<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Runabot Documentation</title><link>/docs/en/</link><description>Recent content on Runabot Documentation</description><generator>Hugo</generator><language>en</language><atom:link href="/docs/en/index.xml" rel="self" type="application/rss+xml"/><item><title/><link>/docs/en/admin/architecture/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/admin/architecture/</guid><description>&lt;h1 id="system-architecture"&gt;System Architecture&lt;a class="anchor" href="#system-architecture"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;h2 id="runabot-addon-system--access-control"&gt;Runabot Addon System &amp;amp; Access Control&lt;a class="anchor" href="#runabot-addon-system--access-control"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Runabot provides isolated sandboxed &amp;ldquo;addons&amp;rdquo; for bot connectivity, including the SSH Addon. Addons run in their own namespaces but share the cluster NetworkPolicy rules.&lt;/p&gt;
&lt;p&gt;The SSH Jump Host Operator is integrated natively within &lt;code&gt;runabot-api&lt;/code&gt; and manages BotSsh CustomResources in the cluster.&lt;/p&gt;
&lt;pre class="mermaid"&gt;graph TD
 subgraph K8s Cluster
 User[[Developer/User]] --&amp;gt;|TCP:2222| SSHJumpHost(SSH Jump Host\nssh namespace)
 
 subgraph SSH Namespace
 SSHJumpHost --&amp;gt;|manages| SSHTokens[authorized_keys\nPID:1 Reconciler]
 SSHOperator(ssh-operator\nPID:1) --&amp;gt;|Reconciles| BotSshCRD((BotSsh CRD))
 end
 
 subgraph Runabot API
 APIServer(runabot-api) --&amp;gt;|RPC: CreateAddon| BotSshCRD
 end
 
 subgraph Bot Namespace
 SSHD(openssh-server\nTCP:18789 / TCP:2222)
 Bot(Bot Process)
 User --&amp;gt;|ProxyJump| SSHD
 end
 
 SSHJumpHost --&amp;gt;|TCP:2222| SSHD
 end&lt;/pre&gt;&lt;p&gt;The Addon Operator strictly enforces the single instance rule so that a user may only deploy a single global jump host.&lt;/p&gt;</description></item><item><title/><link>/docs/en/admin/filesystem-strategy/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/admin/filesystem-strategy/</guid><description>&lt;h1 id="bot-filesystem-provisioning-strategy-analysis"&gt;Bot Filesystem Provisioning: Strategy Analysis&lt;a class="anchor" href="#bot-filesystem-provisioning-strategy-analysis"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;h2 id="current-approach-full-rsync-copy"&gt;Current Approach: Full &lt;code&gt;rsync&lt;/code&gt; Copy&lt;a class="anchor" href="#current-approach-full-rsync-copy"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;How it works today&lt;/strong&gt; (see &lt;code&gt;chart/openclaw/container/init.sh&lt;/code&gt; + &lt;code&gt;statefulset.yaml&lt;/code&gt;):&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Init container runs &lt;code&gt;rsync -axH / /main_container/&lt;/code&gt; on first boot -&amp;gt; copies the &lt;em&gt;entire&lt;/em&gt; Debian 13 rootfs (~2.7 GB) to PVC.&lt;/li&gt;
&lt;li&gt;On subsequent boots, init container only updates managed scripts (&lt;code&gt;bot-wrapper.sh&lt;/code&gt;, &lt;code&gt;bot-install.sh&lt;/code&gt;) and systemd units.&lt;/li&gt;
&lt;li&gt;Main container mounts PVC subdirectories (&lt;code&gt;/usr&lt;/code&gt;, &lt;code&gt;/var&lt;/code&gt;, &lt;code&gt;/home&lt;/code&gt;, &lt;code&gt;/root&lt;/code&gt;, &lt;code&gt;/opt&lt;/code&gt;, &lt;code&gt;/etc&lt;/code&gt;) via &lt;code&gt;subPath&lt;/code&gt;.&lt;/li&gt;
&lt;li&gt;Container image itself is pulled but largely unused after initial rsync &amp;ndash; it&amp;rsquo;s just a &amp;ldquo;source&amp;rdquo; of the rootfs.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;&lt;strong&gt;Storage cost per bot&lt;/strong&gt;: ~2.7 GB base + user data.&lt;/p&gt;</description></item><item><title/><link>/docs/en/admin/firewall/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/admin/firewall/</guid><description>&lt;h1 id="runabot-network-architecture--firewall"&gt;Runabot Network Architecture &amp;amp; Firewall&lt;a class="anchor" href="#runabot-network-architecture--firewall"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;p&gt;This page describes the complete network topology of a Runabot tenant environment: how traffic flows between every component, and where authentication/authorisation and network firewall controls are enforced.&lt;/p&gt;
&lt;h2 id="legend"&gt;Legend&lt;a class="anchor" href="#legend"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;table&gt;
 &lt;thead&gt;
 &lt;tr&gt;
 &lt;th&gt;Symbol&lt;/th&gt;
 &lt;th&gt;Meaning&lt;/th&gt;
 &lt;/tr&gt;
 &lt;/thead&gt;
 &lt;tbody&gt;
 &lt;tr&gt;
 &lt;td&gt;🔥&lt;/td&gt;
 &lt;td&gt;Cilium / Kubernetes &lt;code&gt;NetworkPolicy&lt;/code&gt; or &lt;code&gt;CiliumNetworkPolicy&lt;/code&gt; firewall boundary&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;🔐&lt;/td&gt;
 &lt;td&gt;Authentication / Authorisation check (Ory Kratos + OpenFGA)&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;➡️&lt;/td&gt;
 &lt;td&gt;Allowed flow&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;✋&lt;/td&gt;
 &lt;td&gt;Blocked by default (explicit allowlist required)&lt;/td&gt;
 &lt;/tr&gt;
 &lt;/tbody&gt;
&lt;/table&gt;
&lt;hr&gt;
&lt;h2 id="component-diagram"&gt;Component Diagram&lt;a class="anchor" href="#component-diagram"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;The diagram below shows one user&amp;rsquo;s namespace (&lt;code&gt;dev-alice&lt;/code&gt;) inside the cluster.
