2.5 KiB
2.5 KiB
summary, read_when
| summary | read_when | |||
|---|---|---|---|---|
| Pairing overview: approve who can DM you + which nodes can join |
|
Pairing
“Pairing” is Clawdbot’s explicit owner approval step. It is used in two places:
- DM pairing (who is allowed to talk to the bot)
- Node pairing (which devices/nodes are allowed to join the gateway network)
Security context: Security
1) DM pairing (inbound chat access)
When a channel is configured with DM policy pairing, unknown senders get a short code and their message is not processed until you approve.
Default DM policies are documented in: Security
Pairing codes:
- 8 characters, uppercase, no ambiguous chars (
0O1I). - Expire after 1 hour. The bot only sends the pairing message when a new request is created (roughly once per hour per sender).
- Pending DM pairing requests are capped at 3 per channel by default; additional requests are ignored until one expires or is approved.
Approve a sender
clawdbot pairing list telegram
clawdbot pairing approve telegram <CODE>
Supported channels: telegram, whatsapp, signal, imessage, discord, slack.
Where the state lives
Stored under ~/.clawdbot/credentials/:
- Pending requests:
<channel>-pairing.json - Approved allowlist store:
<channel>-allowFrom.json
Treat these as sensitive (they gate access to your assistant).
2) Node device pairing (iOS/Android/macOS/headless nodes)
Nodes connect to the Gateway as devices with role: node. The Gateway
creates a device pairing request that must be approved.
Approve a node device
clawdbot devices list
clawdbot devices approve <requestId>
clawdbot devices reject <requestId>
Where the state lives
Stored under ~/.clawdbot/devices/:
pending.json(short-lived; pending requests expire)paired.json(paired devices + tokens)
Notes
- The legacy
node.pair.*API (CLI:clawdbot nodes pending/approve) is a separate gateway-owned pairing store. WS nodes still require device pairing.