kokochat-pairing

KokoChat is a mobile client for this OpenClaw Gateway. KokoChat pairs as a real

Gateway device through OpenClaw's official openclaw qr device-pair flow:

the generator brings up the KokoChat relay tunnel, runs openclaw qr, and the

Gateway mints a short-lived bootstrapToken. The phone completes the

device-pair handshake and the Gateway issues the real device token. This skill

never self-signs a token or writes paired.json directly — that self-signing is

exactly what a careful OpenClaw flags as a backdoor.

The generated setup code uses the KokoChat relay tunnel url (so the phone can

reach this Gateway through NAT). Do not hand out LAN or bare public Gateway urls.

KokoChat product features only need operator.read + operator.write (read

sessions/history, send messages). The actual device-token scopes are signed by

OpenClaw's official openclaw qr / device-pair flow and may vary by OpenClaw

version or Gateway policy. After pairing, inspect openclaw devices list; if

the granted scopes exceed what the owner wants to grant, stop and revoke the

device. KokoChat itself does not need operator.admin, operator.approvals, or

operator.talk.secrets.

Generating A Connection Code

Run this from the skill directory. A pairing request is optional (older app

builds may include one; the openclaw qr flow does not need it):

node ./generate-kokochat-code.mjs

Return only the generated KokoChat connection code in a fenced code block.

Inspect / Approve The Phone Device (after the user pastes the code)

The setup code carries a gateway-signed bootstrapToken. When the user pastes it

into KokoChat, the phone redeems it through OpenClaw's official device-pair

flow. Depending on the OpenClaw version/gateway policy, the phone may create a

pending device request or may already appear as paired. Inspect first (the

operator is verifying a device the owner asked to pair — no patching, no

self-signing):

openclaw devices list             # confirm the KokoChat phone + actual scopes
openclaw devices approve --latest # only if it is pending and the owner accepts

If the phone is already paired, do not run approve. Inspect the actual scopes

with openclaw devices list; pairing is complete only if the owner accepts

them. If the scopes or device identity do not match expectations, stop and

recommend revoking/removing the device.

If The User Did Not Trigger Pairing From The App

Ask them to open KokoChat's "我 / 配对" page, then either run the install +

generate command it shows, or paste back the connection code you return here.

Output Format

这是新的 KokoChat 连接码：

Do Not

• Do not print the raw gateway.auth.token.
• Do not generate a token-only or self-signed setup code; the generator goes

through openclaw qr so the Gateway signs the token.

• Do not widen scopes beyond operator.read + operator.write.
• Do not patch OpenClaw internals (e.g. message-handler) to skip device

approval; use openclaw devices approve instead.