All egress from bot and addon pods is &lt;strong&gt;default-deny&lt;/strong&gt; at the eBPF level; only explicitly whitelisted FQDNs or cluster endpoints are reachable.&lt;/p&gt;</description></item><item><title/><link>/docs/en/admin/oidc/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/admin/oidc/</guid><description>&lt;h1 id="oidc-configuration-universal-sso"&gt;OIDC Configuration (Universal SSO)&lt;a class="anchor" href="#oidc-configuration-universal-sso"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;p&gt;Runabot supports multiple OIDC providers (Google, Microsoft, Keycloak, etc.) via &lt;strong&gt;Ory Kratos&lt;/strong&gt;. Configuration is managed entirely through SOPS secrets.&lt;/p&gt;
&lt;h2 id="1-configure-sops"&gt;1. Configure SOPS&lt;a class="anchor" href="#1-configure-sops"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Add your providers to the &lt;code&gt;oidc_providers&lt;/code&gt; list in your environment&amp;rsquo;s SOPS file (&lt;code&gt;pulumi/sops/secrets/&amp;lt;env&amp;gt;.json&lt;/code&gt;).&lt;/p&gt;
&lt;h3 id="example-google-sso"&gt;Example: Google SSO&lt;a class="anchor" href="#example-google-sso"&gt;#&lt;/a&gt;&lt;/h3&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-json" data-lang="json"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;runabot&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;oidc_providers&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;google&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;provider&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;google&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;label&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;Sign in with Google&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_ID_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_secret&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_SECRET_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;mapper_url&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;file:///etc/config/kratos/oidc.google.json&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;scope&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;email&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;profile&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;openid&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h3 id="example-microsoft-azure-ad"&gt;Example: Microsoft (Azure AD)&lt;a class="anchor" href="#example-microsoft-azure-ad"&gt;#&lt;/a&gt;&lt;/h3&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-json" data-lang="json"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;runabot&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;oidc_providers&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;microsoft&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;provider&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;microsoft&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;label&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;Sign in with Microsoft&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_ID_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_secret&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_SECRET_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;microsoft_tenant&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;organizations&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;mapper_url&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;file:///etc/config/kratos/oidc.microsoft.json&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;scope&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;email&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;profile&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;openid&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h3 id="example-generic-oidc-keycloakokta"&gt;Example: Generic OIDC (Keycloak/Okta)&lt;a class="anchor" href="#example-generic-oidc-keycloakokta"&gt;#&lt;/a&gt;&lt;/h3&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-json" data-lang="json"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;runabot&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;oidc_providers&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;my-sso&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;provider&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;generic&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;label&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;Company SSO&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_id&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_ID_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;client_secret&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;CLIENT_SECRET_HERE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;issuer_url&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;https://sso.example.com/realms/master&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nt"&gt;&amp;#34;mapper_url&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;file:///etc/config/kratos/oidc.generic.json&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="2-redirect-uris"&gt;2. Redirect URIs&lt;a class="anchor" href="#2-redirect-uris"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Ensure your identity provider has the correct Authorized Redirect URI:
&lt;code&gt;https://&amp;lt;your-domain&amp;gt;/_auth/kratos/self-service/methods/oidc/callback/&amp;lt;provider_id&amp;gt;&lt;/code&gt;&lt;/p&gt;</description></item><item><title/><link>/docs/en/legal/terms/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/legal/terms/</guid><description>&lt;h1 id="terms-of-service-agb"&gt;Terms of Service (AGB)&lt;a class="anchor" href="#terms-of-service-agb"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;p&gt;&lt;em&gt;Status: February 2026&lt;/em&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="1-scope-of-service"&gt;1. Scope of Service&lt;a class="anchor" href="#1-scope-of-service"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Runabot (&amp;ldquo;the Provider&amp;rdquo;) provides the user with a web-based platform that allows access to persistent container environments (&amp;ldquo;Bot Containers&amp;rdquo;).
