`DEV_MODE` does not actually disable gateway token use in container (Behavior mismatch)

[dejely]

MOLTBOT_GATEWAY_TOKEN is treated as required, which blocks the documented device‑pairing flow (tokenless) in non‑dev mode. This is a behavior mismatch vs README/wrangler notes.

Setting DEV_MODE=true is supposed to skip auth/device pairing and allow insecure access. However, the worker still passes MOLTBOT_GATEWAY_TOKEN into the container when it’s set, so the gateway starts in token‑auth mode anyway. This makes DEV mode inconsistent with its documented behavior.

See:

• index.ts(line 60)
• wrangler.jsonc(line 82)

Authentication ▶️ Device Pairing: says “By default, moltbot uses device pairing for authentication” and describes approving devices via /_admin/. This implies tokenless pairing is a valid mode.

Steps to Reproduce:

1. Set DEV_MODE=true and also set MOLTBOT_GATEWAY_TOKEN
2. Start
3. Connect to the control UI without ?token=
4. Gateway rejects

Expected Behavior

• In DEV mode, gateway should start without token auth (device pairing/insecure auth), even if a token is present.

Actual Behavior

• DEV mode still passes the token into the container, enabling token auth.