docs: align OpenClaw disclosure & installation docs with the daemon-owned model#741
Merged
Merged
Conversation
Under ADR-0010 (Flavor B) the daemon owns parameter disclosure; the OpenClaw plugin no longer controls it (its parameterDisclosure config is a deprecated no-op). The parameter-disclosure page still described the plugin as a live config surface offering the four modes and accepting a JSON-array allowlist. Correct both passages to reflect daemon-only configuration.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Parameter Disclosure specification page to remove stale claims about OpenClaw being a configuration surface for disclosure policy, aligning the docs with the daemon-owned configuration model described in ADR-0010.
Changes:
- Clarifies that
parameter_disclosureis configured on the daemon (not via OpenClaw). - Updates the allowlist “spelling” note to remove OpenClaw JSON config as an accepted array surface.
Address review feedback: drop the undefined "Flavor B" label and stop asserting OpenClaw-plugin-specific behaviour on the spec page (which conflicted with the still-Flavor-A openclaw/installation.mdx). State plainly that disclosure policy is configured on the daemon under ADR-0010; this still removes the original stale claim that the plugin is an equivalent config surface, without introducing an internal contradiction.
The OpenClaw installation page still documented the pre-ADR-0010 in-process model: a local keyPath signing key, daemonForwarding as an opt-in, and parameterDisclosure as an active plaintext field-disclosure setting. That contradicts the shipped plugin, which requires the daemon and treats parameterDisclosure as a no-op. - Lead with the daemon requirement; document the actual config surface (daemonDbPath, daemonPublicKeyPath, taxonomyPath) and mark dbPath/keyPath/ daemonForwarding deprecated and ignored. - Rewrite the parameter-disclosure section: disclosure is daemon-configured via --parameter-disclosure + a forensic key; show the opaque HPKE envelope shape rather than a plaintext flat map; note ar_query_receipts' disclosed flag and that the plugin never decrypts.
ojongerius
changed the title
ojongerius
force-pushed
the
claude/hpke-openclaw-plugin-kuLWP
branch
from
c3820ee to
c82d2a6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The docs site still described the OpenClaw plugin as a Flavor A, in-process configuration surface for disclosure. Under ADR-0010 (daemon process separation) the daemon owns disclosure and the plugin is a thin emitter. This brings both affected pages in line with the shipped plugin.
Changes
specification/parameter-disclosure.mdxopenclaw/installation.mdx(added after review surfaced the contradiction)keyPathsigning key,daemonForwardingas opt-in, andparameterDisclosureas an active plaintext field-disclosure setting.daemonDbPath,daemonPublicKeyPath,taxonomyPath), and marksdbPath/keyPath/daemonForwardingdeprecated and ignored.--parameter-disclosure+ a forensic key; shows the opaque HPKE envelope shape rather than a plaintext flat map; notesar_query_receipts'disclosedflag and that the plugin never decrypts.Docs-only; no
spec/changes.Review feedback addressed
installation.mdx) — then fixedinstallation.mdxitself so the two pages agree.Companion plugin-side work is in agent-receipts/openclaw#153 (same branch name).