Summary

Describe the problem and fix in 2–5 bullets:

• Problem: upgrades in PM2/NVM and proxy-forwarded setups could fail in multiple ways (legacy openclaw-gateway launch mismatch, opaque plugin dependency failures, and unclear nonce-handshake recovery guidance).
• Why it matters: operators could be blocked on startup/connectivity and receive recovery commands that did not match their actual deployment port/path.
• What changed:
  • Added a dedicated openclaw-gateway wrapper entrypoint and hardened legacy argv normalization in run-main.
  • Synced normalized gateway argv into process.argv so preAction/config-guard/lazy command registration all see the same command path.
  • Added explicit passthroughs for root update/version/help aliases (update, --update, -v, -V, --version, -h, --help) and made rewrite logic root-flag aware (--no-color, --log-level, --profile, --dev).
  • Added plugin missing-dependency hints (gateway startup + openclaw plugins doctor) with actionable install guidance.
  • Added nonce/proxy handshake diagnostics plus smarter tunnel port selection:
    • explicit listener port (env/config) wins for non-loopback URLs,
    • otherwise non-loopback probe URL ports are used when available,
    • loopback detection now covers broader local forms (including 127/8 and IPv4-mapped IPv6 loopback).
  • Added/updated Linux troubleshooting docs for PM2/NVM wrapper behavior and recovery.
• What did NOT change (scope boundary): no auth/pairing trust model was loosened; this PR focuses on compatibility, diagnostics, and operator guidance.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Bug Report: Cascading deployment failures on Linux + NVM + PM2 environment #26252

User-visible / Behavior Changes

• openclaw-gateway legacy launch paths are now compatible across shim/wrapper variants.
• openclaw-gateway root update/version/help invocations now remain valid even with leading root flags.
• Plugin startup failures now include dependency-specific install hints.
• openclaw status nonce recovery guidance now provides more accurate tunnel commands across loopback, custom-port, and proxy-facing scenarios.
• Linux troubleshooting docs include PM2/NVM wrapper recovery guidance.

Security Impact (required)

• New permissions/capabilities? (Yes/No): No
• Secrets/tokens handling changed? (Yes/No): No
• New/changed network calls? (Yes/No): No
• Command/tool execution surface changed? (Yes/No): Yes
• Data access scope changed? (Yes/No): No
• If any Yes, explain risk + mitigation:
  • CLI dispatch behavior for legacy gateway entrypoints changed. Mitigation: regression tests cover rewrite/passthrough cases and command-path consistency.

Repro + Verification

Environment

• OS: macOS 14.x (local verification), Linux PM2/NVM behavior covered by docs + command-path tests
• Runtime/container: Node 22+
• Model/provider: N/A
• Integration/channel (if any): Feishu dependency hint path
• Relevant config (redacted): gateway local mode, proxy/nonce failure scenarios

Steps

1. Verify legacy gateway argv normalization (openclaw-gateway ...) and root passthrough behavior.
2. Verify nonce recovery messaging for loopback/non-loopback/proxy-facing URL variants.
3. Verify plugin load-error hints and doctor output guidance.
4. Run tests + checks.

Expected

• Legacy gateway launch/update/version paths remain valid.
• Nonce recovery guidance uses correct tunnel target/port context.
• Plugin missing dependencies produce actionable hints.
• Checks pass.

Actual

• Matches expected after this PR.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • pnpm exec vitest run src/cli/run-main.test.ts
  • pnpm exec vitest run src/commands/status.test.ts
  • pnpm exec vitest run src/infra/infra-parsing.test.ts
  • pnpm check
• Edge cases checked:
  • root-flag-ordered gateway update passthrough (--no-color --update, --log-level debug --update)
  • root version alias passthrough for gateway wrapper (-v)
  • loopback URL variants (127.0.0.1, 127.0.0.2, [::1], [::ffff:127.0.0.1])
  • non-loopback nonce tunnel guidance with and without explicit listener port
• What you did not verify:
  • Live remote PM2/NVM deployment and live proxy appliance behavior in this PR run.

Compatibility / Migration

• Backward compatible? (Yes/No): Yes
• Config/env changes? (Yes/No): No
• Migration needed? (Yes/No): No
• If yes, exact upgrade steps:
  • N/A

Failure Recovery (if this breaks)

• How to disable/revert this change quickly:
  • Revert this PR commits and republish.
• Files/config to restore:
  • src/cli/run-main.ts
  • src/commands/status.command.ts
  • src/plugins/load-error-hints.ts
  • src/gateway/server/ws-connection/message-handler.ts
  • src/gateway/server-plugins.ts
• Known bad symptoms reviewers should watch for:
  • openclaw-gateway commands mapping to invalid gateway update paths
  • wrong nonce tunnel port hints on loopback/custom-port URLs
  • missing plugin dependency remediation hints on startup

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk: argv rewrite could alter root command semantics for gateway wrapper paths.
  • Mitigation: root passthrough set + root-flag-aware command detection + targeted rewrite tests.
• Risk: nonce guidance could prefer incorrect port in mixed proxy/direct deployments.
  • Mitigation: explicit listener-port precedence + URL-port fallback + loopback variant tests.
• Risk: plugin hints could become stale if dependency error signatures change.
  • Mitigation: hint logic constrained to known missing-module signatures and covered by unit tests.