Bug Report
Mysti version: 0.4.0
OpenClaw version: Any with device auth enabled (default since ~2025)
Platform: Windows / Linux / macOS
Describe the bug
When Mysti connects to the OpenClaw Gateway via WebSocket, the connection fails with:
disconnected (1008): device identity required
Error codes seen: DEVICE_IDENTITY_REQUIRED / NOT_PAIRED
Depending on configuration, the extension may attempt a CLI fallback — but the Gateway connection itself is broken.
Root cause
The OpenClaw Gateway protocol (v3+) requires every WebSocket client to:
- Include a stable
device.id derived from a persistent keypair fingerprint
- Sign the server-provided
connect.challenge nonce with that keypair
In OpenClawGateway.ts, the current connect handshake payload only sends:
auth: this._token ? { token: this._token } : {}
// ← Missing: device.id, keypair fingerprint, challenge signature
The device object is absent entirely — OpenClaw's Gateway rejects the connection.
Expected behavior
Mysti should generate (or load) a persistent device keypair on first run, derive a stable device.id from it, and sign the connect.challenge nonce before sending the connect frame — similar to how the official openclaw CLI handles device registration.
Steps to reproduce
Install OpenClaw with device auth enabled (default)
Set "mysti.openclawUseGateway": true in VS Code settings
Open Mysti panel → select OpenClaw provider
Connection fails with DEVICE_IDENTITY_REQUIRED
Workaround
Setting dangerouslyDisableDeviceAuth: true in the OpenClaw Gateway config bypasses the check — but this is not recommended for remote/production Gateways.
References
[OpenClaw Gateway protocol docs](https://docs.openclaw.ai/gateway/protocol)
[OpenClaw device auth docs](https://docs.openclaw.ai/cli/devices)
Bug Report
Mysti version: 0.4.0
OpenClaw version: Any with device auth enabled (default since ~2025)
Platform: Windows / Linux / macOS
Describe the bug
When Mysti connects to the OpenClaw Gateway via WebSocket, the connection fails with:
disconnected (1008): device identity required
Error codes seen:
DEVICE_IDENTITY_REQUIRED/NOT_PAIREDDepending on configuration, the extension may attempt a CLI fallback — but the Gateway connection itself is broken.
Root cause
The OpenClaw Gateway protocol (v3+) requires every WebSocket client to:
device.idderived from a persistent keypair fingerprintconnect.challengenonce with that keypairIn
OpenClawGateway.ts, the currentconnecthandshake payload only sends: