Gateway HTTP/WS dispatch deadlock on Windows + Docker Desktop bind-mount setups (regression in 2026.4.24, persists in .25 and .26)

[purpleant]

Gateway HTTP/WS dispatch deadlock on Windows + Docker Desktop bind-mount setups (regression in 2026.4.24, persists in .25 and .26)

Summary

On Windows host + Docker Desktop + bind-mounted ~/.openclaw/ setups, the gateway in 2026.4.24, 2026.4.25, and 2026.4.26 logs ready and binds the listener socket, but the request-handling dispatch is deadlocked. Both HTTP and internal-WebSocket transports accept TCP connections and never respond. Slack DMs are queued behind a stuck agent:main:main session and never delivered. Reproduces deterministically on two distinct bots (Bragi and Kvasir) with different histories. Fully working on 2026.4.23 with the same compose/config.

Reproduction environment

• Host: Windows 11 Pro 26200, Docker Desktop (WSL2 backend)
• Container image: ghcr.io/openclaw/openclaw:2026.4.26 (and .25, .24) extended via Dockerfile (FROM) with Playwright/Chromium/gh/gog CLI installs
• Bind mount: ./config:/home/node/.openclaw from a Windows NTFS path
• Container user: node (uid 1000); compose overrides user: "0:0" for an entrypoint wrapper that runs runuser -u node -- "$@" after fix-up perms
• Two bots tested:
  • "Bragi" — extensively used since 2026.3.x, accumulated state, 2.4 MB sessions.json with one large 88%-context-utilized session
  • "Kvasir" — clean state, came directly from 2026.4.23 to .26 with no intermediate migrations

Symptoms (identical on both bots)

After gateway ready:

Probe	Behavior
curl http://127.0.0.1:18789/healthz	TCP connection accepted, never any HTTP response — times out at 8s with HTTP 000
curl http://127.0.0.1:18789/ (gateway dashboard)	Same — TCP accept, no response
curl http://127.0.0.1:18789/__openclaw__/canvas/	Same
curl http://127.0.0.1:18789/api/status	Same
openclaw gateway status --deep (WebSocket probe to ws://127.0.0.1:18789)	Same — timeout
openclaw plugins inspect <id> (CLI → gateway RPC)	Hangs
openclaw plugins doctor (CLI → gateway RPC)	Hangs / silent
codex exec directly (CLI, bypasses gateway)	Works — returns gpt-5.4 reply

Process state: openclaw-gateway PID is Sl (sleeping, multi-threaded), 4–9% CPU. Not idle, not CPU-spinning. All threads S (sleeping). Event-loop deadlock signature.

Kernel TCP state for port 18789:

00000000:4965 -> 00000000:0000 [LISTEN]
0100007F:4965 -> 0100007F:C998 [CLOSE_WAIT]
0100007F:4965 -> 0100007F:E732 [CLOSE_WAIT]
0100007F:4965 -> 0100007F:E29C [CLOSE_WAIT]
... (one CLOSE_WAIT per probe attempt)

Each probe leaves a CLOSE_WAIT — server accepted the TCP connection, peer eventually closed, server never close()'d its side. Classic Node await-never-resolves signature.

Cascading downstream symptoms

The dispatch deadlock causes:

1. Slack provider stalls after channels resolved with no socket mode connected line. The slack plugin needs an internal handshake to the gateway HTTP/WS path during init, and that handshake hangs.

2. session-write-lock held for 200,000+ ms (max 15,000 ms expected) — the agent grabs the lock to process a request, model call hangs because of the upstream dispatch issue, lock held for minutes. New Slack DMs queue behind it indefinitely.

3. stuck session: sessionId=main sessionKey=agent:main:main state=processing age=595s queueDepth=0 — the same agent session sits "processing" for ~10 minutes, gets watchdog-released, and the next request immediately stucks the same way. Self-perpetuating.

4. [ws] ⇄ res ✗ nativeHook.invoke errorCode=INVALID_REQUEST errorMessage=native hook relay not found — slack plugin tries to invoke a hook it registered on the gateway. Registration succeeded silently but the gateway's registry doesn't have it on lookup. Strongly suggests plugin registry mismatch / multiple registry instances.

