nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/src
History
Sid e1e715c53d
fix(gateway): skip device pairing for local backend self-connections (#30801) 
* fix(gateway): skip device pairing for local backend self-connections

When gateway.tls is enabled, sessions_spawn (and other internal
callGateway operations) creates a new WebSocket to the gateway.
The gateway treated this self-connection like any external client
and enforced device pairing, rejecting it with "pairing required"
(close code 1008). This made sub-agent spawning impossible when
TLS was enabled in Docker with bind: "lan".

Skip pairing for connections that are gateway-client self-connections
from localhost with valid shared auth (token/password). These are
internal backend calls (e.g. sessions_spawn, subagent-announce) that
already have valid credentials and connect from the same host.

Closes #30740

* gateway: tighten backend self-pair bypass guard

* tests: cover backend self-pairing local-vs-remote auth path

* changelog: add gateway tls pairing fix credit

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 		2026-03-01 21:46:33 -08:00
..
acp Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 2026-03-01 20:31:06 -08:00
agents fix(sessions): harden recycled PID lock recovery follow-up (#31320) 2026-03-01 21:42:22 -08:00
auto-reply test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
browser test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
canvas-host
channels fix(discord): enrich allowlist resolution logs 2026-03-02 04:19:37 +00:00
cli feat(config): add `openclaw config validate` and improve startup error messages (#31220) 2026-03-02 00:45:51 -05:00
commands test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
compat
config feat(config): add `openclaw config validate` and improve startup error messages (#31220) 2026-03-02 00:45:51 -05:00
cron refactor(commands): unify repeated ACP and routing flows 2026-03-02 05:20:19 +00:00
daemon test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
discord test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
docs
gateway fix(gateway): skip device pairing for local backend self-connections (#30801) 2026-03-01 21:46:33 -08:00
hooks refactor: unify boundary hardening for file reads 2026-02-26 13:04:37 +01:00
i18n fix(ci): resolve i18n typing and generated-policy drift 2026-03-02 04:29:18 +00:00
imessage refactor(security): enforce account-scoped pairing APIs 2026-02-26 21:57:52 +01:00
infra refactor(infra): centralize boundary traversal and root path checks 2026-03-02 05:20:19 +00:00
line test: micro-optimize hot unit test files 2026-03-02 05:33:07 +00:00
link-understanding
logging refactor(diagnostics): hot-reload stuck warning threshold 2026-03-02 00:32:33 +00:00
markdown refactor: split telegram delivery and unify media/frontmatter/i18n pipelines 2026-03-02 04:14:06 +00:00
media refactor: split telegram delivery and unify media/frontmatter/i18n pipelines 2026-03-02 04:14:06 +00:00
media-understanding
memory fix(memory): discard stdout for qmd update/embed to prevent output cap failure (openclaw#28900) thanks @Glucksberg 2026-03-01 12:16:50 -06:00
node-host refactor!: remove versioned system-run approval contract 2026-03-02 01:12:53 +00:00
pairing refactor(channels): unify dm pairing policy flows 2026-02-26 22:36:20 +01:00
plugin-sdk refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00
plugins test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
process test: micro-optimize hot unit test files 2026-03-02 05:33:07 +00:00
providers
routing fix(routing): treat group/channel peer.kind as equivalent (land #31135 by @Sid-Qin) 2026-03-02 01:47:02 +00:00
scripts
secrets test: micro-optimize hot unit test files 2026-03-02 05:33:07 +00:00
security security(feishu): bind doc create grants to trusted requester context (#31184) 2026-03-01 20:51:45 -06:00
sessions TUI: sync /model status immediately 2026-02-28 14:02:56 -08:00
shared fix(sessions): harden recycled PID lock recovery follow-up (#31320) 2026-03-01 21:42:22 -08:00
signal fix(signal): land #31138 syncMessage presence filtering (@Sid-Qin) 2026-03-02 03:28:25 +00:00
slack fix(slack): scope download-file to channel and thread context 2026-03-02 02:23:22 +00:00
telegram test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
terminal fix(cli): preserve json stdout while keeping doctor migration (#24368) (thanks @altaywtf) 2026-03-02 03:10:02 +00:00
test-helpers
test-utils diffs plugin 2026-02-28 18:38:00 -05:00
tts fix(tts): use opus format and enable voice bubbles for feishu and whatsapp (#27366) 2026-02-27 23:41:22 -06:00
tui Exec/ACP: inject OPENCLAW_SHELL into child shell env (#31271) 2026-03-01 20:31:06 -08:00
types
utils fix(agents): add forward-compat fallback for google-gemini-cli gemini-3.1-pro/flash-preview (#26570) 2026-02-26 18:39:13 -05:00
web test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
whatsapp
wizard Fix onboard ignoring OPENCLAW_GATEWAY_TOKEN env var (#22658) 2026-03-01 19:40:40 -08:00
channel-web.ts
docker-image-digests.test.ts
docker-setup.e2e.test.ts test: move integration-heavy suites to e2e lane 2026-03-02 05:33:07 +00:00
dockerfile.test.ts fix(docker): harden /app/extensions permissions to 755 (#30191) 2026-03-01 15:45:21 -08:00
entry.ts CLI: add root --help fast path and lazy channel option resolution (#30975) 2026-03-01 14:23:46 -08:00
extensionAPI.ts
globals.ts
index.ts
logger.test.ts
logger.ts
logging.ts
polls.test.ts
polls.ts
runtime.ts
utils.test.ts
utils.ts
version.test.ts refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00
version.ts refactor: centralize delivery/path/media/version lifecycle 2026-03-02 04:04:36 +00:00