From 424560c6c294a4f39d7ccc593cce2cc06c08a399 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Tue, 28 Apr 2026 07:53:31 +0100 Subject: [PATCH] docs: normalize mintlify component closings --- docs/automation/cron-jobs.md | 4 ++-- docs/channels/bluebubbles.md | 2 +- docs/channels/groups.md | 2 +- docs/channels/mattermost.md | 2 +- docs/concepts/models.md | 2 +- docs/gateway/heartbeat.md | 2 +- docs/gateway/pairing.md | 2 +- docs/gateway/sandboxing.md | 2 +- docs/gateway/trusted-proxy-auth.md | 2 +- docs/nodes/media-understanding.md | 2 +- docs/tools/acp-agents.md | 4 ++-- docs/tools/exec-approvals.md | 6 +++--- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/automation/cron-jobs.md b/docs/automation/cron-jobs.md index 03d007de233..092505a9df9 100644 --- a/docs/automation/cron-jobs.md +++ b/docs/automation/cron-jobs.md @@ -278,7 +278,7 @@ Keep hook endpoints behind loopback, tailnet, or trusted reverse proxy. - Keep `hooks.allowRequestSessionKey=false` unless you require caller-selected sessions. - If you enable `hooks.allowRequestSessionKey`, also set `hooks.allowedSessionKeyPrefixes` to constrain allowed session key shapes. - Hook payloads are wrapped with safety boundaries by default. - + ## Gmail PubSub integration @@ -382,7 +382,7 @@ Model override note: - Configured fallback chains still apply because cron `--model` is a job primary, not a session `/model` override. - Payload `fallbacks` replaces configured fallbacks for that job; `fallbacks: []` disables fallback and makes the run strict. - A plain `--model` with no explicit or configured fallback list does not fall through to the agent primary as a silent extra retry target. - + ## Configuration diff --git a/docs/channels/bluebubbles.md b/docs/channels/bluebubbles.md index a8084d689c1..f052b63890b 100644 --- a/docs/channels/bluebubbles.md +++ b/docs/channels/bluebubbles.md @@ -66,7 +66,7 @@ Current OpenClaw releases bundle BlueBubbles, so normal packaged builds do not n - Always set a webhook password. - Webhook authentication is always required. OpenClaw rejects BlueBubbles webhook requests unless they include a password/guid that matches `channels.bluebubbles.password` (for example `?password=` or `x-password`), regardless of loopback/proxy topology. - Password authentication is checked before reading/parsing full webhook bodies. - + ## Keeping Messages.app alive (VM / headless setups) diff --git a/docs/channels/groups.md b/docs/channels/groups.md index 59588522582..3415917e67b 100644 --- a/docs/channels/groups.md +++ b/docs/channels/groups.md @@ -26,7 +26,7 @@ Translation: allowlisted senders can trigger OpenClaw by mentioning it. - **DM access** is controlled by `*.allowFrom`. - **Group access** is controlled by `*.groupPolicy` + allowlists (`*.groups`, `*.groupAllowFrom`). - **Reply triggering** is controlled by mention gating (`requireMention`, `/activation`). - + Quick flow (what happens to a group message): diff --git a/docs/channels/mattermost.md b/docs/channels/mattermost.md index 72cbc0469cc..ce21a70c6f8 100644 --- a/docs/channels/mattermost.md +++ b/docs/channels/mattermost.md @@ -418,7 +418,7 @@ External scripts and webhooks can post buttons directly via the Mattermost REST 4. Action `id` must be **alphanumeric only** (`[a-zA-Z0-9]`). Hyphens and underscores break Mattermost's server-side action routing (returns 404). Strip them before use. 5. `context.action_id` must match the button's `id` so the confirmation message shows the button name (e.g., "Approve") instead of a raw ID. 6. `context.action_id` is required — the interaction handler returns 400 without it. - + **HMAC token generation** diff --git a/docs/concepts/models.md b/docs/concepts/models.md index 74508728a1e..39ae18a7de8 100644 --- a/docs/concepts/models.md +++ b/docs/concepts/models.md @@ -127,7 +127,7 @@ This happens **before** a normal reply is generated, so the message can feel lik - Add the model to `agents.defaults.models`, or - Clear the allowlist (remove `agents.defaults.models`), or - Pick a model from `/model list`. - + Example allowlist config: diff --git a/docs/gateway/heartbeat.md b/docs/gateway/heartbeat.md index 6f71a970c33..c511cf223a2 100644 --- a/docs/gateway/heartbeat.md +++ b/docs/gateway/heartbeat.md @@ -235,7 +235,7 @@ Use `accountId` to target a specific account on multi-account channels like Tele - `main` (default): agent main session. - Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)). - Session key formats: see [Sessions](/concepts/session) and [Groups](/channels/groups). - + - `last`: deliver to the last used external channel. - explicit channel: any configured channel or plugin id, for example `discord`, `matrix`, `telegram`, or `whatsapp`. diff --git a/docs/gateway/pairing.md b/docs/gateway/pairing.md index 78ec51c8e55..f15e8195c5b 100644 --- a/docs/gateway/pairing.md +++ b/docs/gateway/pairing.md @@ -82,7 +82,7 @@ Node pairing is a trust and identity flow plus token issuance. It does **not** p - Live node commands come from what the node declares on connect after the gateway's global node command policy (`gateway.nodes.allowCommands` and `denyCommands`) is applied. - Per-node `system.run` allow and ask policy lives on the node in `exec.approvals.node.