Summary

WebSocket connection fails with code 4008 after successful handshake, preventing UI authentication.

Steps to reproduce

1. Deploy OpenClaw on Alibaba Cloud (Alibaba Linux 2) with Node.js v24.13.0.
2. Configure ~/.openclaw/openclaw.json with:
   {
   "gateway": {
   "port": 18789,
   "bind": "lan",
   "auth": { "token": "mytoken123" }
   }
   }
3. Start gateway: openclaw gateway --port 18789 --bind lan --allow-unconfigured
4. SSH port forward from local machine: ssh -L 8888:localhost:18789 root@<server-ip>
5. Open browser at http://localhost:8888 – Health shows Offline and token missing error.
6. In browser console, attempt WebSocket connection:

   const ws = new WebSocket('ws://localhost:8888/');
   ws.onopen = () => console.log('open');
   ws.onclose = (e) => console.log('close', e);

7. Observe that connection is established but immediately closed with code 4008.

Expected behavior

WebSocket should stay connected after handshake, and the Health status in the Web UI should become Online. The agent should be able to chat.

Actual behavior

WebSocket connection is established (logs show webchat connected and hello-ok), but then immediately disconnected with code 4008 and reason "connect failed". The Web UI remains Offline with token missing error. Gateway logs show no authentication success/failure messages, indicating auth is skipped.

OpenClaw version

<version such as 2026.2.9>

Operating system

Alibaba Linux 2 (5.10.134-19.2.al8.x86_64)

Install method

npm global

Logs, screenshots, and evidence

Gateway verbose logs:
2026-03-01T07:55:28.831Z [ws] ← connect client=openclaw-control-ui version=dev mode=webchat clientId=openclaw-control-ui platform=Win32 auth=token
2026-03-01T07:55:28.832Z [ws] webchat connected conn=429ae361-c8a7-4ec5-bee9-a50223a2e9eb remote=127.0.0.1 client=openclaw-control-ui webchat vde
2026-03-01T07:55:28.833Z [ws] → hello-ok methods=86 events=18 presence=2 stateVersion=58
2026-03-01T07:55:28.834Z [ws] → event health seq=88 clients=1 presenceVersion=58 healthVersion=41
2026-03-01T07:55:28.891Z [ws] webchat disconnected code=4008 reason=connect failed conn=429ae361-c8a7-4ec5-bee9-a50223a2e9eb
2026-03-01T07:55:28.892Z [ws] → event presence seq=89 clients=1 dropIfSlow=true presenceVersion=59 healthVersion=41
2026-03-01T07:55:28.893Z [ws] → close code=4008 reason=connect failed durationMs=207 handshake=connected lastFrameType=req lastFrameMethod=connect

Browser console output:
WebSocket connection established, then closed with code 1008 (when token in URL) or 4008 (when no token). No auth challenge appears to be sent.

Impact and severity

Affected: All users trying to connect to the gateway via Web UI.
Severity: High – blocks access to the Web UI and prevents any interaction.
Frequency: 100% reproducible.
Consequence: Users cannot authenticate or use the agent through the browser interface.

Additional information

· The token is correctly set in the config file and verified.
· The gateway listens on 0.0.0.0:18789 and responds to HTTP requests (curl returns HTML).
· websocat also fails with I/O failure: ./websocat ws://localhost:18789/?token=mytoken123 results in I/O error after receiving challenge.
· This issue occurs with a fresh installation; no prior configuration changes.