refactor(gateway)!: remove legacy v1 device-auth handshake

2026-04-19 04:27:27 +00:00 · 2026-02-22 09:26:49 +01:00
parent ed38b50fa5
commit 8887f41d7d
17 changed files with 404 additions and 210 deletions
--- a/docs/concepts/architecture.md
+++ b/docs/concepts/architecture.md
@@ -97,8 +97,8 @@ sequenceDiagram
  for subsequent connects.
 - **Local** connects (loopback or the gateway host’s own tailnet address) can be
  auto‑approved to keep same‑host UX smooth.
- **Non‑local** connects must sign the `connect.challenge` nonce and require
-  explicit approval.
+- All connects must sign the `connect.challenge` nonce.
+- **Non‑local** connects still require explicit approval.
 - Gateway auth (`gateway.auth.*`) still applies to **all** connections, local or
  remote.