diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index e2c06c3c0..099a4f8d4 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "24431e511464e1de4fa87c95f46d1d33281ccbac", - "syncedAt": "2026-04-17T02:04:31.692Z" + "sha": "0b6c39be18754d1e6b563dd70a32e25aac9729f3", + "syncedAt": "2026-04-17T07:49:16.133Z" } diff --git a/docs/gateway/protocol.md b/docs/gateway/protocol.md index e27d7de48..c3d712073 100644 --- a/docs/gateway/protocol.md +++ b/docs/gateway/protocol.md @@ -89,7 +89,21 @@ Gateway → Client: ``` `server`, `features`, `snapshot`, and `policy` are all required by the schema -(`src/gateway/protocol/schema/frames.ts`). `auth` and `canvasHostUrl` are optional. +(`src/gateway/protocol/schema/frames.ts`). `canvasHostUrl` is optional. `auth` +reports the negotiated role/scopes when available, and includes `deviceToken` +when the gateway issues one. + +When no device token is issued, `hello-ok.auth` can still report the negotiated +permissions: + +```json +{ + "auth": { + "role": "operator", + "scopes": ["operator.read", "operator.write"] + } +} +``` When a device token is issued, `hello-ok` also includes: