MOLTBOT_GATEWAY_TOKEN is treated as required, which blocks the documented device‑pairing flow (tokenless) in non‑dev mode. This is a behavior mismatch vs README/wrangler notes.
Setting DEV_MODE=true is supposed to skip auth/device pairing and allow insecure access. However, the worker still passes MOLTBOT_GATEWAY_TOKEN into the container when it’s set, so the gateway starts in token‑auth mode anyway. This makes DEV mode inconsistent with its documented behavior.
See:
index.ts(line 60)wrangler.jsonc(line 82)
Authentication ▶️ Device Pairing: says “By default, moltbot uses device pairing for authentication” and describes approving devices via /_admin/. This implies tokenless pairing is a valid mode.
Steps to Reproduce:
- Set
DEV_MODE=true and also set MOLTBOT_GATEWAY_TOKEN
- Start
- Connect to the control UI without
?token=
- Gateway rejects
Expected Behavior
- In DEV mode, gateway should start without token auth (device pairing/insecure auth), even if a token is present.
Actual Behavior
- DEV mode still passes the token into the container, enabling token auth.
MOLTBOT_GATEWAY_TOKENis treated as required, which blocks the documented device‑pairing flow (tokenless) in non‑dev mode. This is a behavior mismatch vs README/wrangler notes.Setting
DEV_MODE=trueis supposed to skip auth/device pairing and allow insecure access. However, the worker still passesMOLTBOT_GATEWAY_TOKENinto the container when it’s set, so the gateway starts in token‑auth mode anyway. This makes DEV mode inconsistent with its documented behavior.See:
index.ts(line 60)wrangler.jsonc(line 82)Authentication▶️ Device Pairing: says “By default, moltbot uses device pairing for authentication” and describes approving devices via /_admin/. This implies tokenless pairing is a valid mode.
Steps to Reproduce:
DEV_MODE=trueand also setMOLTBOT_GATEWAY_TOKEN?token=Expected Behavior
Actual Behavior