fix(gateway): embedded Control UI 500 — set dangerouslyDisableDeviceAuth for OpenClaw 2026.3.x

- Migrate local gateways to allowInsecureAuth + dangerouslyDisableDeviceAuth (override false)
- Wizard seeds both flags; extend GatewayControlUiConfig type
- Release shell 0.6.1+openclaw.2026.3.31, docs + CHANGELOG

Made-with: Cursor

Author: agentkernel

.github/workflows/release.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
     inputs:
       tag:
-        description: '要发布的 Git 标签（须已存在），例如 v0.6.0。必填：工作流会检出该标签再构建，勿留空（留空会误用当前分支导致安装包混拼 / Control UI 黑屏）。'
+        description: '要发布的 Git 标签（须已存在），例如 v0.6.1。必填：工作流会检出该标签再构建，勿留空（留空会误用当前分支导致安装包混拼 / Control UI 黑屏）。'
         required: true
         type: string
 
@@ -40,7 +40,7 @@ jobs:
         if: github.event_name == 'workflow_dispatch'
         run: |
           if [ -z "${{ github.event.inputs.tag }}" ]; then
-            echo "::error::手动发布时必须在输入框填写 tag（与 Git 标签一致，例如 v0.6.0）。否则会按当前分支打包，极易与 Release 标签错配并导致安装包内 OpenClaw / Control UI 混拼。"
+            echo "::error::手动发布时必须在输入框填写 tag（与 Git 标签一致，例如 v0.6.1）。否则会按当前分支打包，极易与 Release 标签错配并导致安装包内 OpenClaw / Control UI 混拼。"
             exit 1
           fi
 

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to OpenClaw Desktop will be documented in this file.
 
 ## [Unreleased]
 
+## [0.6.1] - 2026-04-01
+
+### Fixed
+
+- **主界面 / Control UI：** 上游 OpenClaw **2026.3.x** 对 Control UI 的 **device identity** 与环回认证更严格，Electron 内嵌 iframe 下仅设置 `gateway.controlUi.allowInsecureAuth` 仍可能出现 **HTTP 500 Internal Server Error** 或 WebSocket 握手失败。现对**非 remote** 网关自动写入 **`allowInsecureAuth: true`** 与 **`dangerouslyDisableDeviceAuth: true`**（并覆盖用户误设的 `false`），与向导新建配置一致（`openclaw-config.ts`、`setup-handler.ts`）。详见上游相关讨论（如 device-identity / Control UI HTTP 问题）。
+
 ## [0.6.0] - 2026-04-01
 
 ### Fixed

CONTRIBUTING.md

@@ -72,7 +72,7 @@ pnpm run package:win
 - Release assets are published through GitHub Actions.
 - The primary downloadable asset is `OpenClaw-Setup-<version>.exe`.
 - For the first public versions, unsigned Windows builds may trigger SmartScreen warnings.
-- **Bundled OpenClaw** version is stored in `resources/bundle-manifest.json` as `bundledOpenClawVersion` (updated by `pnpm run prepare-bundle` from `build/openclaw`). The pin lives in root `package.json` as `openclawBundleVersion`. Desktop **v0.6.0** ships OpenClaw **2026.3.31** alongside shell semver `0.6.0+openclaw.2026.3.31`.
+- **Bundled OpenClaw** version is stored in `resources/bundle-manifest.json` as `bundledOpenClawVersion` (updated by `pnpm run prepare-bundle` from `build/openclaw`). The pin lives in root `package.json` as `openclawBundleVersion`. Desktop **v0.6.1** ships OpenClaw **2026.3.31** alongside shell semver `0.6.1+openclaw.2026.3.31`.
 
