chore(sync): mirror docs from openclaw/openclaw@57f05128cb
This commit is contained in:
parent
4cef1a656e
commit
6c2ce7914c
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "5404bbbb7196db3a31f0f54f4393223c1733a76d",
|
||||
"syncedAt": "2026-04-26T00:57:28.818Z"
|
||||
"sha": "57f05128cba9c3cf2e8b0cb52a54ae7daa7a8608",
|
||||
"syncedAt": "2026-04-26T00:58:04.044Z"
|
||||
}
|
||||
|
||||
@ -239,13 +239,13 @@ Security contract for remote rescue:
|
||||
operation, where the runtime already has unsandboxed local authority.
|
||||
- Require an explicit owner identity. Rescue must not accept wildcard sender
|
||||
rules, open group policy, unauthenticated webhooks, or anonymous channels.
|
||||
- Owner DMs only by default. Group/channel rescue requires explicit opt-in and
|
||||
should still route approval prompts to the owner DM.
|
||||
- Owner DMs only by default. Group/channel rescue requires explicit opt-in.
|
||||
- Remote rescue cannot open the local TUI or switch into an interactive agent
|
||||
session. Use local `openclaw` for agent handoff.
|
||||
- Persistent writes still require approval, even in rescue mode.
|
||||
- Audit every applied rescue operation, including channel, account, sender,
|
||||
session key, operation, config hash before, and config hash after.
|
||||
- Audit every applied rescue operation. Message-channel rescue records channel,
|
||||
account, sender, and source-address metadata. Config-mutating operations also
|
||||
record config hashes before and after.
|
||||
- Never echo secrets. SecretRef inspection should report availability, not
|
||||
values.
|
||||
- If the Gateway is alive, prefer Gateway typed operations. If the Gateway is
|
||||
|
||||
Loading…
Reference in New Issue
Block a user