diff --git a/docs/auth-credential-semantics.md b/docs/auth-credential-semantics.md index 91bef4b9b54..7d43ce9cd6c 100644 --- a/docs/auth-credential-semantics.md +++ b/docs/auth-credential-semantics.md @@ -15,7 +15,7 @@ This document defines the canonical credential eligibility and resolution semant The goal is to keep selection-time and runtime behavior aligned. -## Stable Probe Reason Codes +## Stable probe reason codes - `ok` - `excluded_by_auth_order` @@ -25,7 +25,7 @@ The goal is to keep selection-time and runtime behavior aligned. - `unresolved_ref` - `no_model` -## Token Credentials +## Token credentials Token credentials (`type: "token"`) support inline `token` and/or `tokenRef`. @@ -44,7 +44,7 @@ Token credentials (`type: "token"`) support inline `token` and/or `tokenRef`. 2. For eligible profiles, token material may be resolved from inline value or `tokenRef`. 3. Unresolvable refs produce `unresolved_ref` in `models status --probe` output. -## Explicit Auth Order Filtering +## Explicit auth order filtering - When `auth.order.` or the auth-store order override is set for a provider, `models status --probe` only probes profile ids that remain in the @@ -54,7 +54,7 @@ Token credentials (`type: "token"`) support inline `token` and/or `tokenRef`. `reasonCode: excluded_by_auth_order` and the detail `Excluded by auth.order for this provider.` -## Probe Target Resolution +## Probe target resolution - Probe targets can come from auth profiles, environment credentials, or `models.json`. diff --git a/docs/channels/msteams.md b/docs/channels/msteams.md index b5e89b8f5a3..9aeef04af40 100644 --- a/docs/channels/msteams.md +++ b/docs/channels/msteams.md @@ -283,7 +283,7 @@ The Teams channel starts automatically when the plugin is available and `msteams -## Federated Authentication (Certificate + Managed Identity) +## Federated authentication (certificate plus managed identity) > Added in 2026.3.24 @@ -425,7 +425,7 @@ For AKS deployments using workload identity: **Default behavior:** When `authType` is not set, OpenClaw defaults to client secret authentication. Existing configurations continue to work without changes. -## Local Development (Tunneling) +## Local development (tunneling) Teams can't reach `localhost`. Use a persistent dev tunnel so your URL stays the same across sessions: @@ -495,7 +495,7 @@ The action is gated by `channels.msteams.actions.memberInfo` (default: enabled w - In other words, allowlists gate who can trigger the agent; only specific supplemental context paths are filtered today. - DM history can be limited with `channels.msteams.dmHistoryLimit` (user turns). Per-user overrides: `channels.msteams.dms[""].historyLimit`. -## Current Teams RSC Permissions (Manifest) +## Current Teams RSC permissions (manifest) These are the **existing resourceSpecific permissions** in our Teams app manifest. They only apply inside the team/chat where the app is installed. @@ -519,7 +519,7 @@ To add RSC permissions via the Teams CLI: teams app rsc add ChannelMessage.Read.Group --type Application ``` -## Example Teams Manifest (redacted) +## Example Teams manifest (redacted) Minimal, valid example with the required fields. Replace IDs and URLs. @@ -651,7 +651,7 @@ If you need images/files in **channels** or want to fetch **message history**, y **Additional permission for user mentions:** User @mentions work out of the box for users in the conversation. However, if you want to dynamically search and mention users who are **not in the current conversation**, add `User.Read.All` (Application) permission and grant admin consent. -## Known Limitations +## Known limitations ### Webhook timeouts @@ -714,7 +714,7 @@ Key settings (see `/gateway/configuration` for shared channel patterns): - `agent::msteams:channel:` - `agent::msteams:group:` -## Reply Style: Threads vs Posts +## Reply style: threads vs posts Teams recently introduced two channel UI styles over the same underlying data model: @@ -841,7 +841,7 @@ OpenClaw sends Teams polls as Adaptive Cards (there is no native Teams poll API) - The gateway must stay online to record votes. - Polls do not auto-post result summaries yet (inspect the store file if needed). -## Presentation Cards +## Presentation cards Send semantic presentation payloads to Teams users or conversations using the `message` tool or CLI. OpenClaw renders them as Teams Adaptive Cards from the generic presentation contract. @@ -957,7 +957,7 @@ https://teams.microsoft.com/l/channel/19%3A15bc...