From 8fbb5a95d73f218ad2eeb19c16ec57e9aec5325b Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Tue, 28 Apr 2026 09:03:50 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@8f277e4b7f4f06a4cd7825a39b3739d396fb942c --- .openclaw-sync/source.json | 4 ++-- docs/gateway/configuration-reference.md | 2 +- docs/nodes/index.md | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 48abe5a7e..fc3a21095 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "249cb543736444aea79dc2233fa4567ab55e7117", - "syncedAt": "2026-04-28T08:59:27.667Z" + "sha": "8f277e4b7f4f06a4cd7825a39b3739d396fb942c", + "syncedAt": "2026-04-28T09:02:22.957Z" } diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index d5693d1f5..f0112b69b 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -451,7 +451,7 @@ See [Plugins](/tools/plugin). - `trustedProxies`: reverse proxy IPs that terminate TLS or inject forwarded-client headers. Only list proxies you control. Loopback entries are still valid for same-host proxy/local-detection setups (for example Tailscale Serve or a local reverse proxy), but they do **not** make loopback requests eligible for `gateway.auth.mode: "trusted-proxy"`. - `allowRealIpFallback`: when `true`, the gateway accepts `X-Real-IP` if `X-Forwarded-For` is missing. Default `false` for fail-closed behavior. - `gateway.nodes.pairing.autoApproveCidrs`: optional CIDR/IP allowlist for auto-approving first-time node device pairing with no requested scopes. It is disabled when unset. This does not auto-approve operator/browser/Control UI/WebChat pairing, and it does not auto-approve role, scope, metadata, or public-key upgrades. -- `gateway.nodes.allowCommands` / `gateway.nodes.denyCommands`: global allow/deny shaping for declared node commands after pairing and allowlist evaluation. +- `gateway.nodes.allowCommands` / `gateway.nodes.denyCommands`: global allow/deny shaping for declared node commands after pairing and platform allowlist evaluation. Use `allowCommands` to opt into dangerous node commands such as `camera.snap`, `camera.clip`, and `screen.record`; `denyCommands` removes a command even if a platform default or explicit allow would otherwise include it. After a node changes its declared command list, reject and re-approve that device pairing so the gateway stores the updated command snapshot. - `gateway.tools.deny`: extra tool names blocked for HTTP `POST /tools/invoke` (extends default deny list). - `gateway.tools.allow`: remove tool names from the default HTTP deny list. diff --git a/docs/nodes/index.md b/docs/nodes/index.md index 7b5f311d7..3dcd86429 100644 --- a/docs/nodes/index.md +++ b/docs/nodes/index.md @@ -188,6 +188,23 @@ openclaw nodes invoke --node --command canvas.eval --params '{"ja Higher-level helpers exist for the common “give the agent a MEDIA attachment” workflows. +## Command policy + +Node commands must pass two gates before they can be invoked: + +1. The node must declare the command in its WebSocket `connect.commands` list. +2. The gateway's platform policy must allow the declared command. + +Windows and macOS companion nodes allow safe declared commands such as +`canvas.*`, `camera.list`, `location.get`, and `screen.snapshot` by default. +Dangerous or privacy-heavy commands such as `camera.snap`, `camera.clip`, and +`screen.record` still require explicit opt-in with +`gateway.nodes.allowCommands`. `gateway.nodes.denyCommands` always wins over +defaults and extra allowlist entries. + +After a node changes its declared command list, reject the old device pairing +and approve the new request so the gateway stores the updated command snapshot. + ## Screenshots (canvas snapshots) If the node is showing the Canvas (WebView), `canvas.snapshot` returns `{ format, base64 }`.