Bug: bootstrap token path lacks rate limiting, lockout, and alerting on failed verifies

[fede-kamel]

Problem

Audit of the gateway bootstrap-token path turned up a cluster of DoS-shaped issues:

• No rate limit on pre-auth bootstrap-token verify (covered by Bug: pre-auth bootstrap-token verify allows mutex-stall DoS without rate limit #77978 / fix fix(gateway): rate-limit pre-auth bootstrap-token verify to prevent mutex DoS #77527).
• No rate limit on pre-auth device-signature verify (covered by Bug: pre-auth device-signature verify allows CPU-amplification DoS without rate limit #77979 / fix security fix(gateway): defend pre-auth device-signature verify against CPU DoS #77492).
• No lockout for repeated bad tokens.
• No alerting on failed verify storms.

This is the umbrella issue for the bootstrap-token DoS family. Originally filed as a PoC in PR form at #76322 (kept open as the discovery thread); separate fix PRs land each surface piecemeal so review can scope per-change.

Tracking PR

Discovery / PoC: #76322. Per-surface fixes: #77527 (bootstrap-token mutex), #77492 (device-signature CPU).

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 31, 2026, 1:05 AM ET / 05:05 UTC.

Summary
Codex review failed: codex execution failed.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e1a98171417c.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.