























@@ -310,16 +310,127 @@ Enable encryption:
310310311311Verification commands (all take `--verbose` for diagnostics and `--json` for machine-readable output):
312312313-| Command | Purpose |
314-| -------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
315-| `openclaw matrix verify status` | Check cross-signing and device verification state |
316-| `openclaw matrix verify status --include-recovery-key --json` | Include the stored recovery key |
317-| `openclaw matrix verify bootstrap` | Bootstrap cross-signing and verification (see below) |
318-| `openclaw matrix verify bootstrap --force-reset-cross-signing` | Discard the current cross-signing identity and create a new one |
319-| `openclaw matrix verify device "<recovery-key>"` | Verify this device with a recovery key |
320-| `openclaw matrix verify backup status` | Check room-key backup health |
321-| `openclaw matrix verify backup restore` | Restore room keys from server backup |
322-| `openclaw matrix verify backup reset --yes` | Delete the current backup and create a fresh baseline (may recreate secret storage) |
313+```bash
314+openclaw matrix verify status
315+```
316+317+Verbose status (full diagnostics):
318+319+```bash
320+openclaw matrix verify status --verbose
321+```
322+323+Include the stored recovery key in machine-readable output:
324+325+```bash
326+openclaw matrix verify status --include-recovery-key --json
327+```
328+329+Bootstrap cross-signing and verification state:
330+331+```bash
332+openclaw matrix verify bootstrap
333+```
334+335+Verbose bootstrap diagnostics:
336+337+```bash
338+openclaw matrix verify bootstrap --verbose
339+```
340+341+Force a fresh cross-signing identity reset before bootstrapping:
342+343+```bash
344+openclaw matrix verify bootstrap --force-reset-cross-signing
345+```
346+347+Verify this device with a recovery key:
348+349+```bash
350+openclaw matrix verify device "<your-recovery-key>"
351+```
352+353+This command reports three separate states:
354+355+- `Recovery key accepted`: Matrix accepted the recovery key for secret storage or device trust.
356+- `Backup usable`: room-key backup can be loaded with trusted recovery material.
357+- `Device verified by owner`: the current OpenClaw device has full Matrix cross-signing identity trust.
358+359+`Signed by owner` in verbose or JSON output is diagnostic only. OpenClaw does not
360+treat that as sufficient unless `Cross-signing verified` is also `yes`.
361+362+The command still exits non-zero when full Matrix identity trust is incomplete,
363+even if the recovery key can unlock backup material. In that case, complete
364+self-verification from another Matrix client:
365+366+```bash
367+openclaw matrix verify self
368+```
369+370+Accept the request in another Matrix client, compare the SAS emoji or decimals,
371+and type `yes` only when they match. The command waits for Matrix to report
372+`Cross-signing verified: yes` before it exits successfully.
373+374+Use `verify bootstrap --force-reset-cross-signing` only when you intentionally
375+want to replace the current cross-signing identity.
376+377+Verbose device verification details:
378+379+```bash
380+openclaw matrix verify device "<your-recovery-key>" --verbose
381+```
382+383+Check room-key backup health:
384+385+```bash
386+openclaw matrix verify backup status
387+```
388+389+Verbose backup health diagnostics:
390+391+```bash
392+openclaw matrix verify backup status --verbose
393+```
394+395+Restore room keys from server backup:
396+397+```bash
398+openclaw matrix verify backup restore
399+```
400+401+Interactive self-verification flow:
402+403+```bash
404+openclaw matrix verify self
405+```
406+407+For lower-level or inbound verification requests, use:
408+409+```bash
410+openclaw matrix verify accept <id>
411+openclaw matrix verify start <id>
412+openclaw matrix verify sas <id>
413+openclaw matrix verify confirm-sas <id>
414+```
415+416+Use `openclaw matrix verify cancel <id>` to cancel a request.
417+418+Verbose restore diagnostics:
419+420+```bash
421+openclaw matrix verify backup restore --verbose
422+```
423+424+Delete the current server backup and create a fresh backup baseline. If the stored
425+backup key cannot be loaded cleanly, this reset can also recreate secret storage so
426+future cold starts can load the new backup key:
427+428+```bash
429+openclaw matrix verify backup reset --yes
430+```
431+432+All `verify` commands are concise by default (including quiet internal SDK logging) and show detailed diagnostics only with `--verbose`.
433+Use `--json` for full machine-readable output when scripting.
323434324435In multi-account setups, Matrix CLI commands use the implicit Matrix default account unless you pass `--account <id>`.
325436If you configure multiple named accounts, set `channels.matrix.defaultAccount` first or those implicit CLI operations will stop and ask you to choose an account explicitly.
@@ -341,7 +452,9 @@ When encryption is disabled or unavailable for a named account, Matrix warnings
341452- `Cross-signing verified`: the SDK reports verification via cross-signing
342453- `Signed by owner`: signed by your own self-signing key
343454344-`Verified by owner` becomes `yes` only when cross-signing or owner-signing is present. Local trust alone is not enough.
455+`Verified by owner` becomes `yes` only when cross-signing verification is present.
456+Local trust or an owner signature by itself is not enough for OpenClaw to treat
457+the device as fully verified.
345458346459</Accordion>
347460此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。