Covers the case where authMode is 'password' and deviceIdentity is present.
Asserts that buildDeviceAuthPayload is called with token:null (not the password
value) and that the connect request uses auth.password, not auth.token.
Addresses Copilot review comment on PR #22.
- Generate Ed25519 keypair via Web Crypto API
- Persist keypair in IndexedDB (survives page reloads)
- Sign connect payload with device private key
- Include device object in connect params (id, publicKey, signature, signedAt)
- Handle NOT_PAIRED error with 'pairing' connection status
- Show pairing-pending banner with instructions to run openclaw devices approve
- Extract nonce from connect.challenge for v2 payload signing
- Add i18n translations for pairing banner in all 8 languages
Closes#6