UNPKG

@gguf/claw

Version:

Multi-channel AI gateway with extensible messaging integrations

github.com/openclaw/openclaw

openclaw/openclaw

104 lines (70 loc) 3.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
--- summary: "Pairing overview: approve who can DM you + which nodes can join" read_when: - Setting up DM access control - Pairing a new iOS/Android node - Reviewing OpenClaw security posture title: "Pairing" --- # Pairing “Pairing” is OpenClaw’s explicit **owner approval** step. It is used in two places: 1. **DM pairing** (who is allowed to talk to the bot) 2. **Node pairing** (which devices/nodes are allowed to join the gateway network) Security context: [Security](/gateway/security) ## 1) DM pairing (inbound chat access) When a channel is configured with DM policy `pairing`, unknown senders get a short code and their message is **not processed** until you approve. Default DM policies are documented in: [Security](/gateway/security) Pairing codes: - 8 characters, uppercase, no ambiguous chars (`0O1I`). - **Expire after 1 hour**. The bot only sends the pairing message when a new request is created (roughly once per hour per sender). - Pending DM pairing requests are capped at **3 per channel** by default; additional requests are ignored until one expires or is approved. ### Approve a sender ```bash openclaw pairing list telegram openclaw pairing approve telegram <CODE> ``` Supported channels: `telegram`, `whatsapp`, `signal`, `imessage`, `discord`, `slack`, `feishu`. ### Where the state lives Stored under `~/.openclaw/credentials/`: - Pending requests: `<channel>-pairing.json` - Approved allowlist store: `<channel>-allowFrom.json` Treat these as sensitive (they gate access to your assistant). ## 2) Node device pairing (iOS/Android/macOS/headless nodes) Nodes connect to the Gateway as **devices** with `role: node`. The Gateway creates a device pairing request that must be approved. ### Pair via Telegram (recommended for iOS) If you use the `device-pair` plugin, you can do first-time device pairing entirely from Telegram: 1. In Telegram, message your bot: `/pair` 2. The bot replies with two messages: an instruction message and a separate **setup code** message (easy to copy/paste in Telegram). 3. On your phone, open the OpenClaw iOS app → Settings → Gateway. 4. Paste the setup code and connect. 5. Back in Telegram: `/pair approve` The setup code is a base64-encoded JSON payload that contains: - `url`: the Gateway WebSocket URL (`ws://...` or `wss://...`) - `token`: a short-lived pairing token Treat the setup code like a password while it is valid. ### Approve a node device ```bash openclaw devices list openclaw devices approve <requestId> openclaw devices reject <requestId> ``` ### Node pairing state storage Stored under `~/.openclaw/devices/`: - `pending.json` (short-lived; pending requests expire) - `paired.json` (paired devices + tokens) ### Notes - The legacy `node.pair.*` API (CLI: `openclaw nodes pending/approve`) is a separate gateway-owned pairing store. WS nodes still require device pairing. ## Related docs - Security model + prompt injection: [Security](/gateway/security) - Updating safely (run doctor): [Updating](/install/updating) - Channel configs: - Telegram: [Telegram](/channels/telegram) - WhatsApp: [WhatsApp](/channels/whatsapp) - Signal: [Signal](/channels/signal) - BlueBubbles (iMessage): [BlueBubbles](/channels/bluebubbles) - iMessage (legacy): [iMessage](/channels/imessage) - Discord: [Discord](/channels/discord) - Slack: [Slack](/channels/slack)