chore: Run pnpm format:fix.

docs/web/control-ui.md

@@ -4,6 +4,7 @@ read_when:
   - You want to operate the Gateway from a browser
   - You want Tailnet access without SSH tunnels
 ---
+
 # Control UI (browser)
 
 The Control UI is a small **Vite + Lit** single-page app served by the Gateway:
@@ -22,12 +23,14 @@ If the Gateway is running on the same computer, open:
 If the page fails to load, start the Gateway first: `openclaw gateway`.
 
 Auth is supplied during the WebSocket handshake via:
+
 - `connect.params.auth.token`
 - `connect.params.auth.password`
-The dashboard settings panel lets you store a token; passwords are not persisted.
-The onboarding wizard generates a gateway token by default, so paste it here on first connect.
+  The dashboard settings panel lets you store a token; passwords are not persisted.
+  The onboarding wizard generates a gateway token by default, so paste it here on first connect.
 
 ## What it can do (today)
+
 - Chat with the model via Gateway WS (`chat.history`, `chat.send`, `chat.abort`, `chat.inject`)
 - Stream tool calls + live tool output cards in Chat (agent events)
 - Channels: WhatsApp/Telegram/Discord/Slack + plugin channels (Mattermost, etc.) status + QR login + per-channel config (`channels.status`, `web.login.*`, `config.patch`)
@@ -66,6 +69,7 @@ openclaw gateway --tailscale serve
 ```
 
 Open:
+
 - `https://<magicdns>/` (or your configured `gateway.controlUi.basePath`)
 
 By default, Serve requests can authenticate via Tailscale identity headers
@@ -83,6 +87,7 @@ openclaw gateway --bind tailnet --token "$(openssl rand -hex 32)"
 ```
 
 Then open:
+
 - `http://<tailscale-ip>:18789/` (or your configured `gateway.controlUi.basePath`)
 
 Paste the token into the UI settings (sent as `connect.params.auth.token`).
@@ -94,6 +99,7 @@ the browser runs in a **non-secure context** and blocks WebCrypto. By default,
 OpenClaw **blocks** Control UI connections without device identity.
 
 **Recommended fix:** use HTTPS (Tailscale Serve) or open the UI locally:
+
 - `https://<magicdns>/` (Serve)
 - `http://127.0.0.1:18789/` (on the gateway host)
 
@@ -104,8 +110,8 @@ OpenClaw **blocks** Control UI connections without device identity.
   gateway: {
     controlUi: { allowInsecureAuth: true },
     bind: "tailnet",
-    auth: { mode: "token", token: "replace-me" }
-  }
+    auth: { mode: "token", token: "replace-me" },
+  },
 }
 ```
 
@@ -142,8 +148,8 @@ The Control UI is static files; the WebSocket target is configurable and can be
 different from the HTTP origin. This is handy when you want the Vite dev server
 locally but the Gateway runs elsewhere.
 
-1) Start the UI dev server: `pnpm ui:dev`
-2) Open a URL like:
+1. Start the UI dev server: `pnpm ui:dev`
+2. Open a URL like:
 
 ```text
 http://localhost:5173/?gatewayUrl=ws://<gateway-host>:18789
@@ -156,6 +162,7 @@ http://localhost:5173/?gatewayUrl=wss://<gateway-host>:18789&token=<gateway-toke
 ```
 
 Notes:
+
 - `gatewayUrl` is stored in localStorage after load and removed from the URL.
 - `token` is stored in localStorage; `password` is kept in memory only.
 - Use `wss://` when the Gateway is behind TLS (Tailscale Serve, HTTPS proxy, etc.).

docs/web/dashboard.md

@@ -3,15 +3,18 @@ summary: "Gateway dashboard (Control UI) access and auth"
 read_when:
   - Changing dashboard authentication or exposure modes
 ---
+
 # Dashboard (Control UI)
 
 The Gateway dashboard is the browser Control UI served at `/` by default
 (override with `gateway.controlUi.basePath`).
 
 Quick open (local Gateway):
+
 - http://127.0.0.1:18789/ (or http://localhost:18789/)
 
 Key references:
+
 - [Control UI](/web/control-ui) for usage and UI capabilities.
 - [Tailscale](/gateway/tailscale) for Serve/Funnel automation.
 - [Web surfaces](/web) for bind modes and security notes.

docs/web/index.md

@@ -4,6 +4,7 @@ read_when:
   - You want to access the Gateway over Tailscale
   - You want the browser Control UI and config editing
 ---
+
 # Web (Gateway)
 
 The Gateway serves a small **browser Control UI** (Vite + Lit) from the same port as the Gateway WebSocket:
@@ -27,8 +28,8 @@ You can control it via config:
 ```json5
 {
   gateway: {
-    controlUi: { enabled: true, basePath: "/openclaw" } // basePath optional
-  }
+    controlUi: { enabled: true, basePath: "/openclaw" }, // basePath optional
+  },
 }
 ```
 
@@ -42,8 +43,8 @@ Keep the Gateway on loopback and let Tailscale Serve proxy it:
 {
   gateway: {
     bind: "loopback",
-    tailscale: { mode: "serve" }
-  }
+    tailscale: { mode: "serve" },
+  },
 }
 ```
 
@@ -54,6 +55,7 @@ openclaw gateway
 ```
 
 Open:
+
 - `https://<magicdns>/` (or your configured `gateway.controlUi.basePath`)
 
 ### Tailnet bind + token
@@ -63,8 +65,8 @@ Open:
   gateway: {
     bind: "tailnet",
     controlUi: { enabled: true },
-    auth: { mode: "token", token: "your-token" }
-  }
+    auth: { mode: "token", token: "your-token" },
+  },
 }
 ```
 
@@ -75,6 +77,7 @@ openclaw gateway
 ```
 
 Open:
+
 - `http://<tailscale-ip>:18789/` (or your configured `gateway.controlUi.basePath`)
 
 ### Public internet (Funnel)
@@ -84,8 +87,8 @@ Open:
   gateway: {
     bind: "loopback",
     tailscale: { mode: "funnel" },
-    auth: { mode: "password" } // or OPENCLAW_GATEWAY_PASSWORD
-  }
+    auth: { mode: "password" }, // or OPENCLAW_GATEWAY_PASSWORD
+  },
 }
 ```
 

docs/web/webchat.md

@@ -3,38 +3,45 @@ summary: "Loopback WebChat static host and Gateway WS usage for chat UI"
 read_when:
   - Debugging or configuring WebChat access
 ---
-# WebChat (Gateway WebSocket UI)
 
+# WebChat (Gateway WebSocket UI)
 
 Status: the macOS/iOS SwiftUI chat UI talks directly to the Gateway WebSocket.
 
 ## What it is
+
 - A native chat UI for the gateway (no embedded browser and no local static server).
 - Uses the same sessions and routing rules as other channels.
 - Deterministic routing: replies always go back to WebChat.
 
 ## Quick start
-1) Start the gateway.
-2) Open the WebChat UI (macOS/iOS app) or the Control UI chat tab.
-3) Ensure gateway auth is configured (required by default, even on loopback).
+
+1. Start the gateway.
+2. Open the WebChat UI (macOS/iOS app) or the Control UI chat tab.
+3. Ensure gateway auth is configured (required by default, even on loopback).
 
 ## How it works (behavior)
+
 - The UI connects to the Gateway WebSocket and uses `chat.history`, `chat.send`, and `chat.inject`.
 - `chat.inject` appends an assistant note directly to the transcript and broadcasts it to the UI (no agent run).
 - History is always fetched from the gateway (no local file watching).
 - If the gateway is unreachable, WebChat is read-only.
 
 ## Remote use
+
 - Remote mode tunnels the gateway WebSocket over SSH/Tailscale.
 - You do not need to run a separate WebChat server.
 
 ## Configuration reference (WebChat)
+
 Full configuration: [Configuration](/gateway/configuration)
 
 Channel options:
+
 - No dedicated `webchat.*` block. WebChat uses the gateway endpoint + auth settings below.
 
 Related global options:
+
 - `gateway.port`, `gateway.bind`: WebSocket host/port.
 - `gateway.auth.mode`, `gateway.auth.token`, `gateway.auth.password`: WebSocket auth.
 - `gateway.remote.url`, `gateway.remote.token`, `gateway.remote.password`: remote gateway target.