[Fix] Reject slow node event sends

[samzong]

Summary

• Problem: node outbound fanout accepted event writes even when the node WebSocket send buffer was already beyond the Gateway slow-consumer threshold.
• Solution: gate node event sends on MAX_BUFFERED_BYTES, close saturated node sockets with 1008 slow consumer, and return false without writing another frame.
• Changed surface: NodeRegistry normal/raw event sends plus a regression test for raw node fanout.
• Scope boundary: no node.invoke pending-limit changes, no subscription/runtime fanout rewrite, and no protocol or chat delta changes.

Motivation / Context

Slow node sockets should not be allowed to accumulate unbounded outbound event frames during fanout. The operator broadcast path already applies the Gateway slow-consumer threshold; node event sends now use the same bounded behavior at the send boundary.

Change Type

• Bug fix
• Feature
• Refactor
• Documentation
• Tests only
• Chore / CI / build
• Security

Scope

• CLI
• Gateway / orchestration
• Agent loop / tools
• Channels / messaging integrations
• Plugin runtime / SDK
• UI
• Docs
• Tests / infra

Linked Issue / PR

N/A - no linked issue.

• This PR fixes a bug or regression
• This PR is follow-up / cleanup
• This PR is exploratory and should not land as-is

Real behavior proof

Behavior addressed: a real node WebSocket whose server-side send buffer is already over the Gateway threshold is closed as a slow consumer, and the rejected node event is not written.

Real environment tested: local OpenClaw checkout on macOS, using an actual ws WebSocketServer plus WebSocket client, the Gateway createGatewayNodeSessionRuntime, and the patched NodeRegistry. The client TCP read side was paused with _socket.pause() so the server socket accumulated real WebSocket backpressure instead of using a fake bufferedAmount.

Exact steps or command run after this patch: node --input-type=module --import tsx - with a one-off proof script that starts a local WebSocket server/client pair, pauses the client TCP reader, registers the server socket as a node through createGatewayNodeSessionRuntime, subscribes that node to agent:main:main, sends subscribed chat frames until serverSocket.bufferedAmount > MAX_BUFFERED_BYTES, then calls NodeRegistry.sendEventRaw(...) with a final chat payload.

Evidence after fix:

{
  "transport": "real ws WebSocketServer + WebSocket client; client TCP read paused",
  "acceptedFramesBeforeThreshold": 13,
  "maxBufferedBytes": 52428800,
  "bufferedAmountBeforeRejectedSend": 54527815,
  "rejectedSendReturned": false,
  "serverSocketReadyStateAfterRejectedSend": 2,
  "sendCallsDeltaOnRejectedSend": 0,
  "bufferedAmountDeltaOnRejectedSend": 17,
  "closeCalledWith": {
    "code": 1008,
    "reason": "slow consumer"
  },
  "clientMessagesObservedBeforeResume": 0,
  "clientSawRejectedFrameBeforeResume": false
}

Observed result after fix: the socket crossed the 50 MiB threshold at 54527815 bytes, the rejected sendEventRaw() returned false, no additional WebSocket send call happened for that rejected event, and the actual server socket was moved to CLOSING with close(1008, "slow consumer").

What was not tested: a full managed Gateway process with a real paired node app on a remote slow network. This proof uses real local WebSocket transport and the Gateway node-session runtime path, but not the production pairing/client process.

Before evidence: the pre-fix regression returned true and wrote one frame with bufferedAmount = Number.MAX_SAFE_INTEGER; the added regression failed before the implementation with expected true to be false.

Root Cause

The node event send path in NodeRegistry did not consult WebSocket bufferedAmount before writing frames, while the operator broadcast path already rejected slow consumers. Subscription fanout preserved one-time payload serialization, but the final node socket send boundary had no slow-consumer guardrail.

Missing detection: there was no node-registry regression covering a saturated node socket.

Regression Test Plan

• Unit test added or updated
• Integration / E2E test added or updated
• Existing test coverage is sufficient
• Not testable in automation

Target: src/gateway/node-registry.test.ts

Scenario covered: a fake node socket with bufferedAmount = MAX_BUFFERED_BYTES + 1 rejects a raw event send, avoids socket.send, and closes the socket with 1008 slow consumer.

Existing guardrail: the same file still verifies the raw event envelope shape for successful sends.

User-visible / Behavior Changes

Slow node connections whose outbound WebSocket buffer exceeds the Gateway threshold are closed instead of accepting more node event frames.

Diagram / Data Flow

Before:

Gateway fanout -> saturated node socket -> additional frame queued

After:

Gateway fanout -> NodeRegistry buffer check -> close slow node socket -> no new frame

Security Impact

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

N/A - all answers are No.

Repro + Verification

Environment: local macOS checkout, Node through the repo wrapper for tests, plus a real local ws server/client pair for transport proof.

