Palace · Imported Insights · decision matrix · seven-step runbook · GUI acceptance
Teams already running OpenClaw reliably will feel v2026.4.x memory become more inspectable: Memory Palace shows why chunks were retrieved, and Imported Insights folds external corpora into search—so cost moves from guessing the model to data governance, index size, and Gateway observability. This article gives boundaries against SOUL/MEMORY on disk, a symptom matrix for bloat-like issues, a seven-step runbook from doctor to published runbook, four paste-ready conclusions for tickets, and a checklist you should run in a graphical session (not equivalent to SSH alone). Cross-read SOUL / MEMORY / IDENTITY on a remote Mac, no-reply triage, and v2026.4.5 upgrade and doctor checklist so visible memory stays tied to your change process.
Draw the lines before you tune parameters—otherwise you edit a Palace block, delete a paragraph in MEMORY.md, and re-import the same fact via CSV, then wonder why Gateway logs cannot explain left–right swings. Treat the five items below as a release gate; open them in the same review packet as SecretRef audit.
Memory Palace: answers why these chunks were recalled for this turn and whether they collide with the topic. It is a runtime mirror, not a substitute for durable facts in MEMORY.md; the two must stay diffable. If Palace still shows deleted content, suspect stale indexes, duplicate workspace paths, or an old tree.
Imported Insights: turns exports and ticket snippets into searchable insight. Risk sits in volume, deduplication, and sensitive fields—importing unredacted transcripts moves names and token fragments into the default retrieval path where prompts cannot reliably mask them.
SOUL / MEMORY files: remain the on-disk source of truth for persona and long-lived facts. When Palace and files diverge for a long time, do not blame the model first—prove whether one side is an intentional gray release or a broken path/index.
SecretRef and audit: secrets follow openclaw secrets plan/apply/audit; if Palace shows key-like material, rotate before deleting blocks so you do not pass an audit with UI-only edits.
Compliance and retention: inspectable usually means demonstrable—document who may import, into which workspace, and log retention. On leased nodes, avoid keeping the only copy of sensitive exports in Downloads without a vault.
The site guide on SOUL, MEMORY, and IDENTITY covers load order and editing discipline on disk; this piece covers how runtime subsystems align with those files after imports. Read both when one change request spans “edit files” and “read Palace.”
The table uses language you can forward: symptom → first suspicion → next check → common misread, so the room does not jump to the largest model or rewrite persona before data.
| Symptom | Inspect first | Then | Common misread |
|---|---|---|---|
| Higher time-to-first-token and overall latency | Too many retrieval candidates, oversized chunks, rerank cost | Upstream Gateway timeouts, queuing, region network | Immediately upgrading to the largest model |
| Stale facts versus files | MEMORY out of sync with the Palace index | Mixed workspace paths, old index directories | Only rewriting the system prompt |
| Contradictions in one thread | Conflicting recalled blocks, Insights versus SOUL boundaries | Tool outputs that refreshed live data | Blaming “model quality” |
| Console memory-related errors | Skipped openclaw doctor after upgrade, partial migration | Disk full blocking index writes | Restart loops without reading logs |
Operationally, keep a fixed probe pair: two prompts close to production length, run before import, after a trial import, and after full import; record time to first byte, end-to-end time, and recall count or candidate size. If counts rise roughly linearly while first-byte stays flat, the bottleneck is usually retrieval and rerank; if both drift together, fold upstream model and network into the same ticket instead of stacking two separate stories.
Measure volume and hits before swapping models; align MEMORY and Palace before rewriting persona.
Execute in order: early steps pin the environment fingerprint; middle steps bound import and retrieval volume; final steps write secrets and process into documents. If channels go silent, heartbeat looks wrong, or nothing arrives while you are on step one, open no-reply triage in parallel so you do not mis-label a gateway issue as memory bloat.
Version and config root: run openclaw --version and openclaw doctor; capture config root and workspace; paste doctor lines that mention memory, index, or workspace into the ticket for rollback comparisons.
