Greptile Summary

This PR fixes a subtle but impactful bug in probeGateway where loopback probes carrying an empty auth object (auth: {}) incorrectly had their device identity stripped, causing operator.read scope rejection. The previous condition !(opts.auth?.token || opts.auth?.password) evaluated to true for {}, treating it the same as a fully anonymous probe. The fix narrows the stripping condition to opts.auth === undefined, which is the only case that truly represents an anonymous probe.

Key points:

• The logic change is semantically correct: an explicitly provided auth object (even {}) is now distinguished from a missing auth argument.
• The fix does not affect remote probes or probes with real credentials — both cases still set deviceIdentity: undefined (not stripped).
• Anonymous loopback probes (auth not provided) still set deviceIdentity: null, preserving the existing security hardening.
• The new test covers the exact auth: {} edge case that was the root cause, addressing the gap noted in the previous review round.
• One minor style nit: the changed return statement is the only line in the file without a terminating semicolon; the semicolon inside the inline comment ((e.g. {});) is comment text, not a statement terminator.

Confidence Score: 5/5

• Safe to merge — the fix is targeted, logically sound, and properly tested with no security regressions.
• The change is a one-line condition narrowing with a clear and correct semantic intent. Both the pre-existing tests and the new regression test all verify the correct deviceIdentity values. No new permissions, network calls, or data access patterns are introduced. The only open item is a trivial missing semicolon.
• No files require special attention.

This is a comment left during a code review.
Path: src/gateway/probe.ts
Line: 50

Comment:
**Missing semicolon on return statement**

The `return` statement on this line lacks a terminating semicolon. While TypeScript's ASI will handle this correctly, the trailing semicolon in the inline comment (`(e.g. {});`) is comment text, not a statement terminator — which makes this easy to mistake for an intentional omission. Every other statement in the file uses a semicolon; this one should too for consistency.

```suggestion
      return isLoopbackHost(hostname) && opts.auth === undefined; // Preserves device identity for empty but present auth objects (e.g. {})
```

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: 40daf06}

@greptile-apps I have added the exact unit test you requested for the auth: {} empty auth object scenario in src/gateway/probe.test.ts. Please re-review.

Confirmed locally on Qubes OS / Debian 13 AppVM with OpenClaw 2026.3.13.

Repro:

1. Local gateway on ws://127.0.0.1:18789
2. CLI device paired with operator.read + operator.write
3. openclaw gateway call status succeeds with the local device token
4. openclaw gateway call status succeeds with the gateway auth token
5. openclaw status still reports: unreachable (missing scope: operator.read)
6. openclaw gateway probe with the gateway auth token still reports: RPC: limited - missing scope: operator.read
7. openclaw gateway probe with the local device token fails with: unauthorized: gateway token mismatch (provide gateway auth token)

Local files are correct after openclaw devices rotate:

• ~/.openclaw/identity/device-auth.json contains the rotated operator token with operator.read / operator.write
• ~/.openclaw/devices/paired.json also reflects the rotated token/scopes

This points to the status / probe auth path rather than pairing or local token persistence.

We're running a 5-agent OpenClaw fleet across two Linux hosts (Ubuntu, systemd user services, loopback bind, token auth) managed by a custom orchestration daemon. The daemon uses openclaw agent --message to deliver inter-agent messages, and various openclaw config set / openclaw gateway install commands during agent provisioning.

On 2026.3.12/2026.3.13, every CLI↔gateway call hangs for 30+ seconds before timing out — not intermittent, effectively 100% failure rate in our environment. Gateway logs show handshake timeout / closed before connect while Slack/Telegram channels work fine on the same gateway process. HTTP endpoints respond instantly.

We're pinned to 2026.3.8 across all agents because of this. The 2026.3.22 handshake timeout raise (3s→10s) doesn't help — our CLI never sends the connect frame at all, so any timeout value fails the same way.

This PR's root cause analysis (empty auth: {} stripping device identity) matches exactly what we observed. Would love to see this merged — it's blocking us from upgrading.