Greptile Summary

This PR closes a security gap in the gateway's node command access model: previously, a node that had completed device pairing but not full node pairing would still have its declared commands exposed at connect time. The fix collapses the two-branch pairedCommands logic (null meaning "no restriction" vs. a populated Set) into a single always-created Set, so an absent node pairing record yields an empty Set and silently filters every declared command. The test suite is updated with a dedicated connectNodeClientWithNodePairing helper that sequences the provisional connect → node-list lookup → stopAndWait → requestNodePairing/approveNodePairing → reconnect lifecycle, and a new regression test explicitly verifies the "device-paired-only" case returns zero commands and rejects invocations with the expected error message.

• Core logic change in message-handler.ts is minimal, correct, and clearly expresses intent — no prior behaviour for the "node pairing present" path is altered.
• The connectNodeClientWithNodePairing helper correctly stops the provisional client before issuing the node-pairing request so the nodeId is stable.
• Existing tests that relied on device pairing alone for command access are properly migrated to the new helper.
• The stopAndWait → connectNodeClient flow (without re-wrapping in connectNodeClientWithPairing) is safe because device pairing was already persisted in the first call.

Confidence Score: 5/5

Safe to merge — the logic change is minimal and well-scoped, and the new regression test directly covers the fixed path.

All findings are P2 or below. The production change is a two-line simplification that removes a special-case null branch. The test helper uses the same connectNodeClient primitives already proven in the surrounding suite, and the regression test uses proper polling where needed. No data-loss, security, or correctness issues were identified.

No files require special attention.

_{Reviews (1): Last reviewed commit: "Gateway: require node pairing for node c..." | Re-trigger Greptile}

🤖 We're reviewing this PR with Aisle

We're running a security check on the changes in this PR now. This usually takes a few minutes. ⌛
We'll post the results here as soon as they're ready.

Progress:

• Analysis
• Finalization

Latest run failed. Keeping previous successful results. Trace ID: 019d3f7e91bbd79207099dfc043fd1f3.

_{Last updated on: 2026-03-30T16:43:55Z}

Latest run failed. Keeping previous successful results. Trace ID: 019d3f91ef324cfbdd4734d7237becbb.

_{Last updated on: 2026-03-30T18:18:51Z}

This broke things conceptually, reverting.

if I connect a node, node decides what it runs. not node AND gateway.