Problem
After onboarding, the gateway auth token is not easily retrievable. Inside the sandbox, the token is redacted (__OPENCLAW_REDACTED__), and the current workaround requires a multi-step process:
d=$(mktemp -d) && openshell sandbox download my-assistant /sandbox/.openclaw/openclaw.json "$d/" && jq -r '.gateway.auth.token' "$d/openclaw.json" && rm -rf "$d"
This is too convoluted for users who simply need their gateway token after initial setup.
Proposed Solution
Add two mechanisms:
nemoclaw <name> open to directly open a browser with the token applied. This minimizes exposure of the token in logs/history/screencast/etc.- Additionally
nemoclaw <name> gateway-token, utilizing fetchGatewayAuthTokenFromSandbox which already exists in the code base and have a warning like we already show in onboarding ("Treat this token like a password — do not log or share it")
The command should be discoverable via --help so users can find it without needing to know the internal file structure or use jq.
Problem
After onboarding, the gateway auth token is not easily retrievable. Inside the sandbox, the token is redacted (
__OPENCLAW_REDACTED__), and the current workaround requires a multi-step process:This is too convoluted for users who simply need their gateway token after initial setup.
Proposed Solution
Add two mechanisms:
nemoclaw <name> opento directly open a browser with the token applied. This minimizes exposure of the token in logs/history/screencast/etc.nemoclaw <name> gateway-token, utilizing fetchGatewayAuthTokenFromSandbox which already exists in the code base and have a warning like we already show in onboarding ("Treat this token like a password — do not log or share it")The command should be discoverable via
--helpso users can find it without needing to know the internal file structure or usejq.