Two missing cross-references uncovered by the 24-hour doc audit:
- docs/help/faq-models.md: link to `openclaw models auth list` from the
"What is an auth profile?" accordion. The command was added in
23eb44b045 but the FAQ never pointed users at it.
- docs/security/network-proxy.md: list `tools.web.fetch.useTrustedEnvProxy`
in Related Proxy Terms. The opt-in is fully documented in
docs/tools/web-fetch.md but the proxy reference page omitted the
cross-reference, leaving the page incomplete for proxy-state triage.
Summary:
- This PR routes direct APNs HTTP/2 sends through an APNs allowlisted managed-proxy CONNECT wrapper, adds APNs proxy validation/docs/guardrails, and expands regression and live-test coverage.
- Reproducibility: yes. source-reproducible: current main `sendApnsRequest()` still uses raw `http2.connect(au ... nly covers HTTP/global-agent/Undici hooks. I did not run a live APNs reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 APNs connections
- PR branch already contained follow-up commit before automerge: test: guard raw HTTP2 with OpenGrep
- PR branch already contained follow-up commit before automerge: lint: ban raw HTTP2 imports
- PR branch already contained follow-up commit before automerge: fix: use managed proxy state for APNs
- PR branch already contained follow-up commit before automerge: test: exercise APNs active proxy state
- PR branch already contained follow-up commit before automerge: fix: reject conflicting managed proxy activation
Validation:
- ClawSweeper review passed for head dab7c86a75.
- Required merge gates passed before the squash merge.
Prepared head SHA: dab7c86a75
Review: https://github.com/openclaw/openclaw/pull/74905#issuecomment-4350181159
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Summary:
- The PR adds a managed-proxy-aware debug proxy direct-upstream guard, a diagnostics override env var, regression tests, docs, and a changelog entry.
- Reproducibility: yes. Source inspection on current main shows direct HTTP forwarding and CONNECT net.connect() can run while managed proxy mode is active, against the documented managed-proxy egress guardrail.
Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-7701…
Validation:
- ClawSweeper review passed for head aaa52a7f5f.
- Required merge gates passed before the squash merge.
Prepared head SHA: aaa52a7f5f
Review: https://github.com/openclaw/openclaw/pull/77010#issuecomment-4367600656
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Summary:
- The PR adds a changelog note plus IRC and network-proxy documentation stating that IRC raw TCP/TLS egress is outside operator-managed forward proxy routing and should be disabled unless direct egress is approved.
- Reproducibility: not applicable. for this docs-only PR. Source inspection establishes the documented premise ... kets while managed proxy routing covers normal HTTP/WebSocket paths and documents raw-socket bypass limits.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(clawsweeper): address review for automerge-openclaw-openclaw-7682…
Validation:
- ClawSweeper review passed for head 7dde35adb9.
- Required merge gates passed before the squash merge.
Prepared head SHA: 7dde35adb9
Review: https://github.com/openclaw/openclaw/pull/76822#issuecomment-4366671907
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
- Add full frontmatter (title, summary, read_when) to 4 files that
had none: auth-credential-semantics.md, kilo-gateway-integration.md,
CONTRIBUTING-THREAT-MODEL.md, THREAT-MODEL-ATLAS.md
- Add missing title field to 3 provider docs: kilocode.md, litellm.md,
together.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
