fix: update gateway auth docs and clients

2026-01-11 01:51:07 +01:00
parent d33285a9cd
commit b0b4b33b6b
28 changed files with 283 additions and 67 deletions
--- a/docs/start/onboarding.md
+++ b/docs/start/onboarding.md
@@ -32,7 +32,8 @@ Where does the **Gateway** run?
 - **Configure later:** skip setup and leave the app unconfigured.

 Gateway auth tip:
- If you only use Clawdbot locally (loopback), auth can be **Off**.
+- The wizard now generates a **token** even for loopback, so local WS clients must authenticate.
+- If you disable auth, any local process can connect; use that only on fully trusted machines.
 - Use a **token** for multi‑machine access or non‑loopback binds.

 ## 2) Local-only auth (Anthropic OAuth)