The service includes:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Provisioning of isolated Linux container environments with persistent storage.&lt;/li&gt;
&lt;li&gt;Access to these environments via a web terminal, SSH, and API interfaces.&lt;/li&gt;
&lt;li&gt;The ability to install and execute software (e.g., AI assistants like OpenClaw) within the allocated resources.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The Provider does not guarantee 100% availability and reserves the right to perform maintenance work, which may lead to temporary outages.&lt;/p&gt;</description></item><item><title/><link>/docs/en/user/getting-started/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/user/getting-started/</guid><description>&lt;h1 id="getting-started-with-runabot"&gt;Getting Started with Runabot&lt;a class="anchor" href="#getting-started-with-runabot"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;p&gt;Runabot allows you to deploy and manage AI assistants (bots) in an isolated environment.&lt;/p&gt;
&lt;h2 id="1-login"&gt;1. Login&lt;a class="anchor" href="#1-login"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;Navigate to the Runabot UI (e.g., &lt;code&gt;https://runabot.de/ui/&lt;/code&gt;).
If not logged in, you will be redirected to the login page.
Sign in with your corporate credential (Google/Microsoft).&lt;/p&gt;
&lt;h2 id="2-deploy-a-bot"&gt;2. Deploy a Bot&lt;a class="anchor" href="#2-deploy-a-bot"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;On the Dashboard, click &lt;strong&gt;Deploy New Bot&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Enter a name (e.g., &lt;code&gt;my-assistant&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;Select the &lt;strong&gt;Chart&lt;/strong&gt; (e.g., &lt;code&gt;runabot-bot&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;Select a &lt;strong&gt;Version&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Click &lt;strong&gt;Deploy&lt;/strong&gt;.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The bot will appear in your list. It may take a minute to become &lt;code&gt;Running&lt;/code&gt;.&lt;/p&gt;</description></item><item><title/><link>/docs/en/user/openclaw/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/user/openclaw/</guid><description>&lt;h1 id="openclaw-bot-guide"&gt;OpenClaw Bot Guide&lt;a class="anchor" href="#openclaw-bot-guide"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;p&gt;OpenClaw is a powerful personal assistant that you can run on Runabot. This guide covers common administrative tasks for your OpenClaw instance.&lt;/p&gt;
&lt;h2 id="initial-setup-onboarding"&gt;Initial Setup (Onboarding)&lt;a class="anchor" href="#initial-setup-onboarding"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;When you first deploy an OpenClaw bot, you need to perform an initial onboarding to set up your administrator account and basic settings.&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;p&gt;Open the &lt;strong&gt;Web Terminal&lt;/strong&gt; for your bot.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;Run the onboarding command:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;openclaw onboard&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;Follow the interactive prompts to:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Set up your administrator username and password.&lt;/li&gt;
&lt;li&gt;Configure basic system settings.&lt;/li&gt;
&lt;li&gt;Initialize the local database.&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Once onboarding is complete, you can access the OpenClaw Web UI using the credentials you just created.&lt;/p&gt;</description></item><item><title/><link>/docs/en/user/ui-reference/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/docs/en/user/ui-reference/</guid><description>&lt;h1 id="ui-reference"&gt;UI Reference&lt;a class="anchor" href="#ui-reference"&gt;#&lt;/a&gt;&lt;/h1&gt;
&lt;h2 id="dashboard"&gt;Dashboard&lt;a class="anchor" href="#dashboard"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;The main dashboard provides an overview of your resources.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;My Bots&lt;/strong&gt;: Grid view of your running bot instances.
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Status Indicator&lt;/strong&gt;: Green (Running), Orange (Pending), Red (Failed).&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Delete&lt;/strong&gt;: Remove the bot and its data.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Terminal&lt;/strong&gt;: Open the web terminal.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Download kubeconfig&lt;/strong&gt;: Download a &lt;code&gt;kubeconfig&lt;/code&gt; file for &lt;code&gt;kubectl&lt;/code&gt; access (valid 30 days).&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Deploy New Bot&lt;/strong&gt;: Opens the deployment wizard.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="terminal"&gt;Terminal&lt;a class="anchor" href="#terminal"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;The Web Terminal provides direct shell access.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Reconnect&lt;/strong&gt;: If the connection drops, use the reload button in the header.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Security&lt;/strong&gt;: The terminal session is authenticated via your user identity.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;OpenClaw Operations&lt;/strong&gt;: For OpenClaw-specific commands like &lt;code&gt;openclaw onboard&lt;/code&gt; or &lt;code&gt;systemctl reboot&lt;/code&gt;, see the &lt;a href="/docs/en/user/openclaw/"&gt;OpenClaw Guide&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="backups"&gt;Backups&lt;a class="anchor" href="#backups"&gt;#&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;(If enabled) Lists automated backups of your bot volumes.&lt;/p&gt;</description></item></channel></rss>