* docs(azure): replace ARM template deployment with pure az CLI commands
Rewrites the Azure install guide to use individual az CLI commands
instead of referencing ARM templates in infra/azure/templates/ (removed
upstream). Each Azure resource (NSG, VNet, subnets, VM, Bastion) is now
created with explicit az commands, preserving the same security posture
(Bastion-only SSH, no public IP, NSG hardening).
Also addresses BradGroux review feedback from #47898:
- Add cost considerations section (Bastion ~$140/mo, VM ~$55/mo)
- Add cleanup/teardown section (az group delete)
- Remove stale /install/azure/azure redirect from docs.json
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): split into multiple Steps blocks for richer TOC
Add Quick path and What you need sections. Split the single Steps
block into three (Configure deployment, Deploy Azure resources,
Install OpenClaw) so H2 headers appear in the Mintlify sidebar TOC.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): remove Quick path section
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): fix cost section LaTeX rendering, remove comparison
Escape dollar signs to prevent Mintlify LaTeX interpretation.
Also escape underscores in VM SKU name within bold text.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): add caveat that deallocated VM stops Gateway
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): simplify install step with clearer description
Download then run pattern (no sudo). Clarify that installer handles
Node LTS, dependencies, OpenClaw install, and onboarding wizard.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): add Bastion provisioning latency note
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): use deployment variables in cost and cleanup sections
Replace hardcoded rg-openclaw/vm-openclaw with variables in
deallocate/start and group delete commands so users who customized
names in step 3 get correct commands.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs(azure): fix formatting (oxfmt)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* docs: add delegate architecture guide for organizational deployments
Adds a guide for running OpenClaw as a named delegate for organizations.
Covers three capability tiers (read-only, send-on-behalf, proactive),
M365 and Google Workspace delegation setup, security guardrails, and
integration with multi-agent routing.
AI-assisted: Claude Code (Opus 4.6)
Based on: Production deployment at a 501(c)(3) nonprofit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: address review — add Google DWD warning, fix canvas in deny list
- Add security warning for Google Workspace domain-wide delegation
matching the existing M365 application access policy warning
- Add "canvas" to the security guardrails tool deny list for
consistency with the full example and multi-agent.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: fix Tier 1 description to match read-only permissions
Remove "draft replies (saved to Drafts folder)" from Tier 1 since
saving drafts requires write access. Tier 1 is strictly read-only —
the agent summarizes and flags via chat, human acts on the mailbox.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* style: fix oxfmt formatting for delegate-architecture and docs.json
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: fix broken links to /automation/standing-orders
Standing orders is a deployment pattern, not an existing doc page.
Replaced with inline descriptions and links to /automation/cron-jobs
and #security-guardrails anchor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: move hardening to prerequisites before identity provider setup
Restructure per community feedback: isolation, tool restrictions,
sandbox, hard blocks, and audit trail now come BEFORE granting any
credentials. The most dangerous step (tenant-wide permissions) no
longer precedes the most important step (scoping and isolation).
Also strengthened M365 and Google Workspace security warnings with
actionable verification steps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: add standing orders guide and fix broken links
Add docs/automation/standing-orders.md covering:
- Why standing orders (agent autonomy vs human bottleneck)
- Anatomy of a standing order (scope, triggers, gates, escalation)
- Integration with cron jobs for time-based enforcement
- Execute-Verify-Report pattern for execution discipline
- Three production-tested examples (content, finance, monitoring)
- Multi-program architecture for complex agents
- Best practices (do's and don'ts)
Update delegate-architecture.md to link standing orders references
to the new page instead of dead links.
Add standing-orders to Automation nav group in docs.json (en + zh-CN).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: address review feedback on standing-orders
- P1: Clarify that standing orders should go in AGENTS.md (auto-injected)
rather than arbitrary subdirectory files. Add Tip callout explaining
which workspace files are bootstrapped.
- P2: Remove dead /concepts/personality-files link, replace with
/concepts/agent-workspace which covers bootstrap files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: make cleanup "keep" persist subagent sessions indefinitely
* feat: expose subagent session metadata in sessions list
* fix: include status and timing in sessions_list tool
* fix: hide injected timestamp prefixes in chat ui
* feat: push session list updates over websocket
* feat: expose child subagent sessions in subagents list
* feat: add admin http endpoint to kill sessions
* Emit session.message websocket events for transcript updates
* Estimate session costs in sessions list
* Add direct session history HTTP and SSE endpoints
* Harden dashboard session events and history APIs
* Add session lifecycle gateway methods
* Add dashboard session API improvements
* Add dashboard session model and parent linkage support
* fix: tighten dashboard session API metadata
* Fix dashboard session cost metadata
* Persist accumulated session cost
* fix: stop followup queue drain cfg crash
* Fix dashboard session create and model metadata
* fix: stop guessing session model costs
* Gateway: cache OpenRouter pricing for configured models
* Gateway: add timeout session status
* Fix subagent spawn test config loading
* Gateway: preserve operator scopes without device identity
* Emit user message transcript events and deduplicate plugin warnings
* feat: emit sessions.changed lifecycle event on subagent spawn
Adds a session-lifecycle-events module (similar to transcript-events)
that emits create events when subagents are spawned. The gateway
server.impl.ts listens for these events and broadcasts sessions.changed
with reason=create to SSE subscribers, so dashboards can pick up new
subagent sessions without polling.
