docs: align pairing metadata upgrade approval · openclaw/openclaw@dd17dea
steipete
·
2026-04-23
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -121,10 +121,12 @@ If silent approval fails, it falls back to the normal “Approve/Reject” promp
|
121 | 121 | |
122 | 122 | When an already paired device reconnects with only non-sensitive metadata |
123 | 123 | changes (for example, display name or client platform hints), OpenClaw treats |
124 | | -that as a `metadata-upgrade` and auto-approves the reconnect without |
125 | | -prompting. Scope upgrades (read to write/admin) and public key changes are |
126 | | -**not** eligible for metadata-upgrade auto-approval — they stay as explicit |
127 | | -re-approval requests. |
| 124 | +that as a `metadata-upgrade`. Silent auto-approval is narrow: it applies only |
| 125 | +to trusted local CLI/helper reconnects that already proved possession of the |
| 126 | +shared token or password over loopback. Browser/Control UI clients and remote |
| 127 | +clients still use the explicit re-approval flow. Scope upgrades (read to |
| 128 | +write/admin) and public key changes are **not** eligible for metadata-upgrade |
| 129 | +auto-approval — they stay as explicit re-approval requests. |
128 | 130 | |
129 | 131 | ## QR pairing helpers |
130 | 132 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -947,9 +947,10 @@ Local device pairing:
|
947 | 947 | treated as remote for pairing, trusted-proxy auth, and Control UI device |
948 | 948 | identity gating — it no longer qualifies for loopback auto-approval. |
949 | 949 | - **Metadata-upgrade auto-approval** applies only to non-sensitive reconnect |
950 | | -deltas on already paired devices (display name, client platform hints). |
951 | | -Scope upgrades (read to write/admin) and public key changes still require |
952 | | -explicit re-approval and are never silently upgraded. |
| 950 | +deltas on already paired trusted local CLI/helper clients that proved |
| 951 | +possession of the shared token or password over loopback. Browser/Control UI |
| 952 | +clients and remote clients still require explicit re-approval. Scope upgrades |
| 953 | +(read to write/admin) and public key changes are never silently upgraded. |
953 | 954 | |
954 | 955 | Auth modes: |
955 | 956 | |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。