fix(control-ui): explain pairing access upgrades

2026-05-06 14:40:43 +00:00 · 2026-04-20 13:06:01 +05:30
parent 67d2026e22
commit 41a01cdae5
8 changed files with 231 additions and 25 deletions
--- a/docs/web/control-ui.md
+++ b/docs/web/control-ui.md
@@ -58,6 +58,11 @@ If the browser retries pairing with changed auth details (role/scopes/public
 key), the previous pending request is superseded and a new `requestId` is
 created. Re-run `openclaw devices list` before approval.

+If the browser is already paired and you change it from read access to
+write/admin access, this is treated as an approval upgrade, not a silent
+reconnect. OpenClaw keeps the old approval active, blocks the broader reconnect,
+and asks you to approve the new scope set explicitly.
+
 Once approved, the device is remembered and won't require re-approval unless
 you revoke it with `openclaw devices revoke --device <id> --role <role>`. See
 [Devices CLI](/cli/devices) for token rotation and revocation.