5. 5 plugin(s) failed to initialize (validation: anthropic, codex, memory-core, openai, slack) — sometimes appears after restart, sometimes doesn't. When it does, the codex agent harness isn't registered, so embedded agent requests fail with Requested agent harness "codex" is not registered and PI fallback is disabled. Even the fallback to anthropic fails because that plugin also failed validation. Inconsistent run-to-run.

6. [skills] watcher error: EACCES: permission denied, watch '/home/node/.openclaw' (and stat of various subpaths) — the skills watcher subsystem can't traverse ~/.openclaw/ because it's drwx------ root:root (Windows-NTFS bind-mount default mode 0700 owned by uid 0). New behavior in 2026.4.x. Workaround: chown the dir to node before startup.

7. [heartbeat] failed: EACCES: permission denied, mkdir '/home/node/.openclaw/workspace' — heartbeat subsystem tries to mkdir an already-existing bind-mount sub-mount. Same root cause.

8. Plugin runtime-deps mirror-lock contention: on first 2026.4.24/.26 startup, plugin runtime deps install into ~/.openclaw/plugin-runtime-deps/openclaw-<version>-<hash>/. If the previous startup died holding the mirror-lock, subsequent startups wait 5 minutes per-plugin (300050ms timeout) for the lock and give up loading that plugin. Lock dir at ~/.openclaw/plugin-runtime-deps/<id>/.openclaw-runtime-mirror.lock/owner.json persists across container restarts. Have to manually rm -rf the lock dir to recover.

9. Cannot find module '.../slack/pipeline.runtime-<hash>.js' — slack plugin's runtime-deps install reports success, but at least one bundle file is silently missing on first install. Eventually self-resolves on a later startup.

10. openclaw doctor --fix writes openclaw.json with 0600 root:root perms when invoked via docker exec -t (which inherits compose user: "0:0"). The gateway then can't read its own config and fails restart loop with "Missing config. Run openclaw setup or set gateway.mode=local". Have to chown the file manually to recover.

11. pending.json/paired.json parse-handle race: [gateway] parse/handle error: JsonFileReadError: Failed to read JSON file: ~/.openclaw/devices/pending.json fires every 30s. Files exist and are valid JSON. Probably racing with atomic-rename .tmp swap.

12. 2026.4.24+ silently rewrites openclaw.json on first start: agents.defaults.model.primary from codex/gpt-5.4 to openai/gpt-5.4, adds openai plugin entry. Persists across rollback to .23 — manual revert needed. (Note: the openai provider in 2026.4.x does work with codex/ChatGPT OAuth via the agentRuntime: {id: "codex"} runtime, but the rewrite caught us off guard initially.)

What works on 2026.4.23 with the same setup

• /healthz returns HTTP 200 in ~20ms
• All plugins load without validation failures
• Slack socket-mode connects within ~30s of ready
• Session-write-lock acquired/released in milliseconds
• No nativeHook registry mismatches
• No plugin-runtime-deps install needed (.23 doesn't use that mechanism)

Diagnostic data we collected

• gateway process state (Sl/Rl, CPU %, thread count, all wchan=0 sleeping)
• TCP socket state (LISTEN + N CLOSE_WAIT accumulating)
• Stability bundles in ~/.openclaw/logs/stability/ (only one from a MODULE_NOT_FOUND during very first .24 attempt; nothing for the dispatch deadlocks themselves)
• openclaw plugins list output (6 plugins enabled — most plugins are still 2026.4.25 in the .26 release, only cerebras/migrate-claude/qqbot bumped to .26)
• Full container logs from multiple startup attempts

Happy to attach files / run additional diagnostics on request.

What I tried and what did/didn't help

Step	Effect
chown -R node:node ~/.openclaw/{tasks,memory,flows,extensions,plugin-runtime-deps,node_modules}	Fixes lots of unrelated EACCES errors but does not fix dispatch deadlock
chown node:node ~/.openclaw (the bind-mount root, mode 0700)	Fixes [skills] watcher EACCES storm and [heartbeat] mkdir EACCES
rm -rf ~/.openclaw/plugin-runtime-deps/<id>/.openclaw-runtime-mirror.lock/	Unblocks plugin loading after a stuck-lock startup
chown node:node ~/.openclaw/openclaw.json	Fixes "Missing config" restart-loop after openclaw doctor --fix
openclaw doctor --fix (interactive)	Migrates legacy embeddedHarness → agentRuntime, but writes config with bad perms (see above)
Renaming sessions.json aside	Caused a different startup hang; restoring fixed that
compose down && up --force-recreate	Doesn't help — same regression
Rolling back to 2026.4.23 (retag local image, restore openclaw.json from pre-update commit, wipe stale node_modules + plugin-runtime-deps)	Fully restores working state

