fix(security): scope session tools and webhook secret fallback

2026-03-12 07:20:45 +00:00 · 2026-02-16 03:43:51 +01:00
parent fbe6d7c701
commit c6c53437f7
21 changed files with 796 additions and 22 deletions
--- a/docs/gateway/security/index.md
+++ b/docs/gateway/security/index.md
@@ -710,7 +710,11 @@ Common use cases:
          scope: "agent",
          workspaceAccess: "none",
        },
+        // Session tools can reveal sensitive data from transcripts. By default OpenClaw limits these tools
+        // to the current session + spawned subagent sessions, but you can clamp further if needed.
+        // See `tools.sessions.visibility` in the configuration reference.
        tools: {
+          sessions: { visibility: "tree" }, // self | tree | agent | all
          allow: [
            "sessions_list",
            "sessions_history",