mirror of
https://github.com/moltbot/moltbot.git
synced 2026-04-24 23:21:30 +00:00
docs: refresh gateway operator scope refs
This commit is contained in:
Peter Steinberger
@@ -64,7 +64,9 @@ Auth matrix:
|
||||
- `gateway.auth.mode="token"` or `"password"` + `Authorization: Bearer ...`
|
||||
- proves possession of the shared gateway operator secret
|
||||
- ignores narrower `x-openclaw-scopes`
|
||||
- restores the full default operator scope set
|
||||
- restores the full default operator scope set:
|
||||
`operator.admin`, `operator.approvals`, `operator.pairing`,
|
||||
`operator.read`, `operator.talk.secrets`, `operator.write`
|
||||
- treats chat turns on this endpoint as owner-sender turns
|
||||
- trusted identity-bearing HTTP modes (for example trusted proxy auth, or `gateway.auth.mode="none"` on private ingress)
|
||||
- authenticate some outer trusted identity or deployment boundary
|
||||
|
||||
@@ -39,7 +39,9 @@ Auth matrix:
|
||||
- `gateway.auth.mode="token"` or `"password"` + `Authorization: Bearer ...`
|
||||
- proves possession of the shared gateway operator secret
|
||||
- ignores narrower `x-openclaw-scopes`
|
||||
- restores the full default operator scope set
|
||||
- restores the full default operator scope set:
|
||||
`operator.admin`, `operator.approvals`, `operator.pairing`,
|
||||
`operator.read`, `operator.talk.secrets`, `operator.write`
|
||||
- treats chat turns on this endpoint as owner-sender turns
|
||||
- trusted identity-bearing HTTP modes (for example trusted proxy auth, or `gateway.auth.mode="none"` on private ingress)
|
||||
- honor `x-openclaw-scopes` when the header is present
|
||||
|
||||
@@ -102,7 +102,7 @@ bounded role entries in `deviceTokens`:
|
||||
{
|
||||
"deviceToken": "…",
|
||||
"role": "operator",
|
||||
"scopes": ["operator.approvals", "operator.read", "operator.write"]
|
||||
"scopes": ["operator.approvals", "operator.read", "operator.talk.secrets", "operator.write"]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -173,6 +173,10 @@ Common scopes:
|
||||
- `operator.admin`
|
||||
- `operator.approvals`
|
||||
- `operator.pairing`
|
||||
- `operator.talk.secrets`
|
||||
|
||||
`talk.config` with `includeSecrets: true` requires `operator.talk.secrets`
|
||||
(or `operator.admin`).
|
||||
|
||||
Plugin-registered gateway RPC methods may request their own operator scope, but
|
||||
reserved core admin prefixes (`config.*`, `exec.approvals.*`, `wizard.*`,
|
||||
|
||||
@@ -932,7 +932,7 @@ Important boundary note:
|
||||
|
||||
- Gateway HTTP bearer auth is effectively all-or-nothing operator access.
|
||||
- Treat credentials that can call `/v1/chat/completions`, `/v1/responses`, or `/api/channels/*` as full-access operator secrets for that gateway.
|
||||
- On the OpenAI-compatible HTTP surface, shared-secret bearer auth restores the full default operator scopes and owner semantics for agent turns; narrower `x-openclaw-scopes` values do not reduce that shared-secret path.
|
||||
- On the OpenAI-compatible HTTP surface, shared-secret bearer auth restores the full default operator scopes (`operator.admin`, `operator.approvals`, `operator.pairing`, `operator.read`, `operator.talk.secrets`, `operator.write`) and owner semantics for agent turns; narrower `x-openclaw-scopes` values do not reduce that shared-secret path.
|
||||
- Per-request scope semantics on HTTP only apply when the request comes from an identity-bearing mode such as trusted proxy auth or `gateway.auth.mode="none"` on a private ingress.
|
||||
- In those identity-bearing modes, omitting `x-openclaw-scopes` falls back to the normal operator default scope set; send the header explicitly when you want a narrower scope set.
|
||||
- `/tools/invoke` follows the same shared-secret rule: token/password bearer auth is treated as full operator access there too, while identity-bearing modes still honor declared scopes.
|
||||
|
||||
@@ -54,7 +54,9 @@ Auth matrix:
|
||||
- `gateway.auth.mode="token"` or `"password"` + `Authorization: Bearer ...`
|
||||
- proves possession of the shared gateway operator secret
|
||||
- ignores narrower `x-openclaw-scopes`
|
||||
- restores the full default operator scope set
|
||||
- restores the full default operator scope set:
|
||||
`operator.admin`, `operator.approvals`, `operator.pairing`,
|
||||
`operator.read`, `operator.talk.secrets`, `operator.write`
|
||||
- treats direct tool invokes on this endpoint as owner-sender turns
|
||||
- trusted identity-bearing HTTP modes (for example trusted proxy auth, or `gateway.auth.mode="none"` on private ingress)
|
||||
- authenticate some outer trusted identity or deployment boundary
|
||||
|
||||
Reference in New Issue
Block a user