chore(sync): mirror docs from openclaw/openclaw@67a2b187b7

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-24 17:44:27 +00:00
parent 5481e39389
commit 9aa34a67e8
18 changed files with 112 additions and 101 deletions

View File

@ -20,27 +20,17 @@ function visitAccordionIndentation(raw, onMisindentedClose) {
if (openAccordion) {
accordionStack.push({
indent: openAccordion[1].length,
hasOutdentedListItem: false,
});
continue;
}
const listItem = line.match(/^(\s*)[-*+]\s+/u);
if (listItem) {
for (const accordion of accordionStack) {
if (listItem[1].length < accordion.indent) {
accordion.hasOutdentedListItem = true;
}
}
}
const closeAccordion = line.match(/^(\s*)<\/Accordion>/u);
if (!closeAccordion) {
continue;
}
const opening = accordionStack.pop();
if (opening && opening.hasOutdentedListItem && closeAccordion[1].length > opening.indent) {
if (opening && closeAccordion[1].length > opening.indent) {
onMisindentedClose({ closeAccordion, index, line, lines, opening });
}
}

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "860dad268d35a944d352b0adbf34c68aa4d3aac9",
"syncedAt": "2026-04-24T17:34:51.890Z"
"sha": "67a2b187b7017d28a7623c88f031107d3308d11a",
"syncedAt": "2026-04-24T17:43:07.137Z"
}

View File

@ -141,7 +141,7 @@ OpenClaw هو منتج وتجربة في آنٍ واحد: فأنت توصل سل
exec الخاصة بـ node نفسها.
- نتائج "غياب التفويض لكل مستخدم" التي تتعامل مع `sessionKey` على أنها
token مصادقة.
</Accordion>
</Accordion>
## خط أساس مقوّى خلال 60 ثانية

View File

@ -136,7 +136,7 @@ Verwenden Sie dies als Schnellmodell bei der Risikobewertung:
Node-Befehlsrichtlinie des Gateway plus die eigenen Exec-Genehmigungen des Node ist.
- Befunde zu „fehlender Autorisierung pro Benutzer“, die `sessionKey` als
Authentifizierungstoken behandeln.
</Accordion>
</Accordion>
## Gehärtete Baseline in 60 Sekunden

View File

@ -129,7 +129,7 @@ Usa esto como modelo rápido al evaluar riesgos:
- Hallazgos sobre firmas de webhook entrantes de Discord para rutas entrantes que no existen en este repositorio.
- Informes que tratan los metadatos de emparejamiento de Node como una segunda capa oculta de aprobación por comando para `system.run`, cuando el límite de ejecución real sigue siendo la política global de comandos de Node del Gateway más las propias aprobaciones de exec del Node.
- Hallazgos de “falta de autorización por usuario” que tratan `sessionKey` como un token de autenticación.
</Accordion>
</Accordion>
## Línea base endurecida en 60 segundos

View File

@ -134,7 +134,7 @@ Utilisez ceci comme modèle rapide lors de lévaluation des risques :
- Rapports qui traitent les métadonnées de pairing Node comme une seconde couche cachée dapprobation par commande pour `system.run`, alors que la véritable frontière dexécution reste la politique globale du gateway pour les commandes Node plus les propres approbations exec du node.
- Constatations de « manque dautorisation par utilisateur » qui traitent `sessionKey` comme un
jeton dauthentification.
</Accordion>
</Accordion>
## Base durcie en 60 secondes

View File

@ -115,8 +115,9 @@ Use this as the quick model when triaging risk:
## Not vulnerabilities by design
<Accordion title="Common findings that are out of scope">
These patterns get reported often and are usually closed as no-action unless
a real boundary bypass is demonstrated:
These patterns get reported often and are usually closed as no-action unless
a real boundary bypass is demonstrated:
- Prompt-injection-only chains without a policy, auth, or sandbox bypass.
- Claims that assume hostile multi-tenant operation on one shared host or
@ -134,7 +135,8 @@ Use this as the quick model when triaging risk:
approvals.
- "Missing per-user authorization" findings that treat `sessionKey` as an
auth token.
</Accordion>
</Accordion>
## Hardened baseline in 60 seconds

