From bab3f26ef6336e29be83c34473a57c8459e3642b Mon Sep 17 00:00:00 2001
From: William Valentin <william.valentin.info@gmail.com>
Date: Mon, 9 Feb 2026 22:09:30 -0800
Subject: [PATCH] docs: update pairing docs with SQLite persistence and TUI
 execution details

---
 .planning/codebase/CONCERNS.md                         | 9 ++++-----
 .planning/codebase/INTEGRATIONS.md                     | 4 +++-
 CHANGELOG.md                                           | 6 ++++--
 README.md                                              | 4 ++--
 docs/plans/2026-02-06-openclaw-feature-gap-analysis.md | 2 +-
 5 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.planning/codebase/CONCERNS.md b/.planning/codebase/CONCERNS.md
index 3468129..ac6794a 100644
--- a/.planning/codebase/CONCERNS.md
+++ b/.planning/codebase/CONCERNS.md
@@ -43,11 +43,10 @@
 - Impact: Users cannot cancel long-running agent tasks. The "cancel" API endpoint exists but is a no-op beyond setting a flag. This affects gateway/TUI UX.
 - Fix approach: Pass an `AbortSignal` into `NativeAgent.run()`. Check `signal.aborted` between loop iterations and before each tool execution. Propagate signal to model client `chat()` calls.
 
-**PairingManager State is Ephemeral:**
-- Issue: `PairingManager` stores approved senders and pending codes in memory-only Maps (`src/channels/pairing.ts:36-37`). All pairing state is lost on daemon restart.
-- Files: `src/channels/pairing.ts:36-37`
-- Impact: After restart, all previously paired senders must re-pair. In production, this means users lose access on every deployment or crash.
-- Fix approach: Persist approved senders to SQLite (alongside sessions). Pending codes can remain in-memory since they're short-lived by design.
+**PairingManager State is Ephemeral:** *RESOLVED*
+- Resolution: `PairingStore` interface added to `PairingManager` with SQLite implementation via `SessionStore.getPairingStore()`. Approved senders are persisted in the `pairing_approved` table and survive daemon restarts. Pending codes remain in-memory (short-lived by design).
+- Commits: `1e1a689`, `ecd3aca`, `62331c3`
+- Files: `src/channels/pairing.ts`, `src/session/store.ts`, `src/daemon/services.ts`, `src/daemon/index.ts`
 
 **Hardcoded Anthropic → GitHub Model Mapping:**
 - Issue: `anthropicToGitHubModel()` contains a hardcoded mapping table that must be manually updated for each new Anthropic model release. A generic fallback regex exists but only handles the date-suffix stripping pattern.
diff --git a/.planning/codebase/INTEGRATIONS.md b/.planning/codebase/INTEGRATIONS.md
index f2d17d1..8ab9479 100644
--- a/.planning/codebase/INTEGRATIONS.md
+++ b/.planning/codebase/INTEGRATIONS.md
@@ -161,10 +161,12 @@ All adapters implement `ChannelAdapter` interface (`src/channels/types.ts`): `co
 - Gateway lock: Single-client WebSocket mode (`server.lock`)
 
 **DM Pairing Codes:**
-- Implementation: `src/channels/pairing.ts`
+- Implementation: `src/channels/pairing.ts`, `src/session/store.ts` (SQLite persistence)
 - Purpose: Authenticate unknown senders via one-time codes
 - Config: `pairing.enabled`, `pairing.code_ttl` (default 5m), `pairing.code_length` (default 6)
 - Gateway handlers for code generation/verification
+- TUI `/pair` command execution (generate/list/revoke) in `src/frontends/tui/minimal.ts`
+- Persistence: `PairingStore` interface with SQLite `pairing_approved` table -- approved senders survive daemon restarts
 
