mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-27 23:12:52 +00:00
d51f26850d
Summary: - The PR expands security audit, CLI docs, and tests so `hooks.token` reuse of active Gateway token/password auth is reported while password-mode Gateway startup remains compatible. - PR surface: Source +178, Tests +311, Docs +14. Total +503 across 14 files. - Reproducibility: yes. from source inspection: current main forwards a bearer token as both token and passwor ... ecause this review was read-only, but the linked issue and code path make the reproduction high confidence. Automerge notes: - PR branch already contained follow-up commit before automerge: fix(cr-fmi-hook-ingress-token-unlocks-password-mode-gateway-auth): ap… - PR branch already contained follow-up commit before automerge: fix: include trusted proxy password in hooks token reuse check - PR branch already contained follow-up commit before automerge: fix(gateway): audit hooks password reuse without blocking startup - PR branch already contained follow-up commit before automerge: fix: Hook ingress token unlocks password-mode gateway auth Validation: - ClawSweeper review passed for head7c796b22ec. - Required merge gates passed before the squash merge. Prepared head SHA:7c796b22ecReview: https://github.com/openclaw/openclaw/pull/86453#issuecomment-4533831028 Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com> Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com> Co-authored-by: clawsweeper[bot] <274271284+clawsweeper[bot]@users.noreply.github.com> Approved-by: jesse-merhi