diff --git a/docs/automation/cron-jobs.md b/docs/automation/cron-jobs.md index 092505a9df9..c7f7a998640 100644 --- a/docs/automation/cron-jobs.md +++ b/docs/automation/cron-jobs.md @@ -278,6 +278,7 @@ Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy. - Keep `hooks.allowRequestSessionKey=false` unless you require caller-selected sessions. - If you enable `hooks.allowRequestSessionKey`, also set `hooks.allowedSessionKeyPrefixes` to constrain allowed session key shapes. - Hook payloads are wrapped with safety boundaries by default. + ## Gmail PubSub integration @@ -382,6 +383,7 @@ Model override note: - Configured fallback chains still apply because cron `--model` is a job primary, not a session `/model` override. - Payload `fallbacks` replaces configured fallbacks for that job; `fallbacks: []` disables fallback and makes the run strict. - A plain `--model` with no explicit or configured fallback list does not fall through to the agent primary as a silent extra retry target. + ## Configuration @@ -445,6 +447,7 @@ openclaw doctor - Confirm the Gateway is running continuously. - For `cron` schedules, verify timezone (`--tz`) vs the host timezone. - `reason: not-due` in run output means manual run was checked with `openclaw cron run --due` and the job was not due yet. + - Delivery mode `none` means no runner fallback send is expected. The agent can still send directly with the `message` tool when a chat route is available. @@ -453,16 +456,19 @@ openclaw doctor - Channel auth errors (`unauthorized`, `Forbidden`) mean delivery was blocked by credentials. - If the isolated run returns only the silent token (`NO_REPLY` / `no_reply`), OpenClaw suppresses direct outbound delivery and also suppresses the fallback queued summary path, so nothing is posted back to chat. - If the agent should message the user itself, check that the job has a usable route (`channel: "last"` with a previous chat, or an explicit channel/target). + - Daily and idle reset freshness is not based on `updatedAt`; see [Session management](/concepts/session#session-lifecycle). - Cron wakeups, heartbeat runs, exec notifications, and gateway bookkeeping may update the session row for routing/status, but they do not extend `sessionStartedAt` or `lastInteractionAt`. - For legacy rows created before those fields existed, OpenClaw can recover `sessionStartedAt` from the transcript JSONL session header when the file is still available. Legacy idle rows without `lastInteractionAt` use that recovered start time as their idle baseline. + - Cron without `--tz` uses the gateway host timezone. - `at` schedules without timezone are treated as UTC. - Heartbeat `activeHours` uses configured timezone resolution. + diff --git a/docs/automation/tasks.md b/docs/automation/tasks.md index 02e9ca7d73a..06787115a88 100644 --- a/docs/automation/tasks.md +++ b/docs/automation/tasks.md @@ -112,6 +112,7 @@ Not every agent run creates a task. Heartbeat turns and normal interactive chat - Heartbeat turns — main-session; see [Heartbeat](/gateway/heartbeat) - Normal interactive chat turns - Direct `/command` responses + diff --git a/docs/channels/bluebubbles.md b/docs/channels/bluebubbles.md index f052b63890b..5d9cc07e3b4 100644 --- a/docs/channels/bluebubbles.md +++ b/docs/channels/bluebubbles.md @@ -66,6 +66,7 @@ Current OpenClaw releases bundle BlueBubbles, so normal packaged builds do not n - Always set a webhook password. - Webhook authentication is always required. OpenClaw rejects BlueBubbles webhook requests unless they include a password/guid that matches `channels.bluebubbles.password` (for example `?password=` or `x-password`), regardless of loopback/proxy topology. - Password authentication is checked before reading/parsing full webhook bodies. + ## Keeping Messages.app alive (VM / headless setups) @@ -177,10 +178,12 @@ openclaw channels add bluebubbles --http-url http://192.168.1.100:1234 --passwor - `openclaw pairing list bluebubbles` - `openclaw pairing approve bluebubbles ` - Pairing is the default token exchange. Details: [Pairing](/channels/pairing) + - `channels.bluebubbles.groupPolicy = open | allowlist | disabled` (default: `allowlist`). - `channels.bluebubbles.groupAllowFrom` controls who can trigger in groups when `allowlist` is set. + @@ -393,6 +396,7 @@ BlueBubbles supports advanced message actions when enabled in config: - **upload-file**: Send media/files (`to`, `buffer`, `filename`, `asVoice`). - Voice memos: set `asVoice: true` with **MP3** or **CAF** audio to send as an iMessage voice message. BlueBubbles converts MP3 → CAF when sending voice memos. - Legacy alias: `sendAttachment` still works, but `upload-file` is the canonical action name. + @@ -473,6 +477,7 @@ The two webhooks arrive at OpenClaw ~0.8-2.0 s apart on most setups. Without coa - **Added latency for DM control commands.** With the flag on, DM control-command messages (like `Dump`, `Save`, etc.) now wait up to the debounce window before dispatching, in case a payload webhook is coming. Group-chat commands keep instant dispatch. - **Merged output is bounded** — merged text caps at 4000 chars with an explicit `…[truncated]` marker; attachments cap at 20; source entries cap at 10 (first-plus-latest retained beyond that). Every source `messageId` still reaches inbound-dedupe so a later MessagePoller replay of any individual event is recognized as a duplicate. - **Opt-in, per-channel.** Other channels (Telegram, WhatsApp, Slack, …) are unaffected. + @@ -551,6 +556,7 @@ Full configuration: [Configuration](/gateway/configuration) - `channels.bluebubbles.serverUrl`: BlueBubbles REST API base URL. - `channels.bluebubbles.password`: API password. - `channels.bluebubbles.webhookPath`: Webhook endpoint path (default: `/bluebubbles-webhook`). + - `channels.bluebubbles.dmPolicy`: `pairing | allowlist | open | disabled` (default: `pairing`). @@ -559,6 +565,7 @@ Full configuration: [Configuration](/gateway/configuration) - `channels.bluebubbles.groupAllowFrom`: Group sender allowlist. - `channels.bluebubbles.enrichGroupParticipantsFromContacts`: On macOS, optionally enrich unnamed group participants from local Contacts after gating passes. Default: `false`. - `channels.bluebubbles.groups`: Per-group config (`requireMention`, etc.). + - `channels.bluebubbles.sendReadReceipts`: Send read receipts (default: `true`). @@ -566,6 +573,7 @@ Full configuration: [Configuration](/gateway/configuration) - `channels.bluebubbles.textChunkLimit`: Outbound chunk size in chars (default: 4000). - `channels.bluebubbles.sendTimeoutMs`: Per-request timeout in ms for outbound text sends via `/api/v1/message/text` (default: 30000). Raise on macOS 26 setups where Private API iMessage sends can stall for 60+ seconds inside the iMessage framework; for example `45000` or `60000`. Probes, chat lookups, reactions, edits, and health checks currently keep the shorter 10s default; broadening coverage to reactions and edits is planned as a follow-up. Per-account override: `channels.bluebubbles.accounts..sendTimeoutMs`. - `channels.bluebubbles.chunkMode`: `length` (default) splits only when exceeding `textChunkLimit`; `newline` splits on blank lines (paragraph boundaries) before length chunking. + - `channels.bluebubbles.mediaMaxMb`: Inbound/outbound media cap in MB (default: 8). @@ -573,10 +581,12 @@ Full configuration: [Configuration](/gateway/configuration) - `channels.bluebubbles.coalesceSameSenderDms`: Merge consecutive same-sender DM webhooks into one agent turn so Apple's text+URL split-send arrives as a single message (default: `false`). See [Coalescing split-send DMs](#coalescing-split-send-dms-command--url-in-one-composition) for scenarios, window tuning, and trade-offs. Widens the default inbound debounce window from 500 ms to 2500 ms when enabled without an explicit `messages.inbound.byChannel.bluebubbles`. - `channels.bluebubbles.historyLimit`: Max group messages for context (0 disables). - `channels.bluebubbles.dmHistoryLimit`: DM history limit. + - `channels.bluebubbles.actions`: Enable/disable specific actions. - `channels.bluebubbles.accounts`: Multi-account configuration. + diff --git a/docs/channels/broadcast-groups.md b/docs/channels/broadcast-groups.md index b241dd95dd8..5eed662b8d5 100644 --- a/docs/channels/broadcast-groups.md +++ b/docs/channels/broadcast-groups.md @@ -168,6 +168,7 @@ Control how agents process messages: - All listed agents process the message. - Each agent has its own session key and isolated context. - Agents process in parallel (default) or sequentially. + Normal routing applies (first matching binding). diff --git a/docs/channels/groups.md b/docs/channels/groups.md index 3415917e67b..d533b69d507 100644 --- a/docs/channels/groups.md +++ b/docs/channels/groups.md @@ -26,6 +26,7 @@ Translation: allowlisted senders can trigger OpenClaw by mentioning it. - **DM access** is controlled by `*.allowFrom`. - **Group access** is controlled by `*.groupPolicy` + allowlists (`*.groups`, `*.groupAllowFrom`). - **Reply triggering** is controlled by mention gating (`requireMention`, `/activation`). + Quick flow (what happens to a group message): @@ -69,6 +70,7 @@ By default, OpenClaw prioritizes normal chat behavior and keeps context mostly a - Some channels already apply sender-based filtering for supplemental context in specific paths (for example Slack thread seeding, Matrix reply/thread lookups). - Other channels still pass quote/reply/forward context through as received. + - `contextVisibility: "all"` (default) keeps current as-received behavior. @@ -244,6 +246,7 @@ Control how group/room messages are handled per channel: - Telegram allowlist can match user IDs (`"123456789"`, `"telegram:123456789"`, `"tg:123456789"`) or usernames (`"@alice"` or `"alice"`); prefixes are case-insensitive. - Default is `groupPolicy: "allowlist"`; if your group allowlist is empty, group messages are blocked. - Runtime safety: when a provider block is completely missing (`channels.` absent), group policy falls back to a fail-closed mode (typically `allowlist`) instead of inheriting `channels.defaults.groupPolicy`. + @@ -313,6 +316,7 @@ Replying to a bot message counts as an implicit mention when the channel support - Groups where silent replies are allowed treat clean empty or reasoning-only model turns as silent, equivalent to `NO_REPLY`. Direct chats still treat empty replies as a failed agent turn. - Discord defaults live in `channels.discord.guilds."*"` (overridable per guild/channel). - Group history context is wrapped uniformly across channels and is **pending-only** (messages skipped due to mention gating); use `messages.groupChat.historyLimit` for the global default and `channels..historyLimit` (or `channels..accounts.*.historyLimit`) for overrides. Set `0` to disable. + diff --git a/docs/channels/imessage.md b/docs/channels/imessage.md index 6b7b9785d32..2591e21cf01 100644 --- a/docs/channels/imessage.md +++ b/docs/channels/imessage.md @@ -306,6 +306,7 @@ exec ssh -T bot@mac-mini.tailnet-1234.ts.net imsg "$@" - default root pattern: `/Users/*/Library/Messages/Attachments` - SCP uses strict host-key checking (`StrictHostKeyChecking=yes`) - outbound media size uses `channels.imessage.mediaMaxMb` (default 16 MB) + @@ -313,6 +314,7 @@ exec ssh -T bot@mac-mini.tailnet-1234.ts.net imsg "$@" - chunk mode: `channels.imessage.chunkMode` - `length` (default) - `newline` (paragraph-first splitting) + diff --git a/docs/channels/mattermost.md b/docs/channels/mattermost.md index ce21a70c6f8..dba5da77265 100644 --- a/docs/channels/mattermost.md +++ b/docs/channels/mattermost.md @@ -90,6 +90,7 @@ Native slash commands are opt-in. When enabled, OpenClaw registers `oc_*` slash - For multi-account setups, `commands` can be set at the top level or under `channels.mattermost.accounts..commands` (account values override top-level fields). - Command callbacks are validated with the per-command tokens returned by Mattermost when OpenClaw registers `oc_*` commands. - Slash callbacks fail closed when registration failed, startup was partial, or the callback token does not match one of the registered commands. + The callback endpoint must be reachable from the Mattermost server. @@ -284,11 +285,13 @@ Enable via `channels.mattermost.streaming`: - `block` uses append-style draft chunks inside the preview post. - `progress` shows a status preview while generating and only posts the final answer at completion. - `off` disables preview streaming. + - If the stream cannot be finalized in place (for example the post was deleted mid-stream), OpenClaw falls back to sending a fresh final post so the reply is never lost. - Reasoning-only payloads are suppressed from channel posts, including text that arrives as a `> Reasoning:` blockquote. Set `/reasoning on` to see thinking in other surfaces; the Mattermost final post keeps the answer only. - See [Streaming](/concepts/streaming#preview-streaming-modes) for the channel-mapping matrix. + @@ -362,6 +365,7 @@ When a user clicks a button: - Button callbacks use HMAC-SHA256 verification (automatic, no config needed). - Mattermost strips callback data from its API responses (security feature), so all buttons are removed on click — partial removal is not possible. - Action IDs containing hyphens or underscores are sanitized automatically (Mattermost routing limitation). + - `channels.mattermost.capabilities`: array of capability strings. Add `"inlineButtons"` to enable the buttons tool description in the agent system prompt. @@ -370,6 +374,7 @@ When a user clicks a button: - If `interactions.callbackBaseUrl` is omitted, OpenClaw derives the callback URL from `gateway.customBindHost` + `gateway.port`, then falls back to `http://localhost:`. - Reachability rule: the button callback URL must be reachable from the Mattermost server. `localhost` only works when Mattermost and OpenClaw run on the same host/network namespace. - If your callback target is private/tailnet/internal, add its host/domain to Mattermost `ServiceSettings.AllowedUntrustedInternalConnections`. + @@ -465,6 +470,7 @@ context = {**ctx, "_token": token} - Always sign **all** context fields (minus `_token`). The gateway strips `_token` then signs everything remaining. Signing a subset causes silent verification failure. - Use `sort_keys=True` — the gateway sorts keys before signing, and Mattermost may reorder context fields when storing the payload. - Derive the secret from the bot token (deterministic), not random bytes. The secret must be the same across the process that creates buttons and the gateway that verifies. + @@ -500,6 +506,7 @@ Mattermost supports multiple accounts under `channels.mattermost.accounts`: - Check the bot token, base URL, and whether the account is enabled. - Multi-account issues: env vars only apply to the `default` account. + - `Unauthorized: invalid command token.`: OpenClaw did not accept the callback token. Typical causes: @@ -509,6 +516,7 @@ Mattermost supports multiple accounts under `channels.mattermost.accounts`: - the gateway restarted without reactivating slash commands - If native slash commands stop working, check logs for `mattermost: failed to register slash commands` or `mattermost: native slash commands enabled but no commands could be registered`. - If `callbackUrl` is omitted and logs warn that the callback resolved to `http://127.0.0.1:18789/...