Compose context

services:
  gateway:
    image: openclaw-bot:latest    # FROM ghcr.io/openclaw/openclaw:latest
    user: "0:0"
    entrypoint: ["/bin/sh", "/usr/local/bin/fix-codex-perms.sh", "docker-entrypoint.sh"]
    command: ["node", "dist/index.js", "gateway", "--bind", "lan", "--port", "18789"]
    volumes:
      - ./config:/home/node/.openclaw
      - ./workspace:/home/node/.openclaw/workspace
      # plus ./config/codex-config:/home/node/.codex etc.

fix-codex-perms.sh chowns ~/.codex/, ~/.openclaw/{tasks,memory,flows,cron,delivery-queue,node_modules,plugin-runtime-deps}, strips world-writable bits on ~/.openclaw/extensions/*/, then runuser -u node -- "$@".

Asks

1. Is this dispatch deadlock a known issue you're tracking? It's been present in three consecutive releases (.24, .25, .26).
2. Would adding ~/.openclaw/ itself (the bind-mount root) and ~/.openclaw/openclaw.json to whatever owns initial perm setup help, or is the breakage independent of that?
3. Any way to enable verbose dispatcher logging that would capture why the dispatcher is stuck post-ready?
4. Can you confirm whether the openai/gpt-5.4 provider is intended to work with ChatGPT OAuth (via codex runtime) or whether the auto-migration in .24+ should be conditional on actual API-key auth being present?

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. The reporter separated the runtime-deps/bind-mount fixes from the remaining event-loop starvation with a v2026.4.29 named-volume retest, and current main shows more mitigations and diagnostics but no current-main Windows Docker Slack retest or main-thread profile proving HTTP/WS dispatch stalls are gone.

Reproducibility: yes. for the affected release band: the issue provides a concrete Windows 11 Docker Desktop compose setup, rollback evidence, named-volume retests, and measured eventLoopDelayMaxMs spikes. It is not yet a high-confidence current-main reproduction because current main has additional post-v2026.4.29 mitigations that were not retested here.

Next step
Needs maintainer-owned Windows Docker profiling before a narrow repair branch can be scoped safely.

Review details

Best possible solution:

Keep this as the focused tracker until maintainers capture a current-main or latest-release Windows Docker Desktop profile during an event-loop-delay spike, then fix the specific blocking startup or periodic work and verify probes, Gateway WS RPC, Slack ping/pong, and Slack DMs stay responsive.

Do we have a high-confidence way to reproduce the issue?

Yes for the affected release band: the issue provides a concrete Windows 11 Docker Desktop compose setup, rollback evidence, named-volume retests, and measured eventLoopDelayMaxMs spikes. It is not yet a high-confidence current-main reproduction because current main has additional post-v2026.4.29 mitigations that were not retested here.

Is this the best way to solve the issue?

Unclear. Current main's probe fast path, startup deferral, diagnostics, runtime-deps cleanup, and hot-path reductions are plausible mitigations, but the best fix depends on a current-main CPU profile or stack trace from the blocking window.

Acceptance criteria:

• Run a current-main packaged or Docker build on Windows 11 Docker Desktop with the reporter-style config bind mount, named plugin-runtime-deps layout, Slack enabled, and the same Gateway port/probe setup.
• Enable OPENCLAW_GATEWAY_STARTUP_TRACE=1, OPENCLAW_DIAGNOSTICS=timeline, and OPENCLAW_DIAGNOSTICS_EVENT_LOOP=1, then capture a Node CPU profile or main-thread stack during an eventLoopDelayMaxMs spike.
• Verify /healthz, /readyz, Gateway WebSocket status/RPC, Slack Socket Mode ping/pong, and an inbound Slack DM through startup and a quiet post-ready window.

