Task Brain should mirror runnable truth. When parents vanish while children still call tools or write disk, you get orphan workers and credential bleed. This agent orchestration tutorial keeps parent-child tracing, profile isolation, and cancel order explicit for OpenClaw on a remote Mac.

Read it beside CrewAI routing, Instructor JSON Schema, LangGraph tools, and IDE bridge health so listings, gateway ports, and token files stay aligned.

Pain points

  1. Lost lineage: root flow canceled while child HTTP retries continue without parent_task_id.
  2. Shared homes: two repos reuse ~/.openclaw and read rotated agent identity JSON out of order.
  3. Operator drift: nobody saves JSON exports, so incidents rely on screenshots instead of grep.

Decision matrix

Topic Flat list Parent-child tracing Remote Mac note
Inventory Quick scan hides depth child rows carry parent_task_id plus correlation id SSH shells multiply; log ids do not belong only in the UI
Cancel root kill leaves orphans leaves first then parents; confirm with pgrep same OS user for launchd and manual tests avoids skew
Identity single global dir profile subtree per project mode 0700 dedicated hosts keep absolute paths stable after reboot
Artifacts logs mixed with secrets scratch separate from config tokens large caches on fast disk under scratch only

Initialization

On the remote Mac export OPENCLAW_PROFILE per repo slug and set OPENCLAW_HOME to ~/openclaw-profiles/<slug> so Task Brain indexes never collide. Create config, scratch, logs, run openclaw doctor --json, and record the profile beside CI secrets. Co-locate loopback gateway binds with the LiteLLM routing pattern so doctor output, health curls, and task exports share one host port story.

When teammates SSH in parallel, pin the profile in their shell rc snippet or tmux server options so an accidental cd into another repo cannot inherit the wrong exports mid-session and break tracing.

Flows operations: command placeholders

Verb names shift across builds; keep intent. Swap flags for your package; never paste tokens into git.

openclaw flows tasks list --profile "${OPENCLAW_PROFILE}" --format json > ~/openclaw-scratch/tasks.json
openclaw flows tasks tree --parent TASK_PARENT_ID --profile "${OPENCLAW_PROFILE}"
openclaw flows events tail --profile "${OPENCLAW_PROFILE}" --limit 20 > ~/openclaw-scratch/events.txt

Always run list, tree, and tail before cancel; date your scratch files for audits.

Directory isolation

Store dashboard tokens under ${OPENCLAW_HOME}/config/*.token at mode 0600. Keep agent identity JSON and allowlists beside them; write bulky stdout only under scratch. Avoid symlinks from repos into a shared home—point .openclaw-local at the profile instead. Match the config versus cache split shown in Haystack and vLLM routing so gateways read secrets while retriever caches stay disposable.

Failure cancellation

Cancel child tasks that own sockets or shells, wait for terminal status, then cancel parents. Compare pgrep -fl openclaw to your saved tail export. Background curl jobs ignore parent SIGTERM unless you use process groups or pkill filters that include your correlation substring.

openclaw flows tasks cancel --task CHILD_ID --profile "${OPENCLAW_PROFILE}" --reason breaker-open
openclaw flows tasks cancel --task PARENT_ID --profile "${OPENCLAW_PROFILE}" --reason drained
openclaw flows tasks list --profile "${OPENCLAW_PROFILE}" --state running

Use idempotent cancel flags when upstream breakers flap and log each reason string for audits.

Incident checklist

  1. Export profile; openclaw doctor --json green.
  2. Snapshot tasks and events into scratch.
  3. Annotate parent-child pairs from tree output.
  4. Cancel leaves, verify processes, cancel parents.
  5. Re-list running tasks until empty or only benign daemons.
  6. Log correlation ids in the ops ticket footer.

Citable guardrails

  • One profile per project removes surprise token rotation on shared hosts.
  • Parent ids on every fan-out align Task Brain exports with gateway logs.
  • Scratch versus config keeps backups from hoovering secrets with logs.
  • Child-first cancel plus pgrep is the smallest orphan guard for mixed HTTP and shell work.

FAQ

Why do workers survive parent cancel? Detached jobs lose the tracked tty. Grep the correlation token and stop leftover PIDs after flows reports success.

How do I prove isolation? Show distinct OPENCLAW_HOME trees, modes, token labels, plus schema limits from tool call retries so payloads cannot escape scratch.

Automate cancel in CI? Only with the same exports as prod, vault-backed secrets, and a manual first run whenever flows verbs change.

Verbs differ on my build? Keep openclaw flows --help output in-repo; placeholders here track intent not semver.

No-login CTAs: Help Center, Tech Blog for more OpenClaw posts, pricing, purchase.

Summary: per-project profiles, placeholder flows commands, isolated identity dirs, child-first cancel with process checks, and JSON exports keep Task Brain trustworthy on long-lived remote Macs.