View File

@ -335,81 +335,100 @@ Think of the suites as “increasing realism” (and increasing flakiness/cost):
- Runs in CI
- No real keys required
- Should be fast and stable
<AccordionGroup>
<Accordion title="Projects, shards, and scoped lanes"> - Untargeted `pnpm test` runs twelve smaller shard configs (`core-unit-fast`, `core-unit-src`, `core-unit-security`, `core-unit-ui`, `core-unit-support`, `core-support-boundary`, `core-contracts`, `core-bundled`, `core-runtime`, `agentic`, `auto-reply`, `extensions`) instead of one giant native root-project process. This cuts peak RSS on loaded machines and avoids auto-reply/extension work starving unrelated suites. - `pnpm test --watch` still uses the native root `vitest.config.ts` project graph, because a multi-shard watch loop is not practical. - `pnpm test`, `pnpm test:watch`, and `pnpm test:perf:imports` route explicit file/directory targets through scoped lanes first, so `pnpm test extensions/discord/src/monitor/message-handler.preflight.test.ts` avoids paying the full root project startup tax. - `pnpm test:changed` expands changed git paths into the same scoped lanes when the diff only touches routable source/test files; config/setup edits still fall back to the broad root-project rerun. - `pnpm check:changed` is the normal smart local gate for narrow work. It classifies the diff into core, core tests, extensions, extension tests, apps, docs, release metadata, and tooling, then runs the matching typecheck/lint/test lanes. Public Plugin SDK and plugin-contract changes include one extension validation pass because extensions depend on those core contracts. Release metadata-only version bumps run targeted version/config/root-dependency checks instead of the full suite, with a guard that rejects package changes outside the top-level version field. - Import-light unit tests from agents, commands, plugins, auto-reply helpers, `plugin-sdk`, and similar pure utility areas route through the `unit-fast` lane, which skips `test/setup-openclaw-runtime.ts`; stateful/runtime-heavy files stay on the existing lanes. - Selected `plugin-sdk` and `commands` helper source files also map changed-mode runs to explicit sibling tests in those light lanes, so helper edits avoid rerunning the full heavy suite for that directory. - `auto-reply` has three dedicated buckets: top-level core helpers, top-level `reply.*` integration tests, and the `src/auto-reply/reply/**` subtree. This keeps the heaviest reply harness work off the cheap status/chunk/token tests.
</Accordion>
<Accordion title="Embedded runner coverage">
- When you change message-tool discovery inputs or compaction runtime
context, keep both levels of coverage.
- Add focused helper regressions for pure routing and normalization
boundaries.
- Keep the embedded runner integration suites healthy:
`src/agents/pi-embedded-runner/compact.hooks.test.ts`,
`src/agents/pi-embedded-runner/run.overflow-compaction.test.ts`, and
`src/agents/pi-embedded-runner/run.overflow-compaction.loop.test.ts`.
- Those suites verify that scoped ids and compaction behavior still flow
through the real `run.ts` / `compact.ts` paths; helper-only tests are
not a sufficient substitute for those integration paths.
</Accordion>
<AccordionGroup>
<Accordion title="Projects, shards, and scoped lanes">
<Accordion title="Vitest pool and isolation defaults">
- Base Vitest config defaults to `threads`.
- The shared Vitest config fixes `isolate: false` and uses the
non-isolated runner across the root projects, e2e, and live configs.
- The root UI lane keeps its `jsdom` setup and optimizer, but runs on the
shared non-isolated runner too.
- Each `pnpm test` shard inherits the same `threads` + `isolate: false`
defaults from the shared Vitest config.
- `scripts/run-vitest.mjs` adds `--no-maglev` for Vitest child Node
processes by default to reduce V8 compile churn during big local runs.
Set `OPENCLAW_VITEST_ENABLE_MAGLEV=1` to compare against stock V8
behavior.
</Accordion>