`, that URL is probably only reachable when Mattermost runs on the same host/network namespace as OpenClaw. Set an explicit externally reachable `commands.callbackUrl` instead. + - Buttons appear as white boxes: the agent may be sending malformed button data. Check that each button has both `text` and `callback_data` fields. @@ -518,6 +526,7 @@ Mattermost supports multiple accounts under `channels.mattermost.accounts`: - Gateway logs `missing _token in context`: the `_token` field is not in the button's context. Ensure it is included when building the integration payload. - Confirmation shows raw ID instead of button name: `context.action_id` does not match the button's `id`. Set both to the same sanitized value. - Agent doesn't know about buttons: add `capabilities: ["inlineButtons"]` to the Mattermost channel config. + diff --git a/docs/channels/slack.md b/docs/channels/slack.md index 5d14accc435..e3fa1f24eaf 100644 --- a/docs/channels/slack.md +++ b/docs/channels/slack.md @@ -31,6 +31,7 @@ Production-ready for DMs and channels via Slack app integrations. Default mode i - paste the [example manifest](#manifest-and-scope-checklist) from below and continue to create - generate an **App-Level Token** (`xapp-...`) with `connections:write` - install app and copy the **Bot Token** (`xoxb-...`) shown + @@ -619,6 +620,7 @@ Notes: - `channels.slack.chunkMode="newline"` enables paragraph-first splitting - file sends use Slack upload APIs and can include thread replies (`thread_ts`) - outbound media cap follows `channels.slack.mediaMaxMb` when configured; otherwise channel sends use MIME-kind defaults from media pipeline + diff --git a/docs/channels/telegram.md b/docs/channels/telegram.md index 8fb7ec2be79..6390e5312fd 100644 --- a/docs/channels/telegram.md +++ b/docs/channels/telegram.md @@ -205,6 +205,7 @@ curl "https://api.telegram.org/bot/getUpdates" - Put negative Telegram group or supergroup chat IDs like `-1001234567890` under `channels.telegram.groups`. - Put Telegram user IDs like `8734062810` under `groupAllowFrom` when you want to limit which people inside an allowed group can trigger the bot. - Use `groupAllowFrom: ["*"]` only when you want any member of an allowed group to be able to talk to the bot. + diff --git a/docs/channels/twitch.md b/docs/channels/twitch.md index b148363b4b4..8864b05736e 100644 --- a/docs/channels/twitch.md +++ b/docs/channels/twitch.md @@ -275,6 +275,7 @@ openclaw channels status --probe - **Check access control:** Ensure your user ID is in `allowFrom`, or temporarily remove `allowFrom` and set `allowedRoles: ["all"]` to test. - **Check the bot is in the channel:** The bot must join the channel specified in `channel`. + "Failed to connect" or authentication errors: diff --git a/docs/channels/whatsapp.md b/docs/channels/whatsapp.md index 7cc59d248d3..8ef330d5d49 100644 --- a/docs/channels/whatsapp.md +++ b/docs/channels/whatsapp.md @@ -365,6 +365,7 @@ When the linked self number is also present in `allowFrom`, WhatsApp self-chat s - default chunk limit: `channels.whatsapp.textChunkLimit = 4000` - `channels.whatsapp.chunkMode = "length" | "newline"` - `newline` mode prefers paragraph boundaries (blank lines), then falls back to length-safe chunking + @@ -377,6 +378,7 @@ When the linked self number is also present in `allowFrom`, WhatsApp self-chat s - animated GIF playback is supported via `gifPlayback: true` on video sends - captions are applied to the first media item when sending multi-media reply payloads, except PTT voice notes send the audio first and visible text separately because WhatsApp clients do not render voice-note captions consistently - media source can be HTTP(S), `file://`, or local paths + @@ -385,6 +387,7 @@ When the linked self number is also present in `allowFrom`, WhatsApp self-chat s - per-account overrides use `channels.whatsapp.accounts..mediaMaxMb` - images are auto-optimized (resize/quality sweep) to fit limits - on media send failure, first-item fallback sends text warning instead of dropping the response silently + @@ -469,12 +472,14 @@ Behavior notes: - account ids come from `channels.whatsapp.accounts` - default account selection: `default` if present, otherwise first configured account id (sorted) - account ids are normalized internally for lookup + - current auth path: `~/.openclaw/credentials/whatsapp//creds.json` - backup file: `creds.json.bak` - legacy default auth in `~/.openclaw/credentials/` is still recognized/migrated for default-account flows + diff --git a/docs/cli/config.md b/docs/cli/config.md index 3a3620998c3..1865fa9c412 100644 --- a/docs/cli/config.md +++ b/docs/cli/config.md @@ -49,6 +49,7 @@ Print the generated JSON schema for `openclaw.json` to stdout as JSON. - `anyOf` / `oneOf` / `allOf` branches inherit the same docs metadata too when matching field documentation exists. - Best-effort live plugin + channel schema metadata when runtime manifests can be loaded. - A clean fallback schema even when the current config is invalid. + `config.schema.lookup` returns one normalized config path with a shallow schema node (`title`, `description`, `type`, `enum`, `const`, common bounds), matched UI hint metadata, and immediate child summaries. Use it for path-scoped drill-down in Control UI or custom clients. @@ -184,15 +185,18 @@ Provider builder targets must use `secrets.providers.` as the path. - `--provider-source ` - `--provider-timeout-ms ` (`file`, `exec`) + - `--provider-allowlist ` (repeatable) + - `--provider-path ` (required) - `--provider-mode ` - `--provider-max-bytes ` - `--provider-allow-insecure-path` + - `--provider-command ` (required) @@ -205,6 +209,7 @@ Provider builder targets must use `secrets.providers.` as the path. - `--provider-trusted-dir ` (repeatable) - `--provider-allow-insecure-path` - `--provider-allow-symlink-command` + @@ -257,6 +262,7 @@ openclaw config set channels.discord.token \ - Exec SecretRef checks are skipped by default during dry-run to avoid command side effects. - Use `--allow-exec` with `--dry-run` to opt in to exec SecretRef checks (this may execute provider commands). - `--allow-exec` is dry-run only and errors if used without `--dry-run`. + `--dry-run --json` prints a machine-readable report: @@ -348,6 +354,7 @@ openclaw config set channels.discord.token \ - `SecretRef assignment(s) could not be resolved`: referenced provider/ref currently cannot resolve (missing env var, invalid file pointer, exec provider failure, or provider/source mismatch). - `Dry run note: skipped exec SecretRef resolvability check(s)`: dry-run skipped exec refs; rerun with `--allow-exec` if you need exec resolvability validation. - For batch mode, fix failing entries and rerun `--dry-run` before writing. + diff --git a/docs/cli/cron.md b/docs/cli/cron.md index 8a01f2a04cd..a8c56babaac 100644 --- a/docs/cli/cron.md +++ b/docs/cli/cron.md @@ -24,6 +24,7 @@ Run `openclaw cron --help` for the full command surface. See [Cron jobs](/automa - `isolated` creates a fresh transcript and session id for each run. - `current` binds to the active session at creation time. - `session:` pins to an explicit persistent session key. + Isolated runs reset ambient conversation context. Channel and group routing, send/queue policy, elevation, origin, and ACP runtime binding are reset for the new run. Safe preferences and explicit user-selected model or auth overrides can carry across runs. diff --git a/docs/cli/gateway.md b/docs/cli/gateway.md index 7c43a08375f..47a547c061c 100644 --- a/docs/cli/gateway.md +++ b/docs/cli/gateway.md @@ -44,6 +44,7 @@ openclaw gateway run - Binding beyond loopback without auth is blocked (safety guardrail). - `SIGUSR1` triggers an in-process restart when authorized (`commands.restart` is enabled by default; set `commands.restart: false` to block manual restart, while gateway tool/config apply/update remain allowed). - `SIGINT`/`SIGTERM` handlers stop the gateway process, but they don't restore any custom terminal state. If you wrap the CLI with a TUI or raw-mode input, restore the terminal before exit. + @@ -122,6 +123,7 @@ All query commands use WebSocket RPC. - Default: human-readable (colored in TTY). - `--json`: machine-readable JSON (no styling/spinner). - `--no-color` (or `NO_COLOR=1`): disable ANSI while keeping human layout. + - `--url `: Gateway WebSocket URL. @@ -129,6 +131,7 @@ All query commands use WebSocket RPC. - `--password `: Gateway password. - `--timeout `: timeout/budget (varies per command). - `--expect-final`: wait for a "final" response (agent calls). + @@ -193,6 +196,7 @@ openclaw gateway stability --json - Records keep operational metadata: event names, counts, byte sizes, memory readings, queue/session state, channel/plugin names, and redacted session summaries. They do not keep chat text, webhook bodies, tool outputs, raw request or response bodies, tokens, cookies, secret values, hostnames, or raw session ids. Set `diagnostics.enabled: false` to disable the recorder entirely. - On fatal Gateway exits, shutdown timeouts, and restart startup failures, OpenClaw writes the same diagnostic snapshot to `~/.openclaw/logs/stability/openclaw-stability-*.json` when the recorder has events. Inspect the newest bundle with `openclaw gateway stability --bundle latest`; `--limit`, `--type`, and `--since-seq` also apply to bundle output. + @@ -281,11 +285,13 @@ openclaw gateway status --require-rpc - Use `--require-rpc` in scripts and automation when a listening service is not enough and you need read-scope RPC calls to be healthy too. - `--deep` adds a best-effort scan for extra launchd/systemd/schtasks installs. When multiple gateway-like services are detected, human output prints cleanup hints and warns that most setups should run one gateway per machine. - Human output includes the resolved file log path plus the CLI-vs-service config paths/validity snapshot to help diagnose profile or state-dir drift. + - On Linux systemd installs, service auth drift checks read both `Environment=` and `EnvironmentFile=` values from the unit (including `%h`, quoted paths, multiple files, and optional `-` files). - Drift checks resolve `gateway.auth.token` SecretRefs using merged runtime env (service command env first, then process env fallback). - If token auth is not effectively active (explicit `gateway.auth.mode` of `password`/`none`/`trusted-proxy`, or mode unset where password can win and no token candidate can win), token-drift checks skip config token resolution. + @@ -319,6 +325,7 @@ openclaw gateway probe --json - `Read probe: limited - missing scope: operator.read` means connect succeeded but read-scope RPC is limited. This is reported as **degraded** reachability, not full failure. - Like `gateway status`, probe reuses existing cached device auth but does not create first-time device identity or pairing state. - Exit code is non-zero only when no probed target is reachable. + Top level: @@ -349,6 +356,7 @@ openclaw gateway probe --json - `multiple_gateways`: more than one target was reachable; this is unusual unless you intentionally run isolated profiles, such as a rescue bot. - `auth_secretref_unresolved`: a configured auth SecretRef could not be resolved for a failed target. - `probe_scope_limited`: WebSocket connect succeeded, but the read probe was limited by missing `operator.read`. + @@ -462,10 +470,12 @@ openclaw gateway restart - `gateway status`: `--url`, `--token`, `--password`, `--timeout`, `--no-probe`, `--require-rpc`, `--deep`, `--json` - `gateway install`: `--port`, `--runtime `, `--token`, `--wrapper `, `--force`, `--json` - `gateway uninstall|start|stop|restart`: `--json` + - Use `gateway restart` to restart a managed service. Do not chain `gateway stop` and `gateway start` as a restart substitute; on macOS, `gateway stop` intentionally disables the LaunchAgent before stopping it. - Lifecycle commands accept `--json` for scripting. + - When token auth requires a token and `gateway.auth.token` is SecretRef-managed, `gateway install` validates that the SecretRef is resolvable but does not persist the resolved token into service environment metadata. @@ -473,6 +483,7 @@ openclaw gateway restart - For password auth on `gateway run`, prefer `OPENCLAW_GATEWAY_PASSWORD`, `--password-file`, or a SecretRef-backed `gateway.auth.password` over inline `--password`. - In inferred auth mode, shell-only `OPENCLAW_GATEWAY_PASSWORD` does not relax install token requirements; use durable config (`gateway.auth.password` or config `env`) when installing a managed service. - If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, install is blocked until mode is set explicitly. + @@ -519,6 +530,7 @@ openclaw gateway discover --json | jq '.beacons[].wsUrl' - The CLI scans `local.` plus the configured wide-area domain when one is enabled. - `wsUrl` in JSON output is derived from the resolved service endpoint, not from TXT-only hints such as `lanHost` or `tailnetDns`. - On `local.` mDNS, `sshPort` and `cliPath` are only broadcast when `discovery.mdns.mode` is `full`. Wide-area DNS-SD still writes `cliPath`; `sshPort` stays optional there too. + ## Related diff --git a/docs/cli/mcp.md b/docs/cli/mcp.md index e670951c94f..002c87ff789 100644 --- a/docs/cli/mcp.md +++ b/docs/cli/mcp.md @@ -65,6 +65,7 @@ Use [`openclaw acp`](/cli/acp) instead when OpenClaw should host the coding runt - one-shot agent entry points such as `openclaw agent` and `openclaw infer model run` retire any bundled MCP runtimes they open when the reply completes, so repeated scripted runs do not accumulate stdio MCP child processes - stdio MCP servers launched by OpenClaw (bundled or user-configured) are torn down as a process tree on shutdown, so child subprocesses started by the server do not survive after the parent stdio client exits - deleting or resetting a session disposes that session's MCP clients through the shared runtime cleanup path, so there are no lingering stdio connections tied to a removed session + @@ -203,6 +204,7 @@ Current event types: - the queue is live-only; it starts when the MCP bridge starts - `events_poll` and `events_wait` do not replay older Gateway history by themselves - durable backlog should be read with `messages_read` + ### Claude channel notifications @@ -360,6 +362,7 @@ Those saved definitions are for runtimes that OpenClaw launches or configures la - runtime adapters decide which transport shapes they actually support at execution time - embedded Pi exposes configured MCP tools in normal `coding` and `messaging` tool profiles; `minimal` still hides them, and `tools.deny: ["bundle-mcp"]` disables them explicitly - session-scoped bundled MCP runtimes are reaped after `mcp.sessionIdleTtlMs` milliseconds of idle time (default 10 minutes; set `0` to disable) and one-shot embedded runs clean them up at run end + diff --git a/docs/cli/onboard.md b/docs/cli/onboard.md index bb15823dd39..718eb1e327c 100644 --- a/docs/cli/onboard.md +++ b/docs/cli/onboard.md @@ -183,6 +183,7 @@ openclaw onboard --non-interactive \ - `quickstart`: minimal prompts, auto-generates a gateway token. - `manual`: full prompts for port, bind, and auth (alias of `advanced`). - `import`: runs a detected migration provider, previews the plan, then applies after confirmation. + When an auth choice implies a preferred provider, onboarding prefilters the default-model and allowlist pickers to that provider. For Volcengine and BytePlus, this also matches the coding-plan variants (`volcengine-plan/*`, `byteplus-plan/*`). @@ -202,6 +203,7 @@ openclaw onboard --non-interactive \ - Fastest first chat: `openclaw dashboard` (Control UI, no channel setup). - Custom provider: connect any OpenAI or Anthropic compatible endpoint, including hosted providers not listed. Use Unknown to auto-detect. - If Hermes state is detected, onboarding offers a migration flow. Use [Migrate](/cli/migrate) for dry-run plans, overwrite mode, reports, and exact mappings. + diff --git a/docs/cli/plugins.md b/docs/cli/plugins.md index f33d6b12398..3a71b83a8f7 100644 --- a/docs/cli/plugins.md +++ b/docs/cli/plugins.md @@ -165,6 +165,7 @@ openclaw plugins install --marketplace ./my-marketplace - a GitHub repo shorthand such as `owner/repo` - a GitHub repo URL such as `https://github.com/owner/repo` - a git URL + For remote marketplaces loaded from GitHub or git, plugin entries must stay inside the cloned marketplace repo. OpenClaw accepts relative path sources from that repo and rejects HTTP(S), absolute-path, git, GitHub, and other non-path plugin sources from remote manifests. diff --git a/docs/concepts/dreaming.md b/docs/concepts/dreaming.md index ec1c69e4ccc..04d7a11debb 100644 --- a/docs/concepts/dreaming.md +++ b/docs/concepts/dreaming.md @@ -86,6 +86,7 @@ There is also a grounded historical backfill lane for review and recovery work: - `memory rem-backfill --path ...