NOVA Critical & Operational Learnings — Consolidated
Offloaded from session-learnings.md on 02-Apr-2026 to free bootstrap context space. Every entry passed 5 intake tests at time of original creation.
Critical Learnings
Memory staleness kills trust (2026-03-01)
Operator asked about heartbeat frequency. NOVA answered “30-min tick” from MEMORY.md. Live config was "every": "60m". Also found MEMORY.md claimed concurrency limits that didn’t exist in live config. Rule: State facts → verify against live system, never trust memory alone. 4-layer Memory Integrity system deployed.
Never assume install paths (2026-02-20)
X-Pulse skill deployed to wrong path without reading OpenClaw docs. Script executed but OpenClaw never discovered it. Rule: Always verify installation paths against platform documentation before declaring deployed.
Config existence ≠ working deployment (2026-02-19)
Agent config written but workspace property missing. Agent spawned but had no context files. Rule: “Deployed” = Phase 4 verification PASSED. Full chain verified end-to-end.
workspace ≠ agentDir (2026-02-19)
agentDir = runtime data storage. workspace = context file injection. Setting one does NOT imply the other. Both must be explicitly configured.
OAuth auth-profiles need access + expires fields (2026-03-16)
claude setup-token generates tokens stored with only key field. OpenClaw requires access and expires fields for OAuth. Without access, auth silently fails → agents fall back to Kimi. Source patching doesn’t work (7+ duplicated dist files). Rule: After token rotation, set access = key value, expires = 4102444800000 in ALL 6 auth-profiles.json files.
NEVER override CXO models (2026-03-22)
Operator mandated all CXOs use Opus 4.6. NOVA spawned CTO with Sonnet to “save cost” — direct violation. Rule: Never pass model parameter when spawning CXOs unless operator explicitly requests different model.
Monitor DNA file sizes against bootstrapMaxChars (2026-03-23)
SOUL.md grew past bootstrapMaxChars. OpenClaw silently truncated bottom content at runtime. Sessions operated with incomplete DNA — no warning. Rule: After any SOUL.md edit, check wc -c against bootstrapMaxChars. File exceeds 80% → compress immediately.
External deployments get the SAME quality gate (2026-03-20)
OmniGraph deployed externally, logged to MEMORY.md without verification. 4 issues found later. Rule: Any capability entering the system gets full Component Integration Protocol — routed to specialist, not rubber-stamped.
Claude Code blocks root SSH (2026-03-20)
v2.1.78+ permanently blocks --dangerously-skip-permissions on SSH with root/sudo. Fix: Dedicated non-root user with passwordless sudo + symlink .claude. User change cascades across 6 downstream configs.
Operational Learnings
File ownership after external edits (2026-02-19, updated 2026-03-20)
External edits can change file ownership. OpenClaw runs as openclaw user → EACCES errors. Rule: Always chown -R openclaw:openclaw on workspace after external modifications.
Secret sanitization must scan ALL files (2026-02-20)
Initial backup sanitizer only checked primary targets. Secrets survived in other files. Rule: Scan the FULL output.
Pre-commit gates must be tested with known-bad input (2026-02-20)
A gate that’s never been tested with a positive match is not a gate.
Excalidraw: separate JSON authoring from MCP execution (2026-03-17)
Subagents timed out 3 times trying to generate diagrams. Opus spends entire timeout computing JSON in thinking block. Fix: NOVA builds elements JSON, spawns zero-thinking subagent that only runs mcporter call. Result: 43s vs 5-8 min timeouts.
Reference Learnings
Persona elements evaluated and passed (2026-02-26)
Three elements excluded: em dash ban (no conflict), “becoming someone” philosophy (too abstract), Matt-specific roast culture (wrong audience).
Model strategy evolution (2026-02-20 → 2026-03-16)
Initially 3-tier (40-50% savings). Superseded: all agents Opus 4.6 for max intelligence. Kimi retained for heartbeats only.
X-Pulse proxy requirement for India (2026-02-20)
xAI API geo-blocked in India. Routes through xai-proxy.arjtech.in. X-Proxy-Secret auth header required.
Related
- nova-error-playbook-consolidated
- nova-decision-log-consolidated
- upgrade-history-full
- nova-dna-reference-context-chain-full-handoff-tables
- mcp-upgrade-version-string-sweep-must-cover-entire-source-tr
- traefik-docker-provider-drops-containers
- credit-optimization-recurring-ai-model-usage
- oauth-setup-token-unified-rotation
- core-platform-upgrade-cycle-apr-2026
- vault-mcp-log-requires-directory-ownership
- hook-script-executable-permission-silent-failure
- permanent-mcp-servers-must-be-verified-live-not-from-docs
- phantom-hook-reference-detection-via-live-audit
- openclaw-skill-sync-path-and-verification-pattern
- openclaw-skill-sync-path
- duplicate-crontab-root-vs-claude-user
- post-infra-modification-verification-checklist
- stop-hook-forces-pristine-sweep-before-exit
- caveman-compression-rejected-conflicts-with-law2
- compounding-intelligence-intake-protocol
- session-learnings-reference-tier-is-prime-pruning-candidate
- proactive-self-maintenance-on-file-touch-not-as-separate-tas
- session-learnings-reference-classification-tier-eliminated
- ui-ux-pro-max-skill-selective-integration-exclusions
- skill-table-row-count-vs-header-declaration-drift
- cli-capability-enablement-auth-free-tools-phase-skipping
- case-soql-field-paths-for-crm-count-queries
- memory-md-infra-claims-can-drift-from-actual-state
- car-park-amount-excluded-from-av-by-architecture
- salesforce-skill-zero-bugs-claim-was-false-audit-before-trus
- setup-curator-skill-triad-vs-passive-skill-only-approach
- openclaw-gateway-websocket-disabled-by-default
- project-lighthouse-spec-location-and-scope
- openclaw-gateway-cors-restricted-to-single-origin
- ast-grep-npm-install-overwrites-system-sg-newgrp-symlink
- npm-force-install-can-overwrite-system-binaries
- npm-install—g---force-clobbers-system-symlinks-eg-ast-greps
- openclaw-patch-scripts-must-use-content-grep-not-glob
- openclaw-v45-removes-legacy-config-aliases-breaking-change
- delivery-scope-vps-files-not-deployed-system
- prose-pointer-lint-must-check-skills-root-docs-not-just-skil
- trpc-protected-procedure-is-not-authorization
- cron-tz-shared-crontab-risk
- aggressive-multi-pattern-sed—i-xd-yd-zd-scrub-on-scriptconf
- expanded-agents-architect-skill-from-v10-594-lines-16-sectio