johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: correct sessions_spawn scope fix — watchdog was patching wrong field, spawn works fine

This commit is contained in:
James 2026-02-22 10:06:55 -05:00
parent f506651ce6
commit 1dc9a96b86
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
MEMORY.md
View File

@ -165,10 +165,8 @@ Two patches must be reapplied to `dist/` files after each OpenClaw update:
1. **Scope preservation** (`dist/gateway-cli-DbznSfRg.js`): `if (scopes.length > 0)``if (scopes.length > 0 && !disableControlUiDeviceAuth)` — prevents `dangerouslyDisableDeviceAuth` from clearing scopes
2. **Deleted transcript indexing** (`dist/sqlite-C54NeA1C.js`): `.filter((name) => name.endsWith(".jsonl"))` → add `|| name.includes(".jsonl.deleted.")` — makes memory_search find old sessions
### ⚠️ sessions_spawn — Partially Fixed (Feb 22)
**Scope stripping FIXED:** `oc-scope-watchdog.service` auto-restores `operator.write+read` within 30s of gateway restart.
**Bind issue REMAINS:** Gateway rejects `ws://192.168.1.16:18789` (non-loopback). Subagent spawning from conversation sessions fails with "pairing required" (1008). Cron jobs work (internal). Needs: `wss://` or local tunnel fix.
### ✅ sessions_spawn — Working (Feb 22)
Subagent spawning works from conversation sessions. Auth is via `tokens.operator.scopes` in `device-auth.json` + `paired.json` — both have full operator scopes. Gateway bind set to `custom/0.0.0.0` resolved the bind issue. Tested and confirmed working.
### Network
- Home lab behind UDM-Pro + Caddy
@ -814,9 +812,9 @@ Shannon's successful deployment and scan completion demonstrates security toolin
- Immich, ClickHouse, Jellyfin, Signal: all updated on 192.168.1.253
- qbittorrent-vpn: pulled only
### 🔧 sessions_spawn Scope Issue — FIXED (Feb 22)
- Gateway was stripping `operator.write+read` scopes from device-auth.json on every restart
- **Fixed via `oc-scope-watchdog.service`** — auto-restores within 30s, runs on boot
### ✅ sessions_spawn Scope Issue — RESOLVED (Feb 22)
- sessions_spawn confirmed working. The top-level `scopes` key the watchdog was patching is irrelevant metadata; real auth uses `tokens.operator.scopes` (always intact). Watchdog stopped and disabled — was fighting the gateway for nothing.
- Gateway bind `custom/0.0.0.0` + correct token scopes = sessions_spawn working from conversation sessions.
---