mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-21 06:51:01 +00:00
99e53612cb
* docs: add delegate architecture guide for organizational deployments Adds a guide for running OpenClaw as a named delegate for organizations. Covers three capability tiers (read-only, send-on-behalf, proactive), M365 and Google Workspace delegation setup, security guardrails, and integration with multi-agent routing. AI-assisted: Claude Code (Opus 4.6) Based on: Production deployment at a 501(c)(3) nonprofit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: address review — add Google DWD warning, fix canvas in deny list - Add security warning for Google Workspace domain-wide delegation matching the existing M365 application access policy warning - Add "canvas" to the security guardrails tool deny list for consistency with the full example and multi-agent.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: fix Tier 1 description to match read-only permissions Remove "draft replies (saved to Drafts folder)" from Tier 1 since saving drafts requires write access. Tier 1 is strictly read-only — the agent summarizes and flags via chat, human acts on the mailbox. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * style: fix oxfmt formatting for delegate-architecture and docs.json Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: fix broken links to /automation/standing-orders Standing orders is a deployment pattern, not an existing doc page. Replaced with inline descriptions and links to /automation/cron-jobs and #security-guardrails anchor. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: move hardening to prerequisites before identity provider setup Restructure per community feedback: isolation, tool restrictions, sandbox, hard blocks, and audit trail now come BEFORE granting any credentials. The most dangerous step (tenant-wide permissions) no longer precedes the most important step (scoping and isolation). Also strengthened M365 and Google Workspace security warnings with actionable verification steps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add standing orders guide and fix broken links Add docs/automation/standing-orders.md covering: - Why standing orders (agent autonomy vs human bottleneck) - Anatomy of a standing order (scope, triggers, gates, escalation) - Integration with cron jobs for time-based enforcement - Execute-Verify-Report pattern for execution discipline - Three production-tested examples (content, finance, monitoring) - Multi-program architecture for complex agents - Best practices (do's and don'ts) Update delegate-architecture.md to link standing orders references to the new page instead of dead links. Add standing-orders to Automation nav group in docs.json (en + zh-CN). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: address review feedback on standing-orders - P1: Clarify that standing orders should go in AGENTS.md (auto-injected) rather than arbitrary subdirectory files. Add Tip callout explaining which workspace files are bootstrapped. - P2: Remove dead /concepts/personality-files link, replace with /concepts/agent-workspace which covers bootstrap files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
