🦞ClawTips
← Back to library

移动端消息“发出后消失”排障:放通 node chat 方法并统一 session key

解决 iOS/Android 节点角色下 `unauthorized role: node` 与 session key 不一致导致的聊天记录消失。前置:可修改 gateway 方法授权与 chat session 处理逻辑。步骤:允许 node 调用必要 chat methods→统一 `chat.send/chat.history` 的 canonical session key→回归移动端收发。关键配置:`health/chat.history/chat.send/chat.abort/sessions.list` 需在 node 白名单中。验证:移动端发言后历史不会被刷新覆盖。风险:放通过多方法会扩大攻击面,需最小化白名单(需验证)。

GITHUBDiscovered 2026-02-15Author echennells
Prerequisites
  • You can patch gateway server-method authorization and redeploy safely.
  • A reproducible mobile client flow exists to test send/history consistency.
Steps
  1. Add required chat methods to node-role allowlist (`health`, `chat.history`, `chat.send`, `chat.abort`, `sessions.list`).
  2. Ensure `chat.send` writes with canonical session key, consistent with `chat.history` lookup.
  3. Keep client-facing run mapping compatible so broadcasts still resolve by user session key.
  4. Run live mobile regression: send message → receive reply → refresh history repeatedly.
Commands
openclaw gateway status
openclaw gateway restart
openclaw status
Verify

Mobile chat methods are authorized for node role and message history remains stable after refresh.

Caveats
  • Authorization updates must be reviewed with security owners before production rollout.
  • Session-key migration edge cases on existing runs may require one-time cleanup(需验证).
Source attribution

This tip is aggregated from community/public sources and preserved with attribution.

Open original source ↗
Visit original post