vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-04 15:50:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): pin paired reconnect metadata for node policy

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 14:10:00 +01:00
parent cf311978ea
commit 7d8aeaaf06
13 changed files with 282 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/gateway/protocol.md
View File

@@ -215,6 +215,10 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
Control UI can omit it **only** when `gateway.controlUi.dangerouslyDisableDeviceAuth`
is enabled for break-glass use.
- All connections must sign the server-provided `connect.challenge` nonce.
- Preferred signature payload is `v3`, which binds `platform` and `deviceFamily`
in addition to device/client/role/scopes/token/nonce fields.
- Legacy `v2` signatures remain accepted for compatibility, but paired-device
metadata pinning still controls command policy on reconnect.
## TLS + pinning