Steps:

1. Run the real WebSocket proof script described in the Real behavior proof section.
2. Run node scripts/run-vitest.mjs src/gateway/node-registry.test.ts --reporter=verbose.
3. Run node scripts/run-vitest.mjs src/gateway/gateway-misc.test.ts --testNamePattern "runtime forwards subscribed node payload json|routes events" --reporter=verbose.
4. Run git diff --check.

Expected: the real saturated node socket rejects the final event without a send call and closes with 1008 slow consumer; focused regression tests pass.

Actual: expected slow-consumer behavior observed in the real WebSocket proof output above; focused test runs passed.

Evidence

• Failing test / log before fix
• Passing test / log after fix
• Screenshot / recording
• CI run
• Manual QA notes

Additional checks run:

• node scripts/run-vitest.mjs src/gateway/node-registry.test.ts --reporter=verbose (Test Files 3 passed (3), Tests 51 passed (51))
• node scripts/run-vitest.mjs src/gateway/gateway-misc.test.ts --testNamePattern "runtime forwards subscribed node payload json|routes events" --reporter=verbose
• git diff --check
• codex review --uncommitted
• pre-ship review after commit: no must-fix issues

Human Verification

Verified scenarios:

• Real local WebSocket backpressure with paused client TCP reads and server-side bufferedAmount > MAX_BUFFERED_BYTES.
• Rejected raw node event returned false, made zero additional send calls, and closed the real server socket with 1008 slow consumer.
• Red/green regression for saturated raw node event sends.
• Full src/gateway/node-registry.test.ts focused suite.
• Subscription fanout target behavior in src/gateway/gateway-misc.test.ts.
• codex-review clean pass.
• Pre-ship review found no must-fix issues.

Edge cases considered:

• Invalid raw payload still returns false before the slow-buffer check matters.
• Missing node still returns false.
• Normal raw event envelope behavior is unchanged.
• Saturated node socket is closed instead of accepting another event frame.

Not verified:

• Full managed Gateway with a real paired remote node app under OS/network backpressure.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

N/A - no existing review conversations were addressed while preparing this PR.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

N/A - no migration is required.

Risks / Mitigations

Risk: slow nodes are disconnected sooner when their outbound WebSocket buffer remains over the Gateway threshold.

Mitigation: this uses the existing Gateway slow-consumer threshold and close policy, and the regression test locks the no-send behavior.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR adds a MAX_BUFFERED_BYTES guard to NodeRegistry event sends, closes saturated node WebSockets with 1008, emits a large-payload diagnostic, and adds a raw-send regression test.

Reproducibility: yes. Current main clearly sends NodeRegistry events without a bufferedAmount guard, and the PR body supplies a real local WebSocket backpressure proof plus a red/green raw-send regression scenario.

PR rating
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Summary: Strong real transport proof, focused implementation, and no blocking findings make this above-average, pending maintainer acceptance of the availability tradeoff.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body includes copied live output from a real local ws server/client backpressure setup showing the saturated node socket closed with 1008 and no rejected frame send.

Risk before merge

• Merging intentionally changes saturated node sockets from accepting another queued event frame to closing with 1008 once bufferedAmount exceeds MAX_BUFFERED_BYTES.
• Because node.invoke.request uses the same NodeRegistry send boundary, saturated node invokes will now fail fast with UNAVAILABLE and close the socket instead of enqueueing and later timing out.
• The supplied proof exercises real local ws transport and the gateway node-session runtime, but not a full managed Gateway with a remote slow node app under real network backpressure.

Maintainer options:

1. Accept NodeRegistry threshold parity (recommended)
   Land if maintainers agree saturated node sends should use the same MAX_BUFFERED_BYTES close policy already used by gateway broadcasts.
2. Ask for managed-node proof
   Request a redacted managed Gateway plus paired node run if local ws transport proof is not enough for this availability path.
3. Pause for node backpressure policy
   Pause this PR if maintainers want node event sends, node.invoke sends, drops, and disconnects decided as one explicit backpressure policy.

Next step before merge
No automated repair is indicated; maintainers should decide whether to accept the slow-node disconnect semantics and whether the supplied local ws proof is enough before merge.

Security
Cleared: The diff only adds bounded WebSocket send checks and a focused regression test; it does not change dependencies, CI, secrets, permissions, package execution, or credential handling.

Review details

Best possible solution:

Land the NodeRegistry guard if maintainers accept applying the existing Gateway slow-consumer close policy to node event and invoke sends, with normal CI/focused checks green.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main clearly sends NodeRegistry events without a bufferedAmount guard, and the PR body supplies a real local WebSocket backpressure proof plus a red/green raw-send regression scenario.

Is this the best way to solve the issue?

