fix(gateway): expose runtime version in gateway status

[galiniliev]

Summary

Describe the problem and fix in 2–5 bullets:

• Problem: openclaw gateway status / MCP gateway_status could not reliably surface the running gateway version in all probe paths.
• Why it matters: post-update smoke checks and operator verification need one status response that confirms both reachability and runtime version.
• What changed: gateway status now carries a version field through daemon probe/gather/print paths, including a read-probe fallback to status.runtimeVersion when hello metadata is unavailable.
• What did NOT change (scope boundary): no gateway auth model changes, no new RPC methods, and no config schema/CLI flag changes.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Expose gateway version in gateway status / MCP gateway_status output #56222
• Related fix(daemon): surface probe close reasons #56282
• This PR fixes a bug or regression

Root Cause (if applicable)

For bug fixes or regressions, explain why this happened, not just what changed. Otherwise write N/A. If the cause is unclear, write Unknown.

• Root cause: read-probe status flow treated version as handshake-derived metadata; when the post-status auth probe was unavailable/inconclusive, runtime version was dropped.
• Missing detection / guardrail: no focused test asserted read-probe fallback to status.runtimeVersion.
• Contributing context (if known): earlier probe optimization reduced detail reads and made the version source-path asymmetry more visible.

Regression Test Plan (if applicable)

For bug fixes or regressions, name the smallest reliable test coverage that should catch this. Otherwise write N/A.

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/cli/daemon-cli/probe.test.ts, src/cli/daemon-cli/status.gather.test.ts, src/cli/daemon-cli/status.print.test.ts, src/cli/daemon-cli.coverage.test.ts
• Scenario the test should lock in: require-rpc path still reports gateway version when handshake probe metadata is missing, and status output/JSON surfaces that version.
• Why this is the smallest reliable guardrail: these tests exercise the exact data handoff seam (probe -> gather -> print/json) without requiring full daemon e2e.
• Existing test that already covers this (if any): none for this specific fallback path before this PR.
• If no new test is added, why not: N/A

User-visible / Behavior Changes

• openclaw gateway status text output can show Gateway version: <version> when probe data provides it.
• openclaw gateway status --json includes gateway.version when probing is enabled (including read-probe fallback from status.runtimeVersion).

Diagram (if applicable)

Before:
[gateway status --require-rpc] -> [status RPC ok, auth probe missing metadata] -> [version omitted]

After:
[gateway status --require-rpc] -> [status RPC ok] -> [read runtimeVersion fallback] -> [gateway.version populated]

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: Linux
• Runtime/container: local CLI workspace
• Model/provider: N/A
• Integration/channel (if any): Gateway CLI / MCP gateway status path
• Relevant config (redacted): default local probe settings; no new config keys

Steps

1. Run openclaw gateway status --json (or --require-rpc) where status RPC succeeds.
2. Ensure auth/hello metadata path is unavailable/inconclusive for version (simulated in probe tests).
3. Inspect gateway.version and text output.

Expected

• Status response includes runtime version when available from either handshake metadata or status.runtimeVersion fallback.

Actual

• After fix, version is preserved and surfaced through probe/gather/print flows.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Snippets:

• pnpm test src/cli/daemon-cli/probe.test.ts (pass)
• pnpm check:changed (pass)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: targeted probe tests pass; changed-gate passes; branch diff confirms version propagation through probe -> gather -> print.
• Edge cases checked: read-probe fallback when auth probe metadata is unavailable; version omitted handling remains safe when value is null.
• What you did not verify: live remote gateway deployment across mixed-version hosts.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: status version field can be null when probe disabled or version unavailable.
  • Mitigation: field is optional/null-safe and existing status behavior remains unchanged when data is absent.

[greptile-apps]

Greptile Summary

This PR exposes the gateway runtime version in openclaw gateway status output by capturing it from the WebSocket probe handshake metadata (server.version) and from the callGateway status RPC payload (runtimeVersion), with a fallback path when the probe handshake is unavailable. The version is surfaced in both the --json output (gateway.version) and the human-readable display (Gateway version:), and tests are added to cover both the happy-path and fallback scenarios.

Confidence Score: 4/5

Safe to merge; the one finding is a P2 semantic inversion in version-source priority that has no practical impact when both sources are present.

