Summary

• authorizeGatewayMethod rejects health calls from connections with role node or operator without admin scope
• Paired devices (macOS/iOS apps) connect as role node and spam unauthorized role: node errors on every health check, flooding the gateway log and breaking node<->gateway communication
• Fix: add early return for method === "health" before role checks — health is a read-only status probe and should be allowed for any authenticated connection

Reproduction

1. Pair a macOS app with the gateway
2. The app connects with role node and periodically sends health RPC
3. Gateway rejects every health call → log floods with unauthorized role: node
4. App shows "thinking..." but never receives replies

Test plan

• Verify paired macOS/iOS node can successfully call health
• Verify health no longer produces unauthorized role log spam
• Verify role restrictions still apply to other methods (send, agent, etc.)

🤖 Generated with Claude Code

Greptile Summary

Allows health method calls from any authenticated role by adding an early return before role checks. This fixes log spam and broken communication when paired macOS/iOS devices (with role node) send periodic health checks to the gateway.

Confidence Score: 5/5

• This PR is safe to merge - it fixes a legitimate authorization issue
• The fix correctly allows health checks from node-role connections, which are read-only status probes. The change is minimal (3 lines), well-scoped, and consistent with health being in READ_METHODS
• No files require special attention

_{Last reviewed commit: 520da47}