fix(android): require setup code for first-run gateway pairing#98275
fix(android): require setup code for first-run gateway pairing#98275Solvely-Colin wants to merge 1 commit into
Conversation
|
Codex review: found issues before merge. Reviewed June 30, 2026, 9:10 PM ET / 01:10 UTC. Summary PR surface: Other +291. Total +291 across 3 files. Reproducibility: yes. source inspection gives a high-confidence path: current main's nearby onboarding action calls connectInBackground(endpoint) without setup-code/token/password auth, while the PR changes that path to endpoint prefill plus authenticated pairing. I did not run a fresh emulator reproduction in this read-only review. Review metrics: 1 noteworthy metric.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land the Android auth gate only after fixing source-aware manual recovery validation, rebasing against current main, and getting maintainer acceptance for the stricter first-run setup-code/auth behavior. Do we have a high-confidence way to reproduce the issue? Yes, source inspection gives a high-confidence path: current main's nearby onboarding action calls connectInBackground(endpoint) without setup-code/token/password auth, while the PR changes that path to endpoint prefill plus authenticated pairing. I did not run a fresh emulator reproduction in this read-only review. Is this the best way to solve the issue? No, not yet. The owner boundary is plausible, but the patch should preserve source-aware manual credential recovery guidance and rebase over current main before it is the best merge shape. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 006c2f7a2b28. Label changesLabel changes:
Label justifications:
Evidence reviewedPR surface: Other +291. Total +291 across 3 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
There was a problem hiding this comment.
Pull request overview
Updates the Android onboarding UX/logic so first-run Gateway pairing requires setup-code (bootstrap) auth, while nearby discovery is limited to endpoint prefill, reducing false “paired” states and improving recovery guidance.
Changes:
- Make nearby Gateway discovery prefill host/port only (no direct connect) and update UI copy/state accordingly.
- Add a first-run setup-code panel and route QR scan + pasted setup codes through a single validated pairing path.
- Expand unit tests for onboarding flow states, setup-code resolution, and validation-message wording.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt | Reworks onboarding pairing to require setup-code/bootstrap auth; adds setup-code UI panel and new recovery states/copy. |
| apps/android/app/src/test/java/ai/openclaw/app/ui/OnboardingFlowLogicTest.kt | Adds/updates tests for “endpoint-only” nearby discovery, setup-code pairing config resolution, and recovery messaging. |
| apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt | Adds assertions for setup-code vs manual endpoint validation-message wording. |
| if (config == null) { | ||
| setupError = gatewayOnboardingValidationMessage(setupCode) | ||
| return false | ||
| } |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 69d6325af4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "AUTH_TOKEN_MISMATCH", | ||
| "AUTH_PASSWORD_MISMATCH", |
There was a problem hiding this comment.
Don’t report manual auth mismatches as expired setup codes
When the failed attempt comes from the advertised manual-token/password recovery path, these gateway detail codes mean the typed credential was wrong, not that a setup code expired; sibling macOS recovery keeps AUTH_TOKEN_MISMATCH as token mismatch and password mismatch as password-required messaging. Classifying both here as SetupCodeExpired changes the recovery screen to “Fresh Setup Code Needed” with a scan-code primary action, so users who entered a bad manual token/password are steered away from correcting that credential.
Useful? React with 👍 / 👎.
What Problem This Solves
Fixes an issue where Android users setting up OpenClaw for the first time could use a nearby Gateway endpoint and appear to be paired even though the phone had not provided setup-code/bootstrap authentication. It also resolves a problem where QR/setup-code pairing was hidden behind Advanced-style recovery instead of being the visible first-run path.
AI-assisted: yes. This PR was prepared with Codex, with focused unit proof plus a disposable Android emulator smoke run.
Why This Change Was Made
The Android onboarding flow now treats setup-code pairing as the canonical first-run path: scanned QR/setup-code payloads and pasted setup codes go through the same validated pairing path, while nearby discovery only fills the endpoint and still requires setup-code/token/password auth. Recovery copy now separates approval pending, missing auth, stale/expired setup code, and generic connection failures so users get a concrete next step.
This intentionally stays Android-first and does not change CLI/docs, iOS, macOS, web, Gateway server behavior, settings, voice, search, or light mode.
User Impact
Fresh Android installs can pair by scanning or pasting the setup code from
openclaw qrwithout opening Advanced settings. Nearby Gateway discovery can still help fill host/port, but it cannot create a false paired/checking-approval state without authentication. When pairing fails, users see whether to scan or paste a fresh setup code, approve a pending node request, edit the endpoint, or retry.Evidence
Focused tests:
Result:
BUILD SUCCESSFUL.Whitespace:
Result: passed.
Disposable emulator proof:
OpenClaw_Onboarding_API_36.ai.openclaw.appapp state.bootstrapTokenwas present and the setup URL was emulator-reachable.Paste setup codefield, not QR camera. Local UI XML check before submit: exact field match123/123.Pair with Gateway; app moved through Gateway Recovery into Permission Setup.Sanitized gateway proof window:
2026-06-30T14:33:35.000Zto2026-06-30T14:34:20.000Zdevice pairing auto-approved ... role=node:1token_missing:0auth=none:0config.get,models.authStatus,usage.status,skills.status, anddoctor.memory.status.Sanitized logcat proof window:
73token_missing:0auth=none:0Local proof artifacts prepared for upload from:
/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/README.md/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/screenshots/04-setup-screen.png/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/screenshots/06-pairing-progress.png/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/screenshots/07-final-state.png/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/video/android-onboarding-setup-code-proof.gif/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/video/android-onboarding-setup-code-proof.mp4/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/logs/gateway-proof-window.sanitized.txt/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/logs/gateway-proof-window-summary.json/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/logs/logcat-proof-window.sanitized.txt/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/logs/logcat-proof-window-summary.json/var/folders/29/t5g8cdc123j4f14j51n8rzg00000gn/T//openclaw-android-onboarding-pr-prep-20260630112148/logs/typed-check.jsonKnown proof gap: I did not capture a final Overview/Gateway Online screenshot in this pass. The setup-code run advanced past Gateway Recovery into Permission Setup, but tapping the permission Continue button returned to the welcome screen on the disposable emulator. The auth proof is therefore based on the setup-code field match, Gateway auto-approval log, absence of
token_missing/auth=nonein the proof window, and post-pairing Permission Setup screenshot/animation.