` writes reversible grounded diary entries into `DREAMS.md`. - `memory rem-backfill --path ... --stage-short-term` stages grounded durable candidates into the same short-term evidence store the normal deep phase already uses. - `memory rem-backfill --rollback` and `--rollback-short-term` remove those staged backfill artifacts without touching ordinary diary entries or live short-term recall. + diff --git a/docs/concepts/model-failover.md b/docs/concepts/model-failover.md index 620484526ff..4209a2a0b5c 100644 --- a/docs/concepts/model-failover.md +++ b/docs/concepts/model-failover.md @@ -232,6 +232,7 @@ OpenClaw builds the candidate list from the currently requested `provider/model` - If the current run is on a different provider than config and that current model is not already part of the configured fallback chain, OpenClaw does not append unrelated configured fallbacks from another provider. - When no explicit fallback override is supplied to the fallback runner, the configured primary is appended at the end so the chain can settle back onto the normal default once earlier candidates are exhausted. - When a caller supplies `fallbacksOverride`, the runner uses exactly the requested model plus that override list. An empty list disables model fallback and prevents the configured primary from being appended as a hidden retry target. + @@ -246,11 +247,13 @@ OpenClaw builds the candidate list from the currently requested `provider/model` - billing disables - `LiveSessionModelSwitchError`, which is normalized into a failover path so a stale persisted model does not create an outer retry loop - other unrecognized errors when there are still remaining candidates + - explicit aborts that are not timeout/failover-shaped - context overflow errors that should stay inside compaction/retry logic (for example `request_too_large`, `INVALID_ARGUMENT: input exceeds the maximum number of tokens`, `input token count exceeds the maximum number of input tokens`, `The input is too long for the model`, or `ollama error: context length exceeded`) - a final unknown error when there are no candidates left + @@ -265,6 +268,7 @@ When every auth profile for a provider is already in cooldown, OpenClaw does not - The primary candidate may be probed near cooldown expiry, with a per-provider throttle. - Same-provider fallback siblings can be attempted despite cooldown when the failure looks transient (`rate_limit`, `overloaded`, or unknown). This is especially relevant when a rate limit is model-scoped and a sibling model may still recover immediately. - Transient cooldown probes are limited to one per provider per fallback run so a single provider does not stall cross-provider fallback. + diff --git a/docs/concepts/model-providers.md b/docs/concepts/model-providers.md index fbfe15a4ad8..7dfd851ee94 100644 --- a/docs/concepts/model-providers.md +++ b/docs/concepts/model-providers.md @@ -18,6 +18,7 @@ Reference for **LLM/model providers** (not chat channels like WhatsApp/Telegram) - CLI helpers: `openclaw onboard`, `openclaw models list`, `openclaw models set `. - `models.providers.*.contextWindow` / `contextTokens` / `maxTokens` set provider-level defaults; `models.providers.*.models[].contextWindow` / `contextTokens` / `maxTokens` override them per model. - Fallback rules, cooldown probes, and session-override persistence: [Model failover](/concepts/model-failover). + OpenAI-family routes are prefix-specific: @@ -69,6 +70,7 @@ Provider runtime `capabilities` is shared runner metadata (provider family, tran - Requests are retried with the next key only on rate-limit responses (for example `429`, `rate_limit`, `quota`, `resource exhausted`, `Too many concurrent requests`, `ThrottlingException`, `concurrency limit reached`, `workers_ai ... quota limit exceeded`, or periodic usage-limit messages). - Non-rate-limit failures fail immediately; no key rotation is attempted. - When all candidate keys fail, the final error is returned from the last attempt. + @@ -418,6 +420,7 @@ In onboarding/configure model pickers, the Volcengine auth choice prefers both ` - `volcengine/kimi-k2-5-260127` (Kimi K2.5) - `volcengine/glm-4-7-251222` (GLM 4.7) - `volcengine/deepseek-v3-2-251201` (DeepSeek V3.2 128K) + - `volcengine-plan/ark-code-latest` @@ -425,6 +428,7 @@ In onboarding/configure model pickers, the Volcengine auth choice prefers both ` - `volcengine-plan/kimi-k2.5` - `volcengine-plan/kimi-k2-thinking` - `volcengine-plan/glm-4.7` + @@ -454,6 +458,7 @@ In onboarding/configure model pickers, the BytePlus auth choice prefers both `by - `byteplus/seed-1-8-251228` (Seed 1.8) - `byteplus/kimi-k2-5-260127` (Kimi K2.5) - `byteplus/glm-4-7-251222` (GLM 4.7) + - `byteplus-plan/ark-code-latest` @@ -461,6 +466,7 @@ In onboarding/configure model pickers, the BytePlus auth choice prefers both `by - `byteplus-plan/kimi-k2.5` - `byteplus-plan/kimi-k2-thinking` - `byteplus-plan/glm-4.7` + @@ -668,6 +674,7 @@ Example (OpenAI‑compatible): - For slow local models or remote LAN/tailnet hosts, set `models.providers..timeoutSeconds`. This extends provider model HTTP request handling, including connect, headers, body streaming, and the total guarded-fetch abort, without increasing the whole agent runtime timeout. - If `baseUrl` is empty/omitted, OpenClaw keeps the default OpenAI behavior (which resolves to `api.openai.com`). - For safety, an explicit `compat.supportsDeveloperRole: true` is still overridden on non-native `openai-completions` endpoints. + diff --git a/docs/concepts/models.md b/docs/concepts/models.md index 39ae18a7de8..89820a6a915 100644 --- a/docs/concepts/models.md +++ b/docs/concepts/models.md @@ -50,6 +50,7 @@ OpenClaw selects models in this order: - `agents.defaults.musicGenerationModel` is used by the shared music-generation capability. If omitted, `music_generate` can still infer an auth-backed provider default. It tries the current default provider first, then the remaining registered music-generation providers in provider-id order. If you set a specific provider/model, also configure that provider's auth/API key. - `agents.defaults.videoGenerationModel` is used by the shared video-generation capability. If omitted, `video_generate` can still infer an auth-backed provider default. It tries the current default provider first, then the remaining registered video-generation providers in provider-id order. If you set a specific provider/model, also configure that provider's auth/API key. - Per-agent defaults can override `agents.defaults.model` via `agents.list[].model` plus bindings (see [Multi-agent routing](/concepts/multi-agent)). + @@ -127,6 +128,7 @@ This happens **before** a normal reply is generated, so the message can feel lik - Add the model to `agents.defaults.models`, or - Clear the allowlist (remove `agents.defaults.models`), or - Pick a model from `/model list`. + Example allowlist config: @@ -161,6 +163,7 @@ You can switch models for the current session without restarting: - On Discord, `/model` and `/models` open an interactive picker with provider and model dropdowns plus a Submit step. - `/models add` is deprecated and now returns a deprecation message instead of registering models from chat. - `/model <#>` selects from that picker. + - `/model` persists the new session selection immediately. @@ -169,6 +172,7 @@ You can switch models for the current session without restarting: - If tool activity or reply output has already started, the pending switch can stay queued until a later retry opportunity or the next user turn. - A user-selected `/model` ref is strict for that session: if the selected provider/model is unreachable, the reply fails visibly instead of silently answering from `agents.defaults.model.fallbacks`. This is different from configured defaults and cron job primaries, which can still use fallback chains. - `/model status` is the detailed view (auth candidates and, when configured, provider endpoint `baseUrl` + `api` mode). + - Model refs are parsed by splitting on the **first** `/`. Use `provider/model` when typing `/model `. @@ -238,6 +242,7 @@ Shows the resolved primary model, fallbacks, image model, and an auth overview o - Use `--check` for automation (exit `1` when missing/expired, `2` when expiring). - Use `--probe` for live auth checks; probe rows can come from auth profiles, env credentials, or `models.json`. - If explicit `auth.order.` omits a stored profile, probe reports `excluded_by_auth_order` instead of trying it. If auth exists but no probeable model can be resolved for that provider, probe reports `status: no_model`. + diff --git a/docs/concepts/multi-agent.md b/docs/concepts/multi-agent.md index e915f8da086..7b7c037b3f8 100644 --- a/docs/concepts/multi-agent.md +++ b/docs/concepts/multi-agent.md @@ -237,11 +237,13 @@ Bindings are **deterministic** and **most-specific wins**: - If multiple bindings match in the same tier, the first one in config order wins. - If a binding sets multiple match fields (for example `peer` + `guildId`), all specified fields are required (`AND` semantics). + - A binding that omits `accountId` matches the default account only. - Use `accountId: "*"` for a channel-wide fallback across all accounts. - If you later add the same binding for the same agent with an explicit account id, OpenClaw upgrades the existing channel-only binding to account-scoped instead of duplicating it. + diff --git a/docs/gateway/config-tools.md b/docs/gateway/config-tools.md index 660656b0106..ebf7969d2c2 100644 --- a/docs/gateway/config-tools.md +++ b/docs/gateway/config-tools.md @@ -296,6 +296,7 @@ Default: `tree` (current session + sessions spawned by it, such as subagents). - `agent`: any session belonging to the current agent id (can include other users if you run per-sender sessions under the same agent id). - `all`: any session. Cross-agent targeting still requires `tools.agentToAgent`. - Sandbox clamp: when the current session is sandboxed and `agents.defaults.sandbox.sessionToolsVisibility="spawned"`, visibility is forced to `tree` even if `tools.sessions.visibility="all"`. + @@ -327,6 +328,7 @@ Controls inline attachment support for `sessions_spawn`. - Base64 inputs are validated with strict alphabet/padding checks and a pre-decode size guard. - File permissions are `0700` for directories and `0600` for files. - Cleanup follows the `cleanup` policy: `delete` always removes attachments; `keep` retains them only when `retainOnSessionKeep: true`. + @@ -420,6 +422,7 @@ OpenClaw uses the built-in model catalog. Add custom providers via `models.provi - Matching model `contextTokens` preserves an explicit runtime cap when present; use it to limit effective context without changing native model metadata. - Use `models.mode: "replace"` when you want config to fully rewrite `models.json`. - Marker persistence is source-authoritative: markers are written from the active source config snapshot (pre-resolution), not from resolved runtime secret values. + @@ -430,6 +433,7 @@ OpenClaw uses the built-in model catalog. Add custom providers via `models.provi - `models.mode`: provider catalog behavior (`merge` or `replace`). - `models.providers`: custom provider map keyed by provider id. - Safe edits: use `openclaw config set models.providers. '' --strict-json --merge` or `openclaw config set models.providers..models '' --strict-json --merge` for additive updates. `config set` refuses destructive replacements unless you pass `--replace`. + - `models.providers.*.api`: request adapter (`openai-completions`, `openai-responses`, `anthropic-messages`, `google-generative-ai`, etc). For self-hosted `/v1/chat/completions` backends such as MLX, vLLM, SGLang, and most OpenAI-compatible local servers, use `openai-completions`. A custom provider with `baseUrl` but no `api` defaults to `openai-completions`; set `openai-responses` only when the backend supports `/v1/responses`. @@ -443,6 +447,7 @@ OpenClaw uses the built-in model catalog. Add custom providers via `models.provi - `models.providers.*.authHeader`: force credential transport in the `Authorization` header when required. - `models.providers.*.baseUrl`: upstream API base URL. - `models.providers.*.headers`: extra static headers for proxy/tenant routing. + `models.providers.*.request`: transport overrides for model-provider HTTP requests. @@ -461,6 +466,7 @@ OpenClaw uses the built-in model catalog. Add custom providers via `models.provi - `models.providers.*.models.*.contextTokens`: optional runtime context cap. This overrides provider-level `contextTokens`; use it when you want a smaller effective context budget than the model's native `contextWindow`; `openclaw models list` shows both values when they differ. - `models.providers.*.models.*.compat.supportsDeveloperRole`: optional compatibility hint. For `api: "openai-completions"` with a non-empty non-native `baseUrl` (host not `api.openai.com`), OpenClaw forces this to `false` at runtime. Empty/omitted `baseUrl` keeps default OpenAI behavior. - `models.providers.*.models.*.compat.requiresStringContent`: optional compatibility hint for string-only OpenAI-compatible chat endpoints. When `true`, OpenClaw flattens pure text `messages[].content` arrays into plain strings before sending the request. + - `plugins.entries.amazon-bedrock.config.discovery`: Bedrock auto-discovery settings root. @@ -470,6 +476,7 @@ OpenClaw uses the built-in model catalog. Add custom providers via `models.provi - `plugins.entries.amazon-bedrock.config.discovery.refreshInterval`: polling interval for discovery refresh. - `plugins.entries.amazon-bedrock.config.discovery.defaultContextWindow`: fallback context window for discovered models. - `plugins.entries.amazon-bedrock.config.discovery.defaultMaxTokens`: fallback max output tokens for discovered models. + diff --git a/docs/gateway/doctor.md b/docs/gateway/doctor.md index 3a7c7893917..cb618532a60 100644 --- a/docs/gateway/doctor.md +++ b/docs/gateway/doctor.md @@ -74,6 +74,7 @@ cat ~/.openclaw/openclaw.json - UI protocol freshness check (rebuilds Control UI when the protocol schema is newer). - Health check + restart prompt. - Skills status summary (eligible/missing/blocked) and plugin status. + - Config normalization for legacy values. @@ -87,6 +88,7 @@ cat ~/.openclaw/openclaw.json - Legacy cron store migration (`jobId`, `schedule.cron`, top-level delivery/payload fields, payload `provider`, simple `notify: true` webhook fallback jobs). - Legacy agent runtime-policy migration to `agents.defaults.agentRuntime` and `agents.list[].agentRuntime`. - Stale plugin config cleanup when plugins are enabled; when `plugins.enabled=false`, stale plugin references are treated as inert containment config and are preserved. + - Session lock file inspection and stale lock cleanup. @@ -95,6 +97,7 @@ cat ~/.openclaw/openclaw.json - Config file permission checks (chmod 600) when running locally. - Model auth health: checks OAuth expiry, can refresh expiring tokens, and reports auth-profile cooldown/disabled states. - Extra workspace dir detection (`~/openclaw`). + - Sandbox image repair when sandboxing is enabled. @@ -106,11 +109,13 @@ cat ~/.openclaw/openclaw.json - Embedded proxy environment cleanup for gateway services that captured shell `HTTP_PROXY` / `HTTPS_PROXY` / `NO_PROXY` values during install or update. - Gateway runtime best-practice checks (Node vs Bun, version-manager paths). - Gateway port collision diagnostics (default `18789`). + - Security warnings for open DM policies. - Gateway auth checks for local token mode (offers token generation when no token source exists; does not overwrite token SecretRef