惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
GbyAI
GbyAI
T
Tailwind CSS Blog
Know Your Adversary
Know Your Adversary
小众软件
小众软件
Security Latest
Security Latest
博客园 - 聂微东
P
Privacy International News Feed
L
Lohrmann on Cybersecurity
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
阮一峰的网络日志
阮一峰的网络日志
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
Last Week in AI
Last Week in AI
The Register - Security
The Register - Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
NISL@THU
NISL@THU
Spread Privacy
Spread Privacy
Google DeepMind News
Google DeepMind News
P
Palo Alto Networks Blog
S
Schneier on Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
The Exploit Database - CXSecurity.com
月光博客
月光博客
C
CERT Recently Published Vulnerability Notes
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
量子位
K
Kaspersky official blog
T
Threatpost
Latest news
Latest news
The Cloudflare Blog
MyScale Blog
MyScale Blog
C
Cisco Blogs
T
Tor Project blog
S
Securelist
Cisco Talos Blog
Cisco Talos Blog
The GitHub Blog
The GitHub Blog
A
Arctic Wolf
T
Threat Research - Cisco Blogs
H
Help Net Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
feat: add Crestodian setup helper · openclaw/openclaw@2011de6
steipete · 2026-04-25 · via Recent Commits to openclaw:main

@@ -0,0 +1,290 @@

1+

---

2+

summary: "CLI reference and security model for Crestodian, the configless-safe setup and repair helper"

3+

read_when:

4+

- You run openclaw with no command and want to understand Crestodian

5+

- You need a configless-safe way to inspect or repair OpenClaw

6+

- You are designing or enabling message-channel rescue mode

7+

title: "Crestodian"

8+

---

9+10+

# `openclaw crestodian`

11+12+

Crestodian is OpenClaw's local setup, repair, and configuration helper. It is

13+

designed to stay reachable when the normal agent path is broken.

14+15+

Running `openclaw` with no command starts Crestodian in an interactive terminal.

16+

Running `openclaw crestodian` starts the same helper explicitly.

17+18+

## What Crestodian shows

19+20+

On startup, Crestodian prints a compact system overview:

21+22+

- config path and validity

23+

- configured agents and the default agent

24+

- default model

25+

- local Codex and Claude Code CLI availability

26+

- OpenAI and Anthropic API-key presence

27+

- planner mode (`deterministic` or model-assisted through the configured model)

28+

- local docs path or the public docs URL

29+

- local source path for Git checkouts, otherwise the OpenClaw GitHub source URL

30+

- gateway reachability

31+

- the immediate recommended next step

32+33+

It does not dump secrets or load plugin CLI commands just to start.

34+35+

Crestodian uses the same OpenClaw reference discovery as regular agents. In a Git checkout,

36+

it points itself at local `docs/` and the local source tree. In an npm package install, it

37+

uses the bundled package docs and links to

38+

[https://github.com/openclaw/openclaw](https://github.com/openclaw/openclaw), with explicit

39+

guidance to review source whenever the docs are not enough.

40+41+

## Examples

42+43+

```bash

44+

openclaw

45+

openclaw crestodian

46+

openclaw crestodian --json

47+

openclaw crestodian --message "models"

48+

openclaw crestodian --message "validate config"

49+

openclaw crestodian --message "setup workspace ~/Projects/work model openai/gpt-5.5" --yes

50+

openclaw crestodian --message "set default model openai/gpt-5.5" --yes

51+

openclaw onboard --modern

52+

```

53+54+

Inside the interactive prompt:

55+56+

```text

57+

status

58+

health

59+

doctor

60+

doctor fix

61+

validate config

62+

setup

63+

setup workspace ~/Projects/work model openai/gpt-5.5

64+

config set gateway.port 19001

65+

config set-ref gateway.auth.token env OPENCLAW_GATEWAY_TOKEN

66+

gateway status

67+

restart gateway

68+

agents

69+

create agent work workspace ~/Projects/work

70+

models

71+

set default model openai/gpt-5.5

72+

talk to work agent

73+

talk to agent for ~/Projects/work

74+

audit

75+

quit

76+

```

77+78+

## Safe startup

79+80+

Crestodian's startup path is deliberately small. It can run when:

81+82+

- `openclaw.json` is missing

83+

- `openclaw.json` is invalid

84+

- the Gateway is down

85+

- plugin command registration is unavailable

86+

- no agent has been configured yet

87+88+

`openclaw --help` and `openclaw --version` still use the normal fast paths.