*`, not in the pairing record. - + ## Node command gating (2026.3.31+) diff --git a/docs/gateway/sandboxing.md b/docs/gateway/sandboxing.md index 34c62985a3b..d362303d6df 100644 --- a/docs/gateway/sandboxing.md +++ b/docs/gateway/sandboxing.md @@ -349,7 +349,7 @@ Example (read-only source + an extra data directory): - Sensitive mounts (secrets, SSH keys, service credentials) should be `:ro` unless absolutely required. - Combine with `workspaceAccess: "ro"` if you only need read access to the workspace; bind modes stay independent. - See [Sandbox vs Tool Policy vs Elevated](/gateway/sandbox-vs-tool-policy-vs-elevated) for how binds interact with tool policy and elevated exec. - + ## Images and setup diff --git a/docs/gateway/trusted-proxy-auth.md b/docs/gateway/trusted-proxy-auth.md index 96b070e64df..534ccfd198e 100644 --- a/docs/gateway/trusted-proxy-auth.md +++ b/docs/gateway/trusted-proxy-auth.md @@ -99,7 +99,7 @@ Implications: - Internal Gateway clients that do not travel through the reverse proxy should use `gateway.auth.password` / `OPENCLAW_GATEWAY_PASSWORD`, not trusted-proxy identity headers. - Non-loopback Control UI deployments still need explicit `gateway.controlUi.allowedOrigins`. - **Forwarded-header evidence overrides loopback locality for local direct fallback.** If a request arrives on loopback but carries `X-Forwarded-For` / `X-Forwarded-Host` / `X-Forwarded-Proto` headers pointing at a non-local origin, that evidence disqualifies local-direct password fallback and device-identity gating. With `allowLoopback: true`, trusted-proxy auth can still accept the request as a same-host proxy request, while `requiredHeaders` and `allowUsers` continue to apply. - + ### Configuration reference diff --git a/docs/nodes/media-understanding.md b/docs/nodes/media-understanding.md index 1a8494cffd7..9da0610a244 100644 --- a/docs/nodes/media-understanding.md +++ b/docs/nodes/media-understanding.md @@ -259,7 +259,7 @@ For CLI entries, **set `capabilities` explicitly** to avoid surprising matches. - `minimax` and `minimax-portal` image understanding comes from the plugin-owned `MiniMax-VL-01` media provider. - The bundled MiniMax text catalog still starts text-only; explicit `models.providers.minimax` entries materialize image-capable M2.7 chat refs. - + ## Model selection guidance diff --git a/docs/tools/acp-agents.md b/docs/tools/acp-agents.md index cb084718469..ddaa38749b1 100644 --- a/docs/tools/acp-agents.md +++ b/docs/tools/acp-agents.md @@ -323,7 +323,7 @@ top-level `bindings[]` entries. - **Telegram forum topic:** `match.channel="telegram"` + `match.peer.id=":topic:"` - **BlueBubbles DM/group:** `match.channel="bluebubbles"` + `match.peer.id=""`. Prefer `chat_id:*` or `chat_identifier:*` for stable group bindings. - **iMessage DM/group:** `match.channel="imessage"` + `match.peer.id=""`. Prefer `chat_id:*` for stable group bindings. - + The owning OpenClaw agent id. @@ -714,7 +714,7 @@ OpenClaw sandbox. - OpenClaw's sandbox policy does **not** wrap ACP harness execution. - OpenClaw still enforces ACP feature gates, allowed agents, session ownership, channel bindings, and Gateway delivery policy. - Use `runtime: "subagent"` for sandbox-enforced OpenClaw-native work. - + Current limitations: diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md index 2354be48130..0a649e732cb 100644 --- a/docs/tools/exec-approvals.md +++ b/docs/tools/exec-approvals.md @@ -137,7 +137,7 @@ Example schema: - `deny` — block. - `allowlist` — allow only if allowlist matches. - `full` — allow. - + ### `tools.exec.strictInlineEval` @@ -184,7 +184,7 @@ YOLO is the default host behavior unless you tighten it explicitly: - YOLO chooses **how** host exec is approved: `security=full` plus `ask=off`. - In YOLO mode, OpenClaw does **not** add a separate heuristic command-obfuscation approval gate or script-preflight rejection layer on top of the configured host exec policy. - `auto` does not make gateway routing a free override from a sandboxed session. A per-call `host=node` request is allowed from `auto`; `host=gateway` is only allowed from `auto` when no sandbox runtime is active. For a stable non-auto default, set `tools.exec.host` or use `/exec host=...` explicitly. - + CLI-backed providers that expose their own noninteractive permission mode can follow this policy. Claude CLI adds @@ -262,7 +262,7 @@ EOF - `openclaw exec-policy` does not synchronize node approvals. - `openclaw exec-policy set --host node` is rejected. - Node exec approvals are fetched from the node at runtime, so node-targeted updates must use `openclaw approvals --node ...`. - + ### Session-only shortcut