What I checked:

• Reporter retest still isolates the core stall: The provided v2026.4.29 update says runtime-deps, stale-lock, missing-bundle, and EACCES symptoms improved, but eventLoopDelayMaxMs still reached 135828.3ms during startup and 38822.5ms post-ready, with /healthz, /readyz, Slack ping/pong, and Slack DMs affected.
• Current HTTP probes are fast-pathed but cannot run during event-loop starvation: Current main serves /healthz before loading config and puts probes before the staged HTTP route chain, which fixes stalled later handlers but still depends on the Node event loop being able to execute. (src/gateway/server-http.ts:539, d122a3492d17)
• HTTP dispatch remains cooperative ordered async stages: runGatewayHttpRequestStages awaits each stage; thrown/rejected stages can be skipped only when marked continueOnError, but the dispatcher does not identify or preempt synchronous main-thread blocks like the reporter measured. (src/gateway/server-http.ts:373, d122a3492d17)
• WebSocket RPC still runs through the normal Gateway handler path: The WebSocket message handler dynamically imports and awaits handleGatewayRequest in an async task, with rejection handling but no per-request or event-loop-starvation isolation. (src/gateway/server/ws-connection/message-handler.ts:1598, d122a3492d17)
• Startup/plugin work has been deferred but not proven fixed for this report: Current main disables runtime plugin loading in plugins.bootstrap and then loads startup plugins during post-attach runtime before sidecars, which is a useful responsiveness change but still awaits plugin/runtime and sidecar work before the normal ready path completes. (src/gateway/server.impl.ts:599, d122a3492d17)
• Diagnostics exist, but they measure rather than root-cause the remaining block: Docs expose OPENCLAW_GATEWAY_STARTUP_TRACE, diagnostics timeline, and event-loop samples; the issue still needs a CPU profile or stack capture during a current-main eventLoopDelay spike. Public docs: docs/cli/gateway.md. (docs/cli/gateway.md:114, d122a3492d17)

Likely related people:

• steipete: Recent history on server.impl.ts and server-startup-post-attach.ts covers duplicate config load removal, pricing deferral, plugin dependency simplification, startup handshakes, and sidecar responsiveness around the affected startup/runtime path. (role: recent maintainer and likely follow-up owner; confidence: high; commits: 598004089454, 0e8bd8e75c4c, 250376f88577; files: src/gateway/server.impl.ts, src/gateway/server-startup-post-attach.ts, src/plugins)
• vincentkoc: Recent path history and current blame cover Gateway HTTP probe fast paths, deferred HTTP/auth/plugin imports, readiness event-loop diagnostics, heartbeat/reload changes, and related docs. (role: gateway responsiveness and diagnostics owner; confidence: high; commits: 1497425b8dbb, 04be516926da, c7d77f8c7b93; files: src/gateway/server-http.ts, docs/cli/gateway.md, docs/gateway/heartbeat.md)
• shakkernerd: Recent work added diagnostics timeline support and cold plugin metadata paths that overlap the requested startup/event-loop observability and plugin-load triage surfaces. (role: diagnostics and plugin metadata adjacent owner; confidence: medium; commits: 097eed8cd8b4, e69da9d5781c; files: src/gateway/server.impl.ts, src/plugins, docs/cli/gateway.md)

Remaining risk / open question:

• Current main includes substantial post-v2026.4.29 hot-path work that has not been retested in the reporter's Windows Docker Desktop Slack setup.
• The measured event-loop block still lacks a captured CPU profile or main-thread stack, so the root cause could sit in plugin runtime loading, channel sidecars, session/task scanning, heartbeat/cron, Bonjour, or another periodic startup path.
• A narrow automated fix PR would be speculative until maintainers identify the blocking stack during a current-main reproduction.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d122a3492d17.

[purpleant]

Update — tested the docs-recommended named-volume layout; helps startup but not dispatch

Thanks @clawsweeper for the detailed pointers. The note about plugin runtime deps belonging on a named Docker volume rather than the bind mount was the key actionable item — I rebuilt my docker-compose.yml to match the reference compose for those mounts:

services:
  bot1-gateway:
    environment:
      OPENCLAW_PLUGIN_STAGE_DIR: /var/lib/openclaw/plugin-runtime-deps
      OPENCLAW_DISABLE_BONJOUR: "1"
    volumes:
      - ./config:/home/node/.openclaw                                                   # bind mount (config)
      - ./workspace:/home/node/.openclaw/workspace                                      # bind mount (workspace)
      - openclaw-plugin-runtime-deps:/var/lib/openclaw/plugin-runtime-deps              # named volume (NEW)
      # ...other application mounts unchanged

volumes:
  openclaw-plugin-runtime-deps:

