From ebc2b711ea3c128da0af093b0fde9ad35e1f35d1 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 22 Mar 2026 23:59:25 -0700 Subject: [PATCH] docs(synology-chat): clarify multi-account webhook paths --- docs/channels/synology-chat.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/channels/synology-chat.md b/docs/channels/synology-chat.md index 3c711f97458..45a1f0feb7b 100644 --- a/docs/channels/synology-chat.md +++ b/docs/channels/synology-chat.md @@ -105,9 +105,9 @@ Direct-message sessions are isolated per account and user, so the same numeric ` on two different Synology accounts does not share transcript state. Give each enabled account a distinct `webhookPath`. OpenClaw now rejects duplicate exact paths and refuses to start named accounts that only inherit a shared webhook path in multi-account setups. -If you need legacy inheritance for a named account, set +If you intentionally need legacy inheritance for a named account, set `dangerouslyAllowInheritedWebhookPath: true` on that account or at `channels.synology-chat`, -but duplicate exact paths are still rejected fail-closed. +but duplicate exact paths are still rejected fail-closed. Prefer explicit per-account paths. ```json5 { @@ -139,3 +139,4 @@ but duplicate exact paths are still rejected fail-closed. - Inbound webhook requests are token-verified and rate-limited per sender. - Prefer `dmPolicy: "allowlist"` for production. - Keep `dangerouslyAllowNameMatching` off unless you explicitly need legacy username-based reply delivery. +- Keep `dangerouslyAllowInheritedWebhookPath` off unless you explicitly accept shared-path routing risk in a multi-account setup.