chore(sync): mirror docs from openclaw/openclaw@9c3b7b7b15

This commit is contained in:
openclaw-docs-sync[bot] 2026-05-04 00:55:58 +00:00
parent bd081b0d50
commit e68fe2a644
3 changed files with 4 additions and 2 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "4856cbb017dac9cea4eac6f8f2eb87fd8e09fb28",
"syncedAt": "2026-05-04T00:53:47.752Z"
"sha": "9c3b7b7b151b7ecdf5b18ebbb8967f26886d9346",
"syncedAt": "2026-05-04T00:54:01.430Z"
}

View File

@ -39,6 +39,7 @@ openclaw gateway run
## Security defaults
- IRC uses raw TCP/TLS sockets outside OpenClaw operator-managed forward proxy routing. In deployments that require all egress through that forward proxy, set `channels.irc.enabled=false` unless direct IRC egress is explicitly approved.
- `channels.irc.dmPolicy` defaults to `"pairing"`.
- `channels.irc.groupPolicy` defaults to `"allowlist"`.
- With `groupPolicy="allowlist"`, set `channels.irc.groups` to define allowed channels.

View File

@ -193,6 +193,7 @@ proxy:
- The proxy improves coverage for process-local JavaScript HTTP and WebSocket clients, but it is not an OS-level network sandbox.
- Raw `net`, `tls`, and `http2` sockets, native addons, and child processes may bypass Node-level proxy routing unless they inherit and respect proxy environment variables.
- IRC is a raw TCP/TLS channel outside operator-managed forward proxy routing. In deployments that require all egress through that forward proxy, set `channels.irc.enabled=false` unless direct IRC egress is explicitly approved.
- User local WebUIs and local model servers should be allowlisted in the operator proxy policy when needed; OpenClaw does not expose a general local-network bypass for them.
- Gateway control-plane proxy bypass is intentionally limited to `localhost` and literal loopback IP URLs. Use `ws://127.0.0.1:18789`, `ws://[::1]:18789`, or `ws://localhost:18789` for local direct Gateway control-plane connections; other hostnames route like ordinary hostname-based traffic.
- OpenClaw does not inspect, test, or certify your proxy policy.