fix: openclaw dashboard auth — add gateway.auth.mode and use fragment token (#2617)

OpenClaw 2026.3.7+ requires an explicit `gateway.auth.mode: "token"` field when `gateway.auth.token` is set. Without it the gateway rejects auth and the dashboard shows "Unauthorized". Additionally, pass the token via URL fragment (`#token=`) instead of query parameter (`?token=`) to match the updated auth flow and avoid leaking the token in server logs / Referer headers (GHSA-rchv-x836-w7xp). Co-authored-by: Claude <claude@anthropic.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-29 20:39:29 +00:00 · 2026-03-14 11:48:34 -07:00 · 2026-03-14 11:48:34 -07:00 · c323f0e2e3
commit c323f0e2e3
parent 6988ac7acf
2 changed files with 7 additions and 5 deletions
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -1,6 +1,6 @@
 {
  "name": "@openrouter/spawn",
-  "version": "0.17.19",
+  "version": "0.17.20",
  "type": "module",
  "bin": {
    "spawn": "cli.js"