mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-14 11:46:07 +00:00
* feat(linux): add Tauri desktop companion app and openclaw dashboard --json * test(dashboard): assemble fake token fixture to satisfy secret scanners * test(dashboard): avoid secret-scanner-shaped mock factory line * fix(linux): actionable error when installed CLI predates dashboard --json * docs: regenerate docs map for linux platform heading change
2.5 KiB
2.5 KiB
summary, read_when, title
| summary | read_when | title | ||
|---|---|---|---|---|
| CLI reference for `openclaw dashboard` (open the Control UI) |
|
Dashboard |
openclaw dashboard
Open the Control UI using your current auth.
openclaw dashboard
openclaw dashboard --no-open
openclaw dashboard --json
openclaw dashboard --yes
--no-open: print the URL but do not launch a browser.--json: print one machine-readable connection object without opening a browser, using the clipboard, prompting, or starting the Gateway.--yes: start/install the Gateway without prompting when needed.
Machine-readable output
Use --json for desktop integrations and scripts that need the resolved Control UI URL:
openclaw dashboard --json
The response includes url, httpUrl, wsUrl, port, and tokenIncluded. If the Gateway is not ready, the command returns {"ok":false,"reason":"..."} and exits non-zero. SecretRef-managed tokens are never included in url.
Notes:
- Resolves configured
gateway.auth.tokenSecretRefs when possible. - Follows
gateway.tls.enabled: TLS-enabled gateways print/openhttps://Control UI URLs and connect overwss://. - For
lanor a wildcardcustombind, same-host launches always use loopback because a wildcard is not a browser destination. Plaintexttailnetandcustombinds also use127.0.0.1so the browser has a secure context; TLS-enabled specific hosts keep the configured address so certificate names match. - Before delivering an authenticated loopback URL for a specific-interface bind, the command probes the configured interface and verifies that it and
127.0.0.1are owned by the same Gateway process. Ambiguous listener ownership fails closed with status guidance. - For SecretRef-managed tokens (resolved or unresolved), the printed/copied/opened URL never includes the token, so external secrets do not leak into terminal output, clipboard history, or browser-launch arguments.
- If
gateway.auth.tokenis SecretRef-managed but unresolved, the command prints a non-tokenized URL and remediation guidance instead of an invalid token placeholder. - If clipboard/browser delivery fails for a token-authenticated URL, the command logs a safe manual-auth hint naming
OPENCLAW_GATEWAY_TOKEN,gateway.auth.token, and the URL fragment keytoken, without printing the token value.