Skip to content

Gateway: preserve runtime state in health and skip disabled allowlist warnings#32715

Closed
liuxiaopai-ai wants to merge 2 commits intoopenclaw:mainfrom
liuxiaopai-ai:codex/issue-32689-health-runtime-and-doctor-skip-disabled
Closed

Gateway: preserve runtime state in health and skip disabled allowlist warnings#32715
liuxiaopai-ai wants to merge 2 commits intoopenclaw:mainfrom
liuxiaopai-ai:codex/issue-32689-health-runtime-and-doctor-skip-disabled

Conversation

@liuxiaopai-ai
Copy link
Copy Markdown
Contributor

@liuxiaopai-ai liuxiaopai-ai commented Mar 3, 2026

Summary

  • Problem: health snapshots rebuilt channel state from config/probe only, so live runtime fields (for example running, token source details) could be dropped; doctor empty-allowlist warnings also fired for explicitly disabled channel/account scopes.
  • Why it matters: operators saw mismatches between openclaw channels status --json and openclaw health --json, and noisy warnings for disabled integrations.
  • What changed: health snapshot building now merges runtime account snapshots via buildChannelAccountSnapshot, gateway health-cache refresh now injects runtime snapshots before cache/broadcast, and doctor allowlist checks skip disabled channel/account scopes.
  • What did NOT change (scope boundary): no behavior changes to allowlist enforcement runtime, channel restart policy, or doctor fix migrations.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

User-visible / Behavior Changes

  • openclaw health --json now preserves live per-channel runtime state fields (for example running, runtime token-source-derived fields) instead of dropping to config-only defaults.
  • openclaw doctor no longer reports empty-allowlist warnings for scopes that are explicitly disabled (enabled: false).

Security Impact (required)

  • New permissions/capabilities? (No)
  • Secrets/tokens handling changed? (No)
  • New/changed network calls? (No)
  • Command/tool execution surface changed? (No)
  • Data access scope changed? (No)
  • If any Yes, explain risk + mitigation:

Repro + Verification

Environment

  • OS: macOS
  • Runtime/container: Node 22 + pnpm
  • Model/provider: N/A
  • Integration/channel (if any): Telegram plugin in unit tests, gateway runtime snapshot path
  • Relevant config (redacted): test configs in health.snapshot.test.ts and doctor-config-flow.test.ts

Steps

  1. Build health snapshot with a runtime snapshot that marks channel account running=true and timestamps.
  2. Inspect returned channels.<id> and channels.<id>.accounts.<accountId> fields.
  3. Run doctor warnings scan on configs with groupPolicy: "allowlist" but enabled: false channel/account scopes.

Expected

  • Health output keeps runtime fields from the live snapshot.
  • Doctor does not warn for disabled scopes.

Actual

  • Verified: runtime fields are preserved and disabled scopes are skipped.

Evidence

  • Failing test/log before + passing after
  • Trace/log snippets
  • Screenshot/recording
  • Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

  • Verified scenarios:
    • pnpm test src/commands/health.snapshot.test.ts src/commands/doctor-config-flow.test.ts
    • pnpm test src/gateway/server-methods/server-methods.test.ts
  • Edge cases checked:
    • account-level runtime fields are retained even when summary builders only emit compact status fields.
    • disabled parent channel and disabled account both suppress empty-allowlist warnings.
  • What you did not verify:
    • full end-to-end gateway websocket health broadcast behavior against a live multi-channel runtime.

Compatibility / Migration

  • Backward compatible? (Yes)
  • Config/env changes? (No)
  • Migration needed? (No)
  • If yes, exact upgrade steps:

Failure Recovery (if this breaks)

  • How to disable/revert this change quickly:
    • Revert this PR commit.
  • Files/config to restore:
    • src/commands/health.ts
    • src/gateway/server/health-state.ts
    • src/gateway/server.impl.ts
    • src/commands/doctor-config-flow.ts
  • Known bad symptoms reviewers should watch for:
    • health snapshot missing channel fields unexpectedly
    • doctor warnings no longer emitted for enabled allowlist scopes

Risks and Mitigations

  • Risk: merging runtime + summary fields could unintentionally override plugin summary fields.
    • Mitigation: merge order keeps plugin summary precedence, with explicit fallback restoration for configured/probe/lastProbeAt; added regression test for runtime-field retention.

@aisle-research-bot
Copy link
Copy Markdown

aisle-research-bot bot commented Mar 3, 2026
edited
Loading

🤖 We're reviewing this PR with Aisle

We're running a security check on the changes in this PR now. This usually takes a few minutes. ⌛
We'll post the results here as soon as they're ready.

Progress:

  • Analysis
  • Triage
  • Finalization

Latest run failed. Keeping previous successful results. Trace ID: 019cb2a0719c182bc75ecf3ae97c8f56.

Last updated on: 2026-03-03T07:36:36Z

Latest run failed. Keeping previous successful results. Trace ID: 019cb2d57c36c0a7a81cc79fb30d7592.

Last updated on: 2026-03-03T08:34:31Z

@openclaw-barnacle openclaw-barnacle bot added gateway Gateway runtime commands Command implementations size: S experienced-contributor labels Mar 3, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 3, 2026

Greptile Summary

This PR fixes two related issues in the gateway: (1) the health snapshot now merges live channel runtime fields (e.g. running, lastStartAt) via buildChannelAccountSnapshot, and (2) doctor no longer emits empty-allowlist warnings for scopes explicitly marked enabled: false. Both changes are narrowly scoped bug fixes and do not alter enforcement paths.

Issues found:

  • probe silently dropped for plugins without buildAccountSnapshotbuildChannelAccountSnapshot's default path accepts probe as a parameter but does not include it in its return value. The old code explicitly wrote snapshot.probe = probe after constructing the snapshot inline. The new code restores enabled, configured, and lastProbeAt from local variables after the call (lines 479–487) but has no corresponding guard for probe. For any plugin that implements probeAccount but not buildAccountSnapshot, probe results will be absent from the health record and will not be visible to buildChannelSummary. See inline comment for a one-line fix.

  • Test coverage gap — the new health.snapshot.test.ts test exercises only the Telegram plugin, which uses buildAccountSnapshot. A complementary test for a plugin using the default snapshot path would catch the regression above and guard against future changes.

Confidence Score: 3/5

  • Generally safe to merge, but the probe restoration gap is a real regression for plugins that run probes without a custom buildAccountSnapshot — those channels would silently lose their health probe status.
  • The doctor and runtime-snapshot wiring changes are clean and correct. The regression is limited to plugins that implement probeAccount but not buildAccountSnapshot, and the fix is a single guard identical to the one already written for lastProbeAt. No security, auth, or routing changes involved.
  • src/commands/health.ts — the probe restoration guard is missing after the buildChannelAccountSnapshot call.

Last reviewed commit: 9118c7e

greptile-apps[bot]
greptile-apps bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

7 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9118c7e662

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

commands Command implementations gateway Gateway runtime size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: gateway health drops live runtime state and doctor warns for disabled allowlist channels

2 participants

@liuxiaopai-ai @thewilloftheshadow