/styles.css`
+  - `~/armory/docs/index.html`
+  - `~/armory/docs/assets/app.js`
+  - `~/armory/docs/assets/styles.css`
 - Changes:
   - Added explicit labels for search/status/division controls.
   - Added explicit `type="button"` on button controls.
@@ -138,7 +138,7 @@ Walkthrough assertions:
 - Mode switch semantic state (`aria-pressed`) -> PASS
 
 Issue discovered during walkthrough and fixed in this wave:
-- A runtime parse defect in `/Users/vonta/Documents/Code Repos/armory/docs/assets/app.js` blocked dashboard JS execution in Chromium.
+- A runtime parse defect in `~/armory/docs/assets/app.js` blocked dashboard JS execution in Chromium.
 - Cause: unescaped shell-style `${...}` expansions inside a JavaScript template literal used for installer generation.
 - Fix: escaped shell expansions (`\${...}`) where literal bash parameter expansion is intended.
 - Verification after fix: card render restored (`5` cards / `5` action buttons), no page errors, keyboard walkthrough passed.

docs/audits/maintenance-day-no-code-hardening-2026-02-22.md

@@ -27,15 +27,15 @@
 
 ## Clone Sweep (Local Machine)
 - Discovery scope:
-  - `/Users/vonta/Documents`
-  - `/Users/vonta/Desktop`
-  - `/Users/vonta/Code Repos`
-  - `/Users/vonta/Repos`
-  - `/Users/vonta/Projects`
+  - `~/Documents`
+  - `~/Desktop`
+  - `~/Code Repos`
+  - `~/Repos`
+  - `~/Projects`
 - Discovered clone(s):
-  - `/Users/vonta/Documents/Code Repos/armory`
+  - `~/Documents/Code Repos/armory`
 - Remote hygiene result:
-  - `origin https://github.com/VontaJamal/armory.git` (tokenless)
+  - `origin` remote URL (tokenless)
   - `scripts/ci/check_remote_url.sh` -> PASS
 - Other machines:
   - Pending: repeat remote scrub + hygiene check on each additional machine.

docs/audits/public-logic-audit-2026-02-22.md

@@ -1,7 +1,7 @@
 # Public Logic Audit - 2026-02-22
 
 ## Repo
-- VontaJamal/armory
+- armory
 
 ## Scope
 - Deep quality-control on existing public-facing logic only.
@@ -12,7 +12,7 @@
 - Default branch: main
 - Latest default-branch run (at start):
   - Armory CI (success)
-  - https://github.com/VontaJamal/armory/actions/runs/22278810812
+  - (CI run link)
 
 ## Public Surface Inventory
 - README command references and policy docs

items/221b/README.md

@@ -16,10 +16,10 @@
 221b --path D:\Code Repos\armory
 
 # Analyze a running service
-221b --service CryptoPipeline
+221b --service MyService
 
 # Analyze a remote machine
-221b --ssh devon@192.168.1.188
+221b --ssh user@your-server
 
 # Focus on specific deduction categories
 221b --focus config        # Config contradictions only
@@ -85,13 +85,13 @@
      → These are different services, but the docs don't clarify this
 
   2. STALE BRANCH
-     Branch 'sovereign-badge' last commit: 4 days ago
+     Branch 'feature-badge' last commit: 4 days ago
      Main has moved 23 commits ahead
      → This branch is likely abandoned. Delete or merge.
 
   3. GHOST REFERENCE
-     scripts/deploy.ps1 line 14 references 'CryptoBot' service
-     No service named 'CryptoBot' exists (did you mean 'CryptoPipeline'?)
+     scripts/deploy.ps1 line 14 references 'OldService' service
+     No service named 'OldService' exists (did you mean 'NewService'?)
      → Renamed service, script not updated
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@@ -131,8 +131,8 @@ Every deduction cites its evidence. No hunches. Just facts that lead to conclusi
 # Add to PATH or call directly
 .\221b.ps1
 
-# Or through Faye CLI
-faye 221b
+# Or through your agent CLI
+armory 221b
 ```
 
 ---

items/agent-comms/README.md

@@ -32,10 +32,10 @@ In your `openclaw.json`:
 ```json
 {
   "agents": {
-    "list": ["main", "cipher", "poly", "kai"]
+    "list": ["main", "agent-a", "agent-b", "agent-c"]
   },
   "agentToAgent": {
-    "allow": ["main", "cipher", "poly", "kai"]
+    "allow": ["main", "agent-a", "agent-b", "agent-c"]
   }
 }
 ```
@@ -45,7 +45,7 @@ In your `openclaw.json`:
 From your main agent to a sub-agent:
 