 ## License
 

README.md

@@ -48,17 +48,17 @@ If you've been searching for *how to install OpenClaw on Windows*, *how to run O
 ## Quick Start
 
 1. Download the latest installer from [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest)
-2. Run the Windows setup (filename follows `package.json`, e.g. `OpenClaw-Setup-0.6.0+openclaw.2026.3.31.exe`)
+2. Run the Windows setup (filename follows `package.json`, e.g. `OpenClaw-Setup-0.6.1+openclaw.2026.3.31.exe`)
 3. Finish the setup wizard (provider → channel → gateway)
 4. Launch from Start Menu or Desktop shortcut
 
 **System:** Windows 10/11 x64 · ~350 MB free space · Internet for API calls
 
-## OpenClaw Desktop v0.6.0
+## OpenClaw Desktop v0.6.1
 
-- **Shell version:** `0.6.0+openclaw.2026.3.31` (semver + bundled OpenClaw pin in build metadata).
+- **Shell version:** `0.6.1+openclaw.2026.3.31` (semver + bundled OpenClaw pin in build metadata).
 - **Bundled OpenClaw (npm):** **2026.3.31** — same runtime as `npm install openclaw@2026.3.31` (current npm `latest`); pinned in [`package.json`](package.json) as `openclawBundleVersion`.
-- **Desktop highlights (recent train):** **v0.6.0** fixes Control UI build leaving a stub `package.json` in the bundle and `prepare-bundle` skipping copy when the version marker matched — see [CHANGELOG **0.6.0**](CHANGELOG.md). Feishu `registerFull` guard covers `dist/extensions/feishu/index.js`; MiniMax wizard **M2.7-only**; Control UI from GitHub tag sources for Electron.
+- **Desktop highlights (recent train):** **v0.6.1** fixes embedded Control UI **500 / device-identity** failures with OpenClaw 2026.3.x by persisting `gateway.controlUi.dangerouslyDisableDeviceAuth` (see [CHANGELOG **0.6.1**](CHANGELOG.md)). **v0.6.0** fixed stub `package.json` / `prepare-bundle` resync ([**0.6.0**](CHANGELOG.md)). Feishu `registerFull` guard; MiniMax **M2.7-only**; Control UI from GitHub tag sources for Electron.
 
 ### Upstream OpenClaw 2026.3.31 (summary)
 
@@ -94,6 +94,7 @@ Each release **pins** the bundled OpenClaw npm version in root [`package.json`](
 - **Runtime:** Bundled portable Node.js **22.16.0** (`pnpm run download-node`), matching upstream `openclaw.mjs` / `engines` (**Node ≥ 22.16**).
 - **State & config:** Same as upstream: `%USERPROFILE%\.openclaw`, main config `openclaw.json`. Use **`OPENCLAW_*`** env vars (`CLAWDBOT_*` / `MOLTBOT_*`, `.moltbot`, etc. were removed upstream).
 - **Control UI:** The npm package does not ship `dist/control-ui/`; we fetch GitHub tag **`v<version>`** sources (`ui/` plus repo-root `src/`, etc.) and run Vite. CI builds static assets on Linux and merges them into the Windows installer.
+- **Embedded console auth:** For **local** gateways (not `remote`), the shell auto-maintains `gateway.controlUi.allowInsecureAuth` and `dangerouslyDisableDeviceAuth` in `openclaw.json` so OpenClaw **2026.3.x** Control UI works inside the Electron iframe (see [CHANGELOG 0.6.1](CHANGELOG.md)). If you switch to remote gateway or hand-edit these keys, follow upstream docs.
 - **Bundled plugin list:** Upstream ships built-in channel/provider plugins under **`dist/extensions/*`**; the desktop shell scans that path and still falls back to legacy top-level `extensions/`.
 - **Breaking changes:** Plugin SDK (`openclaw/plugin-sdk/*`), browser/install behavior, and other breaking items are covered in [upstream OpenClaw releases](https://github.com/openclaw/openclaw/releases) and [upstream docs](https://docs.openclaw.ai/) for the version you ship. Installer-only users usually need no action; **custom/third-party plugin** authors should follow upstream migration guides.
 
@@ -131,8 +132,8 @@ OpenClaw Desktop is a **community-maintained Windows distribution** for the Open
 
