fix(gateway): reuse paired auth for probes

2026-05-06 09:50:42 +00:00 · 2026-04-28 21:52:44 +01:00
parent 969cb8b4c0
commit 193c7432e3
9 changed files with 126 additions and 26 deletions
--- a/docs/cli/gateway.md
+++ b/docs/cli/gateway.md
@@ -323,6 +323,7 @@ openclaw gateway probe --json
    - `Capability: read-only|write-capable|admin-capable|pairing-pending|connect-only` reports what the probe could prove about auth. It is separate from reachability.
    - `Read probe: ok` means read-scope detail RPC calls (`health`/`status`/`system-presence`/`config.get`) also succeeded.
    - `Read probe: limited - missing scope: operator.read` means connect succeeded but read-scope RPC is limited. This is reported as **degraded** reachability, not full failure.
+    - `Read probe: failed` after `Connect: ok` means the Gateway accepted the WebSocket connection, but follow-up read diagnostics timed out or failed. This is also **degraded** reachability, not an unreachable Gateway.
    - Like `gateway status`, probe reuses existing cached device auth but does not create first-time device identity or pairing state.
    - Exit code is non-zero only when no probed target is reachable.

@@ -331,7 +332,7 @@ openclaw gateway probe --json
    Top level:

    - `ok`: at least one target is reachable.
-    - `degraded`: at least one target had scope-limited detail RPC.
+    - `degraded`: at least one target accepted a connection but did not complete full detail RPC diagnostics.
    - `capability`: best capability seen across reachable targets (`read_only`, `write_capable`, `admin_capable`, `pairing_pending`, `connected_no_operator_scope`, or `unknown`).
    - `primaryTargetId`: best target to treat as the active winner in this order: explicit URL, SSH tunnel, configured remote, then local loopback.
    - `warnings[]`: best-effort warning records with `code`, `message`, and optional `targetIds`.