docs: normalize mintlify component closings · openclaw/openclaw@424560c
steipete
·
2026-04-28
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -278,7 +278,7 @@ Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy.
|
278 | 278 | - Keep `hooks.allowRequestSessionKey=false` unless you require caller-selected sessions. |
279 | 279 | - If you enable `hooks.allowRequestSessionKey`, also set `hooks.allowedSessionKeyPrefixes` to constrain allowed session key shapes. |
280 | 280 | - Hook payloads are wrapped with safety boundaries by default. |
281 | | - </Warning> |
| 281 | +</Warning> |
282 | 282 | |
283 | 283 | ## Gmail PubSub integration |
284 | 284 | |
@@ -382,7 +382,7 @@ Model override note:
|
382 | 382 | - Configured fallback chains still apply because cron `--model` is a job primary, not a session `/model` override. |
383 | 383 | - Payload `fallbacks` replaces configured fallbacks for that job; `fallbacks: []` disables fallback and makes the run strict. |
384 | 384 | - A plain `--model` with no explicit or configured fallback list does not fall through to the agent primary as a silent extra retry target. |
385 | | - </Note> |
| 385 | +</Note> |
386 | 386 | |
387 | 387 | ## Configuration |
388 | 388 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -66,7 +66,7 @@ Current OpenClaw releases bundle BlueBubbles, so normal packaged builds do not n
|
66 | 66 | - Always set a webhook password. |
67 | 67 | - Webhook authentication is always required. OpenClaw rejects BlueBubbles webhook requests unless they include a password/guid that matches `channels.bluebubbles.password` (for example `?password=<password>` or `x-password`), regardless of loopback/proxy topology. |
68 | 68 | - Password authentication is checked before reading/parsing full webhook bodies. |
69 | | - </Warning> |
| 69 | +</Warning> |
70 | 70 | |
71 | 71 | ## Keeping Messages.app alive (VM / headless setups) |
72 | 72 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -26,7 +26,7 @@ Translation: allowlisted senders can trigger OpenClaw by mentioning it.
|
26 | 26 | - **DM access** is controlled by `*.allowFrom`. |
27 | 27 | - **Group access** is controlled by `*.groupPolicy` + allowlists (`*.groups`, `*.groupAllowFrom`). |
28 | 28 | - **Reply triggering** is controlled by mention gating (`requireMention`, `/activation`). |
29 | | - </Note> |
| 29 | +</Note> |
30 | 30 | |
31 | 31 | Quick flow (what happens to a group message): |
32 | 32 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -418,7 +418,7 @@ External scripts and webhooks can post buttons directly via the Mattermost REST
|
418 | 418 | 4. Action `id` must be **alphanumeric only** (`[a-zA-Z0-9]`). Hyphens and underscores break Mattermost's server-side action routing (returns 404). Strip them before use. |
419 | 419 | 5. `context.action_id` must match the button's `id` so the confirmation message shows the button name (e.g., "Approve") instead of a raw ID. |
420 | 420 | 6. `context.action_id` is required — the interaction handler returns 400 without it. |
421 | | - </Warning> |
| 421 | +</Warning> |
422 | 422 | |
423 | 423 | **HMAC token generation** |
424 | 424 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -127,7 +127,7 @@ This happens **before** a normal reply is generated, so the message can feel lik
|
127 | 127 | - Add the model to `agents.defaults.models`, or |
128 | 128 | - Clear the allowlist (remove `agents.defaults.models`), or |
129 | 129 | - Pick a model from `/model list`. |
130 | | - </Warning> |
| 130 | +</Warning> |
131 | 131 | |
132 | 132 | Example allowlist config: |
133 | 133 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -235,7 +235,7 @@ Use `accountId` to target a specific account on multi-account channels like Tele
|
235 | 235 | - `main` (default): agent main session. |
236 | 236 | - Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)). |
237 | 237 | - Session key formats: see [Sessions](/concepts/session) and [Groups](/channels/groups). |
238 | | - </ParamField> |
| 238 | +</ParamField> |
239 | 239 | <ParamField path="target" type="string"> |
240 | 240 | - `last`: deliver to the last used external channel. |
241 | 241 | - explicit channel: any configured channel or plugin id, for example `discord`, `matrix`, `telegram`, or `whatsapp`. |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -82,7 +82,7 @@ Node pairing is a trust and identity flow plus token issuance. It does **not** p
|
82 | 82 | |
83 | 83 | - Live node commands come from what the node declares on connect after the gateway's global node command policy (`gateway.nodes.allowCommands` and `denyCommands`) is applied. |
84 | 84 | - Per-node `system.run` allow and ask policy lives on the node in `exec.approvals.node.*`, not in the pairing record. |
85 | | - </Warning> |
| 85 | +</Warning> |
86 | 86 | |
87 | 87 | ## Node command gating (2026.3.31+) |
88 | 88 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -349,7 +349,7 @@ Example (read-only source + an extra data directory):
|
349 | 349 | - Sensitive mounts (secrets, SSH keys, service credentials) should be `:ro` unless absolutely required. |
350 | 350 | - Combine with `workspaceAccess: "ro"` if you only need read access to the workspace; bind modes stay independent. |
351 | 351 | - See [Sandbox vs Tool Policy vs Elevated](/gateway/sandbox-vs-tool-policy-vs-elevated) for how binds interact with tool policy and elevated exec. |
352 | | - </Warning> |
| 352 | +</Warning> |
353 | 353 | |
354 | 354 | ## Images and setup |
355 | 355 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -99,7 +99,7 @@ Implications:
|
99 | 99 | - Internal Gateway clients that do not travel through the reverse proxy should use `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`, not trusted-proxy identity headers. |
100 | 100 | - Non-loopback Control UI deployments still need explicit `gateway.controlUi.allowedOrigins`. |
101 | 101 | - **Forwarded-header evidence overrides loopback locality for local direct fallback.** If a request arrives on loopback but carries `X-Forwarded-For` / `X-Forwarded-Host` / `X-Forwarded-Proto` headers pointing at a non-local origin, that evidence disqualifies local-direct password fallback and device-identity gating. With `allowLoopback: true`, trusted-proxy auth can still accept the request as a same-host proxy request, while `requiredHeaders` and `allowUsers` continue to apply. |
102 | | - </Warning> |
| 102 | +</Warning> |
103 | 103 | |
104 | 104 | ### Configuration reference |
105 | 105 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -259,7 +259,7 @@ For CLI entries, **set `capabilities` explicitly** to avoid surprising matches.
|
259 | 259 | |
260 | 260 | - `minimax` and `minimax-portal` image understanding comes from the plugin-owned `MiniMax-VL-01` media provider. |
261 | 261 | - The bundled MiniMax text catalog still starts text-only; explicit `models.providers.minimax` entries materialize image-capable M2.7 chat refs. |
262 | | - </Note> |
| 262 | +</Note> |
263 | 263 | |
264 | 264 | ## Model selection guidance |
265 | 265 | |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。