LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-27 00:17:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: refresh bootstrap handoff token refs

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-04 14:32:32 +01:00
parent 93ab8dd531
commit 13f9475f6c
4 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/cli/index.md
View File

@@ -848,6 +848,8 @@ Notes:
- `--token` and `--password` are mutually exclusive.
- The setup code carries a short-lived bootstrap token, not the shared gateway token/password.
- Built-in bootstrap handoff keeps the primary node token at `scopes: []`.
- Any handed-off operator bootstrap token stays bounded to `operator.approvals`, `operator.read`, `operator.talk.secrets`, and `operator.write`.
- `--remote` can use `gateway.remote.url` or the active Tailscale Serve/Funnel URL.
- After scanning, approve the request with `openclaw devices list` / `openclaw devices approve <requestId>`.

2
docs/cli/qr.md
View File

@@ -35,6 +35,8 @@ openclaw qr --url wss://gateway.example/ws
- `--token` and `--password` are mutually exclusive.
- The setup code itself now carries an opaque short-lived `bootstrapToken`, not the shared gateway token/password.
- In the built-in node/operator bootstrap flow, the primary node token still lands with `scopes: []`.
- If bootstrap handoff also issues an operator token, it stays bounded to the bootstrap allowlist: `operator.approvals`, `operator.read`, `operator.talk.secrets`, `operator.write`.
- Mobile pairing fails closed for Tailscale/public `ws://` gateway URLs. Private LAN `ws://` remains supported, but Tailscale/public mobile routes should use Tailscale Serve/Funnel or a `wss://` gateway URL.
- With `--remote`, OpenClaw requires either `gateway.remote.url` or
`gateway.tailscale.mode=serve|funnel`.