 **Gmail OAuth2:**
 - SDK: `googleapis` (`src/automation/gmail.ts`)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 60ec568..ced0f91 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,8 +33,10 @@ All notable changes to Flynn are documented in this file.
 - **DM Pairing Codes** -- PairingManager with time-limited codes for
   authenticating unknown DM senders. Integrated into all 4 channel adapters
   (Telegram, Discord, Slack, WhatsApp). Gateway handlers (`pairing.generate`,
-  `pairing.list`, `pairing.revoke`). TUI `/pair` command. Configurable TTL
-  and code length. 22 tests.
+  `pairing.list`, `pairing.revoke`). TUI `/pair` command with generate/list/revoke
+  subcommands wired through PairingManager. SQLite persistence via `PairingStore`
+  interface -- approved senders survive daemon restarts. Configurable TTL and code
+  length. 35 tests.
 - **Zhipu AI (GLM) Provider** -- Support for Zhipu AI's GLM models (glm-4.5, glm-4.7, etc.)
   via their OpenAI-compatible API at `https://api.z.ai/api/paas/v4`. Uses `provider: zhipuai`
   in config with `api_key` or `ZHIPUAI_API_KEY` env var.
diff --git a/README.md b/README.md
index e619d98..6f7ce7e 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Self-hosted personal AI assistant with Telegram and Terminal interfaces.
 - **Skills System**: Extensible capability packages (bundled, managed, workspace tiers)
 - **Gateway Lock**: Single-client mode — reject additional WebSocket connections when one is active
 - **Tailscale Serve**: Auto-expose gateway via Tailscale Serve on daemon start with lifecycle management
-- **DM Pairing Codes**: Allow unknown senders to pair with the bot via time-limited codes across all channels
+- **DM Pairing Codes**: Allow unknown senders to pair with the bot via time-limited codes across all channels, with SQLite-backed persistence across restarts
 - **Lane Queue**: Per-session FIFO queue serializes concurrent gateway requests
 
 ## Quick Start
@@ -505,7 +505,7 @@ pairing:
 1. Generate a code via the TUI (`/pair generate`), gateway API (`pairing.generate`), or web dashboard
 2. Share the code with the user
 3. The user sends the code as their first DM to the bot
-4. If valid, the user's sender ID is permanently approved for that channel
+4. If valid, the user's sender ID is permanently approved for that channel (persisted in SQLite, survives daemon restarts)
 5. Approved users can be listed (`/pair list`) and revoked (`/pair revoke <channel> <id>`)
 
 ### TUI Commands
diff --git a/docs/plans/2026-02-06-openclaw-feature-gap-analysis.md b/docs/plans/2026-02-06-openclaw-feature-gap-analysis.md
index 6854439..a1b7805 100644
--- a/docs/plans/2026-02-06-openclaw-feature-gap-analysis.md
+++ b/docs/plans/2026-02-06-openclaw-feature-gap-analysis.md
@@ -145,7 +145,7 @@ Flynn actually has MCP support that OpenClaw doesn't emphasise — OpenClaw reli
 |---------|----------|-------|--------|
 | Tool confirmation hooks | Full | Full (confirm/log/silent patterns) | **MATCH** |
 | Chat ID allowlists | Per-channel | Full (Telegram, Discord, Slack, WhatsApp all have allowlists) | **MATCH** |
-| DM pairing (unknown senders) | Full (pairing codes) | Full (PairingManager with TTL codes, channel adapter integration, gateway handlers, TUI /pair command) | **MATCH** |
+| DM pairing (unknown senders) | Full (pairing codes) | Full (PairingManager with TTL codes, SQLite persistence, channel adapter integration, gateway handlers, TUI /pair command) | **MATCH** |
 | Credential redaction | Config responses redacted (v2026.2.6) | Full (18+ secret fields redacted from config API) | **MATCH** |
 | Skill/plugin code safety scanner | Static analysis (v2026.2.6) | -- | **MISSING** |
 | Docker sandboxing | Full (per-session/agent/shared) | Full (per-agent sandbox via SandboxManager + Docker) | **MATCH** |