vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Control UI identity + gateway pairing hardening + release verification

Browse Source
This commit is contained in:
Vincent Koc
2026-04-22 23:52:37 -07:00
parent ea3970f138
commit c8aec6b951
6 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/web/control-ui.md
View File

@@ -76,6 +76,31 @@ you revoke it with `openclaw devices revoke --device <id> --role <role>`. See
- Each browser profile generates a unique device ID, so switching browsers or
clearing browser data will require re-pairing.
## Personal identity (browser-local)
The Control UI supports a per-browser personal identity — a display name and
avatar that are attached to outgoing messages for attribution in shared
sessions. This identity lives in browser storage, is scoped to the current
browser profile, and does not leave the gateway host unless you explicitly
submit it with a request.
- Identity is **browser-local only**. It is not synced to other devices and is
not part of the gateway config file.
- Clearing site data or switching browsers resets the identity to empty; the
Control UI does not try to reconstruct one from server state.
- Nothing about the personal identity is persisted server-side beyond the
normal transcript authorship metadata on messages you actually send.
## Runtime config endpoint
The Control UI fetches its runtime settings from
`/__openclaw/control-ui-config.json`. That endpoint is gated by the same
gateway auth as the rest of the HTTP surface: unauthenticated browsers cannot
fetch it, and a successful fetch requires either an already valid gateway
token/password, Tailscale Serve identity, or a trusted-proxy identity. This
keeps Control UI feature flags and endpoint metadata from leaking to
unauthenticated scanners on shared hosts.
## Language support
The Control UI can localize itself on first load based on your browser locale.
@@ -109,6 +134,7 @@ locale picker lives in the Gateway Access card, not under Appearance.
plus plugin + channel schemas when available); Raw JSON editor is
available only when the snapshot has a safe raw round-trip
- If a snapshot cannot safely round-trip raw text, Control UI forces Form mode and disables Raw mode for that snapshot
- Raw JSON editor "Reset to saved" preserves the raw-authored shape (formatting, comments, `$include` layout) instead of re-rendering a flattened snapshot, so external edits survive a reset when the snapshot can safely round-trip
- Structured SecretRef object values are rendered read-only in form text inputs to prevent accidental object-to-string corruption
- Debug: status/health/models snapshots + event log + manual RPC calls (`status`, `health`, `models.list`)
- Logs: live tail of gateway file logs with filter/export (`logs.tail`)