2026-02-11 21:43:05 +00:00
|
|
|
# Authentication
|
|
|
|
|
|
|
|
|
|
Mission Control supports two auth modes via `AUTH_MODE`:
|
|
|
|
|
|
|
|
|
|
- `local`: shared bearer token auth for self-hosted deployments
|
|
|
|
|
- `clerk`: Clerk JWT auth
|
|
|
|
|
|
|
|
|
|
## Local mode
|
|
|
|
|
|
|
|
|
|
Backend:
|
|
|
|
|
|
|
|
|
|
- `AUTH_MODE=local`
|
|
|
|
|
- `LOCAL_AUTH_TOKEN=<token>`
|
|
|
|
|
|
|
|
|
|
Frontend:
|
|
|
|
|
|
|
|
|
|
- `NEXT_PUBLIC_AUTH_MODE=local`
|
|
|
|
|
- Provide the token via the login UI.
|
|
|
|
|
|
|
|
|
|
## Clerk mode
|
|
|
|
|
|
|
|
|
|
Backend:
|
|
|
|
|
|
|
|
|
|
- `AUTH_MODE=clerk`
|
|
|
|
|
- `CLERK_SECRET_KEY=<secret>`
|
|
|
|
|
|
|
|
|
|
Frontend:
|
|
|
|
|
|
|
|
|
|
- `NEXT_PUBLIC_AUTH_MODE=clerk`
|
|
|
|
|
- `NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=<key>`
|
docs: document security hardening changes from security review
Add documentation for all user/operator-facing changes introduced by the
security review branch: rate limits, security headers, webhook HMAC
verification, payload size limits, gateway token redaction, non-root
containers, agent token logging, and prompt injection mitigation.
Updated: docs/reference/api.md, docs/reference/authentication.md,
docs/reference/configuration.md, docs/deployment/README.md,
docs/operations/README.md, docs/openclaw_gateway_ws.md, backend/README.md.
Created: docs/reference/security.md (consolidated security reference).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 14:51:52 -07:00
|
|
|
|
|
|
|
|
## Agent authentication
|
|
|
|
|
|
|
|
|
|
Autonomous agents authenticate via an `X-Agent-Token` header (not the bearer token used by human users). See [API reference](api.md) for details.
|
|
|
|
|
|
|
|
|
|
Security notes:
|
|
|
|
|
|
|
|
|
|
- Agent auth is rate-limited to **20 requests per 60 seconds per IP**. Exceeding this returns `429 Too Many Requests`.
|
2026-03-04 11:33:04 -07:00
|
|
|
- On authentication failure, only a short prefix of the presented token is logged to aid debugging. Full tokens are never written to logs.
|
