fix(tui): show connection host in footer

[baskduf]

Summary

• Show the URL-backed connection hostname in the TUI footer without exposing credentials, paths, or query strings.
• Skip non-URL local connection labels so embedded local mode does not invent a host.
• Update TUI docs and cover the formatter plus PTY footer rendering path.

Fixes #56276

Verification

• pnpm docs:list
• node scripts/run-vitest.mjs src/tui/tui-formatters.test.ts src/tui/tui.test.ts src/tui/gateway-chat.test.ts
• node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts
• git diff --check
• .agents/skills/autoreview/scripts/autoreview --mode local

Real behavior proof

Behavior addressed: The TUI footer shows the hostname from a URL-backed Gateway connection, without showing the full URL, credentials, path, or query string.

Real environment tested: Local OpenClaw source checkout on macOS, running a real foreground OpenClaw Gateway with an isolated temporary OpenClaw config/state directory, then connecting the real TUI to that Gateway over loopback WebSocket.

Exact steps or command run after this patch: Started the Gateway with pnpm openclaw gateway run --dev --auth none --bind loopback --port 18765 --ws-log compact, waited for [gateway] ready, then connected the TUI with pnpm openclaw tui --url ws://127.0.0.1:18765 --token [redacted] --history-limit 1.

Evidence after fix: Copied console output from the real Gateway + TUI run:

$ pnpm openclaw gateway run --dev --auth none --bind loopback --port 18765 --ws-log compact
00:47:59 Dev config ready: /tmp/openclaw-real-proof.l6gVyf/openclaw.json
00:48:00 [gateway] http server listening (9 plugins: acpx, bonjour, browser, canvas, device-pair, file-transfer, memory-core, phone-control, talk-voice; 1.2s)
00:48:01 [gateway] ready

$ pnpm openclaw tui --url ws://127.0.0.1:18765 --token [redacted] --history-limit 1
openclaw tui - ws://127.0.0.1:18765 - agent dev (C3-PO) - session main
gateway connected | idle
host 127.0.0.1 | agent dev (C3-PO) | session main | openai/gpt-5.5 | think medium | tokens ?/200k

Observed result after fix: The TUI connected to the live local Gateway and the footer displayed host 127.0.0.1 ahead of the agent/session/model fields. The footer did not display the token value, path, or query string.

What was not tested: A remote-machine or LAN Gateway was not used; this proof uses a loopback Gateway because the changed behavior formats the hostname from the TUI connection URL.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 3, 2026, 12:32 PM ET / 16:32 UTC.

Summary
The PR adds a URL-host formatter to the TUI footer, wires it into runTui, updates TUI docs, and covers formatter plus PTY rendering behavior.

PR surface: Source +11, Tests +15, Docs 0. Total +26 across 5 files.

Reproducibility: not applicable. as a feature request rather than a broken documented contract. Current-main source shows no footer host part, and the PR body provides a live after-fix TUI/Gateway output path.

Review metrics: none identified.

Merge readiness
Overall: 🦀 challenger crab
Proof: 🦀 challenger crab
Patch quality: 🦀 challenger crab
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Next step before merge

• [P2] No repair lane is needed because the patch is narrow, proof-backed, and has no actionable findings; maintainers can decide landing.

Security
Cleared: The diff only adds TUI display parsing, tests, and docs; it does not change dependencies, workflows, auth storage, or secret handling, and tests cover dropping URL userinfo/path/query.

Review details

Best possible solution:

Land this narrow TUI-layer change if required checks remain green; keep host derivation in the formatter rather than adding gateway protocol or config surface.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature request rather than a broken documented contract. Current-main source shows no footer host part, and the PR body provides a live after-fix TUI/Gateway output path.

Is this the best way to solve the issue?

Yes. The best fix is to derive the display host from the existing client.connection.url at TUI formatting time; adding gateway protocol, config, or backend state would be broader than the requested UI context.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 344e04b5d559.

Label changes

Label changes:

• add rating: 🦀 challenger crab: Overall readiness is 🦀 challenger crab; proof is 🦀 challenger crab and patch quality is 🦀 challenger crab.
• remove rating: 🦞 diamond lobster: Current PR rating is rating: 🦀 challenger crab, so this older rating label is no longer current.

Label justifications:

• P3: This is a low-risk TUI ergonomics improvement with focused docs/tests and no compatibility-sensitive config, auth, provider, or protocol surface.
• rating: 🦀 challenger crab: Overall readiness is 🦀 challenger crab; proof is 🦀 challenger crab and patch quality is 🦀 challenger crab.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal proof from a real foreground Gateway and real TUI connection showing the new footer host and redacted credential-sensitive URL parts.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal proof from a real foreground Gateway and real TUI connection showing the new footer host and redacted credential-sensitive URL parts.