* Gateway: allow persistent dashboard orchestrator sessions
* fix: preserve operator scopes for token-authenticated backend clients
Backend clients (like agent-dashboard) that authenticate with a valid gateway
token but don't present a device identity were getting their scopes stripped.
The scope-clearing logic ran before checking the device identity decision,
so even when evaluateMissingDeviceIdentity returned 'allow' (because
roleCanSkipDeviceIdentity passed for token-authed operators), scopes were
already cleared.
Fix: also check decision.kind before clearing scopes, so token-authenticated
operators keep their requested scopes.
* Gateway: allow operator-token session kills
* Fix stale active subagent status after follow-up runs
* Fix dashboard image attachments in sessions send
* Fix completed session follow-up status updates
* feat: stream session tool events to operator UIs
* Add sessions.steer gateway coverage
* Persist subagent timing in session store
* Fix subagent session transcript event keys
* Fix active subagent session status in gateway
* bump session label max to 512
* Fix gateway send session reactivation
* fix: publish terminal session lifecycle state
* feat: change default session reset to effectively never
- Change DEFAULT_RESET_MODE from "daily" to "idle"
- Change DEFAULT_IDLE_MINUTES from 60 to 0 (0 = disabled/never)
- Allow idleMinutes=0 through normalization (don't clamp to 1)
- Treat idleMinutes=0 as "no idle expiry" in evaluateSessionFreshness
- Default behavior: mode "idle" + idleMinutes 0 = sessions never auto-reset
- Update test assertion for new default mode
* fix: prep session management followups (#50101) (thanks @clay-datacurve)
---------
Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
Delete all experiment plans, proposals, research docs, and the
kilo-gateway-integration design doc. These are internal planning
docs that do not belong on the public docs site.
- 12 English experiment files
- 5 zh-CN experiment translations
- 1 design doc (kilo-gateway-integration)
- Remove nav groups from docs.json (English + zh-CN)
- Remove 3 redirects pointing to deleted experiment pages
- Remove dead experiment links from hubs.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Delete all 7 refactor design docs and the zh-CN translations.
Remove the zh-CN nav group from docs.json.
These were orphaned from English nav and accessible only by
direct URL. Internal design docs do not belong on the public
docs site.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace "seam" with clearer terms throughout:
- "surface" for public API/extension boundaries
- "boundary" for plugin/module interfaces
- "interface" for runtime connection points
- "hook" for test injection points
- "palette" for the lobster palette reference
Also delete experiments/acp-pluginification-architecture-plan.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace robotic prose with a scannable table and plain-language
summary. Same information, less stiff.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Redirects:
- /cron now goes directly to /automation/cron-jobs (was chaining via /cron-jobs)
- /model and /model/ now go directly to /concepts/models (was chaining via /models)
Duplicate titles disambiguated (6 of 7 - Logging is orphaned):
- Health Checks (macOS), Skills (macOS), Voice Wake (macOS), WebChat (macOS)
- General Troubleshooting (help/ vs gateway/)
- Provider Directory (providers/index vs concepts/model-providers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add full frontmatter (title, summary, read_when) to 4 files that
had none: auth-credential-semantics.md, kilo-gateway-integration.md,
CONTRIBUTING-THREAT-MODEL.md, THREAT-MODEL-ATLAS.md
- Add missing title field to 3 provider docs: kilocode.md, litellm.md,
together.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace em-dashes in headings with hyphens/parens (breaks Mintlify anchors)
- Fix broken /testing link in pi-dev.md to /help/testing
- Convert absolute docs URLs to root-relative in pi-dev.md
Files: migrating.md, images.md, audio.md, media-understanding.md,
venice.md, minimax.md, AGENTS.default.md, security/index.md, pi-dev.md
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace redundant in-process trust statements with cross-references
to the Execution model section (lines 573, 2436)
- Add CLI reference link from plugin.md CLI section
- Add configuration reference link from manifest.md validation section
- Add provider runtime hooks link from manifest.md providerAuthChoices
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update all references from `plugins info` to `plugins inspect` in bundles,
plugin system, and CLI index docs to match the renamed command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Align with the decided convention: use capabilities, entry points,
and extension surfaces instead of seams.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add capability plan alignment section with key decisions and required test
matrix. Rename seams to capabilities for consistency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add the public capability model section documenting the six capability types,
plugin shape classification, capability labels, legacy hook guidance, export
boundary rules, and the new plugins inspect command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename 'Method' column to 'Member' with explicit Kind column since
info is a property, not a callable method
- Document AssembleResult fields (estimatedTokens, systemPromptAddition)
with types and optionality
- Add lifecycle timing notes for bootstrap, ingestBatch, and dispose
so plugin authors know when each is invoked
Show the full workflow: install via openclaw plugins install,
enable in plugins.entries, then select in plugins.slots.contextEngine.
Uses lossless-claw as the concrete example.
* feishu: harden media support and action surface
* feishu: format media action changes
* feishu: fix review follow-ups
* fix: scope Feishu target aliases to Feishu (#47968) (thanks @Takhoffman)
Vincent Koc
Tak Hoffman
Peter Steinberger
Johnson Shi
Fabian Williams
Bijin
Ayaan Zaidi
Saurabh Mishra
Shakker
Lakshya Agarwal
Gustavo Madeira Santana
Jinhao Dong
Josh Avant
Harold Hunt
lixuankai
clay-datacurve
Onur
Josh Lehman
Val Alexander
Jonathan Jing
stim64045-spec
Radek Sienkiewicz