Skip to content
Openclaw Wiki Docs

Elevated Mode

Elevated Mode (/elevated directives)

Section titled “Elevated Mode (/elevated directives)”

What it does

Section titled “What it does”
  • /elevated on runs on the gateway host and keeps exec approvals (same as /elevated ask).
  • /elevated full runs on the gateway host and auto-approves exec (skips exec approvals).
  • /elevated ask runs on the gateway host but keeps exec approvals (same as /elevated on).
  • on/ask do not force exec.security=full; configured security/ask policy still applies.
  • Only changes behavior when the agent is sandboxed (otherwise exec already runs on the host).
  • Directive forms: /elevated on|off|ask|full, /elev on|off|ask|full.
  • Only on|off|ask|full are accepted; anything else returns a hint and does not change state.

What it controls (and what it doesn’t)

Section titled “What it controls (and what it doesn’t)”
  • Availability gates: tools.elevated is the global baseline. agents.list[].tools.elevated can further restrict elevated per agent (both must allow).
  • Per-session state: /elevated on|off|ask|full sets the elevated level for the current session key.
  • Inline directive: /elevated on|ask|full inside a message applies to that message only.
  • Groups: In group chats, elevated directives are only honored when the agent is mentioned. Command-only messages that bypass mention requirements are treated as mentioned.
  • Host execution: elevated forces exec onto the gateway host; full also sets security=full.
  • Approvals: full skips exec approvals; on/ask honor them when allowlist/ask rules require.
  • Unsandboxed agents: no-op for location; only affects gating, logging, and status.
  • Tool policy still applies: if exec is denied by tool policy, elevated cannot be used.
  • Separate from /exec: /exec adjusts per-session defaults for authorized senders and does not require elevated.

Resolution order

Section titled “Resolution order”
  1. Inline directive on the message (applies only to that message).
  2. Session override (set by sending a directive-only message).
  3. Global default (agents.defaults.elevatedDefault in config).

Setting a session default

Section titled “Setting a session default”
  • Send a message that is only the directive (whitespace allowed), e.g. /elevated full.
  • Confirmation reply is sent (Elevated mode set to full... / Elevated mode disabled.).
  • If elevated access is disabled or the sender is not on the approved allowlist, the directive replies with an actionable error and does not change session state.
  • Send /elevated (or /elevated:) with no argument to see the current elevated level.

Availability + allowlists

Section titled “Availability + allowlists”
  • Feature gate: tools.elevated.enabled (default can be off via config even if the code supports it).
  • Sender allowlist: tools.elevated.allowFrom with per-provider allowlists (e.g. discord, whatsapp).
  • Per-agent gate: agents.list[].tools.elevated.enabled (optional; can only further restrict).
  • Per-agent allowlist: agents.list[].tools.elevated.allowFrom (optional; when set, the sender must match both global + per-agent allowlists).
  • Discord fallback: if tools.elevated.allowFrom.discord is omitted, the channels.discord.dm.allowFrom list is used as a fallback. Set tools.elevated.allowFrom.discord (even []) to override. Per-agent allowlists do not use the fallback.
  • All gates must pass; otherwise elevated is treated as unavailable.

Logging + status

Section titled “Logging + status”
  • Elevated exec calls are logged at info level.
  • Session status includes elevated mode (e.g. elevated=ask, elevated=full).