Evidence reviewed

PR surface:

Source +11, Tests +15, Docs 0. Total +26 across 5 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	12	1	+11
Tests	2	15	0	+15
Docs	1	2	2	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	5	29	3	+26

What I checked:

• Repository policy read: Read the full root AGENTS.md plus scoped TUI and docs guides; the review applied the TUI proof guidance, docs link/style guidance, and best-fix review requirements. (AGENTS.md:1, 344e04b5d559)
• Current main lacks footer host: Current main builds footerParts from agent, session, model, goal, mode flags, reasoning, and tokens, with no connection host component. (src/tui/tui.ts:1194, 344e04b5d559)
• PR formats only hostname: The PR head adds formatConnectionHostFooter, which parses the connection string with new URL, returns only host <hostname>, and returns null for non-URL labels. (src/tui/tui-formatters.ts:445, 3f25bfe560ea)
• PR wires formatter into footer: The PR head derives hostLabel from client.connection.url and prepends it to the footer parts before filtering null entries. (src/tui/tui.ts:1194, 3f25bfe560ea)
• Backend boundary checked: TuiBackend already exposes connection.url; gateway mode resolves a URL-backed connection, while embedded local mode advertises the non-URL label local embedded, matching the PR's null behavior for non-URL labels. (src/tui/tui-backend.ts:121, 344e04b5d559)
• Formatter tests cover secrecy boundary: The PR head tests that URL userinfo, path, and query are not rendered and that a non-URL local label is skipped. (src/tui/tui-formatters.test.ts:48, 3f25bfe560ea)

Likely related people:

• @vincentkoc: Blame on the current updateFooter block and recent history show this person carried the current TUI module/docs/test extraction that the PR edits. (role: recent area contributor; confidence: high; commits: b96c0d932f93; files: src/tui/tui.ts, src/tui/tui-formatters.ts, src/tui/tui-pty-harness.e2e.test.ts)
• @steipete: History for the TUI footer/status path includes earlier footer/status output work and a recent release-era touch to the same TUI/docs files. (role: adjacent TUI/footer history owner; confidence: high; commits: 6779ba236796, d3458a4fc36e, 7376d1e6c9a4; files: src/tui/tui.ts, src/tui/tui-formatters.ts, docs/web/tui.md)
• @vignesh07: TUI history shows repeated nearby behavior fixes around model/session/status state, making this person a reasonable reviewer for footer state interactions. (role: TUI behavior contributor; confidence: medium; commits: cec553509659, 61a0b0293104, fca0467082cb; files: src/tui/tui.ts, src/tui/tui-session-actions.ts)
• @neeravmakwana: A prior focused fix reset TUI footer activity on session switch through the session-actions path that calls updateFooter. (role: adjacent footer/session contributor; confidence: medium; commits: 0002982e52a7; files: src/tui/tui-session-actions.ts, src/tui/tui-session-actions.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[shakkernerd]

Thanks @baskduf. Merged via rebase after updating the branch.

What changed after review:

• Kept the TUI host footer opt-in behind tui.footer.showRemoteHost with the default off.
• Suppressed host labels for embedded local and loopback URLs even when the setting is enabled.
• Added schema/help/docs coverage for the new TUI config key.
• Classified tui.* config changes as Gateway reload no-ops so toggling this display preference does not restart the Gateway.

Verification:

• Rebased onto current origin/main before pushing.
• Auto-review: .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main passed with no accepted/actionable findings after the reload-plan fix.
• AWS Crabbox: provider aws, lease cbx_cef421c19bc5, run run_7f6b02bf3294, lease stopped successfully.
• Crabbox tests passed for src/tui/tui-formatters.test.ts, src/tui/tui.test.ts, src/tui/tui-pty-harness.e2e.test.ts, src/config/config-misc.test.ts, src/config/schema.help.quality.test.ts, and src/gateway/config-reload.test.ts.
• Crabbox live Gateway + TUI smoke verified: default remote footer hidden, opt-in remote footer showed host 172.31.45.108, loopback footer stayed hidden, and the Gateway stayed healthy after openclaw config set tui.footer.showRemoteHost true.

Landed commits on main:

• 479e2aaae3 fix(tui): show connection host in footer
• d48778994f fix: gate tui host footer behind config
• 9bb68b55dd fix: avoid gateway restart for tui footer config