vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 10:40:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh pairing locality refs

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 16:12:56 +01:00
parent 983909f826
commit 89535f9313
5 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/concepts/architecture.md
View File

@@ -99,8 +99,12 @@ sequenceDiagram
- All WS clients (operators + nodes) include a **device identity** on `connect`.
- New device IDs require pairing approval; the Gateway issues a **device token**
for subsequent connects.
- **Local** connects (loopback or the gateway hosts own tailnet address) can be
autoapproved to keep samehost UX smooth.
- Direct local loopback connects can be auto-approved to keep same-host UX
smooth.
- OpenClaw also has a narrow backend/container-local self-connect path for
trusted shared-secret helper flows.
- Tailnet and LAN connects, including same-host tailnet binds, still require
explicit pairing approval.
- All connects must sign the `connect.challenge` nonce.
- Signature payload `v3` also binds `platform` + `deviceFamily`; the gateway
pins paired metadata on reconnect and requires repair pairing for metadata