diff --git a/CHANGELOG.md b/CHANGELOG.md index 920d789c7..12787b57e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ - Providers/Doctor: warn when Telegram config expects unmentioned group messages but Bot API privacy mode is likely enabled; surface WhatsApp login/disconnect hints. - Providers/Doctor: add last inbound/outbound activity timestamps in `providers status` and extend `--probe` with Discord channel permission + Telegram group membership audits. - Docs: add provider troubleshooting index (`/providers/troubleshooting`) and link it from the main troubleshooting guide. +- Docs: clarify model allowlist errors and add safety notes for verbose/reasoning in groups. - Telegram: include the user id in DM pairing messages and label it clearly in `clawdbot pairing list --provider telegram`. - Apps: refresh iOS/Android/macOS app icons for Clawdbot branding. (#521) — thanks @fishfisher - Docs: expand parameter descriptions for agent/wake hooks. (#532) — thanks @mcinteerj diff --git a/docs/gateway/security.md b/docs/gateway/security.md index c3730c152..0d8b62b48 100644 --- a/docs/gateway/security.md +++ b/docs/gateway/security.md @@ -77,6 +77,13 @@ Even with strong system prompts, **prompt injection is not solved**. What helps - Run sensitive tool execution in a sandbox; keep secrets out of the agent’s reachable filesystem. - **Model choice matters:** we recommend Anthropic Opus 4.5 because it’s quite good at recognizing prompt injections (see [“A step forward on safety”](https://www.anthropic.com/news/claude-opus-4-5)). Using weaker models increases risk. +## Reasoning & verbose output in groups + +`/reasoning` and `/verbose` can expose internal reasoning or tool output that +was not meant for a public channel. In group settings, treat them as **debug +only** and keep them off unless you explicitly need them. If you enable them, +do so only in trusted DMs or tightly controlled rooms. + ## Lessons Learned (The Hard Way) ### The `find ~` Incident 🦞 diff --git a/docs/start/faq.md b/docs/start/faq.md index 507e1a30c..8c75466c2 100644 --- a/docs/start/faq.md +++ b/docs/start/faq.md @@ -277,6 +277,18 @@ Use the `/model` command as a standalone message: You can list available models with `/model`, `/model list`, or `/model status`. +### Why do I see “Model … is not allowed” and then no reply? + +If `agent.models` is set, it becomes the **allowlist** for `/model` and any +session overrides. Choosing a model that isn’t in that list returns: + +``` +Model "provider/model" is not allowed. Use /model to list available models. +``` + +That error is returned **instead of** a normal reply. Fix: add the model to +`agent.models`, remove the allowlist, or pick a model from `/model list`. + ### Are opus / sonnet / gpt built‑in shortcuts? Yes. Clawdbot ships a few default shorthands (only applied when the model exists in `agent.models`): diff --git a/docs/tools/slash-commands.md b/docs/tools/slash-commands.md index 9e34bcfad..7e06c4abb 100644 --- a/docs/tools/slash-commands.md +++ b/docs/tools/slash-commands.md @@ -52,6 +52,8 @@ Text-only: Notes: - Commands accept an optional `:` between the command and args (e.g. `/think: high`, `/send: on`, `/help:`). +- `/verbose` is meant for debugging and extra visibility; keep it **off** in normal use. +- `/reasoning` (and `/verbose`) are risky in group settings: they may reveal internal reasoning or tool output you did not intend to expose. Prefer leaving them off, especially in group chats. ## Surface notes