- Untargeted `pnpm test` runs twelve smaller shard configs (`core-unit-fast`, `core-unit-src`, `core-unit-security`, `core-unit-ui`, `core-unit-support`, `core-support-boundary`, `core-contracts`, `core-bundled`, `core-runtime`, `agentic`, `auto-reply`, `extensions`) instead of one giant native root-project process. This cuts peak RSS on loaded machines and avoids auto-reply/extension work starving unrelated suites.
- `pnpm test --watch` still uses the native root `vitest.config.ts` project graph, because a multi-shard watch loop is not practical.
- `pnpm test`, `pnpm test:watch`, and `pnpm test:perf:imports` route explicit file/directory targets through scoped lanes first, so `pnpm test extensions/discord/src/monitor/message-handler.preflight.test.ts` avoids paying the full root project startup tax.
- `pnpm test:changed` expands changed git paths into the same scoped lanes when the diff only touches routable source/test files; config/setup edits still fall back to the broad root-project rerun.
- `pnpm check:changed` is the normal smart local gate for narrow work. It classifies the diff into core, core tests, extensions, extension tests, apps, docs, release metadata, and tooling, then runs the matching typecheck/lint/test lanes. Public Plugin SDK and plugin-contract changes include one extension validation pass because extensions depend on those core contracts. Release metadata-only version bumps run targeted version/config/root-dependency checks instead of the full suite, with a guard that rejects package changes outside the top-level version field.
- Import-light unit tests from agents, commands, plugins, auto-reply helpers, `plugin-sdk`, and similar pure utility areas route through the `unit-fast` lane, which skips `test/setup-openclaw-runtime.ts`; stateful/runtime-heavy files stay on the existing lanes.
- Selected `plugin-sdk` and `commands` helper source files also map changed-mode runs to explicit sibling tests in those light lanes, so helper edits avoid rerunning the full heavy suite for that directory.
- `auto-reply` has three dedicated buckets: top-level core helpers, top-level `reply.*` integration tests, and the `src/auto-reply/reply/**` subtree. This keeps the heaviest reply harness work off the cheap status/chunk/token tests.
<Accordion title="Fast local iteration">
- `pnpm changed:lanes` shows which architectural lanes a diff triggers.
- The pre-commit hook is formatting-only. It restages formatted files and
does not run lint, typecheck, or tests.
- Run `pnpm check:changed` explicitly before handoff or push when you
need the smart local gate. Public Plugin SDK and plugin-contract
changes include one extension validation pass.
- `pnpm test:changed` routes through scoped lanes when the changed paths
map cleanly to a smaller suite.
- `pnpm test:max` and `pnpm test:changed:max` keep the same routing
behavior, just with a higher worker cap.
- Local worker auto-scaling is intentionally conservative and backs off
when the host load average is already high, so multiple concurrent
Vitest runs do less damage by default.
- The base Vitest config marks the projects/config files as
`forceRerunTriggers` so changed-mode reruns stay correct when test
wiring changes.
- The config keeps `OPENCLAW_VITEST_FS_MODULE_CACHE` enabled on supported
hosts; set `OPENCLAW_VITEST_FS_MODULE_CACHE_PATH=/abs/path` if you want
one explicit cache location for direct profiling.
</Accordion>
</Accordion>
<Accordion title="Perf debugging">
- `pnpm test:perf:imports` enables Vitest import-duration reporting plus
import-breakdown output.
- `pnpm test:perf:imports:changed` scopes the same profiling view to
files changed since `origin/main`.
- When one hot test still spends most of its time in startup imports,
keep heavy dependencies behind a narrow local `*.runtime.ts` seam and
mock that seam directly instead of deep-importing runtime helpers just
to pass them through `vi.mock(...)`.
- `pnpm test:perf:changed:bench -- --ref <git-ref>` compares routed
`test:changed` against the native root-project path for that committed
diff and prints wall time plus macOS max RSS.
