Skip to content

Document admin access on instance routes#404

Open
mintlify[bot] wants to merge 2 commits into
mainfrom
mintlify/admin-instance-access-1776000845
Open

Document admin access on instance routes#404
mintlify[bot] wants to merge 2 commits into
mainfrom
mintlify/admin-instance-access-1776000845

Conversation

@mintlify
Copy link
Copy Markdown
Contributor

@mintlify mintlify Bot commented Apr 12, 2026
edited by devin-ai-integration Bot
Loading

Summary

  • Document that admin users can bypass ownership checks on all /api/instance/:userId endpoints, allowing them to operate on any user's managed runtime for recovery and support
  • Update authorization descriptions and 403 error messages across all instance lifecycle endpoints (start, stop, restart, repair, reset-memory, update, token, stats) in both agents.mdx and maintenance.mdx
  • Reflect that managed runtime controls are now always enabled (the controls flag is hardcoded to true), removing references to the ENABLE_OPENCLAW_CONTROLS environment variable as a toggle
Open in Devin Review

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mintlify-docs Ready Ready Preview, Comment Apr 25, 2026 11:20am

Request Review

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 2 additional findings in Devin Review.

Open in Devin Review

Comment thread api-reference/maintenance.mdx
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration Bot Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Incomplete transformation: maintenance endpoint still references disabled controls that are now hardcoded to true

Line 546 of api-reference/maintenance.mdx still says "When managed runtime controls are disabled (via the ENABLE_OPENCLAW_CONTROLS or NEXT_PUBLIC_ENABLE_OPENCLAW_CONTROLS environment variables set to false), this endpoint returns 503..." — but the rest of this PR explicitly removes all such references and states that controls are always enabled (e.g., api-reference/maintenance.mdx:422 says "Managed runtime controls are always enabled... the controls flag is hardcoded to true"). This contradicts the PR's own changes and will confuse readers about whether controls can be disabled.

(Refers to line 546)

Prompt for agents 
In api-reference/maintenance.mdx, line 546 still contains the old text: 'When managed runtime controls are disabled (via the ENABLE_OPENCLAW_CONTROLS or NEXT_PUBLIC_ENABLE_OPENCLAW_CONTROLS environment variables set to false), this endpoint returns 503 with the message: Managed runtime controls are temporarily disabled until the Railway control path is fully verified.' This contradicts the rest of the PR which removes all references to controls being disabled and adds notes that controls are always enabled (hardcoded to true). This paragraph should either be removed entirely or rewritten to say that controls are always enabled, consistent with the note at line 422 of the same file and line 1251 of api-reference/agents.mdx.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Eskyee