From 6835e1ff574c4aa4b0eb5b9cf3e9c29af7af7dc5 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Tue, 21 Apr 2026 04:42:58 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@5275d008ed33203dba3f98e969ad683a65c416c3 --- .openclaw-sync/source.json | 4 ++-- docs/gateway/configuration-reference.md | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index d0bf46948..bfadcfbd7 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "b485ee7e36b1368b4793064da92bf427491f44f0", - "syncedAt": "2026-04-21T04:34:12.980Z" + "sha": "5275d008ed33203dba3f98e969ad683a65c416c3", + "syncedAt": "2026-04-21T04:42:58.121Z" } diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 38eb98984..dd1c9343f 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -3193,8 +3193,8 @@ See [Multiple Gateways](/gateway/multiple-gateways). path: "/hooks", maxBodyBytes: 262144, defaultSessionKey: "hook:ingress", - allowRequestSessionKey: false, - allowedSessionKeyPrefixes: ["hook:"], + allowRequestSessionKey: true, + allowedSessionKeyPrefixes: ["hook:", "hook:gmail:"], allowedAgentIds: ["hooks", "main"], presets: ["gmail"], transformsDir: "~/.openclaw/hooks/transforms", @@ -3225,6 +3225,7 @@ Validation and safety notes: - `hooks.token` must be **distinct** from `gateway.auth.token`; reusing the Gateway token is rejected. - `hooks.path` cannot be `/`; use a dedicated subpath such as `/hooks`. - If `hooks.allowRequestSessionKey=true`, constrain `hooks.allowedSessionKeyPrefixes` (for example `["hook:"]`). +- If a mapping or preset uses a templated `sessionKey`, set `hooks.allowedSessionKeyPrefixes` and `hooks.allowRequestSessionKey=true`. Static mapping keys do not require that opt-in. **Endpoints:** @@ -3232,6 +3233,7 @@ Validation and safety notes: - `POST /hooks/agent` → `{ message, name?, agentId?, sessionKey?, wakeMode?, deliver?, channel?, to?, model?, thinking?, timeoutSeconds? }` - `sessionKey` from request payload is accepted only when `hooks.allowRequestSessionKey=true` (default: `false`). - `POST /hooks/` → resolved via `hooks.mappings` + - Template-rendered mapping `sessionKey` values are treated as externally supplied and also require `hooks.allowRequestSessionKey=true`. @@ -3243,8 +3245,8 @@ Validation and safety notes: - `agentId` routes to a specific agent; unknown IDs fall back to default. - `allowedAgentIds`: restricts explicit routing (`*` or omitted = allow all, `[]` = deny all). - `defaultSessionKey`: optional fixed session key for hook agent runs without explicit `sessionKey`. -- `allowRequestSessionKey`: allow `/hooks/agent` callers to set `sessionKey` (default: `false`). -- `allowedSessionKeyPrefixes`: optional prefix allowlist for explicit `sessionKey` values (request + mapping), e.g. `["hook:"]`. +- `allowRequestSessionKey`: allow `/hooks/agent` callers and template-driven mapping session keys to set `sessionKey` (default: `false`). +- `allowedSessionKeyPrefixes`: optional prefix allowlist for explicit `sessionKey` values (request + mapping), e.g. `["hook:"]`. It becomes required when any mapping or preset uses a templated `sessionKey`. - `deliver: true` sends final reply to a channel; `channel` defaults to `last`. - `model` overrides LLM for this hook run (must be allowed if model catalog is set). @@ -3252,6 +3254,10 @@ Validation and safety notes: ### Gmail integration +- The built-in Gmail preset uses `sessionKey: "hook:gmail:{{messages[0].id}}"`. +- If you keep that per-message routing, set `hooks.allowRequestSessionKey: true` and constrain `hooks.allowedSessionKeyPrefixes` to match the Gmail namespace, for example `["hook:", "hook:gmail:"]`. +- If you need `hooks.allowRequestSessionKey: false`, override the preset with a static `sessionKey` instead of the templated default. + ```json5 { hooks: {