- `pnpm test:perf:changed:bench -- --worktree` benchmarks the current
dirty tree by routing the changed file list through
`scripts/test-projects.mjs` and the root Vitest config.
- `pnpm test:perf:profile:main` writes a main-thread CPU profile for
Vitest/Vite startup and transform overhead.
- `pnpm test:perf:profile:runner` writes runner CPU+heap profiles for the
unit suite with file parallelism disabled.
</Accordion>
</AccordionGroup>
<Accordion title="Embedded runner coverage">
- When you change message-tool discovery inputs or compaction runtime
context, keep both levels of coverage.
- Add focused helper regressions for pure routing and normalization
boundaries.
- Keep the embedded runner integration suites healthy:
`src/agents/pi-embedded-runner/compact.hooks.test.ts`,
`src/agents/pi-embedded-runner/run.overflow-compaction.test.ts`, and
`src/agents/pi-embedded-runner/run.overflow-compaction.loop.test.ts`.
- Those suites verify that scoped ids and compaction behavior still flow
through the real `run.ts` / `compact.ts` paths; helper-only tests are
not a sufficient substitute for those integration paths.
</Accordion>
<Accordion title="Vitest pool and isolation defaults">
- Base Vitest config defaults to `threads`.
- The shared Vitest config fixes `isolate: false` and uses the
non-isolated runner across the root projects, e2e, and live configs.
- The root UI lane keeps its `jsdom` setup and optimizer, but runs on the
shared non-isolated runner too.
- Each `pnpm test` shard inherits the same `threads` + `isolate: false`
defaults from the shared Vitest config.
- `scripts/run-vitest.mjs` adds `--no-maglev` for Vitest child Node
processes by default to reduce V8 compile churn during big local runs.
Set `OPENCLAW_VITEST_ENABLE_MAGLEV=1` to compare against stock V8
behavior.
</Accordion>
<Accordion title="Fast local iteration">
- `pnpm changed:lanes` shows which architectural lanes a diff triggers.
- The pre-commit hook is formatting-only. It restages formatted files and
does not run lint, typecheck, or tests.
- Run `pnpm check:changed` explicitly before handoff or push when you
need the smart local gate. Public Plugin SDK and plugin-contract
changes include one extension validation pass.
- `pnpm test:changed` routes through scoped lanes when the changed paths
map cleanly to a smaller suite.
- `pnpm test:max` and `pnpm test:changed:max` keep the same routing
behavior, just with a higher worker cap.
- Local worker auto-scaling is intentionally conservative and backs off
when the host load average is already high, so multiple concurrent
Vitest runs do less damage by default.
- The base Vitest config marks the projects/config files as
`forceRerunTriggers` so changed-mode reruns stay correct when test
wiring changes.
- The config keeps `OPENCLAW_VITEST_FS_MODULE_CACHE` enabled on supported
hosts; set `OPENCLAW_VITEST_FS_MODULE_CACHE_PATH=/abs/path` if you want
one explicit cache location for direct profiling.
</Accordion>
<Accordion title="Perf debugging">
- `pnpm test:perf:imports` enables Vitest import-duration reporting plus
import-breakdown output.
- `pnpm test:perf:imports:changed` scopes the same profiling view to
files changed since `origin/main`.
- When one hot test still spends most of its time in startup imports,
keep heavy dependencies behind a narrow local `*.runtime.ts` seam and
mock that seam directly instead of deep-importing runtime helpers just
to pass them through `vi.mock(...)`.
- `pnpm test:perf:changed:bench -- --ref <git-ref>` compares routed
`test:changed` against the native root-project path for that committed
diff and prints wall time plus macOS max RSS.
- `pnpm test:perf:changed:bench -- --worktree` benchmarks the current
dirty tree by routing the changed file list through
`scripts/test-projects.mjs` and the root Vitest config.
- `pnpm test:perf:profile:main` writes a main-thread CPU profile for
Vitest/Vite startup and transform overhead.
- `pnpm test:perf:profile:runner` writes runner CPU+heap profiles for the
unit suite with file parallelism disabled.
</Accordion>
</AccordionGroup>
### Stability (gateway)

