mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-17 04:50:51 +00:00
a2cb81199e
* secrets: harden read-only SecretRef resolution for status and audit * CLI: add SecretRef degrade-safe regression coverage * Docs: align SecretRef status and daemon probe semantics * Security audit: close SecretRef review gaps * Security audit: preserve source auth SecretRef configuredness * changelog Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> --------- Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
54 lines
2.1 KiB
Markdown
54 lines
2.1 KiB
Markdown
---
|
|
summary: "CLI reference for `openclaw daemon` (legacy alias for gateway service management)"
|
|
read_when:
|
|
- You still use `openclaw daemon ...` in scripts
|
|
- You need service lifecycle commands (install/start/stop/restart/status)
|
|
title: "daemon"
|
|
---
|
|
|
|
# `openclaw daemon`
|
|
|
|
Legacy alias for Gateway service management commands.
|
|
|
|
`openclaw daemon ...` maps to the same service control surface as `openclaw gateway ...` service commands.
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
openclaw daemon status
|
|
openclaw daemon install
|
|
openclaw daemon start
|
|
openclaw daemon stop
|
|
openclaw daemon restart
|
|
openclaw daemon uninstall
|
|
```
|
|
|
|
## Subcommands
|
|
|
|
- `status`: show service install state and probe Gateway health
|
|
- `install`: install service (`launchd`/`systemd`/`schtasks`)
|
|
- `uninstall`: remove service
|
|
- `start`: start service
|
|
- `stop`: stop service
|
|
- `restart`: restart service
|
|
|
|
## Common options
|
|
|
|
- `status`: `--url`, `--token`, `--password`, `--timeout`, `--no-probe`, `--require-rpc`, `--deep`, `--json`
|
|
- `install`: `--port`, `--runtime <node|bun>`, `--token`, `--force`, `--json`
|
|
- lifecycle (`uninstall|start|stop|restart`): `--json`
|
|
|
|
Notes:
|
|
|
|
- `status` resolves configured auth SecretRefs for probe auth when possible.
|
|
- If a required auth SecretRef is unresolved in this command path, `daemon status --json` reports `rpc.authWarning` when probe connectivity/auth fails; pass `--token`/`--password` explicitly or resolve the secret source first.
|
|
- If the probe succeeds, unresolved auth-ref warnings are suppressed to avoid false positives.
|
|
- On Linux systemd installs, `status` token-drift checks include both `Environment=` and `EnvironmentFile=` unit sources.
|
|
- When token auth requires a token and `gateway.auth.token` is SecretRef-managed, `install` validates that the SecretRef is resolvable but does not persist the resolved token into service environment metadata.
|
|
- If token auth requires a token and the configured token SecretRef is unresolved, install fails closed.
|
|
- If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, install is blocked until mode is set explicitly.
|
|
|
|
## Prefer
|
|
|
|
Use [`openclaw gateway`](/cli/gateway) for current docs and examples.
|