 | | |
 |---|---|
-| **Release** | `v0.6.0` (shell `0.6.0+openclaw.2026.3.31`) |
-| **Installer** | `OpenClaw-Setup-0.6.0+openclaw.2026.3.31.exe` (see [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest) for exact asset) |
+| **Release** | `v0.6.1` (shell `0.6.1+openclaw.2026.3.31`) |
+| **Installer** | `OpenClaw-Setup-0.6.1+openclaw.2026.3.31.exe` (see [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest) for exact asset) |
 | **Platform** | Windows 10/11 x64 |
 | **Includes** | Electron shell, portable Node.js, bundled OpenClaw |
 | **Extras** | SHA-256 checksum, `latest.yml` for in-app updates |
@@ -213,7 +214,7 @@ pnpm run prepare-bundle
 pnpm run package:win   # Output: dist/OpenClaw-Setup-<version>.exe
 ```
 
-**Bundled OpenClaw:** Pinned in `package.json` (`openclawBundleVersion`). After `prepare-bundle`, see `bundledOpenClawVersion` in [`resources/bundle-manifest.json`](resources/bundle-manifest.json) (currently **2026.3.31** for desktop **v0.6.0**). Local checks: `pnpm run check-openclaw-versions` (omit `OPENCLAW_SKIP_NPM_LATEST_CHECK` to also compare against npm `latest`).
+**Bundled OpenClaw:** Pinned in `package.json` (`openclawBundleVersion`). After `prepare-bundle`, see `bundledOpenClawVersion` in [`resources/bundle-manifest.json`](resources/bundle-manifest.json) (currently **2026.3.31** for desktop **v0.6.1**). Local checks: `pnpm run check-openclaw-versions` (omit `OPENCLAW_SKIP_NPM_LATEST_CHECK` to also compare against npm `latest`).
 
 **Related docs:** [CHANGELOG.md](CHANGELOG.md) · [CONTRIBUTING.md](CONTRIBUTING.md)
 

README.zh-CN.md

@@ -48,17 +48,17 @@
 ## 快速开始
 
 1. 从 [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest) 下载最新安装包
-2. 运行安装程序（文件名与 `package.json` 一致，例如 `OpenClaw-Setup-0.6.0+openclaw.2026.3.31.exe`）
+2. 运行安装程序（文件名与 `package.json` 一致，例如 `OpenClaw-Setup-0.6.1+openclaw.2026.3.31.exe`）
 3. 完成设置向导（模型提供商 → 频道 → 网关）
 4. 从开始菜单或桌面快捷方式启动
 
 **系统要求：** Windows 10/11 x64 · 约 350 MB 可用空间 · 网络连接（用于 API 调用）
 
-## OpenClaw Desktop v0.6.0
+## OpenClaw Desktop v0.6.1
 
-- **Shell 版本：** `0.6.0+openclaw.2026.3.31`（主版本号 + 构建元数据中的捆绑 OpenClaw 版本）。
+- **Shell 版本：** `0.6.1+openclaw.2026.3.31`（主版本号 + 构建元数据中的捆绑 OpenClaw 版本）。
 - **捆绑 OpenClaw（npm）：** **2026.3.31**，与当前 npm `latest`（`npm install openclaw@2026.3.31`）一致；在根目录 [`package.json`](package.json) 中用 `openclawBundleVersion` 固定。
-- **桌面端近期要点：** **v0.6.0** 修复 Control UI 构建后遗留 stub `package.json`、以及 `prepare-bundle` 因版本标记相同跳过复制导致资源不一致的问题，详见 [CHANGELOG **0.6.0**](CHANGELOG.md)。飞书 `registerFull` 一次性防护覆盖 `dist/extensions/feishu/index.js`；上游 **2026.3.31** 已改进 `hooks.mappings` 中 `feishu` 等；向导 MiniMax **仅 M2.7**；Control UI 从 GitHub 标签源码构建。
+- **桌面端近期要点：** **v0.6.1** 修复上游 **2026.3.x** 下内嵌 Control UI 出现 **Internal Server Error**（device identity / 环回认证收紧）：自动写入 `gateway.controlUi.dangerouslyDisableDeviceAuth` 并与 `allowInsecureAuth` 一并校正，见 [CHANGELOG **0.6.1**](CHANGELOG.md)。**v0.6.0** 已修复 stub `package.json` 与 `prepare-bundle` 同步问题。飞书 `registerFull` 防护；MiniMax **仅 M2.7**；Control UI 自 GitHub 标签构建。
 
 ### 上游 OpenClaw 2026.3.31（摘要）
 
@@ -95,6 +95,7 @@
 - **状态与配置**：与上游一致使用 `%USERPROFILE%\.openclaw`、主配置 `openclaw.json`，环境变量请使用 **`OPENCLAW_*`**（`CLAWDBOT_*` / `MOLTBOT_*`、`.moltbot` 等旧名已在上游移除）。
 - **Control UI**：npm 包不再附带 `dist/control-ui/`，构建时从 **GitHub 标签 `v<版本号>`** 拉取 `ui/` + 仓库根 `src/` 等源码后执行 Vite；CI 在 Linux 构建静态资源再合并到 Windows 安装包。
 - **内置插件列表**：上游将内置频道/提供商插件放在 **`dist/extensions/*`**；壳内扩展扫描已同时支持该路径与旧版顶层 `extensions/`。
+- **内嵌控制台：** 本地网关下桌面会自动维护 `gateway.controlUi.allowInsecureAuth` 与 `dangerouslyDisableDeviceAuth`（非 `remote` 模式），以适配上游 Control UI 认证策略；若你手动改为 `remote` 或自行编辑该段配置，请以 [CHANGELOG 0.6.1](CHANGELOG.md) 与上游文档为准。
 - **重大变更说明**：插件 SDK（`openclaw/plugin-sdk/*`）、浏览器/安装行为等 Breaking 变更以 [上游 OpenClaw Releases](https://github.com/openclaw/openclaw/releases) 与 [上游文档](https://docs.openclaw.ai/) 中**对应版本**为准；仅使用安装包与向导的用户一般无需额外操作，**自研/第三方插件**作者需按上游迁移指引更新。
 
 *英文版同节：[README.md](./README.md)。*
@@ -131,8 +132,8 @@ OpenClaw Desktop 是 OpenClaw 生态的**社区维护 Windows 分发版**，属
 
 | | |
 |---|---|
-| **当前版本** | `v0.6.0`（壳 `0.6.0+openclaw.2026.3.31`） |
-| **安装包** | `OpenClaw-Setup-0.6.0+openclaw.2026.3.31.exe`（见 [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest) 实际资产名） |
+| **当前版本** | `v0.6.1`（壳 `0.6.1+openclaw.2026.3.31`） |
+| **安装包** | `OpenClaw-Setup-0.6.1+openclaw.2026.3.31.exe`（见 [Releases](https://github.com/agentkernel/openclaw-desktop/releases/latest) 实际资产名） |
 | **适用系统** | Windows 10/11 x64 |
 | **包含内容** | Electron 外壳、便携 Node.js、捆绑 OpenClaw |
 | **附加产物** | SHA-256 校验文件、`latest.yml`（应用内更新用） |
@@ -213,7 +214,7 @@ pnpm run prepare-bundle
 pnpm run package:win   # 输出: dist/OpenClaw-Setup-<version>.exe
 ```
 