View File

@ -141,7 +141,7 @@ Gunakan ini sebagai model cepat saat melakukan triase risiko:
sendiri.
- Temuan "otorisasi per pengguna tidak ada" yang memperlakukan `sessionKey` sebagai
token auth.
</Accordion>
</Accordion>
## Baseline hardening dalam 60 detik

View File

@ -138,7 +138,7 @@ Usala come modello rapido quando valuti il rischio:
- Segnalazioni che trattano i metadati di abbinamento dei node come un secondo livello nascosto di approvazione per comando per `system.run`, quando il vero confine di esecuzione resta la policy globale dei comandi node del gateway più le approvazioni exec del node stesso.
- Segnalazioni di "autorizzazione per utente mancante" che trattano `sessionKey` come un
token di autenticazione.
</Accordion>
</Accordion>
## Baseline hardening in 60 secondi

View File

@ -130,7 +130,7 @@ GatewayとNodeは役割が異なるものの、1つのオペレーター信頼
- このリポジトリに存在しない受信経路に対するDiscord受信Webhook署名の指摘。
- `system.run`に対して、Nodeペアリングメタデータを隠れた第2のコマンド単位承認レイヤーと見なす報告。実際の実行境界は、依然としてGatewayのグローバルなNodeコマンドポリシーとNode自身のexec承認です。
- `sessionKey`を認証トークンとして扱う「ユーザー単位認可の欠如」という指摘。
</Accordion>
</Accordion>
## 60秒でできるハードニング済みベースライン

View File

@ -125,7 +125,7 @@ Gateway와 Node는 역할은 다르지만 하나의 운영자 신뢰 도메인
- 이 리포지토리에 존재하지 않는 인바운드 경로에 대한 Discord 인바운드 Webhook 서명 관련 지적.
- `system.run`에 대해 실제 실행 경계가 여전히 Gateway의 전역 Node 명령 정책과 Node 자체의 exec 승인인데도, Node 페어링 메타데이터를 명령별 숨겨진 2차 승인 계층처럼 취급하는 보고.
- `sessionKey`를 인증 토큰처럼 취급하는 "사용자별 권한 부여 누락" 관련 지적.
</Accordion>
</Accordion>
## 60초 안에 적용하는 하드닝된 기본값

View File

@ -142,7 +142,7 @@ Używaj tego jako szybkiego modelu przy triage ryzyka:
Node.
- Znaleziska „braku autoryzacji per użytkownik”, które traktują `sessionKey` jako
token auth.
</Accordion>
</Accordion>
## Utwardzona baza w 60 sekund

View File

@ -140,7 +140,7 @@ Use isto como modelo rápido ao classificar risco:
do node.
- Achados de “autorização por usuário ausente” que tratam `sessionKey` como um
token de autenticação.
</Accordion>
</Accordion>
## Baseline reforçado em 60 segundos

View File

@ -133,7 +133,7 @@ OpenClaw ถือว่าโฮสต์และขอบเขตคอน
บวกกับ exec approval ของ Node เอง
- ข้อค้นพบเรื่อง "ขาดการยืนยันสิทธิ์รายผู้ใช้" ที่ถือว่า `sessionKey` เป็น
auth token
</Accordion>
</Accordion>
## baseline แบบ hardened ใน 60 วินาที

View File

@ -140,7 +140,7 @@ Risk değerlendirmesinde hızlı model olarak bunu kullanın:
onaylarıdır.
- `sessionKey` değerini auth token'ı gibi ele alan "eksik kullanıcı başına yetkilendirme"
bulguları.
</Accordion>
</Accordion>
## 60 saniyede sağlamlaştırılmış temel

View File

@ -130,7 +130,7 @@ OpenClaw виходить із того, що хост і межа конфіг
- Знахідки про перевірку підпису вхідного Webhook Discord для вхідних шляхів, яких немає в цьому репозиторії.
- Звіти, які трактують метадані pairing node як прихований другий рівень схвалення кожної команди для `system.run`, тоді як реальна межа виконання — це все ще глобальна політика Gateway для команд node плюс власні схвалення exec самого node.
- Знахідки про "відсутню авторизацію на рівні користувача", які трактують `sessionKey` як токен автентифікації.
</Accordion>
</Accordion>
## Посилена базова конфігурація за 60 секунд

View File

@ -128,7 +128,7 @@ OpenClaw 假定主机和配置边界是受信任的:
- 将节点配对元数据视为 `system.run` 的隐藏的第二层逐命令批准机制的报告,而实际执行边界仍然是 gateway 的全局节点命令策略加上节点自身的 exec
批准机制。
- 将 `sessionKey` 当作认证令牌,从而得出“缺少按用户授权”的报告。
</Accordion>
</Accordion>
## 60 秒内建立加固基线