configs). - Device pairing trouble detection (pending first-time pair requests, pending role/scope upgrades, stale local device-token cache drift, and paired-record auth drift). + - systemd linger check on Linux. @@ -119,6 +124,7 @@ cat ~/.openclaw/openclaw.json - Memory search embedding provider readiness check (local model, remote API key, or QMD binary). - Source install checks (pnpm workspace mismatch, missing UI assets, missing tsx binary). - Writes updated config + wizard metadata. + diff --git a/docs/gateway/heartbeat.md b/docs/gateway/heartbeat.md index 06b260ed747..20ef427df33 100644 --- a/docs/gateway/heartbeat.md +++ b/docs/gateway/heartbeat.md @@ -34,6 +34,7 @@ Troubleshooting: [Scheduled Tasks](/automation/cron-jobs#troubleshooting) - Use lightweight bootstrap context if heartbeat runs only need `HEARTBEAT.md`. - Enable isolated sessions to avoid sending full conversation history each heartbeat. - Restrict heartbeats to active hours (local time). + @@ -232,14 +233,16 @@ Use `accountId` to target a specific account on multi-account channels like Tele Optional session key for heartbeat runs. - - `main` (default): agent main session. - - Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)). - - Session key formats: see [Sessions](/concepts/session) and [Groups](/channels/groups). +- `main` (default): agent main session. +- Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)). +- Session key formats: see [Sessions](/concepts/session) and [Groups](/channels/groups). + - - `last`: deliver to the last used external channel. - - explicit channel: any configured channel or plugin id, for example `discord`, `matrix`, `telegram`, or `whatsapp`. - - `none` (default): run the heartbeat but **do not deliver** externally. +- `last`: deliver to the last used external channel. +- explicit channel: any configured channel or plugin id, for example `discord`, `matrix`, `telegram`, or `whatsapp`. +- `none` (default): run the heartbeat but **do not deliver** externally. + Controls direct/DM delivery behavior. `allow`: allow direct/DM heartbeat delivery. `block`: suppress direct/DM delivery (`reason=dm-blocked`). @@ -262,11 +265,12 @@ Use `accountId` to target a specific account on multi-account channels like Tele Restricts heartbeat runs to a time window. Object with `start` (HH:MM, inclusive; use `00:00` for start-of-day), `end` (HH:MM exclusive; `24:00` allowed for end-of-day), and optional `timezone`. - - Omitted or `"user"`: uses your `agents.defaults.userTimezone` if set, otherwise falls back to the host system timezone. - - `"local"`: always uses the host system timezone. - - Any IANA identifier (e.g. `America/New_York`): used directly; if invalid, falls back to the `"user"` behavior above. - - `start` and `end` must not be equal for an active window; equal values are treated as zero-width (always outside the window). - - Outside the active window, heartbeats are skipped until the next tick inside the window. +- Omitted or `"user"`: uses your `agents.defaults.userTimezone` if set, otherwise falls back to the host system timezone. +- `"local"`: always uses the host system timezone. +- Any IANA identifier (e.g. `America/New_York`): used directly; if invalid, falls back to the `"user"` behavior above. +- `start` and `end` must not be equal for an active window; equal values are treated as zero-width (always outside the window). +- Outside the active window, heartbeats are skipped until the next tick inside the window. + ## Delivery behavior @@ -279,16 +283,19 @@ Use `accountId` to target a specific account on multi-account channels like Tele - Heartbeat deliveries allow direct/DM targets by default. Set `directPolicy: "block"` to suppress direct-target sends while still running the heartbeat turn. - If the main queue is busy, the heartbeat is skipped and retried later. - If `target` resolves to no external destination, the run still happens but no outbound message is sent. + - If `showOk`, `showAlerts`, and `useIndicator` are all disabled, the run is skipped up front as `reason=alerts-disabled`. - If only alert delivery is disabled, OpenClaw can still run the heartbeat, update due-task timestamps, restore the session idle timestamp, and suppress the outward alert payload. - If the resolved heartbeat target supports typing, OpenClaw shows typing while the heartbeat run is active. This uses the same target the heartbeat would send chat output to, and it is disabled by `typingMode: "never"`. + - Heartbeat-only replies do **not** keep the session alive. Heartbeat metadata may update the session row, but idle expiry uses `lastInteractionAt` from the last real user/channel message, and daily expiry uses `sessionStartedAt`. - Control UI and WebChat history hide heartbeat prompts and OK-only acknowledgments. The underlying session transcript can still contain those turns for audit/replay. - Detached [background tasks](/automation/tasks) can enqueue a system event and wake heartbeat when the main session should notice something quickly. That wake does not make the heartbeat run a background task. + @@ -403,6 +410,7 @@ tasks: - Non-task content in `HEARTBEAT.md` is preserved and appended as additional context after the due-task list. - Task last-run timestamps are stored in session state (`heartbeatTaskState`), so intervals survive normal restarts. - Task timestamps are only advanced after a heartbeat run completes its normal reply path. Skipped `empty-heartbeat-file` / `no-tasks-due` runs do not mark tasks as completed. + diff --git a/docs/gateway/pairing.md b/docs/gateway/pairing.md index 0d52f1f27fa..86d84bc2b86 100644 --- a/docs/gateway/pairing.md +++ b/docs/gateway/pairing.md @@ -82,6 +82,7 @@ Node pairing is a trust and identity flow plus token issuance. It does **not** p - Live node commands come from what the node declares on connect after the gateway's global node command policy (`gateway.nodes.allowCommands` and `denyCommands`) is applied. - Per-node `system.run` allow and ask policy lives on the node in `exec.approvals.node.*`, not in the pairing record. + ## Node command gating (2026.3.31+) diff --git a/docs/gateway/prometheus.md b/docs/gateway/prometheus.md index 92a4753df66..4527e11b104 100644 --- a/docs/gateway/prometheus.md +++ b/docs/gateway/prometheus.md @@ -129,6 +129,7 @@ For traces, logs, OTLP push, and OpenTelemetry GenAI semantic attributes, see [O - raw provider request IDs (only bounded hashes, where applicable, on spans — never on metrics) - session keys and session IDs - hostnames, file paths, secret values + @@ -173,12 +174,14 @@ OpenClaw supports both surfaces independently. You can run either, both, or neit - Authenticated through normal Gateway auth. - Surface is metrics only (no traces or logs). - Best for stacks already standardized on Prometheus + Grafana. + - **Push** model: OpenClaw sends OTLP/HTTP to a collector or OTLP-compatible backend. - Surface includes metrics, traces, and logs. - Bridges to Prometheus through an OpenTelemetry Collector (`prometheus` or `prometheusremotewrite` exporter) when you need both. - See [OpenTelemetry export](/gateway/opentelemetry) for the full catalog. + @@ -189,6 +192,7 @@ OpenClaw supports both surfaces independently. You can run either, both, or neit - Check `diagnostics.enabled: true` in config. - Confirm the plugin is enabled and loaded with `openclaw plugins list --enabled`. - Generate some traffic; counters and histograms only emit lines after at least one event. + The endpoint requires the Gateway operator scope (`auth: "gateway"` with `gatewayRuntimeScopeSurface: "trusted-operator"`). Use the same token or password Prometheus uses for any other Gateway operator route. There is no public unauthenticated mode. diff --git a/docs/gateway/protocol.md b/docs/gateway/protocol.md index 1e06804cf76..ce433f9b2e3 100644 --- a/docs/gateway/protocol.md +++ b/docs/gateway/protocol.md @@ -319,6 +319,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `system-event` appends a system event and can update/broadcast presence context. - `last-heartbeat` returns the latest persisted heartbeat event. - `set-heartbeats` toggles heartbeat processing on the gateway. + @@ -329,6 +330,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `sessions.usage` returns per-session usage summaries. - `sessions.usage.timeseries` returns timeseries usage for one session. - `sessions.usage.logs` returns usage log entries for one session. + @@ -339,11 +341,13 @@ enumeration of `src/gateway/server-methods/*.ts`. - `push.test` sends a test APNs push to a registered iOS node. - `voicewake.get` returns the stored wake-word triggers. - `voicewake.set` updates wake-word triggers and broadcasts the change. + - `send` is the direct outbound-delivery RPC for channel/account/thread-targeted sends outside the chat runner. - `logs.tail` returns the configured gateway file-log tail with cursor/limit and max-byte controls. + @@ -355,6 +359,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `tts.enable` and `tts.disable` toggle TTS prefs state. - `tts.setProvider` updates the preferred TTS provider. - `tts.convert` runs one-shot text-to-speech conversion. + @@ -369,6 +374,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `update.run` runs the gateway update flow and schedules a restart only when the update itself succeeded. - `update.status` returns the latest cached update restart sentinel, including the post-restart running version when available. - `wizard.start`, `wizard.next`, `wizard.status`, and `wizard.cancel` expose the onboarding wizard over WS RPC. + @@ -377,6 +383,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `agents.files.list`, `agents.files.get`, and `agents.files.set` manage the bootstrap workspace files exposed for an agent. - `agent.identity.get` returns the effective assistant identity for an agent or session. - `agent.wait` waits for a run to finish and returns the terminal snapshot when available. + @@ -393,6 +400,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `sessions.reset`, `sessions.delete`, and `sessions.compact` perform session maintenance. - `sessions.get` returns the full stored session row. - Chat execution still uses `chat.history`, `chat.send`, `chat.abort`, and `chat.inject`. `chat.history` is display-normalized for UI clients: inline directive tags are stripped from visible text, plain-text tool-call XML payloads (including `...`, `...`, `...`, `...`, and truncated tool-call blocks) and leaked ASCII/full-width model control tokens are stripped, pure silent-token assistant rows such as exact `NO_REPLY` / `no_reply` are omitted, and oversized rows can be replaced with placeholders. + @@ -400,6 +408,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `device.pair.approve`, `device.pair.reject`, and `device.pair.remove` manage device-pairing records. - `device.token.rotate` rotates a paired device token within its approved role and caller scope bounds. - `device.token.revoke` revokes a paired device token within its approved role and caller scope bounds. + @@ -412,6 +421,7 @@ enumeration of `src/gateway/server-methods/*.ts`. - `node.canvas.capability.refresh` refreshes scoped canvas-capability tokens. - `node.pending.pull` and `node.pending.ack` are the connected-node queue APIs. - `node.pending.enqueue` and `node.pending.drain` manage durable pending work for offline/disconnected nodes. + @@ -420,11 +430,13 @@ enumeration of `src/gateway/server-methods/*.ts`. - `exec.approvals.get` and `exec.approvals.set` manage gateway exec approval policy snapshots. - `exec.approvals.node.get` and `exec.approvals.node.set` manage node-local exec approval policy via node relay commands. - `plugin.approval.request`, `plugin.approval.list`, `plugin.approval.waitDecision`, and `plugin.approval.resolve` cover plugin-defined approval flows. + - Automation: `wake` schedules an immediate or next-heartbeat wake text injection; `cron.list`, `cron.status`, `cron.add`, `cron.update`, `cron.remove`, `cron.run`, `cron.runs` manage scheduled work. - Skills and tools: `commands.list`, `skills.*`, `tools.catalog`, `tools.effective`. + diff --git a/docs/gateway/sandboxing.md b/docs/gateway/sandboxing.md index d362303d6df..cc2c24e0d57 100644 --- a/docs/gateway/sandboxing.md +++ b/docs/gateway/sandboxing.md @@ -25,6 +25,7 @@ This is not a perfect security boundary, but it materially limits filesystem and - noVNC observer access is password-protected by default; OpenClaw emits a short-lived token URL that serves a local bootstrap page and opens noVNC with password in URL fragment (not query/header logs). - `agents.defaults.sandbox.browser.allowHostControl` lets sandboxed sessions target the host browser explicitly. - Optional allowlists gate `target: "custom"`: `allowedControlUrls`, `allowedControlHosts`, `allowedControlPorts`. + @@ -137,11 +138,13 @@ Use `backend: "ssh"` when you want OpenClaw to sandbox `exec`, file tools, and m - On first use after create or recreate, OpenClaw seeds that remote workspace from the local workspace once. - After that, `exec`, `read`, `write`, `edit`, `apply_patch`, prompt media reads, and inbound media staging run directly against the remote workspace over SSH. - OpenClaw does not sync remote changes back to the local workspace automatically. + - `identityFile`, `certificateFile`, `knownHostsFile`: use existing local files and pass them through OpenSSH config. - `identityData`, `certificateData`, `knownHostsData`: use inline strings or SecretRefs. OpenClaw resolves them through the normal secrets runtime snapshot, writes them to temp files with `0600`, and deletes them when the SSH session ends. - If both `*File` and `*Data` are set for the same item, `*Data` wins for that SSH session. + This is a **remote-canonical** model. The remote SSH workspace becomes the real sandbox state after the initial seed. @@ -198,11 +201,13 @@ OpenShell modes: - OpenClaw asks OpenShell for sandbox-specific SSH config via `openshell sandbox ssh-config `. - Core writes that SSH config to a temp file, opens the SSH session, and reuses the same remote filesystem bridge used by `backend: "ssh"`. - In `mirror` mode only the lifecycle differs: sync local to remote before exec, then sync back after exec. + - sandbox browser is not supported yet - `sandbox.docker.binds` is not supported on the OpenShell backend - Docker-specific runtime knobs under `sandbox.docker.