Yes. Reusing the existing Gateway MAX_BUFFERED_BYTES policy at the NodeRegistry send boundary is the narrow maintainable fix; the remaining question is maintainer acceptance of the disconnect semantics for slow nodes.

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied live output from a real local ws server/client backpressure setup showing the saturated node socket closed with 1008 and no rejected frame send.

Label justifications:

• P2: This is a focused gateway bug fix with limited blast radius, not an emergency or broad feature program.
• merge-risk: 🚨 availability: The PR deliberately closes slow node WebSockets and can make saturated node event or invoke workflows fail fast instead of continuing to queue frames.
• rating: 🦞 diamond lobster: Current PR rating is 🦞 diamond lobster because proof is 🦞 diamond lobster, patch quality is 🦞 diamond lobster, and Strong real transport proof, focused implementation, and no blocking findings make this above-average, pending maintainer acceptance of the availability tradeoff.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes copied live output from a real local ws server/client backpressure setup showing the saturated node socket closed with 1008 and no rejected frame send.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied live output from a real local ws server/client backpressure setup showing the saturated node socket closed with 1008 and no rejected frame send.

What I checked:

• Current main lacks the node send-buffer guard: On current main, NodeRegistry.sendEventInternal and sendEventRawInternal write directly to the node socket and only return false if send throws or the raw payload marker is invalid; there is no bufferedAmount check before writing. (src/gateway/node-registry.ts:659, ec7495c993a6)
• Existing gateway broadcast policy already closes slow consumers: The operator broadcast path already compares socket.bufferedAmount to MAX_BUFFERED_BYTES, logs a gateway.ws.outbound_buffer diagnostic, and closes non-droppable slow sockets with code 1008 and reason slow consumer. (src/gateway/server-broadcast.ts:152, ec7495c993a6)
• Shared threshold contract: MAX_BUFFERED_BYTES is the existing per-connection WebSocket send-buffer limit at 50 MiB, so the PR reuses an existing gateway constant rather than inventing a separate node threshold. (src/gateway/server-constants.ts:4, ec7495c993a6)
• PR guard implementation: Commit 664e05e adds rejectSlowNodeSocket before both normal and raw NodeRegistry event sends and adds the raw saturated-socket regression test; commit 3d5401b adds the diagnostic emission asserted by the test. (src/gateway/node-registry.ts:659, 664e05e50d76)
• Availability surface includes invoke sends: NodeRegistry.invoke sends node.invoke.request through sendEventToSession, and the PR inserts the same slow-socket rejection in that private send boundary, so saturated invokes will fail fast and close the node instead of enqueueing or timing out. (src/gateway/node-registry.ts:422, ec7495c993a6)
• Real behavior proof supplied: The PR body includes copied live output from a real ws WebSocketServer plus WebSocket client with the client TCP read side paused; the final raw send returned false, made zero additional send calls, and closed with 1008 slow consumer after bufferedAmount exceeded the 50 MiB threshold. (3d5401b765df)

Likely related people:

• steipete: Peter Steinberger authored the recent current-main NodeRegistry and broadcast lines in blame, and his history includes gateway node identity, WebSocket, and broadcast/runtime work across the central files. (role: feature-history owner and recent area contributor; confidence: high; commits: e57fa51412cc, f16c176a4cc1, 586176730cfc; files: src/gateway/node-registry.ts, src/gateway/server-broadcast.ts, src/gateway/server-node-session-runtime.ts)
• vincentkoc: Vincent Koc recently changed the gateway broadcast seam in the same slow-consumer broadcast path that this PR mirrors for nodes. (role: recent adjacent contributor; confidence: medium; commits: 7308e72fac98; files: src/gateway/server-broadcast.ts)
• gumadeiras: Gustavo Madeira Santana recently split gateway startup/runtime seams, including server-node-session-runtime, which is the runtime wrapper around NodeRegistry raw node fanout. (role: adjacent gateway runtime contributor; confidence: medium; commits: 8de63ca26825; files: src/gateway/server-node-session-runtime.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against ec7495c993a6.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 💎 rare Gilded Review Wisp

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 💎 rare.
Trait: watches the merge queue.
Image traits: location flaky test forest; accessory review stamp; palette cobalt, lime, and pearl; mood determined; pose nestled inside a glowing shell; shell soft velvet shell; lighting moonlit rim light; background delicate sparkle particles.
Share on X: post this hatch
Copy: My PR egg hatched a 💎 rare Gilded Review Wisp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[frankekn]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. What shall we delve into next?

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[frankekn]

Merged via squash.

• Prepared head SHA: b459f9ea5794993cfca8083919d5ab0bd5dba899
• Merge commit: 88fe39bc8bcb2d79133066111f9cdc5d916eb4d9

Thanks @samzong!