 ```
-sessions_send(sessionKey="agent:cipher:main", message="Scout Armory for this repo issue and report a shortlist")
+sessions_send(sessionKey="agent:agent-a:main", message="Scout Armory for this repo issue and report a shortlist")
 ```
 
 Quartermaster command pattern:
@@ -88,7 +88,7 @@ Agent-to-agent messages can time out but still deliver. Validate by checking tar
 
 ### Session Keys Are Specific
 
-`agent:cipher:main` is not the same as `cipher`.
+`agent:agent-a:main` is not the same as `agent-a`.
 
 ### Dedicated Workspaces
 

items/nssm-services/README.md

@@ -1,4 +1,4 @@
-# Running Bots as Windows Services with NSSM
+# Running Bots as Windows Services with NSSM
 
 NSSM (Non-Sucking Service Manager) lets you run any script or process as a Windows service that auto-starts on boot and restarts on crash.
 
@@ -71,7 +71,7 @@ This grants Built-in Users read/control permissions.
 ## Health Check Script
 
 ```powershell
-$services = @("CryptoPipeline", "CryptoAlertForwarder", "TradingDashboard", "OpenClawGateway")
+$services = @("ServiceA", "ServiceB", "TradingDashboard", "OpenClawGateway")
 
 foreach ($svc in $services) {
     $status = (sc.exe query $svc | Select-String "STATE").ToString().Trim()

items/openclaw-ecosystem/README.md

@@ -0,0 +1,120 @@
+# OpenClaw Ecosystem — Tools & Extensions
+
+Third-party tools, libraries, and patterns that make OpenClaw agents sharper. Everything here has been vetted and either installed or queued for integration.
+
+> *"Build small, sharp tools. Let the agent call them. Keep the agent dumb, keep the tools sharp."*
+
+---
+
+## Installed & Active
+
+### Scrapling — Stealth Web Scraping
+- **What:** Undetectable scraper that adapts when sites change structure. Bypasses Cloudflare Turnstile automatically. 774x faster than BeautifulSoup+lxml.
+- **Install:** `pip install "scrapling[ai]"` + `python -m playwright install chromium`
+- **Source:** [@hasantoxr](https://x.com/hasantoxr/status/2025902150296236050) | [GitHub](https://github.com/D4Vinci/Scrapling) | BSD-3
+- **Use cases:** Image harvesting (Pinterest/Tumblr), news scraping, data fallback, UI testing
+- **Status:** ✅ Ready to use
+
+### keep.md — Bookmark-to-Markdown API
+- **What:** Save bookmarks from anywhere, access them as markdown through an API
+- **URL:** https://keep.md
+- **Use cases:** Feed bookmarks into nightly synthesis, content pipeline research
+- **Status:** 📋 Logged, not yet integrated
+
+### playbooks get — URL-to-Markdown Fetcher
+- **What:** Fetch any URL as clean markdown, even client-side rendered pages
+- **Usage:** `npx playbooks get <url>`
+- **Source:** [@iannuttall](https://x.com/iannuttall/status/2017237629008249128)
+- **Use cases:** Web research, content scraping, competitor analysis
+- **Status:** 📋 Logged, not yet integrated
+
+---
+
+## Patterns
+
+### Local-first CLI > API calls
+Wrap external APIs in small CLI tools. Agent runs CLI, reads stdout. Faster, cacheable, testable, works offline.
+- **Our examples:** `gmail.py`, `jutsu`, `ramuh`, `shiva`, anime-scraper.py
+
+### Context Window Management
+Source: [@johann_sath](https://x.com/johann_sath/status/2025440759416045702)
+- Orchestrator pattern: main session stays lean, subagents do heavy work
+- MEMORY.md as external brain — read/write, don't remember in-context
+- Heartbeats as fast check-ins (<3s), no file loading unless idle
+- Target: main session under 30K context
+- **Lossless Claw (LCM):** Plugin that replaces sliding-window compaction with a DAG-based summarization system. Every message persists in SQLite; agents recall details via `lcm_grep`, `lcm_expand`, `lcm_describe`. Install: `openclaw plugins install @martian-engineering/lossless-claw` | [GitHub](https://github.com/martian-engineering/lossless-claw) | [Visualization](https://losslesscontext.ai)
+
+### Humanizer — AI Detection Removal
+Source: [blader/humanizer](https://github.com/blader/humanizer) — 5.7K stars
+- Removes AI writing patterns using 24 detection rules
+- Potential Armory spell: "Glamour" — run content through before publishing
+- **Status:** 📋 Logged, not yet integrated
+
+### Write Discipline > Read Discipline
+Write things down immediately rather than trying to remember them. Files persist across sessions, memory doesn't.
+- **Core principle:** Text > Brain — if you want to remember it, write it to a file
+- **Examples:** Update MEMORY.md when learning lessons, capture decisions in daily files, document patterns in AGENTS.md
+- **Why it matters:** Agent memory is ephemeral; file-based memory is permanent and shareable across sessions
+
+### Marker Test Protocol
+Strategic testing pattern for validating system behavior under different conditions.
+- **Method:** Place markers/checkpoints in code/config, run test scenarios, verify markers behave as expected
+- **Use cases:** Memory management validation, context switching verification, agent handover testing
+- **Source:** Chiti's OpenClaw memory management guide (Feb 2026)
+
+### Readonly Access by Default
+When integrating with external data (email, messages, calendars, bookmarks), default to readonly access. The agent can READ and analyze but cannot send, delete, or modify. Reduces blast radius if agent gets confused or prompt-injected. Upgrade to write access only for specific, well-tested actions.
+
+### Nightly Conversation Archiving
+Set up a cron that auto-distills the day's chat into key decisions, action items, and learnings. Write to daily memory log. Reduces manual memory maintenance and ensures nothing falls through the cracks even if the human forgets to ask for a summary.
+
+---
+
+## Community Knowledge
+
+### 13-Step OpenClaw Security Hardening Guide
+- **Author:** [@johann_sath](https://x.com/johann_sath/status/2025671363504337282)
+- **Key concepts:** Dedicated user (never root), custom port, Tailscale for invisibility, SSH keys + Fail2ban, UFW firewall, Telegram allowlists, DM-only policy, Docker sandboxing for subagents (capDrop ALL), daily security audit cron, self-audit prompt, config drift detection
+- **Why it matters:** Most thorough single-source security guide for OpenClaw deployments. Covers Linux VPS and home server setups.
+- **Takeaway:** Comprehensive guide — covers everything from firewall rules to Docker sandboxing for subagents.
+
+### 5 Days Fixing Agent Memory — Chiti's OpenClaw Memory Guide
+- **Author:** Unknown (shared via Telegram, OpenClaw community)
+- **Key concepts:** memory flush before compaction, hybrid search (BM25 + vectors), LEARNINGS.md pattern, marker test protocol, context pruning (cache-ttl), write discipline > read discipline, handover protocol for model switches, boot sequence placement in AGENTS.md
+- **Why it matters:** Most comprehensive single-user writeup on OpenClaw memory management. Practical, battle-tested advice.
+- **Status:** 📋 Documented
+
+### Felix's OpenClaw Automation Setup (Feb 2026)
+- **Author:** Felix (ContextSDK founder, OpenClaw power user)
+- **Source:** Personal blog, shared via Telegram
+- **Key concepts:**
+  - Travel bot with readonly access to booking confirmations (parsed from email, stored as structured markdown)
+  - Beeper CLI for cross-messenger search (Telegram, WhatsApp, iMessage unified)
+  - Nightly cron to archive key learnings from conversations automatically
+  - ContextSDK phone awareness: agent knows if user is walking, at desk, in car — adjusts response style
+  - Smart home automation via Homey based on calendar (shift-based heating, lighting, ventilation)
+  - Readonly access pattern as security principle for all integrations
+  - Voice messages for natural rambling input (Telegram voice + OpenClaw transcription)
+- **Key takeaways:**
+  - Nightly conversation archiving cron — auto-distill daily chat into key decisions
+  - Readonly access as formal design principle
+  - Voice message workflow for capturing ideas on-the-go
+
+---
+
+## People to Watch
+
+| Handle | Why |
+|--------|-----|
+| [@iannuttall](https://x.com/iannuttall) | OpenClaw power user. Builds local-first agent tools. |
+| [@hasantoxr](https://x.com/hasantoxr) | Scrapling creator. Stealth scraping for AI agents. |
+| [@johann_sath](https://x.com/johann_sath) | Context management patterns. Runs 24/7 agents under 30K. |
+
+---
+
+## Adding Tools
+
+When you find something worth adding:
+1. Add it here with: **What**, **Install/URL**, **Source**, **Use cases**, **Status**
+2. Status options: ✅ Installed | 📋 Logged | 🔨 Building | ❌ Rejected
+3. If it could become an Armory weapon/spell, note the candidate name