*` still apply only to the Docker backend + @@ -349,6 +354,7 @@ Example (read-only source + an extra data directory): - Sensitive mounts (secrets, SSH keys, service credentials) should be `:ro` unless absolutely required. - Combine with `workspaceAccess: "ro"` if you only need read access to the workspace; bind modes stay independent. - See [Sandbox vs Tool Policy vs Elevated](/gateway/sandbox-vs-tool-policy-vs-elevated) for how binds interact with tool policy and elevated exec. + ## Images and setup @@ -416,6 +422,7 @@ By default, Docker sandbox containers run with **no network**. Override with `ag - `network: "host"` is blocked. - `network: "container:"` is blocked by default (namespace join bypass risk). - Break-glass override: `agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin: true`. + @@ -439,6 +446,7 @@ Paths: - `readOnlyRoot: true` prevents writes; set `readOnlyRoot: false` or bake a custom image. - `user` must be root for package installs (omit `user` or set `user: "0:0"`). - Sandbox exec does **not** inherit host `process.env`. Use `agents.defaults.sandbox.docker.env` (or a custom image) for skill API keys. + diff --git a/docs/gateway/secrets.md b/docs/gateway/secrets.md index cff013086f0..0c4a2f02d97 100644 --- a/docs/gateway/secrets.md +++ b/docs/gateway/secrets.md @@ -51,6 +51,7 @@ SecretRefs are validated only on effectively active surfaces. - `gateway.remote.token` is active when token auth can win and no env/auth token is configured. - `gateway.remote.password` is active only when password auth can win and no env/auth password is configured. - `gateway.auth.token` SecretRef is inactive for startup auth resolution when `OPENCLAW_GATEWAY_TOKEN` is set, because env token input wins for that runtime. + @@ -159,6 +160,7 @@ Define providers under `secrets.providers`: - Optional allowlist via `allowlist`. - Missing/empty env values fail resolution. + - Reads local file from `path`. @@ -166,6 +168,7 @@ Define providers under `secrets.providers`: - `mode: "singleValue"` expects ref id `"value"` and returns file contents. - Path must pass ownership/permission checks. - Windows fail-closed note: if ACL verification is unavailable for a path, resolution fails. For trusted paths only, set `allowInsecurePath: true` on that provider to bypass path security checks. + - Runs configured absolute binary path, no shell. diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 9f56aacc759..8d50041a2fc 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -303,6 +303,7 @@ production. - `hooks.mappings[].allowUnsafeExternalContent=true` - `tools.exec.applyPatch.workspaceOnly=false` - `plugins.entries.acpx.config.permissionMode=approve-all` + diff --git a/docs/gateway/troubleshooting.md b/docs/gateway/troubleshooting.md index 88be26f9d0d..4d623b1bf81 100644 --- a/docs/gateway/troubleshooting.md +++ b/docs/gateway/troubleshooting.md @@ -131,6 +131,7 @@ Look for: - `incomplete turn detected ... stopReason=stop payloads=0` → the backend completed the Chat Completions request but returned no user-visible assistant text for that turn. OpenClaw retries replay-safe empty OpenAI-compatible turns once; persistent failures usually mean the backend is emitting empty/non-text content or suppressing final-answer text. - direct tiny requests succeed, but OpenClaw agent runs fail with backend/model crashes (for example Gemma on some `inferrs` builds) → OpenClaw transport is likely already correct; the backend is failing on the larger agent-runtime prompt shape. - failures shrink after disabling tools but do not disappear → tool schemas were part of the pressure, but the remaining issue is still upstream model/server capacity or a backend bug. + 1. Set `compat.requiresStringContent: true` for string-only Chat Completions backends. @@ -207,6 +208,7 @@ Look for: - `too many failed authentication attempts (retry later)` from a browser-origin loopback client → repeated failures from that same normalized `Origin` are locked out temporarily; another localhost origin uses a separate bucket. - repeated `unauthorized` after that retry → shared token/device token drift; refresh token config and re-approve/rotate device token if needed. - `gateway connect failed:` → wrong host/port/url target. + @@ -288,6 +290,7 @@ Look for: - `Other gateway-like services detected (best effort)` → stale or parallel launchd/systemd/schtasks units exist. Most setups should keep one gateway per machine; if you do need more than one, isolate ports + config/state/workspace. See [/gateway#multiple-gateways-same-host](/gateway#multiple-gateways-same-host). - `System-level OpenClaw gateway service detected` from doctor → a systemd system unit exists while the user-level service is missing. Remove or disable the duplicate before allowing doctor to install a user service, or set `OPENCLAW_SERVICE_REPAIR_POLICY=external` if the system unit is the intended supervisor. - `Gateway service port does not match current gateway config` → the installed supervisor still pins the old `--port`. Run `openclaw doctor --fix` or `openclaw gateway install --force`, then restart the gateway service. + @@ -323,6 +326,7 @@ Look for: - The active config was restored from the last validated last-known-good copy. - The next main-agent turn is warned not to blindly rewrite the rejected config. - If all validation issues were under `plugins.entries....`, OpenClaw would not restore the whole file. Plugin-local failures stay loud while unrelated user settings remain in the active config. + ```bash @@ -339,6 +343,7 @@ Look for: - `Config write rejected:` → the write tried to drop required shape, shrink the file sharply, or persist invalid config. - `missing-meta-vs-last-good`, `gateway-mode-missing-vs-last-good`, or `size-drop-vs-last-good:*` → startup treated the current file as clobbered because it lost fields or size compared with the last-known-good backup. - `Config last-known-good promotion skipped` → the candidate contained redacted secret placeholders such as `***`. + 1. Keep the restored active config if it is correct. @@ -442,6 +447,7 @@ Look for: - `heartbeat skipped` with `reason=no-tasks-due` → `HEARTBEAT.md` contains a `tasks:` block, but none of the tasks are due on this tick. - `heartbeat: unknown accountId` → invalid account id for heartbeat delivery target. - `heartbeat skipped` with `reason=dm-blocked` → heartbeat target resolved to a DM-style destination while `agents.defaults.heartbeat.directPolicy` (or per-agent override) is set to `block`. + @@ -510,12 +516,14 @@ Look for: - `browser.cdpUrl must be http(s) or ws(s)` → the configured CDP URL uses an unsupported scheme such as `file:` or `ftp:`. - `browser.cdpUrl has invalid port` → the configured CDP URL has a bad or out-of-range port. - `Playwright is not available in this gateway build; '' is unsupported.` → the current gateway install lacks the bundled browser plugin's `playwright-core` runtime dependency; run `openclaw doctor --fix`, then restart the gateway. ARIA snapshots and basic page screenshots can still work, but navigation, AI snapshots, CSS-selector element screenshots, and PDF export stay unavailable. + - `Could not find DevToolsActivePort for chrome` → Chrome MCP existing-session could not attach to the selected browser data dir yet. Open the browser inspect page, enable remote debugging, keep the browser open, approve the first attach prompt, then retry. If signed-in state is not required, prefer the managed `openclaw` profile. - `No Chrome tabs found for profile="user"` → the Chrome MCP attach profile has no open local Chrome tabs. - `Remote CDP for profile "" is not reachable` → the configured remote CDP endpoint is not reachable from the gateway host. - `Browser attachOnly is enabled ... not reachable` or `Browser attachOnly is enabled and CDP websocket ... is not reachable` → attach-only profile has no reachable target, or the HTTP endpoint answered but the CDP WebSocket still could not be opened. + - `fullPage is not supported for element screenshots` → screenshot request mixed `--full-page` with `--ref` or `--element`. @@ -527,6 +535,7 @@ Look for: - `existing-session evaluate does not support timeoutMs overrides.` → omit `timeoutMs` for `act:evaluate` on `profile="user"` / Chrome MCP existing-session profiles, or use a managed/CDP browser profile when a custom timeout is required. - `response body is not supported for existing-session profiles yet.` → `responsebody` still requires a managed browser or raw CDP profile. - stale viewport / dark-mode / locale / offline overrides on attach-only or remote CDP profiles → run `openclaw browser stop --browser-profile ` to close the active control session and release Playwright/CDP emulation state without restarting the whole gateway. + diff --git a/docs/gateway/trusted-proxy-auth.md b/docs/gateway/trusted-proxy-auth.md index 534ccfd198e..2763504498b 100644 --- a/docs/gateway/trusted-proxy-auth.md +++ b/docs/gateway/trusted-proxy-auth.md @@ -99,6 +99,7 @@ Implications: - Internal Gateway clients that do not travel through the reverse proxy should use `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`, not trusted-proxy identity headers. - Non-loopback Control UI deployments still need explicit `gateway.controlUi.allowedOrigins`. - **Forwarded-header evidence overrides loopback locality for local direct fallback.** If a request arrives on loopback but carries `X-Forwarded-For` / `X-Forwarded-Host` / `X-Forwarded-Proto` headers pointing at a non-local origin, that evidence disqualifies local-direct password fallback and device-identity gating. With `allowLoopback: true`, trusted-proxy auth can still accept the request as a same-host proxy request, while `requiredHeaders` and `allowUsers` continue to apply. + ### Configuration reference diff --git a/docs/help/faq-models.md b/docs/help/faq-models.md index 81102d21c07..83756527c48 100644 --- a/docs/help/faq-models.md +++ b/docs/help/faq-models.md @@ -95,6 +95,7 @@ troubleshooting, see the main [FAQ](/help/faq). - These deployments can differ and may change over time; there is no fixed provider recommendation. - Check the current runtime setting on each gateway with `openclaw models status`. - For security-sensitive/tool-enabled agents, use the strongest latest-generation model available. + diff --git a/docs/install/ansible.md b/docs/install/ansible.md index 48d53ad0f44..b9dcc686d52 100644 --- a/docs/install/ansible.md +++ b/docs/install/ansible.md @@ -177,6 +177,7 @@ This is idempotent and safe to run multiple times. - Ensure you can access via Tailscale VPN first - SSH access (port 22) is always allowed - The gateway is only accessible via Tailscale by design + ```bash diff --git a/docs/install/installer.md b/docs/install/installer.md index 195ba9bcc65..e1750809549 100644 --- a/docs/install/installer.md +++ b/docs/install/installer.md @@ -79,12 +79,14 @@ Recommended for most interactive installs on macOS/Linux/WSL. - `npm` method (default): global npm install - `git` method: clone/update repo, install deps with pnpm, build, then install wrapper at `~/.local/bin/openclaw` + - Refreshes a loaded gateway service best-effort (`openclaw gateway install --force`, then restart) - Runs `openclaw doctor --non-interactive` on upgrades and git installs (best effort) - Attempts onboarding when appropriate (TTY available, onboarding not disabled, and bootstrap/config checks pass) - Defaults `SHARP_IGNORE_GLOBAL_LIBVIPS=1` + @@ -193,6 +195,7 @@ by default, plus git-checkout installs under the same prefix flow. - `npm` method (default): installs under the prefix with npm, then writes wrapper to `/bin/openclaw` - `git` method: clones/updates a checkout (default `~/openclaw`) and still writes the wrapper to `/bin/openclaw` + If a gateway service is already loaded from that same prefix, the script runs @@ -286,11 +289,13 @@ by default, plus git-checkout installs under the same prefix flow. - `npm` method (default): global npm install using selected `-Tag` - `git` method: clone/update repo, install/build with pnpm, and install wrapper at `%USERPROFILE%\.local\bin\openclaw.cmd` + - Adds needed bin directory to user PATH when possible - Refreshes a loaded gateway service best-effort (`openclaw gateway install --force`, then restart) - Runs `openclaw doctor --non-interactive` on upgrades and git installs (best effort) + `iwr ... | iex` and scriptblock installs report a terminating error without closing the current PowerShell session. Direct `powershell -File` / `pwsh -File` installs still exit non-zero for automation. diff --git a/docs/install/migrating-claude.md b/docs/install/migrating-claude.md index 5d710717da3..9db686dfa62 100644 --- a/docs/install/migrating-claude.md +++ b/docs/install/migrating-claude.md @@ -48,6 +48,7 @@ Onboarding imports require a fresh OpenClaw setup. If you already have local Ope - Project `CLAUDE.md` and `.claude/CLAUDE.md` content is copied or appended into the OpenClaw agent workspace `AGENTS.md`. - User `~/.claude/CLAUDE.md` content is appended into workspace `USER.md`. + MCP server definitions are imported from project `.mcp.json`, Claude Code `~/.claude.json`, and Claude Desktop `claude_desktop_config.json` when present. @@ -55,6 +56,7 @@ Onboarding imports require a fresh OpenClaw setup. If you already have local Ope - Claude skills with a `SKILL.md` file are copied into the OpenClaw workspace skills directory. - Claude command Markdown files under `.claude/commands/` or `~/.claude/commands/` are converted into OpenClaw skills with `disable-model-invocation: true`. + diff --git a/docs/install/migrating-hermes.md b/docs/install/migrating-hermes.md index a08a9689c99..9e4f0810979 100644 --- a/docs/install/migrating-hermes.md +++ b/docs/install/migrating-hermes.md @@ -49,6 +49,7 @@ Imports require a fresh OpenClaw setup. If you already have local OpenClaw state - Default model selection from Hermes `config.yaml`. - Configured model providers and custom OpenAI-compatible endpoints from `providers` and `custom_providers`. + MCP server definitions from `mcp_servers` or `mcp.servers`. @@ -56,6 +57,7 @@ Imports require a fresh OpenClaw setup. If you already have local OpenClaw state - `SOUL.md` and `AGENTS.md` are copied into the OpenClaw agent workspace. - `memories/MEMORY.md` and `memories/USER.md` are **appended** to the matching OpenClaw memory files instead of overwriting them. + Memory config defaults for OpenClaw file memory. External memory providers such as Honcho are recorded as archive or manual-review items so you can move them deliberately. diff --git a/docs/nodes/media-understanding.md b/docs/nodes/media-understanding.md index 9da0610a244..df4cf5bbe67 100644 --- a/docs/nodes/media-understanding.md +++ b/docs/nodes/media-understanding.md @@ -61,6 +61,7 @@ If understanding fails or is disabled, **the reply flow continues** with the ori - `attachments` policy (`mode`, `maxAttachments`, `prefer`) - `scope` (optional gating by channel/chatType/session key) - `tools.media.concurrency`: max concurrent capability runs (default **2**). + @@ -157,6 +158,7 @@ Recommended defaults: - If a Gateway/WebChat primary model is text-only, image attachments are preserved as offloaded `media://inbound/*` refs so the image/PDF tools or configured image model can still inspect them instead of losing the attachment. - Explicit `openclaw infer image describe --model ` requests are different: they run that image-capable provider/model directly, including Ollama refs such as `ollama/qwen2.5vl:7b`. - If `.enabled: true` but no models are configured, OpenClaw tries the **active reply model** when its provider supports the capability. + @@ -259,6 +261,7 @@ For CLI entries, **set `capabilities` explicitly** to avoid surprising matches. - `minimax` and `minimax-portal` image understanding comes from the plugin-owned `MiniMax-VL-01` media provider. - The bundled MiniMax text catalog still starts text-only; explicit `models.providers.minimax` entries materialize image-capable M2.7 chat refs. + ## Model selection guidance @@ -292,6 +295,7 @@ When `mode: "all"`, outputs are labeled `[Image 1/2]`, `[Audio 2/2]`, etc. - This attachment-extraction path intentionally omits the long `SECURITY NOTICE:` banner to avoid bloating the media prompt; the boundary markers and metadata still remain. - If a file has no extractable text, OpenClaw injects `[No extractable text]`. - If a PDF falls back to rendered page images in this path, the media prompt keeps the placeholder `[PDF content rendered to images; images not forwarded to model]` because this attachment-extraction step forwards text blocks, not the rendered PDF images. + diff --git a/docs/plugins/architecture.md b/docs/plugins/architecture.md index 2d8a4c683e3..bfe5ec19ee3 100644 --- a/docs/plugins/architecture.md +++ b/docs/plugins/architecture.md @@ -424,12 +424,14 @@ The practical effect is that OpenClaw knows, up front, which plugin owns which s - owned by core - reusable by multiple plugins - consumable by channels/features without vendor knowledge + - vendor-specific policy hidden in core - one-off plugin escape hatches that bypass the registry - channel code reaching straight into a vendor implementation - ad hoc runtime objects that are not part of `OpenClawPluginApi` or `api.runtime` + diff --git a/docs/plugins/sdk-setup.md b/docs/plugins/sdk-setup.md index 239528b5c77..53faf62a087 100644 --- a/docs/plugins/sdk-setup.md +++ b/docs/plugins/sdk-setup.md @@ -300,6 +300,7 @@ Bundled workspace channels that keep setup-safe