P2-only finding: the fallback chain in probe.ts places statusRuntimeVersion (RPC payload) at higher priority than authProbe.server.version (probe handshake), opposite to the stated intent. In practice both sources report the same version for the same running gateway, so this has no observable impact today. All other changes are straightforward and well-tested.

src/cli/daemon-cli/probe.ts — version source priority order on the requireRpc path.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/cli/daemon-cli/probe.ts
Line: 90

Comment:
**Version source priority is inverted from stated intent**

The PR description says "`statusRuntimeVersion` is a fallback when handshake metadata is unavailable", but the current operator precedence in `statusRuntimeVersion ?? result.authProbe?.server?.version ?? null` makes `statusRuntimeVersion` (RPC payload) the *primary* source and the probe handshake metadata the fallback. If the two sources ever diverge (e.g. a rolling deployment mid-flight), the RPC version wins silently. Per the stated intent the order should be reversed: prefer the more direct handshake metadata and fall back to the RPC payload.

```suggestion
      version = result.authProbe?.server?.version ?? statusRuntimeVersion ?? null;
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(gateway): expose runtime version in ..." | Re-trigger Greptile}

[clawsweeper]

💡 P2 Codex review Needs real behavior proof before merge

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

ℹ️ INFO Summary Review the changed behavior

The branch propagates the Gateway runtime version from handshake metadata or the status RPC payload into openclaw gateway status JSON/text output, with docs, changelog, and focused tests.

Reproducibility: yes. from source inspection, but not from a live run in this review. Current main exposes status.runtimeVersion, while the daemon read-probe path discards the status RPC payload and status text reads only rpc.server.version.

ℹ️ INFO PR rating Rate readiness from proof and patch quality

Overall 🦪 silver shellfish with proof 🧂 unranked krab and patch quality 🐚 platinum hermit.
The patch looks focused and source-supported, but the external PR remains below merge-ready quality until real behavior proof is added.

• Add redacted terminal output or a terminal screenshot from a real gateway run showing openclaw gateway status --json includes gateway.version.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

💡 P2 Real behavior proof Assess whether proof is merge-ready

Needs real behavior proof before merge: The PR reports tests and checks, but lacks after-fix terminal output, logs, screenshot, recording, or artifact from a real openclaw gateway status --json or --require-rpc run; private details should be redacted, and updating the PR body should trigger a fresh review or a maintainer can request @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

💡 P2 Risk before merge Resolve the remaining merge risk

• No after-fix real gateway run is posted yet, so maintainers do not have external proof that the CLI emits gateway.version outside mocked tests.
• The protected maintainer label means this PR should stay in explicit maintainer review rather than cleanup closure or unattended merge.

Maintainer options:

1. Decide the mitigation before merge
   Land this PR or an equivalent small patch after maintainer review and redacted real gateway status terminal proof, preserving the optional/null version behavior when probing is disabled or unavailable.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

ℹ️ INFO Next step before merge Take the next merge decision

Manual review is the right lane because the PR has a protected maintainer label and needs contributor-provided real behavior proof rather than an automated code repair.

✅ DONE Security No security blocker found

Cleared: The diff only changes CLI status data plumbing, docs, changelog, and tests; it does not add permissions, secret handling, dependencies, install scripts, or new network surfaces.

Review details

Best possible solution:

Land this PR or an equivalent small patch after maintainer review and redacted real gateway status terminal proof, preserving the optional/null version behavior when probing is disabled or unavailable.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection, but not from a live run in this review. Current main exposes status.runtimeVersion, while the daemon read-probe path discards the status RPC payload and status text reads only rpc.server.version.

Is this the best way to solve the issue?

Yes, the proposed shape is the narrow maintainable fix: reuse existing handshake metadata and status RPC runtimeVersion, keep existing server metadata, and avoid new RPC methods or config.

Label changes:

• add rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🧂 unranked krab, patch quality is 🐚 platinum hermit, and The patch looks focused and source-supported, but the external PR remains below merge-ready quality until real behavior proof is added.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR reports tests and checks, but lacks after-fix terminal output, logs, screenshot, recording, or artifact from a real openclaw gateway status --json or --require-rpc run; private details should be redacted, and updating the PR body should trigger a fresh review or a maintainer can request @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Label justifications:

• P3: This is a low-risk CLI/operator-status improvement with focused scope and no evidence of urgent runtime breakage.
• rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🧂 unranked krab, patch quality is 🐚 platinum hermit, and The patch looks focused and source-supported, but the external PR remains below merge-ready quality until real behavior proof is added.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR reports tests and checks, but lacks after-fix terminal output, logs, screenshot, recording, or artifact from a real openclaw gateway status --json or --require-rpc run; private details should be redacted, and updating the PR body should trigger a fresh review or a maintainer can request @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

What I checked:

• Current main drops the status RPC payload: On current main, the --require-rpc path calls callGateway({ method: "status" }) only as a health check and discards the returned status payload, so status.runtimeVersion cannot reach daemon status output. (src/cli/daemon-cli/probe.ts:73, 9eee202a694b)
• Current main only prints handshake server metadata: Current text output derives Gateway version: only from rpc.server.version, which is unavailable when the follow-up handshake probe fails after the read RPC succeeds. (src/cli/daemon-cli/status.print.ts:223, 9eee202a694b)
• Runtime version source exists: The gateway status handler returns getStatusSummary, and getStatusSummary includes runtimeVersion, so the PR is using an existing runtime status value rather than adding a new gateway RPC. (src/commands/status.summary.ts:278, 9eee202a694b)
• Patch addresses the prior review note: The latest PR diff prefers read-probe server metadata over status.runtimeVersion and adds tests for both the fallback and source-priority cases, matching the Greptile review concern recorded in the PR discussion. (src/cli/daemon-cli/probe.ts:103, 7eb423e03848)
• Real behavior proof is still missing: The PR body and latest author comment list targeted tests and checks, but do not include terminal output, logs, a screenshot, recording, or linked artifact from a real openclaw gateway status --json or --require-rpc run showing gateway.version. (7eb423e03848)
• Relevant history: Recent history shows the daemon status/probe surface was heavily maintained by gateway status refactors and probe fixes, including the current source snapshot and earlier probe-close-reason work. (src/cli/daemon-cli/probe.ts:72, 28beea9e881c)

Likely related people:

• steipete: Peter Steinberger appears repeatedly in recent daemon status gather/print history, including gateway auth, runtime conversion, and status-gather refactors around the affected CLI surface. (role: recent area contributor; confidence: high; commits: fd1e481624b7, 380eb1c072c1, 9e0d35869521; files: src/cli/daemon-cli/status.gather.ts, src/cli/daemon-cli/status.print.ts)
• Sebastien Tardif: The current checked-in versions of the central probe, gather, print, gateway probe, and status summary files are attributed to the recent plugin discovery threading commit in local history. (role: recent adjacent contributor; confidence: medium; commits: 28beea9e881c; files: src/cli/daemon-cli/probe.ts, src/cli/daemon-cli/status.gather.ts, src/cli/daemon-cli/status.print.ts)
• mbelinky: The merged probe-close-reason PR modified the same daemon and gateway probe files and is referenced as related context in this PR. (role: adjacent probe contributor; confidence: medium; commits: 0afd73c975af; files: src/cli/daemon-cli/probe.ts, src/gateway/probe.ts)
• heavenlost: The loopback detail probe and identity fallback fix changed the same daemon probe/gather and gateway probe path that this PR extends. (role: adjacent gateway status contributor; confidence: medium; commits: 3cbd4de95cdc; files: src/cli/daemon-cli/probe.ts, src/cli/daemon-cli/status.gather.ts, src/gateway/probe.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9eee202a694b.

ClawSweeper 🐠 · reviewed against 7eb423e.

[galiniliev]

Applied the requested compatibility update in 7eb423e03848d0247310ca2578c322690ef2e9b2.

What changed:

• Preserved rpc.server on probe results while adding top-level version as a convenience field.
• Set gateway.version from rpc.server?.version ?? rpc.version ?? null.
• Kept the human status skew-warning path working by reading rpc.server.version first, then falling back to gateway.version.
• Added focused probe/gather/print coverage and updated the gateway status docs/changelog.

Local verification before push:

• pnpm test src/cli/daemon-cli/probe.test.ts src/cli/daemon-cli/status.gather.test.ts src/cli/daemon-cli/status.print.test.ts src/cli/daemon-cli.coverage.test.ts -- --reporter=verbose
• pnpm check:changed
• git diff --check
• scoped pnpm exec oxfmt --check --threads=1 ... over the touched files
• pnpm docs:list

CI is running on the updated PR head now.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.

[galiniliev]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26141165245
• Updated: 2026-05-20T04:31:20.228Z

[galiniliev]

Landing verification for 7eb423e03848d0247310ca2578c322690ef2e9b2:

Local/source proof:

• Reviewed the updated diff against origin/main; probe now preserves rpc.server, adds top-level version, and gateway.version is derived from rpc.server?.version ?? rpc.version ?? null.
• Focused local commands previously run before pushing this head:
  • pnpm test src/cli/daemon-cli/probe.test.ts src/cli/daemon-cli/status.gather.test.ts src/cli/daemon-cli/status.print.test.ts src/cli/daemon-cli.coverage.test.ts -- --reporter=verbose
  • pnpm check:changed
  • git diff --check
  • scoped pnpm exec oxfmt --check --threads=1 ... over touched files
  • pnpm docs:list

CI/proof:

• CI run 26140779920: success on head 7eb423e03848d0247310ca2578c322690ef2e9b2.
• Real behavior proof run 26141408319: success on head 7eb423e03848d0247310ca2578c322690ef2e9b2.
• Live PR state before merge: MERGEABLE, merge state CLEAN, no pending or failed checks. Stale proof-needed labels were restored by automation, but the source-of-truth proof check is green.

Known proof gaps:

• No additional cross-OS/manual packaged smoke beyond the passing CI/proof lanes above.