G-Gates Network Governance Hub

The G-Gates Network is the cascade-failure prevention layer for OpenClaw (CLAUDE.md §“MANDATORY: Cascade-Failure Gates (Amendment §A1, 2026-05-01)”). It defines 8 documented enforcement gates + 2 Postgres Chokepoint gates = 10 in CLAUDE.md, against a Phase 1.7 promise of 22. This hub is the single reference for all gate IDs, their triggers, violations, validator scripts, and pending gates. It also tracks the proposed G-SKILL-MUTATION-AUDIT gate (pending Henry ratification). Cross-links to all Wave 1 integration hubs as “systems governed.” Read this hub when: starting a plan, before any infra change, when auditing governance posture.

Quick reference

Field	Value
Gate ID	Network anchor — contains all G-* gates
CLAUDE.md section	§A1 “MANDATORY: Cascade-Failure Gates (Amendment §A1, 2026-05-01)” + §“MANDATORY: POSTGRES-CHOKEPOINT (Phase 1.4, 2026-05-02)“
Enforcement mode	manual (per gate; cron enforcement shipping Phase 2)
Validator script	/home/opsadmin/.openclaw/workspace/scripts/security-audit-funnel.js (G-SERVICE-PRE-START-DOC + G-KB-SYNC + webhook gates)
Discord alert	yes:#ops (security-audit-funnel.timer fires Mondays 06:00 LA; G-FAILED-SERVICE-MTTR daily cron)
Feedback rules	feedback_plan_index_required, feedback_memory_fold_protection, feedback_blocker_surfacing, feedback_no_plaintext_creds, feedback_service_pre_start_doc, feedback_kb_sync_with_claude_md, feedback_governance_log_freshness, feedback_failed_service_mttr, feedback_chokepoint_principle, feedback_dual_write_required
Incidents derived from	89% orphan-plan rate; 9870 wrong-inbox; 374-dup-SMS; Aurora SOUL overwrite attempt; TOOLS.md 15+ plaintext keys; 23 undocumented services; Binance/EU KB miss; CHANGELOG 72d stale; cost-monitor v3 tool_calls bypass
Violable by	Claude, agent, cron, external
Last known violation	2026-05-03: G-KB-SYNC-WITH-CLAUDEMD (moonshot/kimi KB _audit-only, not flagged as SOURCE MISSING before plan authoring)
Amendment	§A1 2026-05-01 (8 gates); §CHOKEPOINT Phase 1.4 2026-05-02 (+2)
Phase status	active (10 of 22 promised gates shipped; 12 pending Phase 1.7)
Last audit	2026-05-03

Components

• ~/CLAUDE.md §A1 — 8 cascade-failure gates (authoritative)
• ~/CLAUDE.md §“MANDATORY: POSTGRES-CHOKEPOINT (Phase 1.4, 2026-05-02)” — 3 Chokepoint rules, 2 additional gates (G-CHOKEPOINT, G-DUAL-WRITE)
• /home/opsadmin/.openclaw/workspace/scripts/security-audit-funnel.js — validator for webhook + infra gates
• /home/opsadmin/.openclaw/workspace/scripts/tool-calls-health-check.js — CHOKEPOINT-1 drift detector (5-min timer)
• /home/opsadmin/.openclaw/workspace/FUNNEL-REGISTRY.md — webhook endpoint registry (G-SERVICE-PRE-START-DOC)
• /home/opsadmin/.openclaw/workspace/ARCHITECTURE.md — service table (G-SERVICE-PRE-START-DOC)
• /home/opsadmin/.openclaw/workspace/CHANGELOG.md — freshness target (G-GOVERNANCE-LOG-FRESHNESS)
• /home/opsadmin/.openclaw/workspace/AUDIT-LOG.md — freshness target (G-GOVERNANCE-LOG-FRESHNESS)
• /home/opsadmin/.openclaw/workspace/WORKFLOW-PATTERNS.md — freshness target (G-GOVERNANCE-LOG-FRESHNESS)
• /home/opsadmin/.openclaw/workspace/SYSTEM-FRICTION-LOG.md — freshness target (G-GOVERNANCE-LOG-FRESHNESS)
• /home/opsadmin/.claude/plans/openclaw-fragmentation-fix-2026-05-01.md — master plan for all gates (§A1)