exports in sidecar modules can u - The channel is disabled but needs setup/onboarding surfaces. - The channel is enabled but unconfigured. - Deferred loading is enabled (`deferConfiguredChannelFullLoadUntilAfterListen`). + - The channel plugin object (via `defineSetupPluginEntry`). @@ -314,6 +315,7 @@ Bundled workspace channels that keep setup-safe exports in sidecar modules can u - Background services. - Heavy runtime imports (crypto, SDKs). - Gateway methods only needed after startup. + diff --git a/docs/plugins/voice-call.md b/docs/plugins/voice-call.md index d6d74abe841..39a39f99657 100644 --- a/docs/plugins/voice-call.md +++ b/docs/plugins/voice-call.md @@ -161,12 +161,14 @@ Voice-call credentials accept SecretRefs. `plugins.entries.voice-call.config.twi - On ngrok free tier, set `publicUrl` to the exact ngrok URL; signature verification is always enforced. - `tunnel.allowNgrokFreeTierLoopbackBypass: true` allows Twilio webhooks with invalid signatures **only** when `tunnel.provider="ngrok"` and `serve.bind` is loopback (ngrok local agent). Local dev only. - Ngrok free-tier URLs can change or add interstitial behaviour; if `publicUrl` drifts, Twilio signatures fail. Production: prefer a stable domain or a Tailscale funnel. + - `streaming.preStartTimeoutMs` closes sockets that never send a valid `start` frame. - `streaming.maxPendingConnections` caps total unauthenticated pre-start sockets. - `streaming.maxPendingConnectionsPerIp` caps unauthenticated pre-start sockets per source IP. - `streaming.maxConnections` caps total open media stream sockets (pending + active). + Older configs using `provider: "log"`, `twilio.from`, or legacy diff --git a/docs/providers/anthropic.md b/docs/providers/anthropic.md index b7041447680..159cf9620f2 100644 --- a/docs/providers/anthropic.md +++ b/docs/providers/anthropic.md @@ -147,6 +147,7 @@ Override per-message with `/think:` or in model params: Related Anthropic docs: - [Adaptive thinking](https://platform.claude.com/docs/en/build-with-claude/adaptive-thinking) - [Extended thinking](https://platform.claude.com/docs/en/build-with-claude/extended-thinking) + ## Prompt caching @@ -209,6 +210,7 @@ OpenClaw supports Anthropic's prompt caching feature for API-key auth. - Anthropic Claude models on Bedrock (`amazon-bedrock/*anthropic.claude*`) accept `cacheRetention` pass-through when configured. - Non-Anthropic Bedrock models are forced to `cacheRetention: "none"` at runtime. - API-key smart defaults also seed `cacheRetention: "short"` for Claude-on-Bedrock refs when no explicit value is set. + @@ -241,6 +243,7 @@ OpenClaw supports Anthropic's prompt caching feature for API-key auth. - Only injected for direct `api.anthropic.com` requests. Proxy routes leave `service_tier` untouched. - Explicit `serviceTier` or `service_tier` params override `/fast` when both are set. - On accounts without Priority Tier capacity, `service_tier: "auto"` may resolve to `standard`. + diff --git a/docs/providers/chutes.md b/docs/providers/chutes.md index f218f902e04..f1dc343b536 100644 --- a/docs/providers/chutes.md +++ b/docs/providers/chutes.md @@ -131,6 +131,7 @@ The bundled fallback catalog includes current Chutes refs: - API-key and OAuth discovery both use the same `chutes` provider id. - Chutes models are registered as `chutes/`. - If discovery fails at startup, the bundled static catalog is used automatically. + diff --git a/docs/providers/kilocode.md b/docs/providers/kilocode.md index 398a3d06653..29e7362abb4 100644 --- a/docs/providers/kilocode.md +++ b/docs/providers/kilocode.md @@ -118,6 +118,7 @@ includes `kilocode/kilo/auto` (`Kilo Auto`) with `input: ["text", "image"]`, - If model discovery fails at startup, OpenClaw falls back to the bundled static catalog containing `kilocode/kilo/auto`. - Confirm your API key is valid and that your Kilo account has the desired models enabled. - When the Gateway runs as a daemon, ensure `KILOCODE_API_KEY` is available to that process (for example in `~/.openclaw/.env` or via `env.shellEnv`). + diff --git a/docs/providers/minimax.md b/docs/providers/minimax.md index 8d06efb57a9..5e9e10d8954 100644 --- a/docs/providers/minimax.md +++ b/docs/providers/minimax.md @@ -427,6 +427,7 @@ See [MiniMax Search](/tools/minimax-search) for full web search configuration an - OpenClaw normalizes MiniMax coding-plan usage to the same `% left` display used by other providers. MiniMax's raw `usage_percent` / `usagePercent` fields are remaining quota, not consumed quota, so OpenClaw inverts them. Count-based fields win when present. - When the API returns `model_remains`, OpenClaw prefers the chat-model entry, derives the window label from `start_time` / `end_time` when needed, and includes the selected model name in the plan label so coding-plan windows are easier to distinguish. - Usage snapshots treat `minimax`, `minimax-cn`, and `minimax-portal` as the same MiniMax quota surface, and prefer stored MiniMax OAuth before falling back to Coding Plan key env vars. + diff --git a/docs/providers/mistral.md b/docs/providers/mistral.md index 50384fd5c51..de0f156b9f9 100644 --- a/docs/providers/mistral.md +++ b/docs/providers/mistral.md @@ -161,6 +161,7 @@ matching `sampleRate` only if your upstream stream is already raw PCM. - Provider base URL defaults to `https://api.mistral.ai/v1`. - Onboarding default model is `mistral/mistral-large-latest`. - Z.AI uses Bearer auth with your API key. + diff --git a/docs/providers/ollama.md b/docs/providers/ollama.md index c144eada57a..acfc7f1a0d0 100644 --- a/docs/providers/ollama.md +++ b/docs/providers/ollama.md @@ -60,6 +60,7 @@ Choose your preferred setup method and mode. - **Cloud + Local** — local Ollama host plus cloud models routed through that host - **Cloud only** — hosted Ollama models via `https://ollama.com` - **Local only** — local models only + `Cloud only` prompts for `OLLAMA_API_KEY` and suggests hosted cloud defaults. `Cloud + Local` and `Local only` ask for an Ollama base URL, discover available models, and auto-pull the selected local model if it is not available yet. When Ollama reports an installed `:latest` tag such as `gemma4:latest`, setup shows that installed model once instead of showing both `gemma4` and `gemma4:latest` or pulling the bare alias again. `Cloud + Local` also checks whether that Ollama host is signed in for cloud access. @@ -99,6 +100,7 @@ Choose your preferred setup method and mode. - **Cloud + Local**: install Ollama, sign in with `ollama signin`, and route cloud requests through that host - **Cloud only**: use `https://ollama.com` with an `OLLAMA_API_KEY` - **Local only**: install Ollama from [ollama.com/download](https://ollama.com/download) + ```bash diff --git a/docs/providers/qianfan.md b/docs/providers/qianfan.md index f7a0d25fdd3..bba2f0ba44c 100644 --- a/docs/providers/qianfan.md +++ b/docs/providers/qianfan.md @@ -110,6 +110,7 @@ The default bundled model ref is `qianfan/deepseek-v3.2`. You only need to overr - Ensure your API key starts with `bce-v3/ALTAK-` and has Qianfan API access enabled in the Baidu Cloud console. - If models are not listed, confirm your account has the Qianfan service activated. - The default base URL is `https://qianfan.baidubce.com/v2`. Only change it if you use a custom endpoint or proxy. + diff --git a/docs/providers/stepfun.md b/docs/providers/stepfun.md index 021b1d6c01a..913e936ddba 100644 --- a/docs/providers/stepfun.md +++ b/docs/providers/stepfun.md @@ -203,6 +203,7 @@ Choose your provider surface and follow the setup steps. - `step-3.5-flash-2603` is currently exposed only on `stepfun-plan`. - A single auth flow writes region-matched profiles for both `stepfun` and `stepfun-plan`, so both surfaces can be discovered together. - Use `openclaw models list` and `openclaw models set ` to inspect or switch models. + diff --git a/docs/providers/together.md b/docs/providers/together.md index 6f0f6bce81f..7e982b0b89d 100644 --- a/docs/providers/together.md +++ b/docs/providers/together.md @@ -119,6 +119,7 @@ provider selection, and failover behavior. - If models are not appearing, confirm the API key is set in the correct environment for your Gateway process. - Model refs use the form `together/`. + diff --git a/docs/providers/zai.md b/docs/providers/zai.md index 43f45d7e8df..6a20103020e 100644 --- a/docs/providers/zai.md +++ b/docs/providers/zai.md @@ -180,6 +180,7 @@ GLM models are available as `zai/` (example: `zai/glm-5`). The default bu - Z.AI uses Bearer auth with your API key. - The `zai-api-key` onboarding choice auto-detects the matching Z.AI endpoint from the key prefix. - Use the explicit regional choices (`zai-coding-global`, `zai-coding-cn`, `zai-global`, `zai-cn`) when you want to force a specific API surface. + diff --git a/docs/reference/memory-config.md b/docs/reference/memory-config.md index d7f2ed958ec..4a985403345 100644 --- a/docs/reference/memory-config.md +++ b/docs/reference/memory-config.md @@ -614,6 +614,7 @@ For conceptual behavior and slash commands, see [Dreaming](/concepts/dreaming). - `dreaming.model` uses the existing plugin subagent trust gate; set `plugins.entries.memory-core.subagent.allowModelOverride: true` before enabling it. - Dream Diary retries once with the session default model when the configured model is unavailable. Trust or allowlist failures are logged and are not silently retried. - The light/deep/REM phase policy and thresholds are internal behavior, not user-facing config. + ## Related diff --git a/docs/reference/wizard.md b/docs/reference/wizard.md index 977c568b033..a27d82dc21f 100644 --- a/docs/reference/wizard.md +++ b/docs/reference/wizard.md @@ -26,6 +26,7 @@ For a high-level overview, see [Onboarding (CLI)](/start/wizard). - Config only - Config + credentials + sessions - Full reset (also removes workspace) + - **Anthropic API key**: uses `ANTHROPIC_API_KEY` if present or prompts for a key, then saves it for daemon use. @@ -76,6 +77,7 @@ For a high-level overview, see [Onboarding (CLI)](/start/wizard). - Default `~/.openclaw/workspace` (configurable). - Seeds the workspace files needed for the agent bootstrap ritual. - Full workspace layout + backup guide: [Agent workspace](/concepts/agent-workspace) + - Port, bind, auth mode, tailscale exposure. @@ -91,6 +93,7 @@ For a high-level overview, see [Onboarding (CLI)](/start/wizard). - Cannot be combined with `--gateway-token`. - Disable auth only if you fully trust every local process. - Non‑loopback binds still require auth. + - [WhatsApp](/channels/whatsapp): optional QR login. @@ -102,12 +105,14 @@ For a high-level overview, see [Onboarding (CLI)](/start/wizard). - [BlueBubbles](/channels/bluebubbles): **recommended for iMessage**; server URL + password + webhook. - [iMessage](/channels/imessage): legacy `imsg` CLI path + DB access. - DM security: default is pairing. First DM sends a code; approve via `openclaw pairing approve ` or use allowlists. + - Pick a supported provider such as Brave, DuckDuckGo, Exa, Firecrawl, Gemini, Grok, Kimi, MiniMax Search, Ollama Web Search, Perplexity, SearXNG, or Tavily (or skip). - API-backed providers can use env vars or existing config for quick setup; key-free providers use their provider-specific prerequisites instead. - Skip with `--skip-search`. - Configure later: `openclaw configure --section web`. + - macOS: LaunchAgent @@ -119,18 +124,22 @@ For a high-level overview, see [Onboarding (CLI)](/start/wizard). - If token auth requires a token and `gateway.auth.token` is SecretRef-managed, daemon install validates it but does not persist resolved plaintext token values into supervisor service environment metadata. - If token auth requires a token and the configured token SecretRef is unresolved, daemon install is blocked with actionable guidance. - If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, daemon install is blocked until mode is set explicitly. + - Starts the Gateway (if needed) and runs `openclaw health`. - Tip: `openclaw status --deep` adds the live gateway health probe to status output, including channel probes when supported (requires a reachable gateway). + - Reads the available skills and checks requirements. - Lets you choose a node manager: **npm / pnpm** (bun not recommended). - Installs optional dependencies (some use Homebrew on macOS). + - Summary + next steps, including iOS/Android/macOS apps for extra features. + diff --git a/docs/start/wizard-cli-reference.md b/docs/start/wizard-cli-reference.md index 9ffca43ea2f..28d90609c80 100644 --- a/docs/start/wizard-cli-reference.md +++ b/docs/start/wizard-cli-reference.md @@ -37,14 +37,17 @@ It does not install or modify anything on the remote host. - Config only - Config + credentials + sessions - Full reset (also removes workspace) + - Full option matrix is in [Auth and model options](#auth-and-model-options). + - Default `~/.openclaw/workspace` (configurable). - Seeds workspace files needed for first-run bootstrap ritual. - Workspace layout: [Agent workspace](/concepts/agent-workspace). + - Prompts for port, bind, auth mode, and tailscale exposure. @@ -58,6 +61,7 @@ It does not install or modify anything on the remote host. - Cannot be combined with `--gateway-token`. - Disable auth only if you fully trust every local process. - Non-loopback binds still require auth. + - [WhatsApp](/channels/whatsapp): optional QR login @@ -81,18 +85,22 @@ It does not install or modify anything on the remote host. - If task creation is denied, OpenClaw falls back to a per-user Startup-folder login item and starts the gateway immediately. - Scheduled Tasks remain preferred because they provide better supervisor status. - Runtime selection: Node (recommended; required for WhatsApp and Telegram). Bun is not recommended. + - Starts gateway (if needed) and runs `openclaw health`. - `openclaw status --deep` adds the live gateway health probe to status output, including channel probes when supported. + - Reads available skills and checks requirements. - Lets you choose node manager: npm, pnpm, or bun. - Installs optional dependencies (some use Homebrew on macOS). + - Summary and next steps, including iOS, Android, and macOS app options. + @@ -119,6 +127,7 @@ What you set: - Discovery hints: - macOS: Bonjour (`dns-sd`) - Linux: Avahi (`avahi-browse`) + ## Auth and model options diff --git a/docs/start/wizard.md b/docs/start/wizard.md index 2e65ce4f85b..751344210fa 100644 --- a/docs/start/wizard.md +++ b/docs/start/wizard.md @@ -54,9 +54,11 @@ Onboarding starts with **QuickStart** (defaults) vs **Advanced** (full control). - DM isolation default: local onboarding writes `session.dmScope: "per-channel-peer"` when unset. Details: [CLI Setup Reference](/start/wizard-cli-reference#outputs-and-internals) - Tailscale exposure **Off** - Telegram + WhatsApp DMs default to **allowlist** (you'll be prompted for your phone number) + - Exposes every step (mode, workspace, gateway, channels, daemon, skills). + diff --git a/docs/tools/acp-agents.md b/docs/tools/acp-agents.md index ddaa38749b1..7f92c038d34 100644 --- a/docs/tools/acp-agents.md +++ b/docs/tools/acp-agents.md @@ -57,6 +57,7 @@ an unavailable backend. - Other target harness adapters may still be fetched on demand with `npx` the first time you use them. - Vendor auth still has to exist on the host for that harness. - If the host has no npm or network access, first-run adapter fetches fail until caches are pre-warmed or the adapter is installed another way. + ACP launches a real external harness process. OpenClaw owns routing, @@ -146,6 +147,7 @@ Quick `/acp` flow from chat: - `cancel` aborts the active turn when the backend supports cancellation; it does not delete the binding or session metadata. - `close` ends the ACP session from OpenClaw's point of view and removes the binding. A harness may still keep its own upstream history if it supports resume. - Idle runtime workers are eligible for cleanup after `acp.runtime.ttlMinutes`; stored session metadata remains available for `/acp sessions`. + Natural-language triggers that should route to the **native Codex @@ -176,6 +178,7 @@ Quick `/acp` flow from chat: - `openai/*` plus `agentRuntime.id: "codex"` — native Codex app-server embedded runtime. - `/codex ...