docs: document trusted CIDR node auto-approval

2026-05-06 10:10:45 +00:00 · 2026-04-25 06:46:04 +01:00
parent 537a8e25ed
commit 2cd2732ab6
4 changed files with 52 additions and 0 deletions
--- a/docs/cli/node.md
+++ b/docs/cli/node.md
@@ -123,6 +123,25 @@ openclaw devices list
 openclaw devices approve <requestId>
 ```

+On tightly controlled node networks, the Gateway operator can explicitly opt in
+to auto-approving first-time node pairing from trusted CIDRs:
+
+```json5
+{
+  gateway: {
+    nodes: {
+      pairing: {
+        autoApproveCidrs: ["192.168.1.0/24"],
+      },
+    },
+  },
+}
+```
+
+This is disabled by default. It only applies to fresh `role: node` pairing with
+no requested scopes. Operator/browser clients, Control UI, WebChat, and role,
+scope, metadata, or public-key upgrades still require manual approval.
+
 If the node retries pairing with changed auth details (role/scopes/public key),
 the previous pending request is superseded and a new `requestId` is created.
 Run `openclaw devices list` again before approval.