feat/cherry-pick-heartbeat-governor/docs/openclaw_gateway_ws.md

# Gateway WebSocket protocol

## Connection Types

OpenClaw Mission Control supports both secure (`wss://`) and non-secure (`ws://`) WebSocket connections to gateways.

### Secure Connections (wss://)

For production environments, always use `wss://` (WebSocket Secure) connections with valid TLS certificates.

### Self-Signed Certificates

You can enable support for self-signed TLS certificates with a toggle:

1. Navigate to the gateway configuration page (Settings → Gateways)
2. When creating or editing a gateway, enable: **"Allow self-signed TLS certificates"**
3. This applies to any `wss://` gateway URL for that gateway configuration.

When enabled, Mission Control skips TLS certificate verification for that gateway connection.

**Security Warning**: Enabling this weakens transport security and should only be used when you explicitly trust the endpoint and network path. Prefer valid CA-signed certificates for production gateways.

## Configuration Options

When configuring a gateway, you can specify:

- **Gateway URL**: The WebSocket endpoint (e.g., `wss://localhost:18789` or `ws://gateway:18789`)
- **Gateway Token**: Optional authentication token. Tokens are currently returned in API responses; a future release will redact them from read endpoints. Treat gateway API responses as sensitive and store tokens securely.
- **Workspace Root**: The root directory for gateway files (e.g., `~/.openclaw`)
- **Allow self-signed TLS certificates**: Toggle TLS certificate verification off for this gateway's `wss://` connections (default: disabled)
CI: add markdownlint + docs-check wrapper; extend link check scope 2026-02-12 13:19:37 +00:00			`# Gateway WebSocket protocol`

docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00			`## Connection Types`

			OpenClaw Mission Control supports both secure (`wss://`) and non-secure (`ws://`) WebSocket connections to gateways.

			`### Secure Connections (wss://)`

			For production environments, always use `wss://` (WebSocket Secure) connections with valid TLS certificates.

			`### Self-Signed Certificates`

docs: update documentation for enabling self-signed TLS certificates in gateway configuration 2026-02-22 21:03:32 +05:30			`You can enable support for self-signed TLS certificates with a toggle:`
docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00
			`1. Navigate to the gateway configuration page (Settings → Gateways)`
docs: update documentation for enabling self-signed TLS certificates in gateway configuration 2026-02-22 21:03:32 +05:30			`2. When creating or editing a gateway, enable: "Allow self-signed TLS certificates"`
			3. This applies to any `wss://` gateway URL for that gateway configuration.
docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00
docs: update documentation for enabling self-signed TLS certificates in gateway configuration 2026-02-22 21:03:32 +05:30			`When enabled, Mission Control skips TLS certificate verification for that gateway connection.`

			`Security Warning: Enabling this weakens transport security and should only be used when you explicitly trust the endpoint and network path. Prefer valid CA-signed certificates for production gateways.`
docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00
			`## Configuration Options`

			`When configuring a gateway, you can specify:`

			- Gateway URL: The WebSocket endpoint (e.g., `wss://localhost:18789` or `ws://gateway:18789`)
docs: fix gateway token description in openclaw_gateway_ws.md to match actual behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-04 01:41:25 -07:00			`- Gateway Token: Optional authentication token. Tokens are currently returned in API responses; a future release will redact them from read endpoints. Treat gateway API responses as sensitive and store tokens securely.`
docs: Add documentation for self-signed TLS certificate support Co-authored-by: abhi1693 <5083532+abhi1693@users.noreply.github.com> 2026-02-22 05:32:04 +00:00			- Workspace Root: The root directory for gateway files (e.g., `~/.openclaw`)
docs: update documentation for enabling self-signed TLS certificates in gateway configuration 2026-02-22 21:03:32 +05:30			- Allow self-signed TLS certificates: Toggle TLS certificate verification off for this gateway's `wss://` connections (default: disabled)