` — native Codex conversation control. - `/acp ...` or `runtime: "acp"` — explicit ACP/acpx control. + Triggers that should route to the ACP runtime: @@ -276,6 +279,7 @@ Examples: - On Discord, `spawnAcpSessions` is only required when OpenClaw needs to create a child thread for `--thread auto|here` — not for `--bind here`. - If you spawn to a different ACP agent without `--cwd`, OpenClaw inherits the **target agent's** workspace by default. Missing inherited paths (`ENOENT`/`ENOTDIR`) fall back to the backend default; other access errors (e.g. `EACCES`) surface as spawn errors. - Gateway management commands stay local in bound conversations — `/acp ...` commands are handled by OpenClaw even when normal follow-up text routes to the bound ACP session; `/status` and `/unfocus` also stay local whenever command handling is enabled for that surface. + When thread bindings are enabled for a channel adapter: @@ -303,6 +307,7 @@ Examples: - Any channel adapter that exposes session/thread binding capability. - Current built-in support: **Discord** threads/channels, **Telegram** topics (forum topics in groups/supergroups and DM topics). - Plugin channels can add support through the same binding interface. + @@ -323,22 +328,23 @@ top-level `bindings[]` entries. - **Telegram forum topic:** `match.channel="telegram"` + `match.peer.id=":topic:"` - **BlueBubbles DM/group:** `match.channel="bluebubbles"` + `match.peer.id=""`. Prefer `chat_id:*` or `chat_identifier:*` for stable group bindings. - **iMessage DM/group:** `match.channel="imessage"` + `match.peer.id=""`. Prefer `chat_id:*` for stable group bindings. + - + The owning OpenClaw agent id. - - + + Optional ACP override. - - + + Optional operator-facing label. - - + + Optional runtime working directory. - - + + Optional backend override. - + ### Runtime defaults per agent @@ -714,6 +720,7 @@ OpenClaw sandbox. - OpenClaw's sandbox policy does **not** wrap ACP harness execution. - OpenClaw still enforces ACP feature gates, allowed agents, session ownership, channel bindings, and Gateway delivery policy. - Use `runtime: "subagent"` for sandbox-enforced OpenClaw-native work. + Current limitations: diff --git a/docs/tools/clawhub.md b/docs/tools/clawhub.md index a3aa6993565..924058e2981 100644 --- a/docs/tools/clawhub.md +++ b/docs/tools/clawhub.md @@ -150,11 +150,13 @@ abuse without blocking legitimate contributors. - Report reasons are required and recorded. - Each user can have up to 20 active reports at a time. - Skills with more than 3 unique reports are auto-hidden by default. + - Moderators can view hidden skills, unhide them, delete them, or ban users. - Abusing the report feature can result in account bans. - Interested in becoming a moderator? Ask in the OpenClaw Discord and contact a moderator or maintainer. + @@ -382,6 +384,7 @@ plugin loading paths. - Each publish creates a new **semver** `SkillVersion`. - Tags (like `latest`) point to a version; moving tags lets you roll back. - Changelogs are attached per version and can be empty when syncing or publishing updates. + Updates compare the local skill contents to registry versions using a @@ -398,6 +401,7 @@ plugin loading paths. - Installed skills are recorded in `.clawhub/lock.json` under your workdir. - Auth tokens are stored in the ClawHub CLI config file (override via `CLAWHUB_CONFIG_PATH`). + When you run `clawhub sync` while logged in, the CLI sends a minimal diff --git a/docs/tools/diffs.md b/docs/tools/diffs.md index 856f7dc3aba..330d6269426 100644 --- a/docs/tools/diffs.md +++ b/docs/tools/diffs.md @@ -191,6 +191,7 @@ All fields are optional unless noted. - `fileQuality: "hq"`: max 14 MP (14,000,000 rendered pixels). - `fileQuality: "print"`: max 24 MP (24,000,000 rendered pixels). - PDF also has a max of 50 pages. + @@ -406,11 +407,13 @@ URL construction behavior: - Remote miss throttling when remote access is enabled: - 40 failures per 60 seconds - 60 second lockout (`429 Too Many Requests`) + - Screenshot browser request routing is deny-by-default. - Only local viewer assets from `http://127.0.0.1/plugins/diffs/assets/*` are allowed. - External network requests are blocked. + @@ -428,6 +431,7 @@ Resolution order: - `OPENCLAW_BROWSER_EXECUTABLE_PATH` - `BROWSER_EXECUTABLE_PATH` - `PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH` + Platform command/path discovery fallback. @@ -449,6 +453,7 @@ Fix by installing Chrome, Chromium, Edge, or Brave, or setting one of the execut - `Invalid baseUrl: ...` — use `http(s)` origin with optional path, no query/hash. - `{field} exceeds maximum size (...)` — reduce payload size. - Large patch rejection — reduce patch file count or total lines. + - Viewer URL resolves to `127.0.0.1` by default. @@ -461,6 +466,7 @@ Fix by installing Chrome, Chromium, Edge, or Brave, or setting one of the execut - prefer `mode: "file"` or `mode: "both"` when you only need an attachment, or - intentionally enable `security.allowRemoteViewer` and set plugin `viewerBaseUrl` or pass a proxy/public `baseUrl` when you need a shareable viewer URL - Enable `security.allowRemoteViewer` only when you intend external viewer access. + This can happen for patch input when the patch does not carry expandable context. This is expected and does not indicate a viewer failure. @@ -469,6 +475,7 @@ Fix by installing Chrome, Chromium, Edge, or Brave, or setting one of the execut - Artifact expired due TTL. - Token or path changed. - Cleanup removed stale data. + diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md index 0a649e732cb..66a70f65a33 100644 --- a/docs/tools/exec-approvals.md +++ b/docs/tools/exec-approvals.md @@ -119,6 +119,7 @@ Example schema: - `deny` — block all host exec requests. - `allowlist` — allow only allowlisted commands. - `full` — allow everything (equivalent to elevated). + ### `exec.ask` @@ -127,6 +128,7 @@ Example schema: - `off` — never prompt. - `on-miss` — prompt only when the allowlist does not match. - `always` — prompt on every command. `allow-always` durable trust does **not** suppress prompts when effective ask mode is `always`. + ### `askFallback` @@ -137,6 +139,7 @@ Example schema: - `deny` — block. - `allowlist` — allow only if allowlist matches. - `full` — allow. + ### `tools.exec.strictInlineEval` @@ -184,6 +187,7 @@ YOLO is the default host behavior unless you tighten it explicitly: - YOLO chooses **how** host exec is approved: `security=full` plus `ask=off`. - In YOLO mode, OpenClaw does **not** add a separate heuristic command-obfuscation approval gate or script-preflight rejection layer on top of the configured host exec policy. - `auto` does not make gateway routing a free override from a sandboxed session. A per-call `host=node` request is allowed from `auto`; `host=gateway` is only allowed from `auto` when no sandbox runtime is active. For a stable non-auto default, set `tools.exec.host` or use `/exec host=...` explicitly. + CLI-backed providers that expose their own noninteractive permission mode @@ -262,6 +266,7 @@ EOF - `openclaw exec-policy` does not synchronize node approvals. - `openclaw exec-policy set --host node` is rejected. - Node exec approvals are fetched from the node at runtime, so node-targeted updates must use `openclaw approvals --node ...`. + ### Session-only shortcut @@ -314,6 +319,7 @@ skill bin list. Disable this if you want strict manual allowlists. - This is an **implicit convenience allowlist**, separate from manual path allowlist entries. - It is intended for trusted operator environments where Gateway and node are in the same trust boundary. - If you require strict explicit trust, keep `autoAllowSkills: false` and use manual path allowlist entries only. + ## Safe bins and approval forwarding diff --git a/docs/tools/multi-agent-sandbox-tools.md b/docs/tools/multi-agent-sandbox-tools.md index 48a6807854f..cb42bf67697 100644 --- a/docs/tools/multi-agent-sandbox-tools.md +++ b/docs/tools/multi-agent-sandbox-tools.md @@ -225,6 +225,7 @@ The filtering order is: - If `agents.list[].tools.sandbox.tools` is set, it replaces `tools.sandbox.tools` for that agent. - If `agents.list[].tools.profile` is set, it overrides `tools.profile` for that agent. - Provider tool keys accept either `provider` (e.g. `google-antigravity`) or `provider/model` (e.g. `openai/gpt-5.4`). + If any explicit allowlist in that chain leaves the run with no callable tools, OpenClaw stops before submitting the prompt to the model. This is intentional: an agent configured with a missing tool such as `agents.list[].tools.allow: ["query_db"]` should fail loudly until the plugin that registers `query_db` is enabled, not continue as a text-only agent. @@ -353,6 +354,7 @@ After configuring multi-agent sandbox and tools: - Send a message requiring restricted tools. - Verify the agent cannot use denied tools. + ```bash @@ -369,15 +371,18 @@ After configuring multi-agent sandbox and tools: - Check if there's a global `agents.defaults.sandbox.mode` that overrides it. - Agent-specific config takes precedence, so set `agents.list[].sandbox.mode: "all"`. + - Check tool filtering order: global → agent → sandbox → subagent. - Each level can only further restrict, not grant back. - Verify with logs: `[tools] filtering tools for agent:${agentId}`. + - Set `scope: "agent"` in agent-specific sandbox config. - Default is `"session"` which creates one container per session. + diff --git a/docs/tools/plugin.md b/docs/tools/plugin.md index 9c0fb729da2..8ad39e6596d 100644 --- a/docs/tools/plugin.md +++ b/docs/tools/plugin.md @@ -168,6 +168,7 @@ plugin discovery rather than silently falling back to source paths. - `browser` — bundled browser plugin for the browser tool, `openclaw browser` CLI, `browser.request` gateway method, browser runtime, and default browser control service (enabled by default; disable before replacing it) - `copilot-proxy` — VS Code Copilot Proxy bridge (disabled by default) + @@ -217,6 +218,7 @@ or use `openclaw gateway restart` against the running Gateway. - **Disabled**: plugin exists but enablement rules turned it off. Config is preserved. - **Missing**: config references a plugin id that discovery did not find. - **Invalid**: plugin exists but its config does not match the declared schema. Gateway startup skips only that plugin; `openclaw doctor --fix` can quarantine the invalid entry by disabling it and removing its config payload. + ## Discovery and precedence diff --git a/docs/tools/reactions.md b/docs/tools/reactions.md index 1b8c80035cf..10896c1ac4d 100644 --- a/docs/tools/reactions.md +++ b/docs/tools/reactions.md @@ -29,35 +29,42 @@ tool with the `react` action. Reaction behavior varies by channel and transport. - Empty `emoji` removes all of the bot's reactions on the message. - `remove: true` removes just the specified emoji. + - Empty `emoji` removes the app's reactions on the message. - `remove: true` removes just the specified emoji. + - Empty `emoji` removes the bot's reactions. - `remove: true` also removes reactions but still requires a non-empty `emoji` for tool validation. + - Empty `emoji` removes the bot reaction. - `remove: true` maps to empty emoji internally (still requires `emoji` in the tool call). + - Requires non-empty `emoji`. - `remove: true` removes that specific emoji reaction. + - Use the `feishu_reaction` tool with actions `add`, `remove`, and `list`. - Add/remove requires `emoji_type`; remove also requires `reaction_id`. + - Inbound reaction notifications are controlled by `channels.signal.reactionNotifications`: `"off"` disables them, `"own"` (default) emits events when users react to bot messages, and `"all"` emits events for all reactions. + diff --git a/docs/tools/skills.md b/docs/tools/skills.md index 24d0f9a38d3..c8610ad74e1 100644 --- a/docs/tools/skills.md +++ b/docs/tools/skills.md @@ -286,10 +286,12 @@ metadata: - Node installs honor `skills.install.nodeManager` in `openclaw.json` (default: npm; options: npm/pnpm/yarn/bun). This only affects skill installs; the Gateway runtime should still be Node — Bun is not recommended for WhatsApp/Telegram. - Gateway-backed installer selection is preference-driven: when install specs mix kinds, OpenClaw prefers Homebrew when `skills.install.preferBrew` is enabled and `brew` exists, then `uv`, then the configured node manager, then other fallbacks like `go` or `download`. - If every install spec is `download`, OpenClaw surfaces all download options instead of collapsing to one preferred installer. + - **Go installs:** if `go` is missing and `brew` is available, the gateway installs Go via Homebrew first and sets `GOBIN` to Homebrew's `bin` when possible. - **Download installs:** `url` (required), `archive` (`tar.gz` | `tar.bz2` | `zip`), `extract` (default: auto when archive detected), `stripComponents`, `targetDir` (default: `~/.openclaw/tools/`). + diff --git a/docs/tools/slash-commands.md b/docs/tools/slash-commands.md index 25b786591a2..d24422f7d88 100644 --- a/docs/tools/slash-commands.md +++ b/docs/tools/slash-commands.md @@ -130,6 +130,7 @@ Current source-of-truth: - `/session idle ` and `/session max-age ` manage thread-binding expiry. - `/export-session [path]` exports the current session to HTML. Alias: `/export`. - `/export-trajectory [path]` exports a JSONL [trajectory bundle](/tools/trajectory) for the current session. Alias: `/trajectory`. + - `/think ` sets the thinking level. Options come from the active model's provider profile; common levels are `off`, `minimal`, `low`, `medium`, and `high`, with custom levels such as `xhigh`, `adaptive`, `max`, or binary `on` only where supported. Aliases: `/thinking`, `/t`. @@ -142,6 +143,7 @@ Current source-of-truth: - `/model [name|#|status]` shows or sets the model. - `/models [provider] [page] [limit=|size=|all]` lists providers or models for a provider. - `/queue ` manages queue behavior (`steer`, `interrupt`, `followup`, `collect`, `steer-backlog`) plus options like `debounce:2s cap:25 drop:summarize`. + - `/help` shows the short help summary. @@ -153,12 +155,14 @@ Current source-of-truth: - `/context [list|detail|json]` explains how context is assembled. - `/whoami` shows your sender id. Alias: `/id`. - `/usage off|tokens|full|cost` controls the per-response usage footer or prints a local cost summary. + - `/skill [input]` runs a skill by name. - `/allowlist [list|add|remove] ...