Bug Description

The webchat/dashboard UI fails to connect to the gateway websocket with the error:

disconnected (1008): unauthorized: gateway token missing (set gateway.remote.token to match gateway.auth.token)

Environment

• macOS 26.2 (arm64)
• Node 25.2.1
• Clawdbot version: 2026.1.22
• Gateway bound to loopback (127.0.0.1:18789)
• Auth mode: token

Configuration

{
  "gateway": {
    "mode": "local",
    "auth": {
      "mode": "token",
      "token": "<redacted>"
    },
    "port": 18789,
    "bind": "loopback",
    "remote": {
      "token": "<redacted>"  // Added this to match auth.token, still fails
    }
  }
}

Steps to Reproduce

1. Configure gateway with auth.mode: "token" and set a token
2. Run clawdbot gateway start
3. Run clawdbot dashboard (or open http://127.0.0.1:18789/chat?token=<token>)
4. Dashboard UI loads but websocket connection fails with unauthorized error

What I Tried

• Adding token to URL query string: ?token=xxx — doesn't work
• Running clawdbot dashboard which should provide tokenized URL — doesn't work
• Adding gateway.remote.token to config to match gateway.auth.token — doesn't work
• Setting gateway.auth.mode: "off" — works but breaks other connections (Claude Code)

Expected Behavior

The webchat UI should:

1. Read the token from the URL ?token=... parameter, OR
2. Read it from gateway.remote.token in config, OR
3. Prompt the user to enter the token in the UI

Actual Behavior

The HTML/JS loads fine but the websocket connection is rejected with 1008 unauthorized.

Workaround

Use terminal CLI (clawdbot chat or clawdbot tui) instead of browser webchat.

Additional Context

• Gateway health check returns 200 OK
• clawdbot status shows gateway running and reachable
• Other connections (WhatsApp, Claude Code) work fine with auth enabled