Remote skill bin probe times out when node is co-located with gateway (macOS app as node on same host)

[Adam-Researchh]

Summary

When the OpenClaw macOS app connects to the gateway running on the same machine with the node role, the skills-remote system attempts to probe it for skill binaries via system.run / system.which. The macOS app does not handle this RPC, causing a timeout warning on every gateway startup and node reconnect:

[skills-remote] remote bin probe timed out (Researchh's Mac Studio (178b77...));
check node connectivity for Researchh's Mac Studio (178b77...)

Root Cause

1. macOS app connects → requests node role → approved
2. node-command-policy.ts → PLATFORM_DEFAULTS.macos auto-includes system.run, system.run.prepare, system.which
3. skills-remote.ts → primeRemoteSkillsCache() sees a Mac node with system.run → probes it for installed bins
4. The macOS app does not handle system.run/system.which RPCs → probe times out

This is a mismatch: the macOS platform defaults assume the node can run shell commands (designed for remote Mac nodes running the CLI/daemon), but the macOS app does not implement that capability.

Impact

• Warning spam in gateway logs on every startup and node reconnect
• 10+ second timeout delay during startup while waiting for the probe
• Confusing "check node connectivity" message when the node is actually connected and working fine

Current Workaround

Adding denyCommands to block the probe-triggering commands:

{
  "gateway": {
    "nodes": {
      "denyCommands": ["system.run", "system.run.prepare", "system.which"]
    }
  }
}

This works but is heavy-handed — it also blocks legitimate system.run for any actual remote nodes that could handle it.

Suggested Fix

A few possible approaches (not mutually exclusive):

1. Detect co-located nodes: If the node's connection originates from 127.0.0.1 / ::1 and the gateway already has local shell access, skip remote bin probing for that node.

2. Node capability declaration: Have nodes declare which commands they actually implement (the macOS app could omit system.run from its declared capabilities). The probe already checks declaredCommands via isNodeCommandAllowed() — if the app declared an empty or accurate command set, the probe would skip it.

3. Separate app vs CLI platform defaults: Distinguish between macOS (app) and macOS (CLI/daemon) in PLATFORM_DEFAULTS. The app client mode is "ui" vs "cli" — this metadata is already available in the pairing record.

4. Add a config flag: Something like gateway.nodes.skipRemoteBinProbe: true or skills.remote.enabled: false (currently skills.remote is rejected as an unrecognized config key).

Environment

• OpenClaw 2026.3.7
• macOS app 2026.3.7 (2026030790)
• Gateway and macOS app on the same Mac Studio (M1 Ultra)
• macOS 26.3.0

Related

• node-command-policy.ts — PLATFORM_DEFAULTS.macos includes SYSTEM_COMMANDS
• skills-remote.ts — primeRemoteSkillsCache() triggers the probe
• Config schema rejects skills.remote as an unrecognized key (no way to disable remote skills via config)

[tavaresgmg]

Confirmed on a newer setup as well, with two closely related macOS-node behaviors.

Environment

• OpenClaw CLI/gateway: 2026.4.2
• Gateway host: Mac mini (macOS 26.3.1)
• Remote node: MacBook Pro (macOS 26.4.0, OpenClaw app 2026.4.2)

What we observed

1. Co-located app+gateway on the same Mac mini reproduced the warning family exactly. Removing the GUI app from the gateway host and deleting the local paired node entry eliminated that part entirely.
2. Even after cleaning the gateway host so it only runs the gateway service, we could still reproduce remote bin probe timed out for the remote MacBook node during the automatic probe path on connect.
3. Manual system.which against the same MacBook node succeeds immediately for the same bins that are later used by the runtime (for example jq, rg, curl, codex, osascript).

That last point suggests the remaining bug is not simply “node lacks system.which”, but rather that the automatic probe is being triggered too early in the connect lifecycle (or with timing assumptions that are too aggressive) for macOS app-backed nodes.

What worked here

• Remove OpenClaw.app from the gateway host entirely if that machine is intended to be gateway-only.
• Keep the remote MacBook as the only app/node.
• Apply a minimal runtime workaround on the gateway: delay the initial refreshRemoteNodeBins() call by ~5s after node connect, and use a longer initial timeout (we tested 45s).

Result

• Gateway restarts cleanly
• Remote MacBook remains connected and usable
• Manual node system.which works
• No new remote bin probe timed out spam in our validation runs

This seems to support a narrower root cause:

• co-located app-as-node on the gateway host is one bad case
• but there is also a connect-timing issue for real remote macOS app nodes, even when they do support system.which

So I think the upstream fix likely needs both:

• skip/avoid probing co-located app nodes on the gateway host
• make the initial post-connect remote bin probe more patient / deferred for macOS app nodes

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 13, 2026, 9:02 AM ET / 13:02 UTC.

Summary
Keep this open: current main and v2026.6.6 still start remote bin refresh immediately when a node connects, and the current preflight path reduces direct probe timeouts but does not settle the reported co-location/readiness/backoff behavior. The open related PR is conflicting and proof-stale, and the earlier linked closing PR was closed unmerged.

Reproducibility: no. high-confidence live current-main repro was run. Source inspection shows the immediate node-connect refresh path and existing tests cover preflight behavior, but the macOS app co-location/readiness timing needs live verification.

