openclaw-mission-control

Files

Adam Grenier 3b20e799e2 fix: accept Authorization: Bearer in agent_auth_context_optional

The optional variant of get_agent_auth_context had accept_authorization=False,
which prevented agents using Authorization: Bearer from passing through the
ACTOR_DEP / BOARD_READ_DEP / TASK_DEP dependency chain.

This caused 401 on any agent route that resolves a board or task via the shared
ACTOR_DEP (e.g. PATCH /agent/boards/{id}/tasks/{id} and
POST /agent/boards/{id}/tasks/{id}/comments), even though the same token worked
fine on routes that use AGENT_CTX_DEP directly (accept_authorization=True).

Fix: set accept_authorization=True in get_agent_auth_context_optional so both
X-Agent-Token and Authorization: Bearer are accepted consistently.

Verified: PATCH and POST /comments now resolve board/task correctly when
Authorization: Bearer is used. No security regression — agent_token_hash
comparison rejects any non-agent bearer tokens.

2026-02-26 11:51:45 -08:00

__init__.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

agent_auth.py

fix: accept Authorization: Bearer in agent_auth_context_optional

2026-02-26 11:51:45 -08:00

agent_tokens.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

auth_mode.py

feat: update local authentication mode to require a non-placeholder token of at least 50 characters