CLI local gateway detail probes drop device auth on localhost and localLoopback probe budget is too low

[jeffrey4341]

Summary

On local gateways using gateway.auth.mode=token, CLI detail calls on localhost can lose paired operator scopes because device identity is suppressed when a shared gateway token/password is present. This makes status --deep and last-heartbeat behave inconsistently even though basic health checks still work.

Separately, openclaw gateway probe budgets only 800ms for the localLoopback target, which is too short for full detail probes on healthy localhost gateways.

Symptoms

• openclaw status --deep can show gateway summary issues such as missing scope: operator.read
• Last heartbeat can show as unavailable even while heartbeats are actually running
• openclaw gateway probe --json can report a localhost timeout on a healthy gateway
• simple socket/health checks still succeed, making the failure look inconsistent

Root cause

1. Local CLI gateway calls deliberately skip deviceIdentity on loopback whenever a shared token/password exists, so detail RPCs do not benefit from paired operator scopes.
2. localLoopback probe budget is fixed at 800ms, while real full localhost detail probes can take ~1.7-1.9s.

Proposed fix

• always allow CLI localhost gateway calls / detail probes to attach deviceIdentity
• raise localLoopback probe budget to something like 3000ms

Reproduction notes

Observed on Linux local gateway with loopback bind and token auth. Direct websocket + health were fine; failures appeared only on detail RPC paths (status, system-presence, last-heartbeat) and on the CLI probe budget path.

[jeffrey4341]

Linked PR: #46556

[steipete]

Closing this as implemented after Codex review.

Current main already implements both requested changes: local authenticated CLI/gateway calls keep deviceIdentity attached for loopback detail RPCs, and active/explicit loopback probe targets now use the full caller timeout budget instead of the old short cap.

What I checked:

• Loopback detail probes keep device identity: probeGateway now keeps local authenticated probes device-bound; it only skips deviceIdentity on loopback when no shared token/password is present. That directly addresses localhost detail probes losing paired operator scopes. (src/gateway/probe.ts:148, 56fe2aab9c87)
• CLI gateway calls keep device identity for local shared-auth RPCs: callGateway now resolves device identity by default for CLI gateway calls, with an inline comment naming status, system-presence, and last-heartbeat as the affected detail RPCs. (src/gateway/call.ts:196, 56fe2aab9c87)
• Active loopback probes no longer use the short cap: resolveProbeBudgetMs now preserves the full caller budget for active/discovered loopback probes and explicit loopback URLs; only inactive local loopback stays on the 800 ms cap. (src/commands/gateway-status/helpers.ts:132, 56fe2aab9c87)
• Regression coverage for auth/detail path: Integration tests cover local authenticated status calls and detail probes succeeding on loopback with token auth. (src/gateway/probe.auth.integration.test.ts:9, 56fe2aab9c87)
• Regression coverage for timeout budget behavior: Unit tests assert that active local loopback and explicit loopback targets use the full caller budget, while inactive local loopback remains capped. (src/commands/gateway-status/helpers.test.ts:297, 56fe2aab9c87)
• Fix landed on current main: The touched files are all introduced on current history by commit f85806b6d78698fb6b6060d09e16cb09ae40131b, and that commit is contained in main. (f85806b6d786)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 56fe2aab9c87; fix evidence: commit f85806b6d786.