chore(sync): mirror docs from openclaw/openclaw@9c3b7b7b15
This commit is contained in:
parent
bd081b0d50
commit
e68fe2a644
@ -1,5 +1,5 @@
|
||||
{
|
||||
"repository": "openclaw/openclaw",
|
||||
"sha": "4856cbb017dac9cea4eac6f8f2eb87fd8e09fb28",
|
||||
"syncedAt": "2026-05-04T00:53:47.752Z"
|
||||
"sha": "9c3b7b7b151b7ecdf5b18ebbb8967f26886d9346",
|
||||
"syncedAt": "2026-05-04T00:54:01.430Z"
|
||||
}
|
||||
|
||||
@ -39,6 +39,7 @@ openclaw gateway run
|
||||
|
||||
## Security defaults
|
||||
|
||||
- IRC uses raw TCP/TLS sockets outside OpenClaw operator-managed forward proxy routing. In deployments that require all egress through that forward proxy, set `channels.irc.enabled=false` unless direct IRC egress is explicitly approved.
|
||||
- `channels.irc.dmPolicy` defaults to `"pairing"`.
|
||||
- `channels.irc.groupPolicy` defaults to `"allowlist"`.
|
||||
- With `groupPolicy="allowlist"`, set `channels.irc.groups` to define allowed channels.
|
||||
|
||||
@ -193,6 +193,7 @@ proxy:
|
||||
|
||||
- The proxy improves coverage for process-local JavaScript HTTP and WebSocket clients, but it is not an OS-level network sandbox.
|
||||
- Raw `net`, `tls`, and `http2` sockets, native addons, and child processes may bypass Node-level proxy routing unless they inherit and respect proxy environment variables.
|
||||
- IRC is a raw TCP/TLS channel outside operator-managed forward proxy routing. In deployments that require all egress through that forward proxy, set `channels.irc.enabled=false` unless direct IRC egress is explicitly approved.
|
||||
- User local WebUIs and local model servers should be allowlisted in the operator proxy policy when needed; OpenClaw does not expose a general local-network bypass for them.
|
||||
- Gateway control-plane proxy bypass is intentionally limited to `localhost` and literal loopback IP URLs. Use `ws://127.0.0.1:18789`, `ws://[::1]:18789`, or `ws://localhost:18789` for local direct Gateway control-plane connections; other hostnames route like ordinary hostname-based traffic.
|
||||
- OpenClaw does not inspect, test, or certify your proxy policy.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user