---

Documented gates (10 of 22 promised)

G-PLAN-INDEX-REQUIRED (Gate #1)

Attribute	Value
CLAUDE.md §A1 position	#1
Rule	When creating any file in ~/.claude/plans/, MUST same-session create matching project_*.md memory file in .claude/projects/-home-opsadmin/memory/ AND append one-line index entry to MEMORY.md or PLAN-INDEX.md
Stops	89% orphan-plan rate (68 of 77 plans as of 2026-05-01 audit — no project_*.md, not discoverable)
Enforcement mode	manual
Validator	n/a (Phase 4.5 PLAN-INDEX.md will enforce)
Discord alert	pending
Feedback rule	feedback_plan_index_required
Incident	Binance/EU plan lost — no project_*.md, fell off fold, invisible at session start
Last violation	2026-05-01: 68 orphan plans discovered
Phase status	active

G-MEMORY-FOLD-PROTECTION (Gate #2)

Attribute	Value
CLAUDE.md §A1 position	#2
Rule	MEMORY.md auto-loads only ~200 lines. Incident-derived feedback rules (tagged incident_derived: true in frontmatter) MUST live above line 150
Stops	Incident recurrence: 9870 wrong-inbox, 374-dup-SMS, Aurora SOUL overwrite were ALL preventable by rules-that-existed-but-were-invisible below fold
Enforcement mode	memory-load
Validator	n/a
Discord alert	pending
Feedback rule	feedback_memory_fold_protection
Incident	MEMORY.md three-file split (Phase D 2026-05-02) implemented to address fold problem
Last violation	2026-05-01: multiple incident-derived rules below line 150
Phase status	active

G-BLOCKER-SURFACING (Gate #3)

Attribute	Value
CLAUDE.md §A1 position	#3
Rule	Any plan with unresolved ## Open Blockers / ## Decision Gates / ## Open Questions MUST mirror into SESSION-AUDIT.md NEXT ACTIONS or OPEN ISSUES within the same session
Stops	47 hidden blockers across 32 plans silently dormant (cloudflare Q1-Q3 11 days, salesmsg-ctie Q6 5-min task gating Phases 3-9)
Enforcement mode	manual
Validator	n/a
Discord alert	pending
Feedback rule	feedback_blocker_surfacing
Incident	cloudflare Q1-Q3 open 11 days; salesmsg-ctie Q6 gating entire phase branch
Last violation	2026-05-01: 47-blocker audit
Phase status	active

Full detail: blockers-first

G-NO-PLAINTEXT-CREDS (Gate #4)

Attribute	Value
CLAUDE.md §A1 position	#4
Rule	No tracked or world-readable file in workspace/, ~/.claude/, or ~/.openclaw/ may contain plaintext credentials, tokens, secrets, or API keys. Use op://Aurora/<item>/<field> references only
Stops	TOOLS.md: 15+ plaintext production secrets in rw-rw-r— file for 24+ days
Enforcement mode	manual (credential-audit.sh runs pre-deploy)
Validator	/home/opsadmin/.openclaw/tools/credential-audit.sh
Discord alert	pending
Feedback rule	feedback_no_plaintext_creds
Incident	TOOLS.md exposure; salesmsg-gateway.service ANTHROPIC_API_KEY hardcoded in /etc/systemd/
Last violation	2026-05-03 (audit found stale openrouter key reference)
Phase status	active

Grep patterns for violation detection: xoxb-, xapp-, eyJ, sk-[A-Za-z0-9]{20,}, Bearer [A-Za-z0-9], raw passwords.

