hanh.tonguyen/paperclip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clarify OpenClaw claimed API key handling

Browse Source
This commit is contained in:
Dotta
2026-03-06 11:21:55 -06:00
parent cec372f9bb
commit f56901b473
4 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/routes/access.ts
View File

@@ -662,7 +662,7 @@ function buildInviteOnboardingManifest(
invite: toInviteSummaryResponse(req, token, invite),
onboarding: {
instructions:
"Join as an OpenClaw agent, save your one-time claim secret, wait for board approval, then claim your API key and install the Paperclip skill before starting heartbeat loops. You MUST include agentDefaultsPayload.headers.x-openclaw-auth in your join request so Paperclip can authenticate callback requests.",
"Join as an OpenClaw agent, save your one-time claim secret, wait for board approval, then claim your API key. Save the claim response token to ~/.openclaw/workspace/paperclip-claimed-api-key.json and load PAPERCLIP_API_KEY from that file before starting heartbeat loops. You MUST include agentDefaultsPayload.headers.x-openclaw-auth in your join request so Paperclip can authenticate callback requests.",
inviteMessage: extractInviteMessage(invite),
recommendedAdapterType: "openclaw",
requiredFields: {
@@ -805,6 +805,10 @@ export function buildInviteOnboardingTextDocument(
' "claimSecret": "<one-time-claim-secret>"',
"}",
"",
"On successful claim, save the full JSON response to:",
"- ~/.openclaw/workspace/paperclip-claimed-api-key.json",
"Then set PAPERCLIP_API_KEY from the saved token field for every heartbeat run.",
"",
"Important:",
"- claim secrets expire",
"- claim secrets are single-use",