89+

Noninteractive `openclaw` exits with a short message instead of printing root

90+

help, because the no-command product is Crestodian.

91+92+

## Operations and approval

93+94+

Crestodian uses typed operations instead of editing config ad hoc.

95+96+

Read-only operations can run immediately:

97+98+

- show overview

99+

- list agents

100+

- show model/backend status

101+

- run status or health checks

102+

- check Gateway reachability

103+

- run doctor without interactive fixes

104+

- validate config

105+

- show the audit-log path

106+107+

Persistent operations require conversational approval in interactive mode unless

108+

you pass `--yes` for a one-shot command:

109+110+

- write config

111+

- run `config set`

112+

- set supported SecretRef values through `config set-ref`

113+

- run setup/onboarding bootstrap

114+

- change the default model

115+

- start, stop, or restart the Gateway

116+

- create agents

117+

- run doctor repairs that rewrite config or state

118+119+

Applied writes are recorded in:

120+121+

```text

122+

~/.openclaw/audit/crestodian.jsonl

123+

```

124+125+

Discovery is not audited. Only applied operations and writes are logged.

126+127+

`openclaw onboard --modern` starts Crestodian as the modern onboarding preview.

128+

Plain `openclaw onboard` still runs classic onboarding.

129+130+

## Setup Bootstrap

131+132+

`setup` is the chat-first onboarding bootstrap. It writes only through typed

133+

config operations and asks for approval first.

134+135+

```text

136+

setup

137+

setup workspace ~/Projects/work

138+

setup workspace ~/Projects/work model openai/gpt-5.5

139+

```

140+141+

When no model is configured, setup selects the first usable backend in this

142+

order and tells you what it chose:

143+144+

- existing explicit model, if already configured

145+

- `OPENAI_API_KEY` -> `openai/gpt-5.5`

146+

- `ANTHROPIC_API_KEY` -> `anthropic/claude-opus-4-7`

147+

- Claude Code CLI -> `claude-cli/claude-opus-4-7`

148+

- Codex CLI -> `codex-cli/gpt-5.5`

149+150+

If none are available, setup still writes the default workspace and leaves the

151+

model unset. Install or log into Codex/Claude Code, or expose

152+

`OPENAI_API_KEY`/`ANTHROPIC_API_KEY`, then run setup again.

153+154+

## Model-Assisted Planner

155+156+

Crestodian always starts in deterministic mode. Once a valid OpenClaw model is

157+

configured, local Crestodian can make one bounded model call for fuzzy commands

158+

that the deterministic parser does not understand.

159+160+

The model-assisted planner cannot mutate config directly. It must translate the

161+

request into one of Crestodian's typed commands, then the normal approval and

162+

audit rules apply. Crestodian prints the model it used and the interpreted

163+

command before it runs anything.

164+165+

Message-channel rescue mode does not use the model-assisted planner. Remote

166+

rescue stays deterministic so a broken or compromised normal agent path cannot

167+

be used as a config editor.

168+169+

## Switching to an agent

170+171+

Use a natural-language selector to leave Crestodian and open the normal TUI:

172+173+

```text

174+

talk to agent

175+

talk to work agent

176+

switch to main agent

177+

```

178+179+

`openclaw tui`, `openclaw chat`, and `openclaw terminal` still open the normal

180+

agent TUI directly. They do not start Crestodian.