Also extended my entrypoint wrapper to chown the new mount path to node before dropping privileges, since Docker creates named volumes root-owned by default and the gateway runs as node:

mkdir -p /var/lib/openclaw/plugin-runtime-deps
chown -R node:node /var/lib/openclaw/plugin-runtime-deps

What this fixed

• Plugin runtime deps install dropped from ~375–460s → ~65s (single batch, no retries)
• Total time from gateway loading configuration… → ready dropped from ~700s → ~145s
• Gateway ready reached cleanly with all 4 plugins (codex, lossless-claw, memory-core, slack) on first try
• slack socket mode connected fired immediately at +0s after ready, with no failed-handshake retry cluster
• The Cannot find module '.../slack/pipeline.runtime-*.js' symptom (incomplete bundle) didn't recur — npm install completed cleanly into the named volume
• The plugin-runtime-deps mirror-lock contention (Timed out waiting for bundled runtime deps lock from previous attempts) didn't recur — fresh volume, no stale lock state

This confirms the bind-mount-contention hypothesis for those specific symptoms. Switching to the named volume per the docs is the correct fix for the install/startup-cost issues, and OpenClaw's reference compose was right. I'll keep this layout going forward regardless of which release is deployed.

What did NOT change with the named-volume layout

The post-ready dispatch deadlock persists unchanged on 2026.4.26 with the new layout. Same signature as the original report:

00:46:53 [slack] socket mode connected         ← clean initial connect
00:49:37 [ws] handshake timeout                ← +3 min: internal WS handshake from slack provider hangs
00:49:37 [slack] connect error: gateway request timeout for connect
00:49:37 [slack] failed to start native approval handler: Error: gateway request timeout for connect
00:49:38 [ws] ⇄ res ✓ exec.approval.list 309ms ← some dispatch DOES complete
00:51:35 [WARN] socket-mode:SlackWebSocket A pong wasn't received from the server before the timeout of 5000ms!
00:51:35 [WARN] socket-mode:SlackWebSocket A ping wasn't received from the server before the timeout of 30000ms!
00:51:35 [slack] socket disconnected (disconnect)
00:53:26 [health-monitor] [slack:default] health-monitor: restarting (reason: disconnected)
00:54:23 [slack] socket mode connected         ← reconnects
00:55:26 [WARN] pong wasn't received           ← then drops again
... loop continues

Operational impact: Slack DMs to the bot remain unreliable. Some inbound exec.approval.list-style RPCs over the internal WS complete, but the slack provider's keep-alive ping/pong path is starved (event loop blocked >5s repeatedly), so the slack socket flaps and DMs queued during a flap window go nowhere.

This eliminates the bind-mount file-op contention theory for the dispatch deadlock specifically. The dispatcher hang is independent of where plugin runtime deps live — it's something about request-handler dispatch under load (or under specific request shapes). Aligns with @clawsweeper's source-level observation that runGatewayHttpRequestStages (src/gateway/server-http.ts:373) and the WS message handler (src/gateway/server/ws-connection/message-handler.ts:1576) lack per-request timeouts in current main — a never-resolving handler in those paths would produce exactly this signature.

Other observations from this round

• OPENCLAW_DISABLE_BONJOUR: "1" env var did not appear to silence the recurring "gateway request timeout for connect" cluster that fires ~2–3 min after every startup. Either bonjour isn't the actual source of that cluster (more likely, given it correlates with internal-WS dispatch issues), or the env var isn't being honored on 2026.4.23/.26 with our compose shape. Worth noting because the docker-compose.yml env comment implies setting it should suppress related noise.
• agents.defaults.embeddedHarness → agents.defaults.agentRuntime migration: openclaw doctor --fix correctly migrated this on Bragi (config that came forward through the .24 → .26 chain). On a clean .23-direct-to-.26 upgrade (Kvasir), 2026.4.26 wrote the new agentRuntime: {id: "codex"} schema directly without going through the legacy intermediate, so doctor wasn't needed. This is consistent and well-behaved — just noting that the upgrade path matters for whether doctor needs to run.
• openclaw doctor --fix invoked via docker exec -t writes the rewritten openclaw.json with mode 0600 owned by root:root (because docker exec inherits compose's user: "0:0" override). The gateway then can't read its own config and goes into Missing config. Run openclaw setup or set gateway.mode=local restart-loop. Manual chown node:node openclaw.json && chmod 644 recovers. This part of src/config/io.ts (the chown hint @clawsweeper called out) could probably be smarter about preserving the file's owning UID across a doctor rewrite — or doctor could be aware of it.

