docs: refresh CLI and trusted-proxy docs

2026-03-12 07:20:45 +00:00 · 2026-02-25 02:40:05 +00:00
parent 2d1e6931a6
commit a12cbf8994
6 changed files with 59 additions and 5 deletions
--- a/docs/cli/devices.md
+++ b/docs/cli/devices.md
@@ -21,6 +21,25 @@ openclaw devices list
 openclaw devices list --json
 ```

+### `openclaw devices remove <deviceId>`
+
+Remove one paired device entry.
+
+```
+openclaw devices remove <deviceId>
+openclaw devices remove <deviceId> --json
+```
+
+### `openclaw devices clear --yes [--pending]`
+
+Clear paired devices in bulk.
+
+```
+openclaw devices clear --yes
+openclaw devices clear --yes --pending
+openclaw devices clear --yes --pending --json
+```
+
 ### `openclaw devices approve [requestId] [--latest]`

 Approve a pending device pairing request. If `requestId` is omitted, OpenClaw
@@ -71,3 +90,5 @@ Pass `--token` or `--password` explicitly. Missing explicit credentials is an er

 - Token rotation returns a new token (sensitive). Treat it like a secret.
 - These commands require `operator.pairing` (or `operator.admin`) scope.
+- `devices clear` is intentionally gated by `--yes`.
+- If pairing scope is unavailable on local loopback (and no explicit `--url` is passed), list/approve can use a local pairing fallback.
--- a/docs/cli/index.md
+++ b/docs/cli/index.md
@@ -281,7 +281,7 @@ Vector search over `MEMORY.md` + `memory/*.md`:

 - `openclaw memory status` — show index stats.
 - `openclaw memory index` — reindex memory files.
- `openclaw memory search "<query>"` — semantic search over memory.
+- `openclaw memory search "<query>"` (or `--query "<query>"`) — semantic search over memory.

 ## Chat slash commands

@@ -468,8 +468,9 @@ Approve DM pairing requests across channels.

 Subcommands:

- `pairing list <channel> [--json]`
- `pairing approve <channel> <code> [--notify]`
+- `pairing list [channel] [--channel <channel>] [--account <id>] [--json]`
+- `pairing approve <channel> <code> [--account <id>] [--notify]`
+- `pairing approve --channel <channel> [--account <id>] <code> [--notify]`

 ### `webhooks gmail`

--- a/docs/cli/memory.md
+++ b/docs/cli/memory.md
@@ -26,6 +26,7 @@ openclaw memory status --deep --index --verbose
 openclaw memory index
 openclaw memory index --verbose
 openclaw memory search "release checklist"
+openclaw memory search --query "release checklist"
 openclaw memory status --agent main
 openclaw memory index --agent main --verbose
 ```
@@ -37,6 +38,12 @@ Common:
 - `--agent <id>`: scope to a single agent (default: all configured agents).
 - `--verbose`: emit detailed logs during probes and indexing.

+`memory search`:
+
+- Query input: pass either positional `[query]` or `--query <text>`.
+- If both are provided, `--query` wins.
+- If neither is provided, the command exits with an error.
+
 Notes:

 - `memory status --deep` probes vector + embedding availability.
--- a/docs/cli/pairing.md
+++ b/docs/cli/pairing.md
@@ -16,6 +16,17 @@ Related:
 ## Commands

 ```bash
-openclaw pairing list whatsapp
-openclaw pairing approve whatsapp <code> --notify
+openclaw pairing list telegram
+openclaw pairing list --channel telegram --account work
+openclaw pairing list telegram --json
+
+openclaw pairing approve telegram <code>
+openclaw pairing approve --channel telegram --account work <code> --notify
 ```
+
+## Notes
+
+- Channel input: pass it positionally (`pairing list telegram`) or with `--channel <channel>`.
+- `pairing list` supports `--account <accountId>` for multi-account channels.
+- `pairing approve` supports `--account <accountId>` and `--notify`.
+- If only one pairing-capable channel is configured, `pairing approve <code>` is allowed.
--- a/docs/gateway/trusted-proxy-auth.md
+++ b/docs/gateway/trusted-proxy-auth.md
@@ -35,6 +35,18 @@ Use `trusted-proxy` auth mode when:
 4. OpenClaw extracts the user identity from the configured header
 5. If everything checks out, the request is authorized

+## Control UI Pairing Behavior
+
+When `gateway.auth.mode = "trusted-proxy"` is active and the request passes
+trusted-proxy checks, Control UI WebSocket sessions can connect without device
+pairing identity.
+
+Implications:
+
+- Pairing is no longer the primary gate for Control UI access in this mode.
+- Your reverse proxy auth policy and `allowUsers` become the effective access control.
+- Keep gateway ingress locked to trusted proxy IPs only (`gateway.trustedProxies` + firewall).
+
 ## Configuration

 ```json5
--- a/docs/tools/exec.md
+++ b/docs/tools/exec.md
@@ -36,6 +36,8 @@ Notes:
 - If multiple nodes are available, set `exec.node` or `tools.exec.node` to select one.
 - On non-Windows hosts, exec uses `SHELL` when set; if `SHELL` is `fish`, it prefers `bash` (or `sh`)
  from `PATH` to avoid fish-incompatible scripts, then falls back to `SHELL` if neither exists.
+- On Windows hosts, exec prefers PowerShell 7 (`pwsh`) discovery (Program Files, ProgramW6432, then PATH),
+  then falls back to Windows PowerShell 5.1.
 - Host execution (`gateway`/`node`) rejects `env.PATH` and loader overrides (`LD_*`/`DYLD_*`) to
  prevent binary hijacking or injected code.
 - Important: sandboxing is **off by default**. If sandboxing is off and `host=sandbox` is explicitly