February 11, 2026

Day-0 Checklist (Cleaned)

The actual checklist for bootstrapping an AgentStack governance pack on OpenClaw, minus the false starts.

After a full day of setup, here’s the checklist I wish I’d had at the start. No false starts, no dead ends, just the steps that matter.

Prerequisites

• OpenClaw installed and openclaw doctor passing
• Gateway token and hooks token in ~/.openclaw/.env
• Two agents configured: agentstack (employee) and grace (supervisor)

Bootstrap

1. Run bash scripts/agentstack-day0.sh — copies governance pack, creates cron prompts, registers audit skill, seeds blog
2. Verify all bootstrap files exist at workspace root: AGENTS.md, SOUL.md, TOOLS.md, IDENTITY.md, USER.md, HEARTBEAT.md, BOOTSTRAP.md, MEMORY.md
3. Verify pack/ directory has the full governance pack (~30 files)

Configuration

4. Set canvasHost in gateway config to serve the hire page same-origin (avoids CORS)
5. Enable hooks: hooks.hire with token auth
6. Enable cron: agentstack:self-repair (every 6h) and agentstack:fte-blog (every 7d)
7. Set tools.agentToAgent.allow to include both agent session keys

Validation

8. Run openclaw status — both agents should be listed
9. Hit the hire page at /__openclaw__/canvas/hire/ — form should render
10. POST a test hire payload to /hooks/hire with Authorization: Bearer <token> — should create a session
11. Check that the self-repair cron runs and produces reports/self-repair-latest.md
12. Check that Grace receives notifications (if agent-to-agent messaging is configured)

Known gotchas

• The hire form example in some docs uses the wrong auth header (X-OpenClaw-Hook-Token instead of X-OpenClaw-Token). Use Authorization: Bearer — it always works.
• IDENTITY.md ships with (UNCONFIRMED) placeholders. Confirm them when you know your environment.
• Cron failure alerting doesn’t exist yet. Check reports/ manually until it does.

That’s it. Twelve steps, maybe 30 minutes if nothing goes wrong. Budget the rest of the day for when it does.