G-SERVICE-PRE-START-DOC (Gate #5)

Attribute	Value
CLAUDE.md §A1 position	#5
Rule	A new systemd unit, PM2 process, or port-binding process MUST be added to CLAUDE.md port map AND workspace/ARCHITECTURE.md service table BEFORE first systemctl start
Stops	23 undocumented live services; agents killing each other’s ports; undebuggable failures
Enforcement mode	manual
Validator	/home/opsadmin/.openclaw/workspace/scripts/security-audit-funnel.js --dry-run
Discord alert	yes:#ops (security-audit-funnel.timer Mondays 06:00 LA)
Feedback rule	feedback_service_pre_start_doc
Incident	23 undocumented services found in 2026-05-01 audit; cost-monitor Type=simple bug silent
Last violation	2026-05-01: 23 undocumented live services discovered
Phase status	active (Phase 1.5 port-registry.md will formalize)

G-KB-SYNC-WITH-CLAUDEMD (Gate #6)

Attribute	Value
CLAUDE.md §A1 position	#6
Rule	Any new workspace/knowledge-base/<dir>/ directory requires same-change update to the “Platforms with KB docs” line in CLAUDE.md
Stops	51% of KB docs invisible to Sources First protocol (Binance/EU miss is the modal case)
Enforcement mode	manual
Validator	n/a
Discord alert	pending
Feedback rule	feedback_kb_sync_with_claude_md
Incident	Binance/EU plan: KB dirs existed but not listed in CLAUDE.md → SOURCE MISSING not emitted
Last violation	2026-05-03: moonshot/kimi KB _audit-only, not flagged as SOURCE MISSING before plan authoring
Phase status	active

Current count: 138 dirs listed in CLAUDE.md (original 34 + 35 + 27 + 56 + 7 voice = 159… NOTE: recount needed — CLAUDE.md text says “138 tracked” but enumeration may exceed that; see sources-first KB platform list).

G-GOVERNANCE-LOG-FRESHNESS (Gate #7)

Attribute	Value
CLAUDE.md §A1 position	#7
Rule	WORKFLOW-PATTERNS.md, SYSTEM-FRICTION-LOG.md, CHANGELOG.md, and AUDIT-LOG.md must each be touched within 14 days
Stops	CHANGELOG 72d stale and WORKFLOW-PATTERNS 44d stale (as of 2026-05-01) — unenforceable governance loop
Enforcement mode	cron (weekly-index-audit.timer, Phase 2 — not yet shipped)
Validator	n/a (Phase 2)
Discord alert	yes:#ops (when shipped — weekly-index-audit.timer will Discord-alert)
Feedback rule	feedback_governance_log_freshness
Incident	CHANGELOG 72d stale discovered 2026-05-01 audit
Last violation	2026-05-01: CHANGELOG 72d, WORKFLOW-PATTERNS 44d stale
Phase status	active (cron not yet shipped — Phase 2 of fragmentation-fix)

G-FAILED-SERVICE-MTTR (Gate #8)

Attribute	Value
CLAUDE.md §A1 position	#8
Rule	Any service in failed state for >24h must be (a) fixed, (b) explicitly disabled, or (c) archived. Daily cron Discord-alerts if >24h
Stops	Silent-failed services masking live data outages (cost-monitor Type=simple bug; discord-thread-auto-add token undefined)
Enforcement mode	cron (daily cron — not yet shipped; daily systemctl --user list-units --state=failed check)
Validator	systemctl --user list-units --state=failed
Discord alert	yes:#ops (when cron ships)
Feedback rule	feedback_failed_service_mttr
Incident	cost-monitor system-level Type=simple bug; discord-thread-auto-add token undefined
Last violation	2026-05-03: investorlift-cookie-refresh.service failed (AWS Mac impaired); perplexity-daily-summary.service failed 16:00 UTC
Phase status	active (cron not yet shipped — Phase 2 of fragmentation-fix)

---

Chokepoint gates (CLAUDE.md §Phase 1.4, 2026-05-02)

G-CHOKEPOINT (Chokepoint-1)

Attribute	Value
CLAUDE.md section	§“MANDATORY: POSTGRES-CHOKEPOINT” CHOKEPOINT-1
Rule	Every LLM call writes a tool_calls row before returning. Fallback: /tmp/openclaw/tool-calls-fallback.jsonl. Drain within 1h
Stops	cost-monitor v3 broke because LLM calls bypassed tool_calls writes — silent cost blindspot
Enforcement mode	cron (tool-calls-health-check.timer every 5 min; compares Portkey call count vs tool_calls insert count; >10% delta = alert)
Validator	/home/opsadmin/.openclaw/workspace/scripts/tool-calls-health-check.js
Discord alert	yes:#ops (>10% delta)
Feedback rule	feedback_chokepoint_principle
Incident	cost-monitor v3 tool_calls bypass; 2026-05-02 discovery
Last violation	2026-05-02: cost-monitor v3 tool_calls bypass discovered
Phase status	active

Required JSONB keys in parameters: at minimum tier and model. Nullable fields: cost_usd, tokens_in, tokens_out, cache_read_tokens, cache_write_tokens (NULL = plan-tier flat-rate; >0 = API-tier paid).