` manages allowlist entries. Text-only. - `/approve ` resolves exec approval prompts. - `/btw ` asks a side question without changing future session context. See [BTW](/tools/btw). + - `/subagents list|kill|log|info|send|steer|spawn` manages sub-agent runs for the current session. @@ -168,6 +172,7 @@ Current source-of-truth: - `/agents` lists thread-bound agents for the current session. - `/kill ` aborts one or all running sub-agents. - `/steer ` sends steering to a running sub-agent. Alias: `/tell`. + - `/config show|get|set|unset` reads or writes `openclaw.json`. Owner-only. Requires `commands.config: true`. @@ -176,6 +181,7 @@ Current source-of-truth: - `/debug show|set|unset|reset` manages runtime-only config overrides. Owner-only. Requires `commands.debug: true`. - `/restart` restarts OpenClaw when enabled. Default: enabled; set `commands.restart: false` to disable it. - `/send on|off|inherit` sets send policy. Owner-only. + - `/tts on|off|status|chat|latest|provider|limit|summary|audio|help` controls TTS. See [TTS](/tools/tts). @@ -183,6 +189,7 @@ Current source-of-truth: - `/bash ` runs a host shell command. Text-only. Alias: `! `. Requires `commands.bash: true` plus `tools.elevated` allowlists. - `!poll [sessionId]` checks a background bash job. - `!stop [sessionId]` stops a background bash job. + @@ -241,11 +248,13 @@ User-invocable skills are also exposed as slash commands: - `/restart` is enabled by default; set `commands.restart: false` to disable it. - `/plugins install ` accepts the same plugin specs as `openclaw plugins install`: local path/archive, npm package, or `clawhub:`. - `/plugins enable|disable` updates plugin config and may prompt for a restart. + - Discord-only native command: `/vc join|leave|status` controls voice channels (not available as text). `join` requires a guild and selected voice/stage channel. Requires `channels.discord.voice` and native commands. - Discord thread-binding commands (`/focus`, `/unfocus`, `/agents`, `/session idle`, `/session max-age`) require effective thread bindings to be enabled (`session.threadBindings.enabled` and/or `channels.discord.threadBindings.enabled`). - ACP command reference and runtime behavior: [ACP agents](/tools/acp-agents). + - `/verbose` is meant for debugging and extra visibility; keep it **off** in normal use. @@ -254,6 +263,7 @@ User-invocable skills are also exposed as slash commands: - `/fast` is provider-specific: OpenAI/OpenAI Codex map it to `service_tier=priority` on native Responses endpoints, while direct public Anthropic requests, including OAuth-authenticated traffic sent to `api.anthropic.com`, map it to `service_tier=auto` or `standard_only`. See [OpenAI](/providers/openai) and [Anthropic](/providers/anthropic). - Tool failure summaries are still shown when relevant, but detailed failure text is only included when `/verbose` is `on` or `full`. - `/reasoning`, `/verbose`, and `/trace` are risky in group settings: they may reveal internal reasoning, tool output, or plugin diagnostics you did not intend to expose. Prefer leaving them off, especially in group chats. + - `/model` persists the new session model immediately. @@ -261,6 +271,7 @@ User-invocable skills are also exposed as slash commands: - If a run is already active, OpenClaw marks a live switch as pending and only restarts into the new model at a clean retry point. - If tool activity or reply output has already started, the pending switch can stay queued until a later retry opportunity or the next user turn. - In the local TUI, `/crestodian [request]` returns from the normal agent TUI to Crestodian. This is separate from message-channel rescue mode and does not grant remote config authority. + - **Fast path:** command-only messages from allowlisted senders are handled immediately (bypass queue + model). @@ -269,6 +280,7 @@ User-invocable skills are also exposed as slash commands: - Example: `hey /status` triggers a status reply, and the remaining text continues through the normal flow. - Currently: `/help`, `/commands`, `/status`, `/whoami` (`/id`). - Unauthorized command-only messages are silently ignored, and inline `/...` tokens are treated as plain text. + - **Skill commands:** `user-invocable` skills are exposed as slash commands. Names are sanitized to `a-z0-9_` (max 32 chars); collisions get numeric suffixes (e.g. `_2`). @@ -277,6 +289,7 @@ User-invocable skills are also exposed as slash commands: - Skills may optionally declare `command-dispatch: tool` to route the command directly to a tool (deterministic, no model). - Example: `/prose` (OpenProse plugin) — see [OpenProse](/prose). - **Native command arguments:** Discord uses autocomplete for dynamic options (and button menus when you omit required args). Telegram and Slack show a button menu when a command supports choices and you omit the arg. Dynamic choices are resolved against the target session model, so model-specific options such as `/think` levels follow that session's `/model` override. + @@ -414,6 +427,7 @@ Examples: - `/plugins list` and `/plugins show` use real plugin discovery against the current workspace plus on-disk config. - `/plugins enable|disable` updates plugin config only; it does not install or uninstall plugins. - After enable/disable changes, restart the gateway to apply them. + ## Surface notes @@ -426,6 +440,7 @@ Examples: - Slack: `agent::slack:slash:` (prefix configurable via `channels.slack.slashCommand.sessionPrefix`) - Telegram: `telegram:slash:` (targets the chat session via `CommandTargetSessionKey`) - **`/stop`** targets the active chat session so it can abort the current run. + `channels.slack.slashCommand` is still supported for a single `/openclaw`-style command. If you enable `commands.native`, you must create one Slack slash command per built-in command (same names as `/help`). Command argument menus for Slack are delivered as ephemeral Block Kit buttons. diff --git a/docs/tools/subagents.md b/docs/tools/subagents.md index f00f879553d..7bf130338c8 100644 --- a/docs/tools/subagents.md +++ b/docs/tools/subagents.md @@ -75,12 +75,14 @@ requester chat when the run finishes. - On completion, the sub-agent announces a summary/result message back to the requester chat channel. - Completion is push-based. Once spawned, do **not** poll `/subagents list`, `sessions_list`, or `sessions_history` in a loop just to wait for it to finish; inspect status only on-demand for debugging or intervention. - On completion, OpenClaw best-effort closes tracked browser tabs/processes opened by that sub-agent session before the announce cleanup flow continues. + - OpenClaw tries direct `agent` delivery first with a stable idempotency key. - If direct delivery fails, it falls back to queue routing. - If queue routing is still not available, the announce is retried with a short exponential backoff before final give-up. - Completion delivery keeps the resolved requester route: thread-bound or conversation-bound completion routes win when available; if the completion origin only provides a channel, OpenClaw fills the missing target/account from the requester session's resolved route (`lastChannel` / `lastTo` / `lastAccountId`) so direct delivery still works. + The completion handoff to the requester session is runtime-generated @@ -98,6 +100,7 @@ requester chat when the run finishes. - `/subagents spawn` is one-shot mode (`mode: "run"`). For persistent thread-bound sessions, use `sessions_spawn` with `thread: true` and `mode: "session"`. - For ACP harness sessions (Claude Code, Gemini CLI, OpenCode, or explicit Codex ACP/acpx), use `sessions_spawn` with `runtime: "acp"` when the tool advertises that runtime. See [ACP delivery model](/tools/acp-agents#delivery-model) when debugging completions or agent-to-agent loops. When the `codex` plugin is enabled, Codex chat/thread control should prefer `/codex ...` over ACP unless the user explicitly asks for ACP/acpx. - OpenClaw hides `runtime: "acp"` until ACP is enabled, the requester is not sandboxed, and a backend plugin such as `acpx` is loaded. `runtime: "acp"` expects an external ACP harness id, or an `agents.list[]` entry with `runtime.type="acp"`; use the default sub-agent runtime for normal OpenClaw config agents from `agents_list`. + diff --git a/docs/web/control-ui.md b/docs/web/control-ui.md index 4fee01d4c20..5f933476c24 100644 --- a/docs/web/control-ui.md +++ b/docs/web/control-ui.md @@ -61,6 +61,7 @@ Once approved, the device is remembered and won't require re-approval unless you - Tailscale Serve can skip the pairing round trip for Control UI operator sessions when `gateway.auth.allowTailscale: true`, Tailscale identity verifies, and the browser presents its device identity. - Direct Tailnet binds, LAN browser connects, and browser profiles without device identity still require explicit approval. - Each browser profile generates a unique device ID, so switching browsers or clearing browser data will require re-pairing. + ## Personal identity (browser-local) @@ -95,18 +96,21 @@ Imported themes are stored only in the current browser profile. They are not wri - Chat with the model via Gateway WS (`chat.history`, `chat.send`, `chat.abort`, `chat.inject`). - Talk through browser realtime sessions. OpenAI uses direct WebRTC, Google Live uses a constrained one-use browser token over WebSocket, and backend-only realtime voice plugins use the Gateway relay transport. The relay keeps provider credentials on the Gateway while the browser streams microphone PCM through `talk.realtime.relay*` RPCs and sends `openclaw_agent_consult` tool calls back through `chat.send` for the larger configured OpenClaw model. - Stream tool calls + live tool output cards in Chat (agent events). + - Channels: built-in plus bundled/external plugin channels status, QR login, and per-channel config (`channels.status`, `web.login.*`, `config.patch`). - Instances: presence list + refresh (`system-presence`). - Sessions: list + per-session model/thinking/fast/verbose/trace/reasoning overrides (`sessions.list`, `sessions.patch`). - Dreams: dreaming status, enable/disable toggle, and Dream Diary reader (`doctor.memory.status`, `doctor.memory.dreamDiary`, `config.patch`). + - Cron jobs: list/add/edit/run/enable/disable + run history (`cron.*`). - Skills: status, enable/disable, install, API key updates (`skills.*`). - Nodes: list + caps (`node.list`). - Exec approvals: edit gateway or node allowlists + ask policy for `exec host=gateway/node` (`exec.approvals.*`). + - View/edit `~/.openclaw/openclaw.json` (`config.get`, `config.set`). @@ -117,11 +121,13 @@ Imported themes are stored only in the current browser profile. They are not wri - If a snapshot cannot safely round-trip raw text, Control UI forces Form mode and disables Raw mode for that snapshot. - Raw JSON editor "Reset to saved" preserves the raw-authored shape (formatting, comments, `$include` layout) instead of re-rendering a flattened snapshot, so external edits survive a reset when the snapshot can safely round-trip. - Structured SecretRef object values are rendered read-only in form text inputs to prevent accidental object-to-string corruption. + - Debug: status/health/models snapshots + event log + manual RPC calls (`status`, `health`, `models.list`). - Logs: live tail of gateway file logs with filter/export (`logs.tail`). - Update: run a package/git update + restart (`update.run`) with a restart report, then poll `update.status` after reconnect to verify the running gateway version. + - For isolated jobs, delivery defaults to announce summary. You can switch to none if you want internal-only runs. @@ -132,6 +138,7 @@ Imported themes are stored only in the current browser profile. They are not wri - Form validation is inline with field-level errors; invalid values disable the save button until fixed. - Set `cron.webhookToken` to send a dedicated bearer token, if omitted the webhook is sent without an auth header. - Deprecated fallback: stored legacy jobs with `notify: true` can still use `cron.webhook` until migrated. + @@ -150,6 +157,7 @@ Imported themes are stored only in the current browser profile. They are not wri - The chat header model and thinking pickers patch the active session immediately through `sessions.patch`; they are persistent session overrides, not one-turn-only send options. - The chat model picker requests the Gateway's configured model view. If `agents.defaults.models` is present, that allowlist drives the picker. Otherwise the picker shows explicit `models.providers.*.models` entries before falling back to the full catalog for fresh installs. - When fresh Gateway session usage reports show high context pressure, the chat composer area shows a context notice and, at recommended compaction levels, a compact button that runs the normal session compaction path. Stale token snapshots are hidden until the Gateway reports fresh usage again. + Talk mode uses a registered realtime voice provider. Configure OpenAI with `talk.provider: "openai"` plus `talk.providers.openai.apiKey`, or configure Google with `talk.provider: "google"` plus `talk.providers.google.apiKey`; Voice Call realtime provider config can still be reused as the fallback. The browser never receives a standard provider API key. OpenAI receives an ephemeral Realtime client secret for WebRTC. Google Live receives a one-use constrained Live API auth token for a browser WebSocket session, with instructions and tool declarations locked into the token by the Gateway. Providers that only expose a backend realtime bridge run through the Gateway relay transport, so credentials and vendor sockets stay server-side while browser audio moves through authenticated Gateway RPCs. The Realtime session prompt is assembled by the Gateway; `talk.realtime.session` does not accept caller-provided instruction overrides. @@ -164,11 +172,13 @@ Imported themes are stored only in the current browser profile. They are not wri - While a run is active, normal follow-ups queue. Click **Steer** on a queued message to inject that follow-up into the running turn. - Type `/stop` (or standalone abort phrases like `stop`, `stop action`, `stop run`, `stop openclaw`, `please stop`) to abort out-of-band. - `chat.abort` supports `{ sessionKey }` (no `runId`) to abort all active runs for that session. + - When a run is aborted, partial assistant text can still be shown in the UI. - Gateway persists aborted partial assistant text into transcript history when buffered output exists. - Persisted entries include abort metadata so transcript consumers can tell abort partials from normal completion output. + @@ -325,6 +335,7 @@ Documented exceptions: - Successful trusted-proxy auth can admit **operator** Control UI sessions without device identity. - This does **not** extend to node-role Control UI sessions. - Same-host loopback reverse proxies still do not satisfy trusted-proxy auth; see [Trusted proxy auth](/gateway/trusted-proxy-auth). + @@ -411,6 +422,7 @@ The Control UI is static files; the WebSocket target is configurable and can be - Gateway startup may seed local origins such as `http://localhost:` and `http://127.0.0.1:` from the effective runtime bind and port, but remote browser origins still need explicit entries. - Do not use `gateway.controlUi.allowedOrigins: ["*"]` except for tightly controlled local testing. It means allow any browser origin, not "match whatever host I am using." - `gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true` enables Host-header origin fallback mode, but it is a dangerous security mode. + diff --git a/scripts/lib/mintlify-accordion.mjs b/scripts/lib/mintlify-accordion.mjs index ee99e177fa0..535a43f4d9c 100644 --- a/scripts/lib/mintlify-accordion.mjs +++ b/scripts/lib/mintlify-accordion.mjs @@ -11,7 +11,7 @@ const MINTLIFY_REPAIRED_COMPONENTS = new Set([ "Step", ]); -function visitMintlifyComponentIndentation(raw, onMisindentedClose) { +function visitMintlifyComponentIndentation(raw, onMisindentedClose, onMisindentedOpen) { const lines = raw.split(/\r?\n/u); const componentStack = []; let inCodeFence = false; @@ -28,8 +28,13 @@ function visitMintlifyComponentIndentation(raw, onMisindentedClose) { const openComponent = line.match(/^(\s*)<([A-Z][A-Za-z0-9]*)\b/u); if (openComponent && MINTLIFY_REPAIRED_COMPONENTS.has(openComponent[2])) { + let indent = openComponent[1].length; + if (componentStack.length === 0 && openComponent[2] === "ParamField" && indent > 0) { + onMisindentedOpen?.({ openComponent, index, line, lines }); + indent = 0; + } componentStack.push({ - indent: openComponent[1].length, + indent, name: openComponent[2], }); continue; @@ -69,6 +74,20 @@ export function repairMintlifyAccordionIndentation(raw) { lines[index] = `${" ".repeat(opening.indent)}${line.slice(closeComponent[1].length)}`; changed = true; }, + ({ openComponent, index, line, lines }) => { + lines[index] = line.slice(openComponent[1].length); + changed = true; + }, ); + for (let index = lines.length - 1; index > 0; index--) { + if (!/^\s*<\/[A-Z][A-Za-z0-9]*>/u.test(lines[index])) { + continue; + } + if (!/^\s*[-*+]\s+/u.test(lines[index - 1])) { + continue; + } + lines.splice(index, 0, ""); + changed = true; + } return changed ? lines.join("\n") : raw; }