chore(sync): mirror docs from openclaw/openclaw@41b27024bb

This commit is contained in:
openclaw-docs-sync[bot] 2026-04-25 23:28:58 +00:00
parent c992d8ed70
commit 4db7d49c45
3 changed files with 14 additions and 4 deletions

View File

@ -1,5 +1,5 @@
{
"repository": "openclaw/openclaw",
"sha": "c2ea0ce5a9e532cada41bf67381cbb963d3f9378",
"syncedAt": "2026-04-25T23:12:37.392Z"
"sha": "41b27024bbfc4e42654845c9fc7058ef528dd461",
"syncedAt": "2026-04-25T23:27:30.433Z"
}

View File

@ -577,11 +577,13 @@ rather than the pre-handshake defaults.
trusted shared-secret helper flows.
- Same-host tailnet or LAN connects are still treated as remote for pairing and
require approval.
- All WS clients must include `device` identity during `connect` (operator + node).
Control UI can omit it only in these modes:
- WS clients normally include `device` identity during `connect` (operator +
node). The only device-less operator exceptions are explicit trust paths:
- `gateway.controlUi.allowInsecureAuth=true` for localhost-only insecure HTTP compatibility.
- successful `gateway.auth.mode: "trusted-proxy"` operator Control UI auth.
- `gateway.controlUi.dangerouslyDisableDeviceAuth=true` (break-glass, severe security downgrade).
- direct-loopback `gateway-client` backend RPCs authenticated with the shared
gateway token/password.
- All connections must sign the server-provided `connect.challenge` nonce.
### Device auth migration diagnostics

View File

@ -383,6 +383,14 @@ child session is marked `abortedLastRun: true`. Those restart-aborted child
sessions remain recoverable through the sub-agent orphan recovery flow, which
sends a synthetic resume message before clearing the aborted marker.
If a sub-agent spawn fails with Gateway `PAIRING_REQUIRED` / `scope-upgrade`,
check the RPC caller before editing pairing state. Internal `sessions_spawn`
coordination should connect as `client.id: "gateway-client"` with
`client.mode: "backend"` over direct loopback shared-token/password auth; that
path does not depend on the CLI's paired-device scope baseline. Remote callers,
explicit `deviceIdentity`, explicit device-token paths, and browser/node clients
still need normal device approval for scope upgrades.
## Stopping
- Sending `/stop` in the requester chat aborts the requester session and stops any active sub-agent runs spawned from it, cascading to nested children.