let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

test: cover scope upgrade flow

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-20 11:41:12 +00:00
parent d8cc7db5e6
commit b48d5d96d3
2 changed files with 80 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/refactor/clawnet.md
View File

@@ -291,7 +291,7 @@ Same `deviceId` across roles → single “Instance” row:
# Execution checklist (ship order)
- [x] **Devicebound auth (PoP):** nonce challenge + signature verify on connect; remove beareronly for nonlocal.
- [x] **Rolescoped creds:** issue perrole tokens, rotate, revoke, list; UI/CLI surfaced; audit log entries.
- [ ] **Scope enforcement:** keep paired scopes in sync on rotation; reject/upgrade flows explicit; tests.
- [x] **Scope enforcement:** keep paired scopes in sync on rotation; reject/upgrade flows explicit; tests.
- [ ] **Approvals routing:** gatewayhosted approvals; operator UI prompt/resolve; node stops prompting.
- [ ] **TLS pinning for WS:** reuse bridge TLS runtime; discovery advertises fingerprint; client validation.
- [ ] **Discovery + allowlist:** WS discovery TXT includes TLS fingerprint + role hints; node commands filtered by server allowlist.