SafeClaw version
0.1.6
What happened?
SafeClaw v0.1.6 cannot connect to OpenClaw v2026.3.13. The OpenClaw gateway rejects the WebSocket handshake because SafeClaw's connect params are missing the required nonce field in the device object.
OpenClaw's current connect flow sends a connect.challenge event containing a nonce after the WebSocket opens. The client is expected to include this nonce in the device identity section of the connect request. SafeClaw's OpenClaw client doesn't appear to handle this challenge-response step.
Workaround attempted
Setting dangerouslyDisableDeviceAuth: true and allowInsecureAuth: true in the OpenClaw gateway config did not resolve the issue — the nonce is still required at the protocol level.
Additional context
OpenClaw's device auth handshake has had several recent changes (see openclaw/openclaw#39667, #44967). SafeClaw's OpenClaw client library likely needs to be updated to the current protocol version.
Expected behavior
SafeClaw should handle the connect.challenge event from the OpenClaw gateway and include the server-issued nonce in the device connect params.
Steps to reproduce
- Run OpenClaw gateway v2026.3.13 (
openclaw gateway --port 18789)
- Run SafeClaw v0.1.0 (
npx safeclaw start)
- SafeClaw attempts to connect and enters a reconnect loop
Affected area
OpenClaw Connection
Environment
- OpenClaw: v2026.3.13
- SafeClaw: v0.1.0 according to the webui, but the startup banner and configs show 0.1.6 so I would assume 0.1.6
- OS: Linux (Debian 13)
- Node: v25.6.1
Logs / errors
{"level":50,"time":1773627021267,"pid":40108,"hostname" "","error":{"code":"INVALID_REQUEST","message":"invalid connect params: at /device: must have required property 'nonce'"},"msg":"OpenClaw connect handshake rejected"}
{"level":30,"time":1773627021268,"pid":40108,"hostname":"","code":1008,"reason":"invalid connect params: at /device: must have required property 'nonce'","msg":"OpenClaw gateway connection closed"}
This repeats indefinitely with increasing backoff.
SafeClaw version
0.1.6
What happened?
SafeClaw v0.1.6 cannot connect to OpenClaw v2026.3.13. The OpenClaw gateway rejects the WebSocket handshake because SafeClaw's connect params are missing the required
noncefield in thedeviceobject.OpenClaw's current connect flow sends a
connect.challengeevent containing a nonce after the WebSocket opens. The client is expected to include this nonce in the device identity section of theconnectrequest. SafeClaw's OpenClaw client doesn't appear to handle this challenge-response step.Workaround attempted
Setting
dangerouslyDisableDeviceAuth: trueandallowInsecureAuth: truein the OpenClaw gateway config did not resolve the issue — the nonce is still required at the protocol level.Additional context
OpenClaw's device auth handshake has had several recent changes (see openclaw/openclaw#39667, #44967). SafeClaw's OpenClaw client library likely needs to be updated to the current protocol version.
Expected behavior
SafeClaw should handle the
connect.challengeevent from the OpenClaw gateway and include the server-issued nonce in the device connect params.Steps to reproduce
openclaw gateway --port 18789)npx safeclaw start)Affected area
OpenClaw Connection
Environment
Logs / errors
{"level":50,"time":1773627021267,"pid":40108,"hostname" "","error":{"code":"INVALID_REQUEST","message":"invalid connect params: at /device: must have required property 'nonce'"},"msg":"OpenClaw connect handshake rejected"} {"level":30,"time":1773627021268,"pid":40108,"hostname":"","code":1008,"reason":"invalid connect params: at /device: must have required property 'nonce'","msg":"OpenClaw gateway connection closed"} This repeats indefinitely with increasing backoff.