From abb9d44daa91389c600e35fbf5968033427f4032 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Sun, 5 Apr 2026 21:57:40 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@7f1b159c039199806bb0ca8382bcc4bce71a19b8 --- .openclaw-sync/source.json | 4 ++-- docs/gateway/protocol.md | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 08c30027b..8df5c8871 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "dea3ab0aa929521c6f2fe962c2fdbde1ae978970", - "syncedAt": "2026-04-05T21:46:52.894Z" + "sha": "7f1b159c039199806bb0ca8382bcc4bce71a19b8", + "syncedAt": "2026-04-05T21:57:40.177Z" } diff --git a/docs/gateway/protocol.md b/docs/gateway/protocol.md index 09f5f718d..c762cd3ae 100644 --- a/docs/gateway/protocol.md +++ b/docs/gateway/protocol.md @@ -540,6 +540,9 @@ implemented in `src/gateway/server-methods/*.ts`. - Pairing auto-approval is centered on direct local loopback connects. - OpenClaw also has a narrow backend/container-local self-connect path for trusted shared-secret helper flows. +- Local auto-approval for operator devices seeds a bounded per-device token + baseline instead of persisting arbitrary requested operator scopes. A shared- + secret session may still be broader than the silently issued device token. - Same-host tailnet or LAN connects are still treated as remote for pairing and require approval. - All WS clients must include `device` identity during `connect` (operator + node).