chore(sync): mirror docs from openclaw/openclaw@57f05128cb

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-26 00:59:28 +00:00
parent 4cef1a656e
commit 6c2ce7914c
2 changed files with 6 additions and 6 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "5404bbbb7196db3a31f0f54f4393223c1733a76d",
"syncedAt": "2026-04-26T00:57:28.818Z"
"sha": "57f05128cba9c3cf2e8b0cb52a54ae7daa7a8608",
"syncedAt": "2026-04-26T00:58:04.044Z"
}

View File

@ -239,13 +239,13 @@ Security contract for remote rescue:
operation, where the runtime already has unsandboxed local authority.
- Require an explicit owner identity. Rescue must not accept wildcard sender
rules, open group policy, unauthenticated webhooks, or anonymous channels.
- Owner DMs only by default. Group/channel rescue requires explicit opt-in and
should still route approval prompts to the owner DM.
- Owner DMs only by default. Group/channel rescue requires explicit opt-in.
- Remote rescue cannot open the local TUI or switch into an interactive agent
session. Use local `openclaw` for agent handoff.
- Persistent writes still require approval, even in rescue mode.
- Audit every applied rescue operation, including channel, account, sender,
session key, operation, config hash before, and config hash after.
- Audit every applied rescue operation. Message-channel rescue records channel,
account, sender, and source-address metadata. Config-mutating operations also
record config hashes before and after.
- Never echo secrets. SecretRef inspection should report availability, not
values.
- If the Gateway is alive, prefer Gateway typed operations. If the Gateway is