






























@@ -9,7 +9,7 @@ OpenClaw has three related (but different) controls:
9910101. **Sandbox** (`agents.defaults.sandbox.*` / `agents.list[].sandbox.*`) decides **where tools run** (sandbox backend vs host).
11112. **Tool policy** (`tools.*`, `tools.sandbox.tools.*`, `agents.list[].tools.*`) decides **which tools are available/allowed**.
12-3. **Elevated** (`tools.elevated.*`, `agents.list[].tools.elevated.*`) is an **exec-only escape hatch** to run outside the sandbox when you’re sandboxed (`gateway` by default, or `node` when the exec target is configured to `node`).
12+3. **Elevated** (`tools.elevated.*`, `agents.list[].tools.elevated.*`) is an **exec-only escape hatch** to run outside the sandbox when you're sandboxed (`gateway` by default, or `node` when the exec target is configured to `node`).
13131414## Quick debug
1515@@ -34,7 +34,7 @@ It prints:
3434Sandboxing is controlled by `agents.defaults.sandbox.mode`:
35353636- `"off"`: everything runs on the host.
37-- `"non-main"`: only non-main sessions are sandboxed (common “surprise” for groups/channels).
37+- `"non-main"`: only non-main sessions are sandboxed (common "surprise" for groups/channels).
3838- `"all"`: everything is sandboxed.
39394040See [Sandboxing](/gateway/sandboxing) for the full matrix (scope, workspace mounts, images).
@@ -103,9 +103,9 @@ Available groups:
103103104104Elevated does **not** grant extra tools; it only affects `exec`.
105105106-- If you’re sandboxed, `/elevated on` (or `exec` with `elevated: true`) runs outside the sandbox (approvals may still apply).
106+- If you're sandboxed, `/elevated on` (or `exec` with `elevated: true`) runs outside the sandbox (approvals may still apply).
107107- Use `/elevated full` to skip exec approvals for the session.
108-- If you’re already running direct, elevated is effectively a no-op (still gated).
108+- If you're already running direct, elevated is effectively a no-op (still gated).
109109- Elevated is **not** skill-scoped and does **not** override tool allow/deny.
110110- Elevated does not grant arbitrary cross-host overrides from `host=auto`; it follows the normal exec target rules and only preserves `node` when the configured/session target is already `node`.
111111- `/exec` is separate from elevated. It only adjusts per-session exec defaults for authorized senders.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。