(cherry picked from commit 7dc447f)

…49262)

* fix(gateway): increase WS handshake timeout from 3s to 10s

The 3-second default is too aggressive when the event loop is under load
(concurrent sessions, compaction, agent turns), causing spurious
'gateway closed (1000)' errors on CLI commands like `openclaw cron list`.

Changes:
- Increase DEFAULT_HANDSHAKE_TIMEOUT_MS from 3_000 to 10_000
- Add OPENCLAW_HANDSHAKE_TIMEOUT_MS env var for user override (no VITEST gate)
- Keep OPENCLAW_TEST_HANDSHAKE_TIMEOUT_MS as fallback for existing tests

Fixes openclaw#46892

* fix: restore VITEST guard on test env var, use || for empty-string fallback, fix formatting

* fix: cover gateway handshake timeout env override (openclaw#49262) (thanks @fuller-stack-dev)

---------

Co-authored-by: Wilfred <[email protected]>
Co-authored-by: Ayaan Zaidi <[email protected]>
(cherry picked from commit 36f394c)

…nclaw#42931) (openclaw#47148)

When auth is completely disabled (mode=none), requiring device pairing
for Control UI operator sessions adds friction without security value
since any client can already connect without credentials.

Add authMode parameter to shouldSkipControlUiPairing so the bypass
fires only for Control UI + operator role + auth.mode=none. This avoids
the openclaw#43478 regression where a top-level OR disabled pairing for ALL
websocket clients.

(cherry picked from commit 26e0a3e)

(cherry picked from commit ccf16cd)

Closes openclaw#44180.
Refs openclaw#47590.
Co-authored-by: Peter Steinberger <[email protected]>

(cherry picked from commit 3faaf89)

Closes openclaw#38628.
Refs openclaw#47159, openclaw#52431.
Co-authored-by: Peter Steinberger <[email protected]>

(cherry picked from commit c0d4abc)

(cherry picked from commit 8cc0c9b)

…penclaw#43751)

* fix: stop stale gateway seq-gap errors (openclaw#43751) (thanks @caesargattuso)

* fix: keep agent.request run ids session-scoped

---------

Co-authored-by: Ayaan Zaidi <[email protected]>
(cherry picked from commit 57f1cf6)

(cherry picked from commit 4da617e)

In trusted-proxy mode, enforceOriginCheckForAnyClient was set to false
whenever proxy headers were present. This allowed browser-originated
WebSocket connections from untrusted origins to bypass origin validation
entirely, as the check only ran for control-ui and webchat client types.

An attacker serving a page from an untrusted origin could connect through
a trusted reverse proxy, inherit proxy-injected identity, and obtain
operator.admin access via the sharedAuthOk / roleCanSkipDeviceIdentity
path without any origin restriction.

Remove the hasProxyHeaders exemption so origin validation runs for all
browser-originated connections regardless of how the request arrived.

Fixes GHSA-5wcw-8jjv-m286

(cherry picked from commit ebed3bb)

* gateway: harden health monitor account gating

* gateway: tighten health monitor account-id guard

(cherry picked from commit 29fec8b)

* fix(gateway): bound unanswered client requests

* fix(gateway): skip default timeout for expectFinal requests

* fix(gateway): preserve gateway call timeouts

* fix(gateway): localize request timeout policy

* fix(gateway): clamp explicit request timeouts

* fix(gateway): clamp default request timeout

(cherry picked from commit 5fc43ff)

Plugin subagent dispatch used a hardcoded synthetic client carrying
operator.admin, operator.approvals, and operator.pairing for all
runtime.subagent.* calls. Plugin HTTP routes with auth:"plugin" require
no gateway auth by design, so an unauthenticated external request could
drive admin-only gateway methods (sessions.delete, agent.run) through
the subagent runtime.

Propagate the real gateway client into the plugin runtime request scope
when one is available. Plugin HTTP routes now run inside a scoped
runtime client: auth:"plugin" routes receive a non-admin synthetic
operator.write client; gateway-authenticated routes retain admin-capable
scopes. The security boundary is enforced at the HTTP handler level.

Fixes GHSA-xw77-45gv-p728

(cherry picked from commit a1520d7)

device.token.rotate accepted attacker-controlled scopes and forwarded
them to rotateDeviceToken without verifying the caller held those
scopes. A pairing-scoped token could rotate up to operator.admin on
any already-paired device whose approvedScopes included admin.

Add a caller-scope subsetting check before rotateDeviceToken: the
requested scopes must be a subset of client.connect.scopes via the
existing roleScopesAllow helper. Reject with missing scope: <scope>
if not.

Also add server.device-token-rotate-authz.test.ts covering both the
priv-esc path and the admin-to-node-invoke chain.

Fixes GHSA-4jpw-hj22-2xmc

(cherry picked from commit dafd61b)

(cherry picked from commit a69f619)

(cherry picked from commit c91d162)

…claw#42507)

* fix(gateway): harden token fallback and auth reconnect handling

* docs(gateway): clarify auth retry and token-drift recovery

* fix(gateway): tighten auth reconnect gating across clients

* fix: harden gateway token retry (openclaw#42507) (thanks @joshavant)

(cherry picked from commit a76e810)

- Replace OpenClawConfig with RemoteClawConfig in server-channels and
  server-runtime-state
- Replace loadOpenClawPlugins with loadRemoteClawPlugins in server-plugins
  and remove unsupported runtimeOptions field and dead subagent runtime code
- Export HookClientIpConfig type from server-http and thread it through
  server/hooks into server-runtime-state and server.impl
- Create plugins-http/ submodules (path-context, route-match, route-auth)
  extracted from the monolithic plugins-http.ts by upstream refactor
- Create stub modules for gutted upstream layers: acp/control-plane/manager,
  agents/bootstrap-cache, agents/pi-embedded, agents/internal-events
- Strip thinkingLevel, reasoningLevel, skillsSnapshot from SessionEntry
  literals in agent.ts and session-reset-service.ts (Pi-specific fields)
- Remove internalEvents from agent ingress opts and loadGatewayModelCatalog
  from sessions patch call (not present in fork types)
- Fix connect-policy tests to pass booleans instead of role strings for
  the sharedAuthOk parameter (fork changed the function signature)
- Add isHealthMonitorEnabled to ChannelManager mocks in test files
- Widen runBeforeToolCallHook mock return type to accept blocked: true
- Add explicit string types for msg params in server-plugins logger

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>