From fa48cf09c19964bac41fe600eb3e7831ccef825b Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Sat, 25 Apr 2026 22:05:47 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@8d08e86f42acbe23db32d689e4b2805a5a76e52f --- .openclaw-sync/source.json | 4 ++-- docs/cli/gateway.md | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 6c8fe88bd..c0dedb51a 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "bd796d1c85c7dec0dcb89ed11502e4271ded1314", - "syncedAt": "2026-04-25T22:00:11.002Z" + "sha": "8d08e86f42acbe23db32d689e4b2805a5a76e52f", + "syncedAt": "2026-04-25T22:04:11.303Z" } diff --git a/docs/cli/gateway.md b/docs/cli/gateway.md index 0a9e9e9c8..3237ac2aa 100644 --- a/docs/cli/gateway.md +++ b/docs/cli/gateway.md @@ -188,6 +188,9 @@ Notes: - `gateway status` stays available for diagnostics even when the local CLI config is missing or invalid. - Default `gateway status` proves service state, WebSocket connect, and the auth capability visible at handshake time. It does not prove read/write/admin operations. +- Diagnostic probes are non-mutating for first-time device auth: they reuse an + existing cached device token when one exists, but they do not create a new CLI + device identity or read-only device pairing record just to check status. - `gateway status` resolves configured auth SecretRefs for probe auth when possible. - If a required auth SecretRef is unresolved in this command path, `gateway status --json` reports `rpc.authWarning` when probe connectivity/auth fails; pass `--token`/`--password` explicitly or resolve the secret source first. - If the probe succeeds, unresolved auth-ref warnings are suppressed to avoid false positives. @@ -225,6 +228,8 @@ Interpretation: - `Capability: read-only|write-capable|admin-capable|pairing-pending|connect-only` reports what the probe could prove about auth. It is separate from reachability. - `Read probe: ok` means read-scope detail RPC calls (`health`/`status`/`system-presence`/`config.get`) also succeeded. - `Read probe: limited - missing scope: operator.read` means connect succeeded but read-scope RPC is limited. This is reported as **degraded** reachability, not full failure. +- Like `gateway status`, probe reuses existing cached device auth but does not + create first-time device identity or pairing state. - Exit code is non-zero only when no probed target is reachable. JSON notes (`--json`):