G-DUAL-WRITE (Chokepoint-2)

Attribute	Value
CLAUDE.md section	§“MANDATORY: POSTGRES-CHOKEPOINT” CHOKEPOINT-2
Rule	Config changes write infra_config_changes BEFORE going live. Applies to: Portkey config, Langfuse, model routing, CCR provider list, agent routes, MCP registry, port registry, skills registry, system prompts, service configs
Stops	Untracked config changes creating invisible drift
Enforcement mode	manual
Validator	n/a
Discord alert	pending
Feedback rule	feedback_dual_write_required
Incident	Portkey config changes applied without infra_config_changes row
Last violation	unknown
Phase status	active

---

Pending gates (Phase 1.7 — 12 of 22 not yet shipped)

CLAUDE.md §A1 status note (2026-05-03): “Phase 1.7 of openclaw-fragmentation-fix-2026-05-01.md promised to ship 22 gates as feedback_*.md files. Currently 10 in CLAUDE.md. Pending: ship remaining 12 as enforced gates OR formally retire from the 22 target.”

Gate ID (proposed)	Description	Status
G-DRIFT-LIVE	Cron health check for tool-calls drift (Portkey vs Supabase count)	Partially shipped via tool-calls-health-check.timer
G-CHOKEPOINT-CRON-HEALTH	Monitor cron timer last-fire dates; alert if missed >1 cycle	planned
G-CONFIG-CHANGES	Enforce infra_config_changes row for ALL config mutations (extends G-DUAL-WRITE)	planned
G-SCHEMA-MIGRATION	Schema changes only via workspace/migrations/ SQL files (CHOKEPOINT-3)	active (CHOKEPOINT-3)
G-AGENT-SOUL-PROTECTION	Altering any agent SOUL.md requires explicit Henry approval + skill-vs-SOUL analysis	planned (documented in CLAUDE.md §“MANDATORY: Agent Identity First”)
G-PLAN-AMENDMENT-ADDITIVE	Plan amendments are additive-only (Δ pattern); no retroactive rewrites	planned
G-FUNNEL-REGISTRY-AUDIT	Weekly security-audit-funnel.timer check for unregistered routes, sig failures	partially active (timer shipped; cron health pending)
G-MEMORY-AUDIT	Fleet-wide memory DB health check (vec0 + FTS5 schema, dead_letters drain)	planned
G-COST-OVERRUN-ALERT	Alert if daily LLM cost exceeds threshold; block if weekly threshold exceeded	planned
G-SESSION-BRIDGE-REQUIRED	Session must write bridge file before Stop hook fires	partially active (Stop hook fires; enforcement is advisory)
G-VAULT-SYNC-FRESHNESS	openclaw-vault-sync.timer last-push must be <30 min; alert if missed	planned
G-DUAL-CHANNEL-DEDUP	Dedup all outbound SMS/calls across both SalesMsg + OpenPhone channels	planned

---

G-SKILL-MUTATION-AUDIT (proposed — pending Henry ratification)

Proposal source: OSIL audit (2026-05-03). Wave 2 Dispatch Spec §“governance/g-gates-network” mandatory insert.

Proposed rule: Any modification to a skill’s SKILL.md, TOOLS.md, trigger conditions in CLAUDE.md §“Tool Trigger Conditions”, or skill registry entry requires: (1) diff of change, (2) impact assessment on agents that invoke the skill, (3) Henry explicit approval if skill is P0-level.

Why: Skills are increasingly being used for high-stakes operations (acquisitions-outreach, dispo-blast, hubspot-deal-ingest). A misconfigured skill trigger can fire on wrong conditions and cause unauthorized outreach or deal creation. No current gate prevents silent skill mutations from shipping.

Precedent: feedback_agent_identity_first was created after Aurora SOUL overwrite attempt. Skills are now SOUL-adjacent for P0 skills.

Status: PLANNED — pending Henry ratification. Not yet in CLAUDE.md.

Open issues

• G-SKILL-MUTATION-AUDIT not yet ratified — forward-reference only. Raise with Henry at next session.
• 12 of 22 Phase 1.7 gates not yet shipped; see openclaw-fragmentation-fix-2026-05-01.md Phase 1.7
• security-audit-funnel.timer last fire: 2026-04-27 — missed multiple Mondays. G-FAILED-SERVICE-MTTR candidate. Run manually: node workspace/scripts/security-audit-funnel.js --dry-run
• G-GOVERNANCE-LOG-FRESHNESS: weekly-index-audit.timer NOT YET SHIPPED (Phase 2 of fragmentation-fix)
• G-FAILED-SERVICE-MTTR daily cron: NOT YET SHIPPED (Phase 2)
• G-DRIFT-LIVE: tool-calls-health-check.timer is a 5-min cron — confirm it’s actually running: systemctl --user status tool-calls-health-check.timer

Systems governed by G-Gates

G-gates govern all Wave 1 + Wave 2 integration hubs. Specific cross-links:

Wave 1 integrations

• 1password — G-NO-PLAINTEXT-CREDS (issuer), G-SERVICE-PRE-START-DOC
• salesmsg — G-NO-PLAINTEXT-CREDS (ANTHROPIC_API_KEY plaintext P0), G-KB-SYNC-WITH-CLAUDEMD
• twilio — G-KB-SYNC-WITH-CLAUDEMD, G-SERVICE-PRE-START-DOC (:18797)
• openphone-quo — G-KB-SYNC-WITH-CLAUDEMD, G-SERVICE-PRE-START-DOC (:18792)
• hubspot — G-KB-SYNC-WITH-CLAUDEMD, G-DUAL-WRITE (dual pipeline)
• investorlift — G-KB-SYNC-WITH-CLAUDEMD
• supabase — G-CHOKEPOINT (tool_calls + infra_config_changes tables), G-DUAL-WRITE
• portkey — G-CHOKEPOINT (all LLM calls route through), G-DUAL-WRITE (model routing changes)
• anthropic — G-CHOKEPOINT, G-KB-SYNC-WITH-CLAUDEMD
• discord — G-GOVERNANCE-LOG-FRESHNESS (alert channel), G-FAILED-SERVICE-MTTR
• github — G-PLAN-INDEX-REQUIRED (vault sync)
• cloudflare — G-SERVICE-PRE-START-DOC (Tunnel), G-KB-SYNC-WITH-CLAUDEMD
• hetzner — G-SERVICE-PRE-START-DOC (VPS services)
• aws — G-SERVICE-PRE-START-DOC (Mac Ultra LaunchDaemons)
• slack — G-GOVERNANCE-LOG-FRESHNESS (backup alert channel)

Wave 1 processes

• compliance-gates — G-BLOCKER-SURFACING (10DLC blockers), G-KB-SYNC-WITH-CLAUDEMD
• cost-tracking — G-CHOKEPOINT (tool_calls table enforced here)
• deal-ingestion — G-DUAL-WRITE (HubSpot dual pipeline writes)
• acquisitions-lifecycle — G-BLOCKER-SURFACING (B1-B16 OSIL blockers)
• dispo-lifecycle — G-DUAL-WRITE (dispo deal writes)
• outreach-stage1 — G-BLOCKER-SURFACING (outreach gates)
• followup-stages-2-3-4 — G-BLOCKER-SURFACING (follow-up blockers)
• buyer-blast — G-BLOCKER-SURFACING (blast pre-auth)

Cross-links

Agents that touch this

• _summary — highest-stakes; all 10 gates apply
• _summary — G-BLOCKER-SURFACING (B-series blockers)
• _summary — G-CHOKEPOINT (LLM calls), G-DUAL-WRITE (Supabase)
• _summary — G-BLOCKER-SURFACING, G-DUAL-WRITE
• _summary — G-SCHEMA-MIGRATION (planned gate)