-**捆绑 OpenClaw：** 在 `package.json` 中通过 `openclawBundleVersion` 固定；执行 `prepare-bundle` 后查看 [`resources/bundle-manifest.json`](resources/bundle-manifest.json) 中的 `bundledOpenClawVersion`（桌面 **v0.6.0** 当前为 **2026.3.31**）。本地校验：`pnpm run check-openclaw-versions`（不设 `OPENCLAW_SKIP_NPM_LATEST_CHECK` 时还会与 npm `latest` 对比）。
+**捆绑 OpenClaw：** 在 `package.json` 中通过 `openclawBundleVersion` 固定；执行 `prepare-bundle` 后查看 [`resources/bundle-manifest.json`](resources/bundle-manifest.json) 中的 `bundledOpenClawVersion`（桌面 **v0.6.1** 当前为 **2026.3.31**）。本地校验：`pnpm run check-openclaw-versions`（不设 `OPENCLAW_SKIP_NPM_LATEST_CHECK` 时还会与 npm `latest` 对比）。
 
 **相关文档：** [CHANGELOG.md](CHANGELOG.md) · [CONTRIBUTING.md](CONTRIBUTING.md)
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-desktop",
-  "version": "0.6.0+openclaw.2026.3.31",
+  "version": "0.6.1+openclaw.2026.3.31",
   "openclawBundleVersion": "2026.3.31",
   "description": "Community-maintained Windows desktop app and installer for OpenClaw.",
   "type": "module",

resources/bundle-manifest.json

@@ -1,4 +1,4 @@
 {
-  "shellVersion": "0.6.0+openclaw.2026.3.31",
+  "shellVersion": "0.6.1+openclaw.2026.3.31",
   "bundledOpenClawVersion": "2026.3.31"
 }

src/main/config/openclaw-config.ts

@@ -105,9 +105,10 @@ function migrateLegacyProviderConfig(config: OpenClawConfig): { config: OpenClaw
 
