will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: align gateway auth docs with config schema

Browse Source
This commit is contained in:
William Valentin
2026-02-15 11:22:59 -08:00
parent e159476d31
commit 4e28ca7c8f
3 changed files with 28 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/api/PROTOCOL.md
+3 -3
View File
@@ -115,7 +115,7 @@ Common close codes:
### Bearer Token Auth
If `gateway.auth.token` is configured, all WebSocket connections must provide authentication:
If `server.token` is configured, all WebSocket connections must provide authentication:
```javascript
const ws = new WebSocket('ws://localhost:18800', {
@@ -127,7 +127,7 @@ const ws = new WebSocket('ws://localhost:18800', {
### Tailscale Identity
If `gateway.auth.trustTailscaleIdentity` is enabled, connections from Tailscale are trusted based on the `Tailscale-User-Login` header.
If `server.tailscale_identity` is enabled, connections from Tailscale are trusted based on the `Tailscale-User-Login` header.
```javascript
// Automatic when connecting via Tailscale
@@ -136,7 +136,7 @@ If `gateway.auth.trustTailscaleIdentity` is enabled, connections from Tailscale
### HTTP Auth
If `gateway.auth.applyToHttp` is `true` (default when token is set), HTTP requests also require bearer token:
If `server.auth_http` is `true` (default: true), HTTP requests also require bearer token when `server.token` is set:
```javascript
fetch('http://localhost:18800/api/health', {
docs/deployment/PRODUCTION.md
+20 -6
View File
@@ -289,12 +289,11 @@ rm /tmp/anthropic_key.txt
```yaml
# config/production.yaml
gateway:
enabled: true
auth:
token: 'your-random-token-here' # Generate with: openssl rand -hex 32
trustTailscaleIdentity: true
applyToHttp: true
server:
token: 'your-random-token-here' # Generate with: openssl rand -hex 32
tailscale_identity: true
auth_http: true
lock: false
```
Generate a secure token:
@@ -302,6 +301,21 @@ Generate a secure token:
openssl rand -hex 32
```
#### Safe Defaults (Recommended)
These defaults align with `docs/security/SAFE_PERSONAL_AGENT.md`:
```yaml
pairing:
enabled: true
tools:
profile: messaging
sandbox:
enabled: true
```
#### Channel Whitelists
Restrict who can interact with Flynn:
docs/plans/state.json
+5
View File
@@ -14,6 +14,11 @@
"date": "2026-02-15",
"summary": "Added docs/architecture/GATEWAY_SESSIONS_AND_QUEUE.md to document how gateway connectionIds map to durable sessionIds, how per-session FIFO lane queueing works, and how agent.cancel behaves."
},
"docs-gateway-auth-config-keys": {
"status": "completed",
"date": "2026-02-15",
"summary": "Docs fix: updated docs/api/PROTOCOL.md and docs/deployment/PRODUCTION.md to use the current config schema keys for gateway auth (server.token/server.tailscale_identity/server.auth_http) and added a short safe-defaults snippet (pairing/tools.profile/sandbox)."
},
"openclaw-gap-roadmap": {
"file": "2026-02-15-openclaw-gap-roadmap.md",
"status": "planned",