Ways to help us reproduce this

• Add expected vs actual behavior.
• Include redacted logs or terminal output.

Next step
Manual review is needed because the fix shape affects remote skill eligibility, the macOS app node capability contract, and startup/reconnect timing; the linked probe-churn PR is conflicting and needs proof refresh.

Review details

Best possible solution:

Keep this open for a maintainer decision on the remote bin probe lifecycle: defer/back off or gate probes by declared app readiness/co-location while preserving legitimate remote macOS skill eligibility.

Do we have a high-confidence way to reproduce the issue?

No high-confidence live current-main repro was run. Source inspection shows the immediate node-connect refresh path and existing tests cover preflight behavior, but the macOS app co-location/readiness timing needs live verification.

Is this the best way to solve the issue?

Unclear. A pure co-located skip is likely too narrow because later discussion and the related open regression show remote macOS app readiness/timing too; the best fix needs an owner-approved probe timing/backoff/capability contract.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• No live current-main macOS app co-located repro was run here; the code path is clear, but the exact startup/reconnect failure needs real macOS app proof after the current preflight changes.
• The best fix shape is still a product/owner decision because skipping app/co-located nodes, delaying probes, adding backoff, or changing capability declaration each affects remote macOS skill eligibility differently.

Codex review notes: model internal, reasoning high; reviewed against 4c23d1d5978e.

Label changes

Label justifications:

• P2: This is a normal-priority macOS node and remote skill reliability bug with startup/reconnect delays, but it is not an emergency or core runtime outage for all users.
• impact:session-state: The affected path records connected remote nodes and clears or updates cached bin eligibility, which can make remote skill availability drift across node reconnects.
• impact:other: The reported warning spam and startup/reconnect delay are concrete gateway operations impact outside the more specific owned impact labels.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/skills/runtime/remote.test.ts src/gateway/node-command-policy.test.ts
• Live macOS app node proof for gateway co-located startup and remote reconnect, showing system.which/bin probe timing and resulting gateway logs.

What I checked:

• Current connect path still starts bin refresh immediately: After registering a node and recording remote node info, the WebSocket connection handler calls refreshRemoteNodeBins without a delay, readiness gate, co-location check, or backoff handoff. (src/gateway/server/ws-connection/message-handler.ts:1861, 4c23d1d5978e)
• Current probe path only preflights connectivity: refreshRemoteNodeBins still probes any macOS node that declares system.which or system.run, uses a default 15000ms probe timeout, and only adds a 2000ms websocket.ping preflight before invoking system.which/system.run. (src/skills/runtime/remote.ts:352, 4c23d1d5978e)
• Current policy partially addresses defaults but not live declared commands: Desktop host commands are no longer default-enabled for normal node sessions, but live node sessions can still expose approved commands from the runtime handshake, so a macOS app node advertising system.which/system.run remains eligible for probing. (src/gateway/node-command-policy.ts:297, 4c23d1d5978e)
• Existing tests cover preflight skip, not delayed readiness/backoff: The regression tests prove that a failed connectivity preflight skips invoke and that a reconnect during preflight retries immediately; they do not prove the co-located app case or a deferred/patient initial probe. (src/skills/runtime/remote.test.ts:235, 4c23d1d5978e)
• User-facing docs still promise remote macOS skill eligibility: The skills docs say a connected macOS node with system.run allowed can make macOS-only skills eligible and that OpenClaw clears cached bin matches when a node stops answering bin probes. Public docs: docs/tools/skills.md. (docs/tools/skills.md:542, 4c23d1d5978e)
• Latest release has same immediate connect refresh: v2026.6.6 contains the same immediate refreshRemoteNodeBins call after node connection, so the latest shipped release does not close this issue by release provenance. (src/gateway/server/ws-connection/message-handler.ts:1861, 8c802aa68351)

Likely related people:

• steipete: Recent commits touched and documented both the skills runtime and gateway node-policy surfaces involved in remote macOS skill eligibility and node command policy. (role: recent area contributor; confidence: medium; commits: 6c48a1256213, 2da49ef4acbf, f6317fb747f5; files: src/skills/runtime/remote.ts, src/gateway/node-command-policy.ts, docs/tools/skills.md)
• shakkernerd: Recent skills subsystem layout/refactor commits own the current src/skills/runtime placement and adjacent test surface used by the remote bin probe path. (role: recent skills runtime contributor; confidence: medium; commits: d9278c8efdb5, ba2dedb3bcaf; files: src/skills/runtime/remote.ts, src/skills/runtime/remote.test.ts)
• pgondhi987: Recent node platform metadata and node pairing policy work changed the same command-allowlist and connect-policy area that determines whether app-backed nodes expose host commands. (role: adjacent gateway policy contributor; confidence: medium; commits: d656087b3156, 3f1e0ebb8643; files: src/gateway/node-command-policy.ts, src/gateway/server/ws-connection/message-handler.ts)
• Countermarch: Authored the open but currently conflicting probe-cache/backoff PR that directly targets remote bin probe churn, so they are a useful routing candidate for branch refresh context rather than current-main ownership. (role: open follow-up PR author; confidence: low; commits: 515386925a4b; files: src/skills/runtime/remote.ts, src/skills/runtime/remote.test.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.