remove: drop gateway password/token auth entirely — device auth only

Access is now controlled purely by device pairing. Only browsers
paired via the owner's HuggingFace profile page can connect.
Removed OPENCLAW_PASSWORD from config, sync_hf.py, and README.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

README.md

@@ -78,7 +78,6 @@ Go to **Settings → Repository secrets** and configure:
 
 | Secret | Status | Description | Example |
 |--------|:------:|-------------|---------|
-| `OPENCLAW_PASSWORD` | Recommended | Password for the Control UI (default: `huggingclaw`) | `my-secret-password` |
 | `HF_TOKEN` | **Required** | HF Access Token with write permission ([create one](https://huggingface.co/settings/tokens)) | `hf_AbCdEfGhIjKlMnOpQrStUvWxYz` |
 | `OPENCLAW_DATASET_REPO` | See below | Dataset repo for backup — format: `username/repo-name`. Required in manual mode; optional in auto mode (see [Data Persistence](#data-persistence)) | `tao-shen/HuggingClaw-data` |
 | `OPENAI_API_KEY` | Recommended | OpenAI (or any [OpenAI-compatible](https://openclawdoc.com/docs/reference/environment-variables)) API key | `sk-proj-xxxxxxxxxxxx` |
@@ -124,7 +123,7 @@ Fine-tune persistence and performance. Set these as **Repository Secrets** in HF
 
 ### 3. Open the Control UI
 
-Visit your Space URL. Click the settings icon, enter your password, and connect.
+Visit your Space URL. The Control UI uses device-based authentication — only browsers paired through your HuggingFace profile can connect.
 
 Messaging integrations (Telegram, WhatsApp) can be configured directly inside the Control UI after connecting.
 
@@ -141,16 +140,14 @@ HuggingClaw supports **all OpenClaw environment variables** — it passes the en
 - **Ollama** — `OLLAMA_HOST`, `OLLAMA_NUM_PARALLEL`, `OLLAMA_KEEP_ALIVE`
 - **Secrets** — `OPENCLAW_SECRETS_BACKEND`, `VAULT_ADDR`, `VAULT_TOKEN`
 
-HuggingClaw adds its own variables for persistence and deployment: `HF_TOKEN`, `OPENCLAW_DATASET_REPO`, `AUTO_CREATE_DATASET`, `SYNC_INTERVAL`, `OPENCLAW_PASSWORD`, `OPENCLAW_DEFAULT_MODEL`, etc. See [`.env.example`](.env.example) for the complete reference.
+HuggingClaw adds its own variables for persistence and deployment: `HF_TOKEN`, `OPENCLAW_DATASET_REPO`, `AUTO_CREATE_DATASET`, `SYNC_INTERVAL`, `OPENCLAW_DEFAULT_MODEL`, etc. See [`.env.example`](.env.example) for the complete reference.
 
 ## Security
 
-- **Password-protected** — the Control UI requires a password to connect and manage the instance
+- **Device authentication** — only browsers paired through your HuggingFace profile can access the Control UI; incognito or third-party browsers are denied
 - **Secrets stay server-side** — API keys and tokens are never exposed to the browser
 - **Private backups** — the Dataset repo is created as private by default
 
-> **Tip:** Change the default password from `huggingclaw` to something unique by setting the `OPENCLAW_PASSWORD` secret.
-
 ## License
 
 MIT

openclaw.json

@@ -3,7 +3,6 @@
     "mode": "local",
     "bind": "lan",
     "port": 7860,
-    "auth": { "token": "__OPENCLAW_PASSWORD__" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

scripts/sync_hf.py

@@ -65,8 +65,6 @@ OPENAI_BASE_URL = os.environ.get("OPENAI_BASE_URL", "https://api.openai.com/v1")
 # OpenRouter API key (optional; alternative to OPENAI_API_KEY + OPENAI_BASE_URL)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
 
-# Gateway password (override via HF Secret OPENCLAW_PASSWORD)
-OPENCLAW_PASSWORD = os.environ.get("OPENCLAW_PASSWORD", "huggingclaw")
 
 # Default model for new conversations (infer from provider if not set)
 OPENCLAW_DEFAULT_MODEL = os.environ.get("OPENCLAW_DEFAULT_MODEL") or (
@@ -344,10 +342,9 @@ class OpenClawFullSync:
             try:
                 with open(config_path, "r") as f:
                     cfg = json.load(f)
-                # Replace token placeholder
-                if "gateway" in cfg and "auth" in cfg["gateway"]:
-                    if cfg["gateway"]["auth"].get("token") == "__OPENCLAW_PASSWORD__":
-                        cfg["gateway"]["auth"]["token"] = OPENCLAW_PASSWORD
+                # Remove auth block (no password/token — device auth only)
+                if "gateway" in cfg:
+                    cfg["gateway"].pop("auth", None)
                 if OPENAI_API_KEY and "models" in cfg and "providers" in cfg["models"] and "openai" in cfg["models"]["providers"]:
                     cfg["models"]["providers"]["openai"]["apiKey"] = OPENAI_API_KEY
                     if OPENAI_BASE_URL:
@@ -418,9 +415,6 @@ class OpenClawFullSync:
                     data["plugins"]["locations"] = [l for l in locs if l != "/dev/null"]
 
             # Force full gateway config for HF Spaces
-            if not OPENCLAW_PASSWORD:
-                print("[SYNC] WARNING: OPENCLAW_PASSWORD not set! Gateway will have no auth.")
-            auth = {"token": OPENCLAW_PASSWORD} if OPENCLAW_PASSWORD else {}
             # Dynamic allowedOrigins from SPACE_HOST (auto-set by HF runtime)
             allowed_origins = [
                 "https://huggingface.co",
@@ -433,14 +427,13 @@ class OpenClawFullSync:
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
-                "auth": auth,
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
                     "allowedOrigins": allowed_origins
                 }
             }
-            print(f"[SYNC] Set gateway config (auth={'token' if OPENCLAW_PASSWORD else 'none'}, origins={len(allowed_origins)})")
+            print(f"[SYNC] Set gateway config (auth=device-only, origins={len(allowed_origins)})")
 
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})