docs: refine maintainer docs sweep

Co-authored-by: Niels Kaspers <kaspersniels@gmail.com>
Co-authored-by: Zhaocun <zhaocunsun@gmail.com>
Co-authored-by: Henson <zccyman@163.com>

CHANGELOG.md

@@ -6,6 +6,7 @@ Docs: https://docs.openclaw.ai
 
 ### Changes
 
+- Docs: clarify media provider credentials, Codex/OpenClaw code-mode boundaries, Slack and Telegram ack reactions, Feishu dynamic agents, secrets plaintext boundaries, memory guidance, and Chinese glossary terms. Thanks @nielskaspers, @cosmopolitan033, @drclaw-iq, @alexgduarte, @zccyman, @chengoak, and @cassthebandit.
 - Packaging: exclude documentation images and assets from the npm tarball, reducing published package size without affecting runtime docs search or CLI behavior. Thanks @SebTardif.
 - Agents/subagents: limit default sub-agent bootstrap context to `AGENTS.md` and `TOOLS.md`, keeping persona, identity, user, memory, heartbeat, and setup files out of delegated workers by default. (#85283) Thanks @100yenadmin.
 - Maintainer skills: exclude plugin SDK/API boundary work from `openclaw-landable-bug-sweep` so bugbash sweeps stay focused on small paper-cut fixes.

docs/.i18n/glossary.zh-CN.json

@@ -101,7 +101,7 @@
   },
   {
     "source": "Status",
-    "target": "Status"
+    "target": "状态"
   },
   {
     "source": "Gateway",

docs/.i18n/glossary.zh-TW.json

@@ -5,7 +5,7 @@
   },
   {
     "source": "Active Memory",
-    "target": "Active Memory"
+    "target": "主動記憶"
   },
   {
     "source": "ClawHub",
@@ -13,27 +13,27 @@
   },
   {
     "source": "CLI",
-    "target": "CLI"
+    "target": "命令列介面"
   },
   {
     "source": "Compaction",
-    "target": "Compaction"
+    "target": "壓縮"
   },
   {
     "source": "Cron",
-    "target": "Cron"
+    "target": "排程"
   },
   {
     "source": "Dreaming",
-    "target": "Dreaming"
+    "target": "夢境整理"
   },
   {
     "source": "Gateway",
-    "target": "Gateway"
+    "target": "閘道"
   },
   {
     "source": "Heartbeat",
-    "target": "Heartbeat"
+    "target": "心跳偵測"
   },
   {
     "source": "Mintlify",
@@ -41,7 +41,7 @@
   },
   {
     "source": "Node",
-    "target": "Node"
+    "target": "節點"
   },
   {
     "source": "OpenClaw",
@@ -53,7 +53,7 @@
   },
   {
     "source": "Plugin",
-    "target": "Plugin"
+    "target": "外掛"
   },
   {
     "source": "Skills",
@@ -69,10 +69,10 @@
   },
   {
     "source": "TUI",
-    "target": "TUI"
+    "target": "終端介面"
   },
   {
     "source": "Webhook",
-    "target": "Webhook"
+    "target": "網路鉤子"
   }
 ]

docs/nodes/media-understanding.md

@@ -137,6 +137,32 @@ Each `models[]` entry can be **provider** or **CLI**:
   </Tab>
 </Tabs>
 
+### Provider credentials (`apiKey`)
+
+Provider media understanding uses the same provider auth resolution as normal
+model calls: auth profiles, environment variables, then
+`models.providers.<providerId>.apiKey`.
+
+`tools.media.*.models[]` entries do not accept an inline `apiKey` field. The
+`provider` value in a media model entry, such as `openai` or `moonshot`, must
+have credentials available through one of the standard provider auth sources.
+
+Minimal example:
+
+```json5
+{
+  models: {
+    providers: {
+      openai: { apiKey: "<OPENAI_API_KEY>" },
+      moonshot: { apiKey: "<MOONSHOT_API_KEY>" },
+    },
+  },
+}
+```
+
+For the full provider auth reference, including profiles, environment
+variables, and custom base URLs, see [Tools and custom providers](/gateway/config-tools).
+
 ## Defaults and limits
 
 Recommended defaults:

docs/plugins/codex-harness.md

@@ -28,6 +28,10 @@ OpenClaw dynamic tools continue through the app-server `item/tool/call` bridge.
 Active OpenClaw sandboxing and restricted tool policies disable native code mode
 entirely unless you opt into the experimental sandbox exec-server path.
 
+This Codex-native feature is separate from
+[OpenClaw code mode](/reference/code-mode), which is an opt-in QuickJS-WASI
+runtime for generic OpenClaw runs with a different `exec` input shape.
+
 For the broader model/provider/runtime split, start with
 [Agent runtimes](/concepts/agent-runtimes). The short version is:
 `openai/gpt-5.5` is the model ref, `codex` is the runtime, and Telegram,

docs/reference/code-mode.md

@@ -13,13 +13,21 @@ default. When you enable it, OpenClaw changes what the model sees for one run:
 instead of exposing every enabled tool schema directly, the model sees only
 `exec` and `wait`.
 
-This page documents OpenClaw code mode. It is not Codex Code mode. Codex Code
-mode is part of the Codex coding harness and has its own project workspace,
-runtime, tools, and execution semantics. Codex Code mode and Codex-native
-dynamic tool search are stable Codex harness surfaces. OpenClaw code mode is an
-OpenClaw-owned experimental tool-surface adapter for generic OpenClaw runs. It
-uses `quickjs-wasi`, a hidden OpenClaw tool catalog, and the normal OpenClaw
-tool executor.
+This page documents OpenClaw code mode. It is not Codex Code mode. The two
+features share a name, but they are implemented by different runtimes and expose
+different `exec` contracts:
+
+- Codex Code Mode is enabled for Codex app-server threads unless restricted
+  tool policy disables native code mode. It runs in the Codex coding harness,
+  where the model writes shell commands through an `exec.command` contract.
+- OpenClaw code mode is disabled unless `tools.codeMode.enabled: true` is
+  configured. It runs in the OpenClaw generic agent runtime, where the model
+  writes JavaScript or TypeScript programs through an `exec.code` contract.
+
+Codex Code Mode and Codex-native dynamic tool search are stable Codex harness
+surfaces. OpenClaw code mode is an OpenClaw-owned experimental tool-surface
+adapter for generic OpenClaw runs. It uses `quickjs-wasi`, a hidden OpenClaw
+tool catalog, and the normal OpenClaw tool executor.
 
 ## What is this?