chore(sync): mirror docs from openclaw/openclaw@dd17dea

openclaw-docs-sync[bot] · openclaw-docs-sync[bot] · commit 4eb5da621108 · 2026-04-23T06:57:09.000Z
diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json
@@ -1,5 +1,5 @@
 {
   "repository": "openclaw/openclaw",
-  "sha": "c8aec6b951acc9c46df4d370d56e5f5450bb2b04",
-  "syncedAt": "2026-04-23T06:53:52.164Z"
+  "sha": "dd17dea761d532dc12e9a63950fe3cab604e0ee5",
+  "syncedAt": "2026-04-23T06:57:08.686Z"
 }
diff --git a/docs/gateway/pairing.md b/docs/gateway/pairing.md
@@ -121,10 +121,12 @@ If silent approval fails, it falls back to the normal “Approve/Reject” promp
 
 When an already paired device reconnects with only non-sensitive metadata
 changes (for example, display name or client platform hints), OpenClaw treats
-that as a `metadata-upgrade` and auto-approves the reconnect without
-prompting. Scope upgrades (read to write/admin) and public key changes are
-**not** eligible for metadata-upgrade auto-approval — they stay as explicit
-re-approval requests.
+that as a `metadata-upgrade`. Silent auto-approval is narrow: it applies only
+to trusted local CLI/helper reconnects that already proved possession of the
+shared token or password over loopback. Browser/Control UI clients and remote
+clients still use the explicit re-approval flow. Scope upgrades (read to
+write/admin) and public key changes are **not** eligible for metadata-upgrade
+auto-approval — they stay as explicit re-approval requests.
 
 ## QR pairing helpers
 
diff --git a/docs/gateway/security/index.md b/docs/gateway/security/index.md
@@ -947,9 +947,10 @@ Local device pairing:
   treated as remote for pairing, trusted-proxy auth, and Control UI device
   identity gating — it no longer qualifies for loopback auto-approval.
 - **Metadata-upgrade auto-approval** applies only to non-sensitive reconnect
-  deltas on already paired devices (display name, client platform hints).
-  Scope upgrades (read to write/admin) and public key changes still require
-  explicit re-approval and are never silently upgraded.
+  deltas on already paired trusted local CLI/helper clients that proved
+  possession of the shared token or password over loopback. Browser/Control UI
+  clients and remote clients still require explicit re-approval. Scope upgrades
+  (read to write/admin) and public key changes are never silently upgraded.
 
 Auth modes:
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"repository": "openclaw/openclaw",`
`3`		`- "sha": "c8aec6b951acc9c46df4d370d56e5f5450bb2b04",`
`4`		`- "syncedAt": "2026-04-23T06:53:52.164Z"`
	`3`	`+ "sha": "dd17dea761d532dc12e9a63950fe3cab604e0ee5",`
	`4`	`+ "syncedAt": "2026-04-23T06:57:08.686Z"`
`5`	`5`	`}`