fix(gateway): avoid echoing rotated device tokens

2026-05-06 11:40:42 +00:00 · 2026-04-27 15:09:38 +01:00
parent dacf43640a
commit 016a0b4de9
7 changed files with 59 additions and 10 deletions
--- a/docs/cli/devices.md
+++ b/docs/cli/devices.md
@@ -102,7 +102,10 @@ caller already has.
 openclaw devices rotate --device <deviceId> --role operator --scope operator.read --scope operator.write
 ```

-Returns the new token payload as JSON.
+Returns rotation metadata as JSON. If the caller is rotating its own token while
+authenticated with that device token, the response also includes the replacement
+token so the client can persist it before reconnecting. Shared/admin rotations
+do not echo the bearer token.

 ### `openclaw devices revoke --device <id> --role <role>`