Import template and redaction: maintain allowed/forbidden field lists; split giant transcripts by topic; dedupe exports with hashes or paragraph fingerprints so the same insight is not stored many times.
Pilot import: load about 5–10% of the target volume first; watch Palace counts, disk, and Gateway timings; record batch id and window for rollback or baseline comparison.
Recall stability: run two fixed probe prompts twice each; if hits jitter, check index paths, rebuild completion, and cross-workspace bleed.
Gateway observability: compare three snapshots (before import, trial, full) for first-byte, total tokens, and candidate size; when delay tracks candidates linearly, tighten imports or top‑k before adding hardware.
Secrets audit: run openclaw secrets audit against your SecretRef inventory; log audit deltas on the change record instead of verbal promises.
Runbook and retention: name approvers, retention, encrypted exports, who may rebuild indexes and how to roll back; align with legal on who may view Palace and how long logs live.
{
"baseline_probe": { "prompt_id": "A", "runs": 2 },
"metrics": ["ttfb_ms", "total_ms", "recall_hits", "total_tokens"],
"compare_at": ["before_import", "trial_import", "full_import"]
}
Note: keys are illustrative; what matters is the same probe, same channel, three timestamps so reviews can answer where slowdown began.
Written to drop into platform support or internal SRE threads; replace numeric ranges with histograms from your environment.
Warning: do not file “model too weak” as root cause without attaching the three-snapshot baseline; reviewers will send the ticket back.
SSH and GUI sessions are not equivalent for Keychain, browser certificates, screen recording, and Accessibility; Palace, the browser Network tab, and system privacy belong in the same interactive user as Gateway. Three-column table so other locales can swap copy while keeping structure.
| Check | What to do | Pass criteria |
|---|---|---|
| Gateway and network | Open the local Gateway URL; filter Network for memory or recall routes. | No 401/429 storm; failures map to path or auth. |
| Privacy and permissions | System Settings → Privacy & Security for capture and automation binaries. | Paths match binaries; dependent processes restarted after changes. |
| Locale and time | Align menu-bar time, Palace locale, and log time zone. | Ticket timestamps match logs; cross-region notes use UTC. |
| Memory and disk | Activity Monitor for memory pressure; check free disk. | Large imports without swap spikes; disk above your safety threshold. |
| Multi-tenant isolation | Confirm working directories and index paths do not cross teammates. | No foreign namespaces in Palace; rebuilds require approval. |
On shared rental nodes, documenting who may trigger an index rebuild in the runbook beats guessing in Palace after the fact.
Public blog pages you can open beside sections 3–4; when porting to another locale, keep the divider label, heading, and card grid—swap URLs and blurbs only.
On-disk roles, load order, and remote Mac editing checklist.
Read →plan / apply / audit discipline when Palace shows key-like material.
Read →Route non-memory failures first, then return to this matrix.
Read →More often retrieval and context volume. Check Gateway for first-byte time and recall counts before changing models; pair with section 2 and step 5 in section 3.
Verify a single workspace path, rebuild indexes, and look for duplicate configs. Palace must stay diffable against disk; see section 1 and the file-layer guide.
It can mask one incident, but the durable fix is redaction and SecretRef; a rebuild will re-expose dirty imports.
Not by definition. If Skills return newer facts than static imports, write source precedence in MEMORY and verify recall order in Palace.
Inspectable memory moves cost from prompt mysticism to data governance and Gateway observability: you can see recall in Palace, yet you still own import batches, indexes, and audits. If you only ever use SSH and never open devtools or system privacy in the same interactive user as Gateway, the hidden cost is often Keychain, certificates, and permission sheets drifting away from logs, and tickets fork repeatedly.
Owning a physical Mac means sleep policy, update windows, power, and depreciation; undersized laptops choke on rebuilds and large imports. A remote Mac with a reviewable GUI session pushes uptime and base images to the provider while you keep memory policy and secrets—usually with a more predictable mean time to recover.
If you want less capital tied up in hardware but still need the same acceptance path as section 5 on Gateway and Palace, use VNCMac to rent a cloud Mac: the primary button below goes to the purchase page; compare plans on the home page before you buy.