181+182+

After switching into the normal TUI, use `/crestodian` to return to Crestodian.

183+

You can include a follow-up request:

184+185+

```text

186+

/crestodian

187+

/crestodian restart gateway

188+

```

189+190+

Agent switches inside the TUI leave a breadcrumb that `/crestodian` is available.

191+192+

## Message rescue mode

193+194+

Message rescue mode is the message-channel entrypoint for Crestodian. It is for

195+

the case where your normal agent is dead, but a trusted channel such as WhatsApp

196+

still receives commands.

197+198+

Supported text command:

199+200+

- `/crestodian <request>`

201+202+

Operator flow:

203+204+

```text

205+

You, in a trusted owner DM: /crestodian status

206+

OpenClaw: Crestodian rescue mode. Gateway reachable: no. Config valid: no.

207+

You: /crestodian restart gateway

208+

OpenClaw: Plan: restart the Gateway. Reply /crestodian yes to apply.

209+

You: /crestodian yes

210+

OpenClaw: Applied. Audit entry written.

211+

```

212+213+

Agent creation can also be queued from the local prompt or rescue mode:

214+215+

```text

216+

create agent work workspace ~/Projects/work model openai/gpt-5.5

217+

/crestodian create agent work workspace ~/Projects/work

218+

```

219+220+

Remote rescue mode is an admin surface. It must be treated like remote config

221+

repair, not like normal chat.

222+223+

Security contract for remote rescue:

224+225+

- Disabled when sandboxing is active. If an agent/session is sandboxed,

226+

Crestodian must refuse remote rescue and explain that local CLI repair is

227+

required.

228+

- Default effective state is `auto`: allow remote rescue only in trusted YOLO

229+

operation, where the runtime already has unsandboxed local authority.

230+

- Require an explicit owner identity. Rescue must not accept wildcard sender

231+

rules, open group policy, unauthenticated webhooks, or anonymous channels.

232+

- Owner DMs only by default. Group/channel rescue requires explicit opt-in and

233+

should still route approval prompts to the owner DM.

234+

- Remote rescue cannot open the local TUI or switch into an interactive agent

235+

session. Use local `openclaw` for agent handoff.

236+

- Persistent writes still require approval, even in rescue mode.

237+

- Audit every applied rescue operation, including channel, account, sender,

238+

session key, operation, config hash before, and config hash after.

239+

- Never echo secrets. SecretRef inspection should report availability, not

240+

values.

241+

- If the Gateway is alive, prefer Gateway typed operations. If the Gateway is

242+

dead, use only the minimal local repair surface that does not depend on the

243+

normal agent loop.

244+245+

Config shape:

246+247+

```jsonc

248+

{

249+

"crestodian": {

250+

"rescue": {

251+

"enabled": "auto",

252+

"ownerDmOnly": true,

253+

},

254+

},

255+

}

256+

```

257+258+

`enabled` should accept:

259+260+

- `"auto"`: default. Allow only when the effective runtime is YOLO and

261+

sandboxing is off.

262+

- `false`: never allow message-channel rescue.

263+

- `true`: explicitly allow rescue when the owner/channel checks pass. This

264+

still must not bypass the sandboxing denial.

265+266+

The default `"auto"` YOLO posture is:

267+268+

- sandbox mode resolves to `off`

269+

- `tools.exec.security` resolves to `full`

270+

- `tools.exec.ask` resolves to `off`

271+272+

Remote rescue is covered by the Docker lane:

273+274+

```bash

275+

pnpm test:docker:crestodian-rescue

276+

```

277+278+

Fresh configless setup through Crestodian is covered by:

279+280+

```bash

281+

pnpm test:docker:crestodian-first-run

282+

```

283+284+

## Related

285+286+

- [CLI reference](/cli)

287+

- [Doctor](/cli/doctor)

288+

- [TUI](/cli/tui)

289+

- [Sandbox](/cli/sandbox)

290+

- [Security](/cli/security)