%40thread.tacv2/ChannelName?gr - Channel ID = path segment after `/channel/` (URL-decoded) - **Ignore** the `groupId` query parameter -## Private Channels +## Private channels Bots have limited support in private channels: diff --git a/docs/gateway/multiple-gateways.md b/docs/gateway/multiple-gateways.md index 307f308d3df..e499cf16055 100644 --- a/docs/gateway/multiple-gateways.md +++ b/docs/gateway/multiple-gateways.md @@ -8,7 +8,7 @@ title: "Multiple gateways" Most setups should use one Gateway because a single Gateway can handle multiple messaging connections and agents. If you need stronger isolation or redundancy (e.g., a rescue bot), run separate Gateways with isolated profiles/ports. -## Best Recommended Setup +## Best recommended setup For most users, the simplest rescue-bot setup is: @@ -44,7 +44,7 @@ During `openclaw --profile rescue onboard`: If onboarding already installed the rescue service for you, the final `gateway install` is not needed. -## Why This Works +## Why this works The rescue bot stays independent because it has its own: @@ -75,7 +75,7 @@ In practice, that means the rescue bot gets its own: The prompts are otherwise the same as normal onboarding. -## General Multi-Gateway Setup +## General multi-gateway setup The rescue-bot layout above is the easiest default, but the same isolation pattern works for any pair or group of Gateways on one host. @@ -114,7 +114,7 @@ Use the rescue-bot quickstart when you want a fallback operator lane. Use the general profile pattern when you want multiple long-lived Gateways for different channels, tenants, workspaces, or operational roles. -## Isolation Checklist +## Isolation checklist Keep these unique per Gateway instance: diff --git a/docs/security/CONTRIBUTING-THREAT-MODEL.md b/docs/security/CONTRIBUTING-THREAT-MODEL.md index d5ce523967b..3e587f86325 100644 --- a/docs/security/CONTRIBUTING-THREAT-MODEL.md +++ b/docs/security/CONTRIBUTING-THREAT-MODEL.md @@ -39,7 +39,7 @@ Attack chains show how multiple threats combine into a realistic attack scenario Typos, clarifications, outdated info, better examples - PRs welcome, no issue needed. -## What We Use +## What we use ### MITRE ATLAS @@ -62,7 +62,7 @@ Each threat gets an ID like `T-EXEC-003`. The categories are: IDs are assigned by maintainers during review. You don't need to pick one. -### Risk Levels +### Risk levels | Level | Meaning | | ------------ | ----------------------------------------------------------------- | @@ -73,7 +73,7 @@ IDs are assigned by maintainers during review. You don't need to pick one. If you're unsure about the risk level, just describe the impact and we'll assess it. -## Review Process +## Review process 1. **Triage** - We review new submissions within 48 hours 2. **Assessment** - We verify feasibility, assign ATLAS mapping and threat ID, validate risk level diff --git a/docs/tools/browser.md b/docs/tools/browser.md index def392a9852..46803255d3b 100644 --- a/docs/tools/browser.md +++ b/docs/tools/browser.md @@ -248,7 +248,7 @@ Browser settings live in `~/.openclaw/openclaw.json`. -## Use Brave (or another Chromium-based browser) +## Use Brave or another Chromium-based browser If your **system default** browser is Chromium-based (Chrome/Brave/Edge/etc), OpenClaw uses it automatically. Set `browser.executablePath` to override