From 2f013b68f8543cd9d7e47fb7ac296264e5ce994b Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Fri, 3 Apr 2026 12:39:45 +0900 Subject: [PATCH] docs: add missing changelog entries and update context visibility security docs --- CHANGELOG.md | 5 +++++ docs/gateway/security/index.md | 15 ++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f528425e5f3..6bb2e5c5ac9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Docs: https://docs.openclaw.ai - Android/assistant: auto-send Google Assistant App Actions prompts once chat is healthy and idle, while keeping bare assistant launches as open-only. (#59721) Thanks @obviyus. - Matrix/exec approvals: add Matrix-native exec approval prompts with account-scoped approvers, channel-or-DM delivery, and room-thread aware resolution handling. (#58635) Thanks @gumadeiras. +- Channels/context visibility: add configurable `contextVisibility` per channel (`all`, `allowlist`, `allowlist_quote`) so supplemental room context such as quoted replies, thread roots, and fetched history can be filtered by sender allowlists instead of always passing through as received. ### Fixes @@ -36,6 +37,10 @@ Docs: https://docs.openclaw.ai - Telegram/media: keep inbound image attachments readable on upgraded installs where legacy state roots still differ from the managed config-dir media cache. (#59971) Thanks @neeravmakwana. - Telegram/local Bot API: thread `channels.telegram.apiRoot` through buffered reply-media and album downloads so self-hosted Bot API file paths stop falling back to `api.telegram.org` and 404ing. (#59544) Thanks @SARAMALI15792. - Telegram/replies: preserve explicit topic targets when `replyTo` is present while still inheriting the current topic for same-chat replies without an explicit topic. (#59634) Thanks @dashhuang. +- MS Teams/DM images: download inline images in 1:1 DM chats via the Graph API by using the correct conversation ID format, extracting media URLs, and detecting content types properly. (#52212) Thanks @Ted-developer. +- MS Teams/threading: preserve channel reply threading when proactive fallback reconstructs the conversation ID, so thread replies land in the originating thread instead of the channel root. (#55198) Thanks @hyojin. +- Gateway/lock: detect PID recycling in gateway lock files on Windows and macOS so stale locks from crashed processes no longer block new gateway invocations. (#59843) Thanks @TonyDerek-dot. +- Plugins/Ollama: prefer real cloud auth credentials over the local-only marker so Ollama instances behind authenticated proxies use the configured API key instead of skipping auth. ## 2026.4.2 diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md index 5ca2c8b424c..b0ca3317bea 100644 --- a/docs/gateway/security/index.md +++ b/docs/gateway/security/index.md @@ -176,22 +176,19 @@ OpenClaw separates two concepts: - **Trigger authorization**: who can trigger the agent (`dmPolicy`, `groupPolicy`, allowlists, mention gates). - **Context visibility**: what supplemental context is injected into model input (reply body, quoted text, thread history, forwarded metadata). -In the current product, allowlists primarily gate triggers and command authorization. They are not a guaranteed universal redaction boundary for every supplemental context field on every channel. +Allowlists gate triggers and command authorization. The `contextVisibility` setting controls how supplemental context (quoted replies, thread roots, fetched history) is filtered: -Current behavior is channel-specific: +- `contextVisibility: "all"` (default) keeps supplemental context as received. +- `contextVisibility: "allowlist"` filters supplemental context to senders allowed by the active allowlist checks. +- `contextVisibility: "allowlist_quote"` behaves like `allowlist`, but still keeps one explicit quoted reply. -- Some channels already filter parts of supplemental context by sender allowlists. -- Other channels still pass supplemental context through as received. +Set `contextVisibility` per channel or per room/conversation. See [Group Chats](/channels/groups#context-visibility) for setup details. Advisory triage guidance: -- Claims that only show "model can see quoted or historical text from non-allowlisted senders" are usually hardening and consistency findings, not auth or sandbox boundary bypasses by themselves. +- Claims that only show "model can see quoted or historical text from non-allowlisted senders" are hardening findings addressable with `contextVisibility`, not auth or sandbox boundary bypasses by themselves. - To be security-impacting, reports still need a demonstrated trust-boundary bypass (auth, policy, sandbox, approval, or another documented boundary). -Hardening direction: - -- OpenClaw maintainers may introduce explicit context visibility modes such as `all`, `allowlist`, and `allowlist_quote` to make this behavior intentional and configurable across channels. - ## What the audit checks (high level) - **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?