From da50b492c8fbaa858fe709ae046f1e36dcb2cab9 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sat, 4 Apr 2026 09:05:08 +0100 Subject: [PATCH] docs: refresh gateway status diagnostics refs --- docs/cli/gateway.md | 2 ++ docs/cli/index.md | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/cli/gateway.md b/docs/cli/gateway.md index 79ac72ed9ea..13e35e9f903 100644 --- a/docs/cli/gateway.md +++ b/docs/cli/gateway.md @@ -127,10 +127,12 @@ Options: Notes: +- `gateway status` stays available for diagnostics even when the local CLI config is missing or invalid. - `gateway status` resolves configured auth SecretRefs for probe auth when possible. - If a required auth SecretRef is unresolved in this command path, `gateway status --json` reports `rpc.authWarning` when probe connectivity/auth fails; pass `--token`/`--password` explicitly or resolve the secret source first. - If the probe succeeds, unresolved auth-ref warnings are suppressed to avoid false positives. - Use `--require-rpc` in scripts and automation when a listening service is not enough and you need the Gateway RPC itself to be healthy. +- Human output includes the resolved file log path plus the CLI-vs-service config paths/validity snapshot to help diagnose profile or state-dir drift. - On Linux systemd installs, service auth drift checks read both `Environment=` and `EnvironmentFile=` values from the unit (including `%h`, quoted paths, multiple files, and optional `-` files). - Drift checks resolve `gateway.auth.token` SecretRefs using merged runtime env (service command env first, then process env fallback). - If token auth is not effectively active (explicit `gateway.auth.mode` of `password`/`none`/`trusted-proxy`, or mode unset where password can win and no token candidate can win), token-drift checks skip config token resolution. diff --git a/docs/cli/index.md b/docs/cli/index.md index 83e45ec7ebe..40c7a20203c 100644 --- a/docs/cli/index.md +++ b/docs/cli/index.md @@ -1352,7 +1352,8 @@ Notes: - `gateway status` probes the Gateway RPC by default using the service’s resolved port/config (override with `--url/--token/--password`). - `gateway status` supports `--no-probe`, `--deep`, `--require-rpc`, and `--json` for scripting. - `gateway status` also surfaces legacy or extra gateway services when it can detect them (`--deep` adds system-level scans). Profile-named OpenClaw services are treated as first-class and aren't flagged as "extra". -- `gateway status` prints which config path the CLI uses vs which config the service likely uses (service env), plus the resolved probe target URL. +- `gateway status` stays available for diagnostics even when the local CLI config is missing or invalid. +- `gateway status` prints the resolved file log path, the CLI-vs-service config paths/validity snapshot, and the resolved probe target URL. - If gateway auth SecretRefs are unresolved in the current command path, `gateway status --json` reports `rpc.authWarning` only when probe connectivity/auth fails (warnings are suppressed when probe succeeds). - On Linux systemd installs, status token-drift checks include both `Environment=` and `EnvironmentFile=` unit sources. - `gateway install|uninstall|start|stop|restart` support `--json` for scripting (default output stays human-friendly).