Current state on my side

• Bot1 rolled back to 2026.4.23 (plus the new named-volume layout which is forward-compatible)
• Bot2 + Bot3 staying on 2026.4.23 with the original layout until either (a) Bot1 gets fully working on a future release or (b) a maintainer confirms the dispatch fix
• Happy to test fresh builds from main or any candidate fix on Windows + Docker Desktop with our exact compose shape — both with the named-volume layout (now baseline) and on a fresh container if you'd like a control. Just point me at what to deploy.

Re-confirms the original report: this is a real upstream regression in the dispatcher, not a misconfiguration on our end. The named-volume change is a meaningful win on its own and clears the install-side of the failure cascade, but the dispatch deadlock is unaffected.

[MaiHHConnect]

💬 我也在做记忆系统相关的工作：CausaMem，可以来看看，说不定有能借鉴的地方 🙂

[purpleant]

Update — tested 2026.4.27 on Bot1; new liveness diagnostics nail the symptom (event-loop delay 103s)

@clawsweeper — thanks for the detailed code references in your earlier review. 2026.4.27 fixed several of the surrounding pain points we reported (named-volume default for plugin runtime deps, longer Slack pong timeout, mirror-lock fingerprint precompute, in-process Docker restart). The named-volume change in particular eliminated all the install-time symptoms cleanly.

But .27 also added new liveness diagnostics that pin down the underlying dispatcher hang you flagged at server-http.ts:373 / message-handler.ts:1576. The smoking gun:

[diagnostic] liveness warning: reasons=event_loop_delay,event_loop_utilization
  interval=107s
  eventLoopDelayP99Ms=31.9
  eventLoopDelayMaxMs=103146.3       ← 103-SECOND event-loop block
  eventLoopUtilization=0.963         ← 96% event loop utilization
  cpuCoreRatio=0.271
  active=0 waiting=0 queued=0

That fired during startup. Subsequent intervals show the same pattern continuing:

11:35:18 [diagnostic] liveness warning: reasons=event_loop_delay
  interval=33s eventLoopDelayMaxMs=13262.4 eventLoopUtilization=0.783

11:38:11 [diagnostic] liveness warning: reasons=event_loop_delay
  interval=30s eventLoopDelayMaxMs=2250.2 eventLoopUtilization=0.134

Visible downstream effects on this same run:

11:35:55 [WARN] socket-mode:SlackWebSocket A pong wasn't received from the server before the timeout of 15000ms!
11:35:55 [WARN] socket-mode:SlackWebSocket A ping wasn't received from the server before the timeout of 30000ms!
11:36:11 [slack] socket disconnected (disconnect). retry 1/12 in 2s
11:36:39 [slack] socket mode connected
...
11:39:11 [diagnostic] stuck session: sessionId=main sessionKey=agent:main:main state=processing age=147s queueDepth=1
11:39:42 [diagnostic] stuck session: sessionId=main sessionKey=agent:main:main state=processing age=177s queueDepth=1

So an inbound Slack DM landed in the queue (queueDepth=1) and is sitting there waiting on the deadlocked dispatcher. Slack DM remains unresponsive to the user.

Net read on .27 versus the original report:

