vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 09:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(doctor): avoid impossible device token rotation advice

Browse Source
This commit is contained in:
Clawdbot
2026-05-05 14:39:55 +10:00
committed by Ayaan Zaidi
parent cbcca6e55f
commit f5f11b8d0e
2 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/commands/doctor-device-pairing.test.ts
View File

@@ -170,6 +170,29 @@ describe("noteDevicePairingHealth", () => {
});
});
it("does not suggest rotating local auth for a role that is no longer approved", async () => {
await withApprovedOperatorPairing(async ({ identity }) => {
storeDeviceAuthToken({
deviceId: identity.deviceId,
role: "node",
token: "stale-node-token",
scopes: [],
});
await noteDevicePairingHealth({
cfg: { gateway: { mode: "local" } },
healthOk: false,
});
expect(noteMock).toHaveBeenCalledTimes(1);
const message = String(noteMock.mock.calls[0]?.[0] ?? "");
expect(message).toContain("Local cached node device auth");
expect(message).toContain("role is no longer approved");
expect(message).toContain("remove the stale cached node auth entry");
expect(message).not.toContain("--role node");
});
});
it("uses gateway device pairing state when the gateway is healthy", async () => {
callGatewayMock.mockResolvedValue({
pending: [

20
src/commands/doctor-device-pairing.ts
View File

@@ -474,6 +474,16 @@ function collectLocalDeviceAuthIssues(snapshot: DoctorPairingSnapshot): string[]
if (!role) {
continue;
}
const pairedToken = findTokenSummary(paired, role);
if (!pairedToken) {
if (approvedRoles.has(role)) {
continue;
}
lines.push(
`- Local cached ${role} device auth for ${deviceLabel} no longer has a matching active gateway token, and that role is no longer approved for this device. Reconnect with shared gateway auth to refresh local auth, or remove the stale cached ${role} auth entry.`,
);
continue;
}
const rotateCommand = formatCliArgs([
"openclaw",
"devices",
@@ -483,16 +493,6 @@ function collectLocalDeviceAuthIssues(snapshot: DoctorPairingSnapshot): string[]
"--role",
role,
]);
const pairedToken = findTokenSummary(paired, role);
if (!pairedToken) {
if (approvedRoles.has(role)) {
continue;
}
lines.push(
`- Local cached ${role} device auth for ${deviceLabel} no longer has a matching active gateway token. Reconnect with shared gateway auth to refresh it, or rotate with ${rotateCommand}.`,
);
continue;
}
const gatewayIssuedAtMs = pairedToken.rotatedAtMs ?? pairedToken.createdAtMs;
if (entry.updatedAtMs < gatewayIssuedAtMs) {
lines.push(