init permissions

2026-02-20 20:39:41 -05:00
parent 7dec80e217
commit dd6b3aa63d
2 changed files with 58 additions and 3 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -376,9 +376,47 @@ docker build -t registry.lan/openclaw:latest .
 **Problem**: Web UI shows "disconnected (1008): pairing required"

 **Solution**:
-1. Check logs for device IDs: `docker logs CONTAINER | grep pairing`
-2. Manually approve devices in paired.json
-3. Restart container
+1. Use the built-in CLI approver (recommended):
+
+```bash
+# approve newest pending request
+docker exec CONTAINER_NAME node dist/index.js devices approve --latest --token "$OPENCLAW_GATEWAY_TOKEN"
+
+# inspect current state
+docker exec CONTAINER_NAME node dist/index.js devices list --token "$OPENCLAW_GATEWAY_TOKEN"
+```
+
+2. If using Tailscale Serve, ensure Gateway auth/proxy settings are correct:
+
+```json
+{
+  "gateway": {
+    "bind": "loopback",
+    "tailscale": { "mode": "serve" },
+    "auth": { "allowTailscale": true },
+    "trustedProxies": ["127.0.0.1", "::1"]
+  }
+}
+```
+
+3. If error changes to `device token mismatch`, the browser usually has stale local state.
+   - Open the Control UI in an Incognito/Private window.
+   - Re-paste gateway token in settings, or open a tokenized URL from:
+
+```bash
+docker exec CONTAINER_NAME node dist/index.js dashboard --no-open
+```
+
+4. If needed, only clear pending requests (not full config):
+
+```bash
+docker exec CONTAINER_NAME sh -c 'echo {} > /home/node/.openclaw/devices/pending.json'
+```
+
+**Notes**:
+- Remote browsers (LAN/Tailscale) still require one-time device pairing.
+- Localhost (`127.0.0.1`) auto-approves.
+- Config edits trigger Gateway reload/restart automatically; container restart is usually unnecessary.

 ### Permission Denied Errors

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,20 @@
 version: "3.8"

 services:
+  openclaw-init-perms:
+    image: alpine:3.20
+    container_name: openclaw-init-perms
+    restart: "no"
+    command:
+      [
+        "sh",
+        "-c",
+        "mkdir -p /config /workspace && chown -R 1000:1000 /config /workspace && chmod 755 /config /workspace",
+      ]
+    volumes:
+      - openclaw-config:/config
+      - openclaw-workspace:/workspace
+
  openclaw-gateway:
    build:
      context: ./docker
@@ -10,6 +24,9 @@ services:
    image: openclaw:custom-arm64
    container_name: openclaw-gateway
    restart: unless-stopped
+    depends_on:
+      openclaw-init-perms:
+        condition: service_completed_successfully
    environment:
      HOME: /home/node
      TERM: xterm-256color