mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-04 12:53:34 +00:00
* feat(android): rework gateway onboarding setup * fix(android): restore protocol mismatch onboarding guidance * fix(android): sync onboarding native i18n * fix(android): preserve LAN manual setup prefill * fix(android): refine onboarding node approval step * fix(android): polish onboarding recovery actions * test(android): cover onboarding protocol mismatch copy * fix(android): separate onboarding node approval * fix(android): guard onboarding node approval transitions * fix(android): keep onboarding approval states reachable * fix(android): wait for node access before onboarding continue * fix(android): refresh node approval after operator handoff * fix(android): refresh onboarding approval states * fix(android): require approval after onboarding permission changes * fix(android): keep onboarding approval gates active * fix(android): preserve permission reapproval state * fix(android): skip node approval on legacy gateways * fix(android): wait for node approval refresh * fix(android): preserve camera setting on upgrade * fix(android): avoid stuck approval check spinner * fix(android): request talk secrets on operator connects * fix(android): avoid missed node approval completion * fix(android): keep nearby LAN setup local * fix(android): complete onboarding after node approval * fix(android): reconcile onboarding with gateway auth plans * chore(android): refresh native i18n inventory after rebase * Fix Android onboarding review edge cases * Fix native i18n onboarding sentinels
3.1 KiB
3.1 KiB
summary, read_when, title
| summary | read_when | title | ||
|---|---|---|---|---|
| CLI reference for `openclaw qr` (generate mobile pairing QR + setup code) |
|
QR |
openclaw qr
Generate a mobile pairing QR and setup code from your current Gateway configuration.
Usage
openclaw qr
openclaw qr --setup-code-only
openclaw qr --json
openclaw qr --remote
openclaw qr --url wss://gateway.example/ws
Options
--remote: prefergateway.remote.url; if it is unset,gateway.tailscale.mode=serve|funnelcan still provide the remote public URL--url <url>: override gateway URL used in payload--public-url <url>: override public URL used in payload--token <token>: override which gateway token the bootstrap flow authenticates against--password <password>: override which gateway password the bootstrap flow authenticates against--setup-code-only: print only setup code--no-ascii: skip ASCII QR rendering--json: emit JSON (setupCode,gatewayUrl,auth,urlSource)
Notes
--tokenand--passwordare mutually exclusive.- The setup code itself now carries an opaque short-lived
bootstrapToken, not the shared gateway token/password. - Built-in setup-code bootstrap returns a primary
nodetoken withscopes: []plus a boundedoperatorhandoff token for trusted mobile onboarding. - The handed-off operator token is limited to
operator.approvals,operator.read,operator.talk.secrets, andoperator.write; pairing mutation scopes andoperator.adminstill require a separate approved operator pairing or token flow. - Mobile pairing fails closed for Tailscale/public
ws://gateway URLs. Private LAN addresses and.localBonjour hosts remain supported overws://, but Tailscale/public mobile routes should use Tailscale Serve/Funnel or awss://gateway URL. - With
--remote, OpenClaw requires eithergateway.remote.urlorgateway.tailscale.mode=serve|funnel. - With
--remote, if effectively active remote credentials are configured as SecretRefs and you do not pass--tokenor--password, the command resolves them from the active gateway snapshot. If gateway is unavailable, the command fails fast. - Without
--remote, local gateway auth SecretRefs are resolved when no CLI auth override is passed:gateway.auth.tokenresolves when token auth can win (explicitgateway.auth.mode="token"or inferred mode where no password source wins).gateway.auth.passwordresolves when password auth can win (explicitgateway.auth.mode="password"or inferred mode with no winning token from auth/env).
- If both
gateway.auth.tokenandgateway.auth.passwordare configured (including SecretRefs) andgateway.auth.modeis unset, setup-code resolution fails until mode is set explicitly. - Gateway version skew note: this command path requires a gateway that supports
secrets.resolve; older gateways return an unknown-method error. - After scanning, approve device pairing with:
openclaw devices listopenclaw devices approve <requestId>