Symptom	Status on .27
Plugin runtime deps install on Windows-NTFS bind mount (slow / lock-contention / incomplete bundles)	Fixed — named volume is now default
slack pipeline.runtime-*.js missing after install	Fixed (no recurrence)
5-minute mirror-lock waits / Timed out waiting for bundled runtime deps lock	Fixed (precompute fingerprints + prune stale)
5s Slack pong timeout firing constantly during the post-ready handshake-recovery cluster	Fixed (default 15s + tunable). Note: 15s STILL gets exceeded on this setup because the event-loop block is >15s, see below
Event-loop blocked >100s during startup; recurring multi-second blocks afterward	Not fixed. 2026.4.27 newly measures it via the liveness warning diagnostic, but doesn't bound it.
nativeHook.invoke ... native hook relay not found	Not seen on this run, but startup was short enough we may not have hit the registry-mismatch window
[gateway] parse/handle error: JsonFileReadError: Failed to read JSON file: ~/.openclaw/devices/pending.json	Not seen on this run; the device-pairing recovery in .27 may have addressed it
[skills] watcher error: EACCES: permission denied, watch '/home/node/.openclaw'	Not seen this run (chown of .openclaw/ to node was already in our entrypoint)
[heartbeat] failed: EACCES: permission denied, mkdir '/home/node/.openclaw/workspace'	Not seen this run (same chown)
openclaw doctor --fix writes openclaw.json with mode 0600 root-owned, gateway can't read it	Not exercised this run; doctor wasn't needed

The remaining blocker is the event-loop block itself. 100+ seconds of synchronous-or-pseudo-sync work on the main thread starves Slack ping/pong, the WS dispatcher, and any queued sessions. The liveness warning's active=0 waiting=0 queued=0 (during startup) suggests the block is internal to a single handler stack rather than externally-imposed (no in-flight WS requests, no waiters). Could be heavy synchronous JSON parse, a large await on something that never resolves quickly, or a sync IO call against something slow. Hard to narrow without a CPU profile.

Repro environment unchanged from the original issue body: Windows 11 + Docker Desktop (WSL2) + the named-volume layout that .27 now defaults to (we already had it via OPENCLAW_PLUGIN_STAGE_DIR). Image: ghcr.io/openclaw/openclaw:2026.4.27 (digest sha256:3134a35220d503a67d3de12ee63bc6dfaf171425c0d7d75034636a09c81babd3).

Things I can run on this setup if it would help maintainers chase this:

• Capture a Node CPU profile / heap snapshot (e.g., OPENCLAW_GATEWAY_STARTUP_TRACE=1, node --prof, --cpu-prof) — happy to enable any flag you point at
• Bisect by disabling individual plugins / agentRuntime to narrow which subsystem is doing the blocking work
• Run with pingPongLoggingEnabled to confirm whether pong replies are being generated at all (or just delivered late)

Rolling Bot1 back to 2026.4.23 again for now so Slack DMs work. Bot2 + Bot3 staying on .23 with the original layout. Will keep the named-volume layout on Bot1 so the next release upgrade is one variable cleaner.

[purpleant]

Update — tested 2026.4.29; many adjacent fixes landed but event-loop block persists, with measurements

@clawsweeper — 2026.4.29's release notes covered a lot of ground that mapped onto this issue (event-loop-aware WS connection opening, conservative stuck-session recovery, heartbeat.skipWhenBusy, runtime-deps lock PID expiry, /readyz eventLoop diagnostic block, plus a long list of adjacent gateway/dispatch/session improvements). Real progress — and worth saying out loud, the surrounding cleanup made a noticeable difference. But the underlying event-loop block this issue is tracking is still present on Windows + Docker Desktop with the named-volume layout.

Tested on bot1 with image ghcr.io/openclaw/openclaw:2026.4.29 (digest sha256:2c56a23cb2fe826a0d521bf6d61c8e4bb4e4201274f358eccddf5876393155ae). Compose layout matches .29's reference (named volume for plugin-runtime-deps, OPENCLAW_PLUGIN_STAGE_DIR=/var/lib/openclaw/plugin-runtime-deps).

What .29 clearly fixed for us

• Plugin runtime deps install is now near-instant on subsequent boots — anthropic installed bundled runtime deps in 54ms (the cache decisions and fingerprint precompute work paid off; deps are reused, not redownloaded)
• No more Cannot find module .../slack/pipeline.runtime-*.js
• No more 5-minute mirror-lock waits on stale owner.json files
• agent_model: openai/gpt-5.4 resolved without doctor intervention (the .26-era legacy embeddedHarness migration is fully baked-in now; clean upgrade path from .23 → .29)
• No EACCES storms from the skills watcher on ~/.openclaw/

What still reproduces on .29

bot1 log timeline after upgrade and compose down + build --pull + up:

