mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-19 22:10:51 +00:00
da34f81ce2
* fix(secrets): scope message runtime resolution and harden doctor/status * docs: align message/doctor/status SecretRef behavior notes * test(cli): accept scoped targetIds wiring in secret-resolution coverage * fix(secrets): keep scoped allowedPaths isolation and tighten coverage gate * fix(secrets): avoid default-account coercion in scoped target selection * test(doctor): cover inactive telegram secretref inspect path * docs Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> * changelog Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com> --------- Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
49 lines
2.4 KiB
Markdown
49 lines
2.4 KiB
Markdown
---
|
|
summary: "CLI reference for `openclaw doctor` (health checks + guided repairs)"
|
|
read_when:
|
|
- You have connectivity/auth issues and want guided fixes
|
|
- You updated and want a sanity check
|
|
title: "doctor"
|
|
---
|
|
|
|
# `openclaw doctor`
|
|
|
|
Health checks + quick fixes for the gateway and channels.
|
|
|
|
Related:
|
|
|
|
- Troubleshooting: [Troubleshooting](/gateway/troubleshooting)
|
|
- Security audit: [Security](/gateway/security)
|
|
|
|
## Examples
|
|
|
|
```bash
|
|
openclaw doctor
|
|
openclaw doctor --repair
|
|
openclaw doctor --deep
|
|
```
|
|
|
|
Notes:
|
|
|
|
- Interactive prompts (like keychain/OAuth fixes) only run when stdin is a TTY and `--non-interactive` is **not** set. Headless runs (cron, Telegram, no terminal) will skip prompts.
|
|
- `--fix` (alias for `--repair`) writes a backup to `~/.openclaw/openclaw.json.bak` and drops unknown config keys, listing each removal.
|
|
- State integrity checks now detect orphan transcript files in the sessions directory and can archive them as `.deleted.<timestamp>` to reclaim space safely.
|
|
- Doctor also scans `~/.openclaw/cron/jobs.json` (or `cron.store`) for legacy cron job shapes and can rewrite them in place before the scheduler has to auto-normalize them at runtime.
|
|
- Doctor includes a memory-search readiness check and can recommend `openclaw configure --section model` when embedding credentials are missing.
|
|
- If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`).
|
|
- If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials.
|
|
- If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early.
|
|
- Telegram `allowFrom` username auto-resolution (`doctor --fix`) requires a resolvable Telegram token in the current command path. If token inspection is unavailable, doctor reports a warning and skips auto-resolution for that pass.
|
|
|
|
## macOS: `launchctl` env overrides
|
|
|
|
If you previously ran `launchctl setenv OPENCLAW_GATEWAY_TOKEN ...` (or `...PASSWORD`), that value overrides your config file and can cause persistent “unauthorized” errors.
|
|
|
|
```bash
|
|
launchctl getenv OPENCLAW_GATEWAY_TOKEN
|
|
launchctl getenv OPENCLAW_GATEWAY_PASSWORD
|
|
|
|
launchctl unsetenv OPENCLAW_GATEWAY_TOKEN
|
|
launchctl unsetenv OPENCLAW_GATEWAY_PASSWORD
|
|
```
|