vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-21 06:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh setup-code bootstrap scope mirrors

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 18:48:26 +01:00
parent a10ba044bc
commit 6d89b363a2
3 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/channels/telegram.md
View File

@@ -358,7 +358,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
- `/pair approve` when there is only one pending request
- `/pair approve latest` for most recent
The setup code carries a short-lived bootstrap token. Built-in bootstrap handoff keeps the primary node token at `scopes: []`; any handed-off operator token stays bounded to `operator.approvals`, `operator.read`, `operator.talk.secrets`, and `operator.write`.
The setup code carries a short-lived bootstrap token. Built-in bootstrap handoff keeps the primary node token at `scopes: []`; any handed-off operator token stays bounded to `operator.approvals`, `operator.read`, `operator.talk.secrets`, and `operator.write`. Bootstrap scope checks are role-prefixed, so that operator allowlist only satisfies operator requests; non-operator roles still need scopes under their own role prefix.
If a device retries with changed auth details (for example role/scopes/public key), the previous pending request is superseded and the new request uses a different `requestId`. Re-run `/pair pending` before approving.

1
docs/cli/index.md
View File

@@ -850,6 +850,7 @@ Notes:
- The setup code carries a short-lived bootstrap token, not the shared gateway token/password.
- Built-in bootstrap handoff keeps the primary node token at `scopes: []`.
- Any handed-off operator bootstrap token stays bounded to `operator.approvals`, `operator.read`, `operator.talk.secrets`, and `operator.write`.
- Bootstrap scope checks are role-prefixed, so that operator allowlist only satisfies operator requests; non-operator roles still need scopes under their own role prefix.
- `--remote` can use `gateway.remote.url` or the active Tailscale Serve/Funnel URL.
- After scanning, approve the request with `openclaw devices list` / `openclaw devices approve <requestId>`.

1
docs/cli/qr.md
View File

@@ -37,6 +37,7 @@ openclaw qr --url wss://gateway.example/ws
- The setup code itself now carries an opaque short-lived `bootstrapToken`, not the shared gateway token/password.
- In the built-in node/operator bootstrap flow, the primary node token still lands with `scopes: []`.
- If bootstrap handoff also issues an operator token, it stays bounded to the bootstrap allowlist: `operator.approvals`, `operator.read`, `operator.talk.secrets`, `operator.write`.
- Bootstrap scope checks are role-prefixed. That operator allowlist only satisfies operator requests; non-operator roles still need scopes under their own role prefix.
- Mobile pairing fails closed for Tailscale/public `ws://` gateway URLs. Private LAN `ws://` remains supported, but Tailscale/public mobile routes should use Tailscale Serve/Funnel or a `wss://` gateway URL.
- With `--remote`, OpenClaw requires either `gateway.remote.url` or
`gateway.tailscale.mode=serve|funnel`.