23:21:30  starting...                          (plugin runtime deps install begins)
23:24:20  liveness warning: eventLoopDelayMaxMs=135828.3, eventLoopUtilization=0.948
                                               ← 135-second event-loop block during startup,
                                                 active=0 waiting=0 queued=0 (no in-flight requests)
23:24:23  http server listening (4 plugins: codex, lossless-claw, memory-core, slack; 271.1s)
23:24:24  ready
23:24:24  channels resolved: ai-team, ...
23:25:07  [ws] handshake timeout
23:25:07  [slack] connect error: gateway request timeout for connect
23:25:07  [slack] failed to start native approval handler: Error: gateway request timeout for connect
23:25:08  [slack] socket mode connected             ← outbound to slack.com works
23:25:08  [ws] closed before connect (1008)         ← internal slack→gateway WS handshake fails
23:25:10  [ws] ⇄ res ✓ exec.approval.list 329ms     ← later WS request DOES succeed
23:25:11  [slack] socket disconnected (disconnect). retry 1/12 in 2s
23:25:14  [slack] socket mode connected
23:26:37  liveness warning: eventLoopDelayMaxMs=1427.1, EL utilization=0.05    ← quiet period
23:29:37  liveness warning: eventLoopDelayMaxMs=1017.1, EL utilization=0.057   ← quiet period
23:32:06  liveness warning: eventLoopDelayMaxMs=38822.5, EL utilization=0.886  ← 38-second block!
                                               (active=0 waiting=0 queued=0)
23:32:06  [WARN] socket-mode A pong wasn't received from the server before the timeout of 15000ms!
23:32:06  [WARN] socket-mode A ping wasn't received from the server before the timeout of 30000ms!
23:32:06  [slack] socket disconnected (disconnect). retry 1/12 in 2s

Slack DMs to bot1 do not get processed during these blocked windows.

Notable: /readyz itself hangs during a block

Tried hitting the new /readyz endpoint from inside the container during one of the post-ready blocks:

$ curl -sv -m 10 http://127.0.0.1:18789/readyz
> GET /readyz HTTP/1.1
> Host: 127.0.0.1:18789
* Operation timed out after 10001 milliseconds with 0 bytes received

/healthz likewise hangs. So the new eventLoop diagnostic block in /readyz is unreachable exactly when you'd want it — when the loop is blocked. The structured liveness warning log entries are reachable (they're internal scheduled metrics output), so for our setup those remain the only way to read what's happening.

What the warnings imply

eventLoopDelayMaxMs=135828.3 with active=0 waiting=0 queued=0 during startup is significant. Nothing in the request-handler queue, but the loop was blocked for 135 seconds. That suggests the source isn't an unresolved request handler (which the .29 work targeted) — it's something else doing synchronous-or-pseudo-sync work on the main thread during boot. Candidates we could rule in/out with maintainer guidance:

• A single startup pass (cron/heartbeat job catalog rehydration, sessions.json parse, lossless-claw lcm.db open) doing big sync work
• A plugin's lifecycle hook with a long built-in timeout that the .29 hook-budget refactor hasn't reached yet (analogous to the Active Memory 150s budget the .29 notes mention fixing)
• A Node/V8-level thing like a JIT recomp or GC stop-the-world during heavy startup allocations

The 38-second block at 23:32:06 (well after ready) is harder to attribute — no inbound traffic, no logged plugin activity, no agent run kicked off in that window. Looks like a periodic sync pass.

What we'd find useful upstream

1. A way to dump the v8 stack of the main thread when a liveness warning fires above a threshold (e.g., --cpu-prof on signal, or built-in async-stack capture on eventLoopDelayMaxMs > N). Right now we can see the symptom but not the source.
2. The OPENCLAW_GATEWAY_STARTUP_TRACE=1 flag mentioned in earlier reviews — does it work on .29? If so what does it produce, and is it reachable from our setup?
3. Confirmation that heartbeat.skipWhenBusy is the right knob if our 30-min heartbeat coincides with one of these blocked windows on .23 (we see DMs back up behind heartbeats today on .23 already).

Where this leaves us

Rolling bot1 back to 2026.4.23 again so DMs stay reliable. Keeping the named-volume compose layout because .29 makes it the default anyway. bot2/bot3 remain on .23 with the legacy compose layout.

We're more than happy to run any specific data-capture flag, build, or bisect step against this exact setup — Windows 11 + Docker Desktop (WSL2) + named volume for plugin-runtime-deps + bind mount for ~/.openclaw/ config. Just let us know what you need.