From 20d409ede4d14d5e7231b679e57b07e63b03acae Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Thu, 23 Apr 2026 22:13:48 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@f523bbfcd10d718e02a5aef02e350eb6281e9b59 --- .openclaw-sync/source.json | 4 ++-- docs/.generated/plugin-sdk-api-baseline.sha256 | 4 ++-- docs/concepts/memory-qmd.md | 8 ++++++++ docs/gateway/cli-backends.md | 9 +++++++++ docs/providers/cloudflare-ai-gateway.md | 4 ++-- docs/tools/exec-approvals.md | 5 +++++ 6 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 0b85cfa0e..dd8ce8f8c 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "38f157a1486d6ac68d5b7d21309ea7252509d04f", - "syncedAt": "2026-04-23T21:51:10.569Z" + "sha": "f523bbfcd10d718e02a5aef02e350eb6281e9b59", + "syncedAt": "2026-04-23T22:12:25.160Z" } diff --git a/docs/.generated/plugin-sdk-api-baseline.sha256 b/docs/.generated/plugin-sdk-api-baseline.sha256 index 567b7a08e..535e21e9b 100644 --- a/docs/.generated/plugin-sdk-api-baseline.sha256 +++ b/docs/.generated/plugin-sdk-api-baseline.sha256 @@ -1,2 +1,2 @@ -bc55649a80027756f37892424598653a81fec4bff7b074358fe34d08c7696ebc plugin-sdk-api-baseline.json -312a29d50b4959e4a8e242bb7559548d895a2e03d5ed1b5a395b1133de090578 plugin-sdk-api-baseline.jsonl +f30c9e61b768ca10feca401aefca3cbc8d3a57c5020f85aa9106b4f1a61032c0 plugin-sdk-api-baseline.json +9e5e3e66ac23dddb80cceb8a785f167eec8a108c6c5abe77f3346b01895f6756 plugin-sdk-api-baseline.jsonl diff --git a/docs/concepts/memory-qmd.md b/docs/concepts/memory-qmd.md index 6047e1ec0..96d5c665f 100644 --- a/docs/concepts/memory-qmd.md +++ b/docs/concepts/memory-qmd.md @@ -43,6 +43,9 @@ OpenClaw creates a self-contained QMD home under automatically -- collections, updates, and embedding runs are handled for you. It prefers current QMD collection and MCP query shapes, but still falls back to legacy `--mask` collection flags and older MCP tool names when needed. +Boot-time reconciliation also recreates stale managed collections back to their +canonical patterns when an older QMD collection with the same name is still +present. ## How the sidecar works @@ -166,6 +169,11 @@ Set to `120000` for slower hardware. **Empty results in group chats?** Check `memory.qmd.scope` -- the default only allows direct and channel sessions. +**Root memory search suddenly got too broad?** Restart the gateway or wait for +the next startup reconciliation. OpenClaw recreates stale managed collections +back to canonical `MEMORY.md` and `memory/` patterns when it detects a same-name +conflict. + **Workspace-visible temp repos causing `ENAMETOOLONG` or broken indexing?** QMD traversal currently follows the underlying QMD scanner behavior rather than OpenClaw's builtin symlink rules. Keep temporary monorepo checkouts under diff --git a/docs/gateway/cli-backends.md b/docs/gateway/cli-backends.md index 9deb7127a..796f908fc 100644 --- a/docs/gateway/cli-backends.md +++ b/docs/gateway/cli-backends.md @@ -169,6 +169,15 @@ resolver sees the same filtered set that OpenClaw would otherwise advertise in the prompt. Skill env/API key overrides are still applied by OpenClaw to the child process environment for the run. +Claude CLI also has its own noninteractive permission mode. OpenClaw maps that +to the existing exec policy instead of adding Claude-specific config: when the +effective requested exec policy is YOLO (`tools.exec.security: "full"` and +`tools.exec.ask: "off"`), OpenClaw adds `--permission-mode bypassPermissions`. +Per-agent `agents.list[].tools.exec` settings override global `tools.exec` for +that agent. To force a different Claude mode, set explicit raw backend args +such as `--permission-mode default` or `--permission-mode acceptEdits` under +`agents.defaults.cliBackends.claude-cli.args` and matching `resumeArgs`. + Before OpenClaw can use the bundled `claude-cli` backend, Claude Code itself must already be logged in on the same host: diff --git a/docs/providers/cloudflare-ai-gateway.md b/docs/providers/cloudflare-ai-gateway.md index 4793a4371..f9768c100 100644 --- a/docs/providers/cloudflare-ai-gateway.md +++ b/docs/providers/cloudflare-ai-gateway.md @@ -12,7 +12,7 @@ Cloudflare AI Gateway sits in front of provider APIs and lets you add analytics, | ------------- | ---------------------------------------------------------------------------------------- | | Provider | `cloudflare-ai-gateway` | | Base URL | `https://gateway.ai.cloudflare.com/v1///anthropic` | -| Default model | `cloudflare-ai-gateway/claude-sonnet-4-5` | +| Default model | `cloudflare-ai-gateway/claude-sonnet-4-6` | | API key | `CLOUDFLARE_AI_GATEWAY_API_KEY` (your provider API key for requests through the Gateway) | @@ -39,7 +39,7 @@ For Anthropic models routed through Cloudflare AI Gateway, use your **Anthropic { agents: { defaults: { - model: { primary: "cloudflare-ai-gateway/claude-sonnet-4-5" }, + model: { primary: "cloudflare-ai-gateway/claude-sonnet-4-6" }, }, }, } diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md index 8bd9909f3..2a7c919d1 100644 --- a/docs/tools/exec-approvals.md +++ b/docs/tools/exec-approvals.md @@ -125,6 +125,11 @@ Important distinction: - `tools.exec.host=auto` chooses where exec runs: sandbox when available, otherwise gateway. - YOLO chooses how host exec is approved: `security=full` plus `ask=off`. +- CLI-backed providers that expose their own noninteractive permission mode can follow this policy. + Claude CLI adds `--permission-mode bypassPermissions` when OpenClaw's requested exec policy is + YOLO. Override that backend behavior with explicit Claude args under + `agents.defaults.cliBackends.claude-cli.args` / `resumeArgs`, for example + `--permission-mode default`, `acceptEdits`, or `bypassPermissions`. - In YOLO mode, OpenClaw does not add a separate heuristic command-obfuscation approval gate or script-preflight rejection layer on top of the configured host exec policy. - `auto` does not make gateway routing a free override from a sandboxed session. A per-call `host=node` request is allowed from `auto`, and `host=gateway` is only allowed from `auto` when no sandbox runtime is active. If you want a stable non-auto default, set `tools.exec.host` or use `/exec host=...` explicitly.