From 729ee165ed48ef51954e1ecbda56b4e62bbb9108 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sat, 7 Mar 2026 18:48:13 +0000 Subject: [PATCH] docs(gateway): clarify trusted operator HTTP endpoints --- docs/gateway/openai-http-api.md | 1 + docs/gateway/openresponses-http-api.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/gateway/openai-http-api.md b/docs/gateway/openai-http-api.md index 0d8353d8c79..722b3fdf706 100644 --- a/docs/gateway/openai-http-api.md +++ b/docs/gateway/openai-http-api.md @@ -35,6 +35,7 @@ Treat this endpoint as a **full operator-access** surface for the gateway instan - HTTP bearer auth here is not a narrow per-user scope model. - A valid Gateway token/password for this endpoint should be treated like an owner/operator credential. - Requests run through the same control-plane agent path as trusted operator actions. +- There is no separate non-owner/per-user tool boundary on this endpoint; once a caller passes Gateway auth here, OpenClaw treats that caller as a trusted operator for this gateway. - If the target agent policy allows sensitive tools, this endpoint can use them. - Keep this endpoint on loopback/tailnet/private ingress only; do not expose it directly to the public internet. diff --git a/docs/gateway/openresponses-http-api.md b/docs/gateway/openresponses-http-api.md index 8b490b30632..bcba166db9d 100644 --- a/docs/gateway/openresponses-http-api.md +++ b/docs/gateway/openresponses-http-api.md @@ -37,6 +37,7 @@ Treat this endpoint as a **full operator-access** surface for the gateway instan - HTTP bearer auth here is not a narrow per-user scope model. - A valid Gateway token/password for this endpoint should be treated like an owner/operator credential. - Requests run through the same control-plane agent path as trusted operator actions. +- There is no separate non-owner/per-user tool boundary on this endpoint; once a caller passes Gateway auth here, OpenClaw treats that caller as a trusted operator for this gateway. - If the target agent policy allows sensitive tools, this endpoint can use them. - Keep this endpoint on loopback/tailnet/private ingress only; do not expose it directly to the public internet.