





















@@ -40,6 +40,7 @@ openclaw doctor
4040openclaw doctor --lint
4141openclaw doctor --lint --json
4242openclaw doctor --lint --severity-min warning
43+openclaw doctor --lint --allow-exec
4344openclaw doctor --deep
4445openclaw doctor --fix
4546openclaw doctor --fix --non-interactive
@@ -64,6 +65,7 @@ The targeted Discord capabilities probe reports the bot's effective channel perm
6465- `--force`: apply aggressive repairs, including overwriting custom service config when needed
6566- `--non-interactive`: run without prompts; safe migrations and non-service repairs only
6667- `--generate-gateway-token`: generate and configure a gateway token
68+- `--allow-exec`: allow doctor to execute configured exec SecretRefs while verifying secrets
6769- `--deep`: scan system services for extra gateway installs and report recent Gateway supervisor restart handoffs
6870- `--lint`: run modernized health checks in read-only mode and emit diagnostic findings
6971- `--json`: with `--lint`, emit JSON findings instead of human output
@@ -84,6 +86,7 @@ are only accepted with `--lint`.
8486openclaw doctor --lint
8587openclaw doctor --lint --severity-min warning
8688openclaw doctor --lint --json
89+openclaw doctor --lint --allow-exec
8790openclaw doctor --lint --only core/doctor/gateway-config --json
8891```
8992@@ -191,6 +194,7 @@ Notes:
191194- Interactive prompts (like keychain/OAuth fixes) only run when stdin is a TTY and `--non-interactive` is **not** set. Headless runs (cron, Telegram, no terminal) will skip prompts.
192195- Performance: non-interactive `doctor` runs skip eager plugin loading so headless health checks stay fast. Interactive doctor sessions still load the plugin surfaces needed by the legacy health and repair flow.
193196- `--lint` is stricter than `--non-interactive`: it is always read-only, never prompts, and never applies safe migrations. Run `doctor --fix` or `doctor --repair` when you want doctor to make changes.
197+- By default, doctor does not execute `exec` SecretRefs while checking secrets. Use `openclaw doctor --allow-exec` or `openclaw doctor --lint --allow-exec` only when you intentionally want doctor to run those configured secret resolvers.
194198- `--fix` (alias for `--repair`) writes a backup to `~/.openclaw/openclaw.json.bak` and drops unknown config keys, listing each removal.
195199- Modernized health checks can expose a `repair()` path for `doctor --fix`; checks that do not expose one continue through the existing doctor repair flow.
196200- `doctor --fix --non-interactive` reports missing or stale gateway service definitions but does not install or rewrite them outside update repair mode. Run `openclaw gateway install` for a missing service, or `openclaw gateway install --force` when you intentionally want to replace the launcher.
@@ -214,7 +218,7 @@ Notes:
214218- Doctor warns when skills allowed for the default agent are unavailable in the current runtime environment because bins, env vars, config, or OS requirements are missing. `doctor --fix` can disable those unavailable skills with `skills.entries.<skill>.enabled=false`; install/configure the missing requirement instead when you want to keep the skill active.
215219- If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`).
216220- If legacy sandbox registry files (`~/.openclaw/sandbox/containers.json` or `~/.openclaw/sandbox/browsers.json`) are present, doctor reports them; `openclaw doctor --fix` migrates valid entries into sharded registry directories and quarantines invalid legacy files.
217-- If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials.
221+- If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials. For exec-backed SecretRefs, doctor skips execution unless `--allow-exec` is present.
218222- If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early.
219223- After state-directory migrations, doctor warns when enabled default Telegram or Discord accounts depend on env fallback and `TELEGRAM_BOT_TOKEN` or `DISCORD_BOT_TOKEN` is unavailable to the doctor process.
220224- Telegram `allowFrom` username auto-resolution (`doctor --fix`) requires a resolvable Telegram token in the current command path. If token inspection is unavailable, doctor reports a warning and skips auto-resolution for that pass.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。