items/telegram-setup/README.md

@@ -17,7 +17,7 @@ Look for `"chat": {"id": YOUR_ID}` in the response.
 1. Add your bot to the group
 2. Send a message in the group
 3. Hit the same `getUpdates` URL
-4. Group IDs are negative numbers (e.g., `-5290373854`)
+4. Group IDs are negative numbers (e.g., `-1234567890`)
 
 ### Quick Script
 ```bash
@@ -36,7 +36,7 @@ You can route different agents to different Telegram channels:
 
 Set the `to` field in cron jobs or `message` tool calls:
 ```
-"to": "channel:-5290373854"
+"to": "channel:-1234567890"
 ```
 
 ## Common Issues

items/teleport/README.md

@@ -55,9 +55,9 @@ Now you can `sc stop/start` from SSH without elevation.
 ```bash
 #!/bin/bash
 # Mac → Windows workspace sync (runs every 60s via launchd/cron)
-REMOTE="devon@192.168.1.188"
+REMOTE="youruser@your-server-ip"
 LOCAL="$HOME/.openclaw/workspace/"
-REMOTE_PATH="/C/Users/Devon/.openclaw/workspace/"
+REMOTE_PATH="/path/to/.openclaw/workspace/"
 
 rsync -avz --delete \
   --exclude '.git' \