mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-09 21:33:54 +00:00
sessions.delete gains an explicit archivedOnly param (additive protocol schema change, Swift models regenerated): with archivedOnly=true, the dispatcher grants operator.write and the handler requires the target to already be archived (archive-then-delete keeps destructive intent a two-step action). Without the flag nothing changes: deletes require operator.admin, so internal fallback/synthetic dispatch, subagent cleanup, and CLI minting keep their admin contracts, and the session-kill HTTP endpoint pins admin explicitly since it terminates live runs. Android sends archivedOnly and offers Delete only on archived rows, where its bounded (non-admin) operator session is now authorized; active rows archive first. iOS/web connect with admin and keep unrestricted deletes. Refs #100712