Skills that invoke this

• acquisitions-outreach — G-BLOCKER-SURFACING (5 pre-send gates)
• dispo-blast — G-BLOCKER-SURFACING (pre-blast history checks)
• hubspot-deal-ingest — G-DUAL-WRITE (dual pipeline)
• il-marketplace-pull — G-KB-SYNC-WITH-CLAUDEMD (IL API fields)

Plans that govern this

• openclaw-fragmentation-fix-2026-05-01 — §A1 master plan; Phase 1.7 ships remaining 12 gates
• openclaw-self-improvement-layer-2026-05-03 — OSIL proposes G-SKILL-MUTATION-AUDIT
• nemoclaw-audit-2026-05-03 — B1 (cred-proxy) directly addresses G-NO-PLAINTEXT-CREDS

Feedback rules

• feedback_plan_index_required — G-PLAN-INDEX-REQUIRED
• feedback_memory_fold_protection — G-MEMORY-FOLD-PROTECTION
• feedback_blocker_surfacing — G-BLOCKER-SURFACING
• feedback_no_plaintext_creds — G-NO-PLAINTEXT-CREDS
• feedback_service_pre_start_doc — G-SERVICE-PRE-START-DOC
• feedback_kb_sync_with_claude_md — G-KB-SYNC-WITH-CLAUDEMD
• feedback_governance_log_freshness — G-GOVERNANCE-LOG-FRESHNESS
• feedback_failed_service_mttr — G-FAILED-SERVICE-MTTR
• feedback_chokepoint_principle — G-CHOKEPOINT
• feedback_dual_write_required — G-DUAL-WRITE

KB / source docs

• WEBHOOK-IP-RANGES — WAF allowlist for G-SERVICE-PRE-START-DOC
• README — system governance conventions
• README — Supabase table schemas for G-CHOKEPOINT

System maps

• governance-gates-network — visual map of gate network topology
• request-lifecycle — which gates fire at each request stage
• incident-response-flow — incident → gate → rule creation flow

Related cluster

Governance enforcement cluster (this hub is the anchor):

• sources-first — Sources First protocol
• blockers-first — Blockers First protocol
• action-gate — Action Gate protocol
• plan-governance — Plan governance protocol
• compliance-gates — Process-level compliance gates
• cost-tracking — G-CHOKEPOINT enforcement target
• memory-rule-clusters — (W2-S2, forward-ref) memory rule organization
• decision-log — (W2-S2, forward-ref) session decision log

Feedback rule inventory

Rule	Gate	Cluster	Enforcement	Last fire
feedback_plan_index_required	G-PLAN-INDEX-REQUIRED	governance	manual	2026-05-01 (89% orphan)
feedback_memory_fold_protection	G-MEMORY-FOLD-PROTECTION	governance	memory-load	2026-05-01
feedback_blocker_surfacing	G-BLOCKER-SURFACING	governance	manual	2026-05-01 (47 hidden)
feedback_no_plaintext_creds	G-NO-PLAINTEXT-CREDS	security	manual	2026-05-03
feedback_service_pre_start_doc	G-SERVICE-PRE-START-DOC	infra	manual	2026-05-01 (23 undoc)
feedback_kb_sync_with_claude_md	G-KB-SYNC-WITH-CLAUDEMD	governance	manual	2026-05-03
feedback_governance_log_freshness	G-GOVERNANCE-LOG-FRESHNESS	governance	cron (pending)	2026-05-01 (72d stale)
feedback_failed_service_mttr	G-FAILED-SERVICE-MTTR	infra	cron (pending)	2026-05-03 (cookie-refresh)
feedback_chokepoint_principle	G-CHOKEPOINT	data	cron (5 min)	2026-05-02 (v3 bypass)
feedback_dual_write_required	G-DUAL-WRITE	data	manual	unknown

Recent activity

• 2026-05-03: hub created (W2-S1); G-SKILL-MUTATION-AUDIT proposed (pending Henry)
• 2026-05-02: G-CHOKEPOINT + G-DUAL-WRITE added (CHOKEPOINT Phase 1.4)
• 2026-05-01: §A1 amendment added 8 gates to CLAUDE.md
• 2026-04-16: Aurora SOUL overwrite attempt caught — drove G-AGENT-SOUL-PROTECTION proposal