`clawdbot devices`

Manage device pairing requests and device-scoped tokens.

Commands

`clawdbot devices list`

List pending pairing requests and paired devices.

clawdbot devices list
clawdbot devices list --json

`clawdbot devices approve \<requestId\>`

Approve a pending device pairing request.

clawdbot devices approve <requestId>

`clawdbot devices reject \<requestId\>`

Reject a pending device pairing request.

clawdbot devices reject <requestId>

`clawdbot devices rotate --device \<id\> --role \<role\> [--scope \<scope...\>]`

Rotate a device token for a specific role (optionally updating scopes).

clawdbot devices rotate --device <deviceId> --role operator --scope operator.read --scope operator.write

`clawdbot devices revoke --device \<id\> --role \<role\>`

Revoke a device token for a specific role.

clawdbot devices revoke --device <deviceId> --role node

Common options

--url \<url\>: Gateway WebSocket URL (defaults to gateway.remote.url when configured).
--token \<token\>: Gateway token (if required).
--password \<password\>: Gateway password (password auth).
--timeout \<ms\>: RPC timeout.
--json: JSON output (recommended for scripting).

Note: when you set --url, the CLI does not fall back to config or environment credentials. Pass --token or --password explicitly. Missing explicit credentials is an error.

Notes

Token rotation returns a new token (sensitive). Treat it like a secret.
These commands require operator.pairing (or operator.admin) scope.

clawdbot devices ​

Commands ​

clawdbot devices list ​

clawdbot devices approve \<requestId\> ​

clawdbot devices reject \<requestId\> ​

clawdbot devices rotate --device \<id\> --role \<role\> [--scope \<scope...\>] ​

clawdbot devices revoke --device \<id\> --role \<role\> ​

Common options ​

Notes ​