# docs/operations/WORK_SETUP_CHECKLIST.md Use this checklist on the **target work computer only**. Do not run these mutation steps on your current stable machine. ## 0) Open terminal in this folder ```bash cd /path/to/openclaw-setup ``` If delegating to another AI assistant, point it to: - `docs/operations/AI_SETUP_HANDOFF.md` ## 1) Preflight ```bash uname -a sw_vers which brew || echo "brew missing" which node || echo "node missing" which npm || echo "npm missing" ``` ## 2) Primary Copilot setup ```bash bash ./setup/setup_openclaw_copilot.sh ``` Optional custom locations: ```bash OPENCLAW_DATA_TARGET=/Volumes/Data/openclaw-copilot bash ./setup/setup_openclaw_copilot.sh NPM_GLOBAL_PREFIX="$HOME/.npm-global" bash ./setup/setup_openclaw_copilot.sh ``` Verify: ```bash which openclaw openclaw --version which copilot copilot --version ``` ## 3) Finalize setup in one command (recommended) ```bash bash ./scripts/finalize_copilot_setup.sh ``` Expected: - Authenticated with enterprise-linked account - Copilot models discovered - If prompted, paid profile model selected from non-free candidates - Guardrails installed + running - Hooks enabled (`boot-md`, `command-logger`, `session-memory`) - Gateway restarted If this step succeeds, you can skip to step 10. ## 4) Manual fallback path (advanced, only if step 3 fails) If finalize fails due auth/browser flow, run: ```bash copilot auth login copilot auth status ``` Then continue below. ## 5) Start/verify OpenClaw gateway ```bash openclaw gateway restart openclaw status --deep ``` Expected: gateway reachable. ## 6) Discover available models ```bash openclaw models refresh || true openclaw models list openclaw models status ``` Note: If `models refresh` is unsupported in your version, ignore and continue. How to choose from the list: - Pick a fast daily model as primary (usually Sonnet-Fast or Codex-Fast style naming). - Pick only free-tier or lowest-cost fallbacks. - Avoid premium fallbacks (Opus-class) in default routing. - Keep model IDs exact from `openclaw models list`. Why this matters: - Better latency for normal work - Better quality when complexity spikes - Lower quota burn by not overusing heavyweight models - Better uptime through fallback failover ## 7) Set Copilot primary + fallbacks Replace models below with names from your `openclaw models list` output if needed. ```bash openclaw models set github-copilot/claude-sonnet-4.6 openclaw models fallbacks clear openclaw models fallbacks add github-copilot/ openclaw models fallbacks add github-copilot/ ``` Verify: ```bash openclaw models status ``` Expected: - Default model is your fast daily Copilot model - Fallback chain includes only free-tier or low-cost models - Only `github-copilot/*` appears if strict enterprise policy is required ## 8) Optional strict provider lock (Copilot-only) Run if your enterprise policy requires only Copilot provider traffic: ```bash openclaw config set --json providers.github-copilot.enabled true openclaw config set --json providers.openai.enabled false openclaw config set --json providers.anthropic.enabled false openclaw config set --json providers.openrouter.enabled false openclaw gateway restart ``` Verify: ```bash openclaw models list openclaw models status ``` ## 9) Configure + install Copilot guardrails (recommended) If step 3 already succeeded, this is already done. This one command auto-detects your available Copilot models, asks for paid model selection (interactive), picks low-cost free defaults, applies policy, and installs launchd guards: ```bash bash ./scripts/install_copilot_guardrails.sh ``` For unattended/non-interactive automation: ```bash PROMPT_FOR_PAID_MODEL=false bash ./scripts/install_copilot_guardrails.sh ``` 3. Verify: ```bash launchctl print gui/$(id -u)/ai.openclaw.model-budget-guard launchctl print gui/$(id -u)/ai.openclaw.copilot-policy-guard launchctl print gui/$(id -u)/ai.openclaw.copilot-auth-watchdog launchctl print gui/$(id -u)/ai.openclaw.copilot-model-schedule-guard tail -n 30 /tmp/openclaw-model-budget-guard.log /tmp/openclaw-model-budget-guard.err.log tail -n 30 /tmp/openclaw-copilot-policy-guard.log /tmp/openclaw-copilot-policy-guard.err.log tail -n 30 /tmp/openclaw-copilot-auth-watchdog.log /tmp/openclaw-copilot-auth-watchdog.err.log tail -n 30 /tmp/openclaw-copilot-model-schedule-guard.log /tmp/openclaw-copilot-model-schedule-guard.err.log ``` Why this matters: - User gets prompted when high model remains active - Session is auto-switched back to lower model after timeout - Copilot-only policy is auto-corrected if drift occurs - Expired Copilot auth is surfaced quickly - Work-hours/off-hours profile schedule is auto-enforced - Protects enterprise quota and keeps routine latency low ## 10) Enable recommended hooks If step 3 already succeeded, hooks were already enabled. ```bash openclaw hooks enable boot-md openclaw hooks enable command-logger openclaw hooks enable session-memory openclaw hooks list ``` ## 11) Persona/startup docs sanity Confirm these files exist in workspace root: ```bash ls -la AGENTS.md docs/context/BOOT.md docs/context/SOUL.md docs/context/IDENTITY.md docs/context/USER.md docs/context/TOOLS.md docs/operations/troubleshooting.md ``` ## 12) Telegram/channel check (if used) Telegram account rule: - No new personal Telegram account is required. - Use your existing Telegram account and create a bot via `@BotFather`. - Bot token is the only setup secret needed for Telegram. ```bash openclaw status --deep ``` Expected: channel `OK` and gateway reachable. ## 13) First chat checks In your chat surface: 1. `/new` 2. Ask: `reply with your active model and one sentence` Expected: response is fast and uses a `github-copilot/*` model. ## 14) Daily operations ```bash openclaw status --deep openclaw models status copilot auth status ``` ## 15) Fast failure recovery ```bash openclaw gateway restart openclaw logs --follow openclaw models status copilot auth status ``` If still blocked, use `docs/operations/troubleshooting.md`.