LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-24 07:01:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Implicit latest-device approval can pair the wrong requester (#64160)

Browse Source 
* fix: require confirmation before implicit device approval

Keep re-requested pairing entries from jumping the queue and force operators to confirm implicit latest-request approval so a refreshed attacker request cannot be silently approved.

* fix: require exact device pairing approval

* fix: stabilize reply CI checks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
This commit is contained in:
Coy Geek
2026-04-10 18:55:01 -07:00
committed by GitHub
parent f2065a7651
commit 192ee081e7
13 changed files with 315 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/cli/devices.md
View File

@@ -49,8 +49,10 @@ openclaw devices clear --yes --pending --json
### `openclaw devices approve [requestId] [--latest]`
Approve a pending device pairing request. If `requestId` is omitted, OpenClaw
automatically approves the most recent pending request.
Approve a pending device pairing request by exact `requestId`. If `requestId`
is omitted or `--latest` is passed, OpenClaw only prints the selected pending
request and exits; rerun approval with the exact request ID after verifying
the details.
Note: if a device retries pairing with changed auth details (role/scopes/public
key), OpenClaw supersedes the previous pending entry and issues a new
@@ -126,7 +128,7 @@ Pass `--token` or `--password` explicitly. Missing explicit credentials is an er
`operator.admin`.
- `devices clear` is intentionally gated by `--yes`.
- If pairing scope is unavailable on local loopback (and no explicit `--url` is passed), list/approve can use a local pairing fallback.
- `devices approve` picks the newest pending request automatically when you omit `requestId` or pass `--latest`.
- `devices approve` requires an explicit request ID before minting tokens; omitting `requestId` or passing `--latest` only previews the newest pending request.
## Token drift recovery checklist

2
docs/cli/index.md
View File

@@ -852,7 +852,7 @@ Subcommands:
Notes:
- `devices list` and `devices approve` can fall back to local pairing files on local loopback when direct pairing scope is unavailable.
- `devices approve` auto-selects the newest pending request when no `requestId` is passed or `--latest` is set.
- `devices approve` requires an explicit request ID before minting tokens; omitting `requestId` or passing `--latest` only previews the newest pending request.
- Stored-token reconnects reuse the token's cached approved scopes; explicit
`devices rotate --scope ...` updates that stored scope set for future
cached-token reconnects.