Fix node approval scope requests

[joshavant]

Summary

• Fixes openclaw nodes approve for pending node surfaces that require elevated approval scopes, such as system.run requiring operator.admin.
• Resolves the pending request first, requests the gateway-advertised or command-derived approval scopes, and keeps the privileged backend approval path limited to node.pair.list and node.pair.approve.
• Adds regression coverage that normal node commands still use CLI identity while the approval helper rejects unsupported backend methods at runtime.

Verification

• node scripts/run-vitest.mjs run --config test/vitest/vitest.e2e.config.ts src/cli/program.nodes-basic.e2e.test.ts --reporter=verbose
• git diff --check
• AUTOREVIEW_AUTO_TESTS=0 .agents/skills/autoreview/scripts/autoreview --reviewer claude --fallback-reviewer none
• Live AWS Crabbox proof after the patch: provider aws, lease cbx_33c68aff3b77, run run_83a1f4ee38f2, exit 0.

Real behavior proof

Behavior addressed: openclaw nodes approve <requestId> failed with missing scope: operator.admin for exec-capable pending node surfaces after the 2026.5.18 node surface gate.

Real environment tested: AWS Crabbox from this branch against a live gateway and live node pairing flow.

Exact steps or command run after this patch: provisioned a gateway and node, approved device pairing, confirmed the pending node surface required ["operator.pairing","operator.admin"], ran openclaw nodes approve <requestId> with the gateway token, and inspected pending/paired node state afterward.

Evidence after fix: AWS Crabbox provider aws, lease cbx_33c68aff3b77, run run_83a1f4ee38f2, exit 0; output included requiredApproveScopes=["operator.pairing","operator.admin"], approve_output success with redacted token, pending_after=[], and paired node commands including system.run.

Observed result after fix: the exec-capable pending node surface moved from pending to paired, the CLI device remained pairing-scoped, and node approval completed without manually editing gateway state files.

What was not tested: full cross-platform release CI was not run locally before PR creation; PR CI is expected to cover broader repository gates.

Fixes #84144.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR updates CLI node approval to preflight pending node pairing scopes, call node pair list/approve through a method-limited backend helper with derived scopes, add regression tests, and add a changelog entry.

Reproducibility: yes. source-reproducible. Current main sends nodes approve with only the method-level pairing scope, while the server-side node approval contract requires operator.admin for system.run pending surfaces; I did not run the Multipass reproduction in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Strong live proof and focused regression coverage make this a solid PR; the remaining limiter is explicit maintainer acceptance of the auth-boundary change.

Rank-up moves:

• Maintainer should confirm the backend shared-auth approval path for node.pair.list and node.pair.approve before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body provides live AWS Crabbox after-fix proof for a real gateway/node pairing flow with requiredApproveScopes=["operator.pairing","operator.admin"] and successful approval.

Risk before merge

• The PR intentionally lets openclaw nodes approve request derived operator.write or operator.admin scopes under a backend shared-auth client for node.pair.list and node.pair.approve, so maintainers should explicitly accept that trust-boundary choice before merge.
• The PR has the protected maintainer label, so this should remain a human maintainer decision even though the patch appears correct.

Maintainer options:

1. Accept the trusted approval path (recommended)
   Merge after a maintainer confirms that gateway-token/shared-auth callers may request the pending node's derived scopes for node.pair.list and node.pair.approve only.
2. Require an explicit admin path
   If implicit derived admin scopes are too broad, require an explicit admin credential or operator opt-in before the CLI requests admin-scoped node approval.

Next step before merge
No repair lane is needed; the remaining action is maintainer/security-boundary review of the backend shared-auth node approval path before merge.

Security
Cleared: No concrete security or supply-chain regression found; the privileged backend helper is method-limited and tests keep normal node commands on CLI identity, but the boundary change still needs maintainer acceptance.

Review details

Best possible solution:

Land the focused CLI approval fix after maintainer sign-off on the backend shared-auth scope path, keeping non-approval node commands on CLI identity and relying on normal CI for broader coverage.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible. Current main sends nodes approve with only the method-level pairing scope, while the server-side node approval contract requires operator.admin for system.run pending surfaces; I did not run the Multipass reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, with maintainer sign-off. Resolving scopes from the pending request and limiting the backend helper to node pair list/approve is narrower than broadening all node CLI calls and matches the existing agent-tool pattern.

What I checked:

• Current main CLI gap: openclaw nodes approve currently calls node.pair.approve through the generic CLI RPC helper without resolving the pending request or passing derived approval scopes. (src/cli/nodes-cli/register.pairing.ts:52, a002c416c7af)
• Server requires scoped session for approval: The gateway approval handler intentionally reads client.connect.scopes and passes them into approveNodePairing, so the caller must request the approval scopes on the WebSocket session. (src/gateway/server-methods/nodes.ts:751, a002c416c7af)
• Approval scope contract: resolveNodePairApprovalScopes maps system.run-class node commands to operator.pairing plus operator.admin, which explains the reported missing scope: operator.admin failure on current main. (src/infra/node-pairing-authz.ts:13, a002c416c7af)
• Existing supported pattern: The agent nodes tool already resolves requiredApproveScopes from node.pair.list and passes the resolved scopes to node.pair.approve, so the PR brings the CLI path in line with an existing implementation pattern. (src/agents/tools/nodes-tool.ts:62, a002c416c7af)
• PR implementation: The branch adds the CLI approval-scope resolver, a method-limited backend RPC helper, focused node CLI regression tests, and a changelog entry across five files. (src/cli/nodes-cli/register.pairing.ts, b95d3b3f450d)
• Patch sanity: The PR diff has no whitespace errors and changes only the intended CLI, test, and changelog files. (186a0732f33f)

Likely related people:

• steipete: Introduced the end-to-end node pairing approval scope enforcement and later extracted the shared approval-scope helper used by current main and this PR. (role: feature owner and recent refactor author; confidence: high; commits: ca2fdcc45f36, 01a24c20bfb7, 848e7abb57b3; files: src/infra/node-pairing.ts, src/infra/node-pairing-authz.ts, src/agents/tools/nodes-tool.ts)
• jacobtomlinson: Authored the commits that restricted node pairing approvals and made node commands unavailable until node pairing is approved, which is the shipped behavior this CLI fix now needs to satisfy. (role: introduced related node pairing gate and approval restriction; confidence: high; commits: 4d7cc6bb4fac, 3886b65ef21d; files: src/gateway/server-methods/nodes.ts, src/gateway/server/ws-connection/message-handler.ts, src/gateway/server.roles-allowlist-update.test.ts)
• vincentkoc: Recent history shows work on node pairing auth helpers and infra test reuse, making this person a useful adjacent reviewer for gateway pairing test coverage. (role: recent adjacent gateway/node pairing test contributor; confidence: medium; commits: 3cf0dda22a8b, 795e7b2c8f35; files: src/gateway/server.node-pairing-authz.test.ts, src/infra/node-pairing.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against a002c416c7af.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Cosmic Crabkin

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: sniffs out flaky tests.
Image traits: location diff observatory; accessory CI status badge; palette plum, gold, and soft gray; mood watchful; pose peeking out from the egg shell; shell polished stone shell; lighting moonlit rim light; background small green status lights.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Cosmic Crabkin in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.