 /** Ensure Feishu channel keeps explicit `dmPolicy: pairing` so DMs use pairing flow (not implicit open). */
 /**
- * OpenClaw 2026.3+ rejects Control UI WebSocket connects without device identity unless
- * `gateway.controlUi.allowInsecureAuth` is set. The desktop embeds Control UI in a sandboxed
- * iframe where `crypto.subtle` may be missing — enable this for local (non-remote) gateways.
+ * OpenClaw 2026.3+ hardens Control UI auth (device identity + loopback policy). The desktop embeds
+ * Control UI in an Electron iframe; upstream may return 500 or reject WS unless both
+ * `allowInsecureAuth` and `dangerouslyDisableDeviceAuth` are set for local gateways.
+ * Always normalize to the embedded-safe pair for non-remote mode (overrides user `false`).
  */
 function migrateDesktopControlUiAllowInsecureAuth(
   config: OpenClawConfig,
@@ -120,7 +121,11 @@ function migrateDesktopControlUiAllowInsecureAuth(
     return { config, changed: false }
   }
   const ctrl = gw.controlUi
-  if (ctrl && typeof ctrl === 'object' && ctrl.allowInsecureAuth !== undefined) {
+  const base =
+    ctrl && typeof ctrl === 'object' && !Array.isArray(ctrl)
+      ? (ctrl as Record<string, unknown>)
+      : {}
+  if (base.allowInsecureAuth === true && base.dangerouslyDisableDeviceAuth === true) {
     return { config, changed: false }
   }
   const next = JSON.parse(JSON.stringify(config)) as OpenClawConfig
@@ -129,8 +134,11 @@ function migrateDesktopControlUiAllowInsecureAuth(
     return { config, changed: false }
   }
   ng.controlUi = {
-    ...(typeof ng.controlUi === 'object' && ng.controlUi !== null ? ng.controlUi : {}),
+    ...(typeof ng.controlUi === 'object' && ng.controlUi !== null && !Array.isArray(ng.controlUi)
+      ? ng.controlUi
+      : {}),
     allowInsecureAuth: true,
+    dangerouslyDisableDeviceAuth: true,
   }
   return { config: next, changed: true }
 }
@@ -522,7 +530,7 @@ export function readOpenClawConfig(): OpenClawConfig {
           }
           if (migratedControlUi.changed) {
             console.info(
-              '[config] Set gateway.controlUi.allowInsecureAuth=true for embedded Control UI (OpenClaw 2026.3+)',
+              '[config] Set gateway.controlUi.allowInsecureAuth=true and dangerouslyDisableDeviceAuth=true for embedded Control UI (OpenClaw 2026.3+)',
             )
           }
           if (migratedAuthNone.changed) {

src/main/update/update-service.ts

@@ -63,7 +63,7 @@ function normalizeVersion(tag: string): string {
 }
 
 /**
- * Shell versions use semver plus build metadata (e.g. `0.6.0+openclaw.2026.3.31`).
+ * Shell versions use semver plus build metadata (e.g. `0.6.1+openclaw.2026.3.31`).
  * Semver ignores build metadata for precedence; we tie-break with a full string compare.
  * Returns negative if a is older than b.
  */

src/main/wizard/setup-handler.ts

@@ -459,10 +459,10 @@ function buildOpenClawConfig(state: WizardState): OpenClawConfig {
         mode: 'token',
         token: state.gatewayConfig.authToken,
       },
-      // Upstream 2026.3+: Control UI webchat needs device identity when crypto.subtle exists.
-      // Electron iframe may lack a full secure context — allow token-only on loopback for embedded UI.
+      // Upstream 2026.3+: Control UI device-identity + loopback policy; embedded iframe needs both flags.
       controlUi: {
         allowInsecureAuth: true,
+        dangerouslyDisableDeviceAuth: true,
       },
     },
     agents: {