Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

After updating to OpenClaw 2026.5.22, Gateway remains running and direct RPC status can succeed, but broader Gateway probes and openclaw status --json still time out.

Disabling Brave improved the situation partially, but did not fully stabilize Gateway/RPC. Codex remains enabled and loaded. Codex has not been modified because it is critical for this Laia/OpenClaw runtime.

SEC-4B / Gateway secret migration remains blocked until Gateway/RPC is healthy and stable again.

Steps to reproduce

1. Run OpenClaw 2026.5.22 with Gateway running on loopback.
2. Disable Brave as a local containment step.
3. Keep Codex enabled and loaded.
4. Run: timeout 20s openclaw gateway probe --json timeout 30s openclaw gateway status --json --require-rpc timeout 20s openclaw status --json
5. Observe that gateway status --require-rpc succeeds while gateway probe --json and openclaw status --json time out.

Expected behavior

The Gateway health/status commands should complete consistently when Gateway is running and gateway status --json --require-rpc reports rpc.ok=true.

Actual behavior

openclaw gateway status --json --require-rpc succeeds with rpc.ok=true, but openclaw gateway probe --json exits by timeout and openclaw status --json exits by timeout.

OpenClaw version

2026.5.22 (a374c3a)

Operating system

Ubuntu Linux, kernel 6.8.0-110-generic

Install method

npm global

Model

Codex plugin / Codex app-server active

Provider / routing chain

OpenClaw Gateway -> Codex app-server / harness

Additional provider/model setup details

Codex remains enabled and loaded because it is critical for the active Laia/OpenClaw runtime. Codex was not modified during isolation.

Brave was disabled as a local containment step and remains disabled. plugins.allow was not changed.

Logs, screenshots, and evidence

Environment:

openclaw --version

OpenClaw 2026.5.22 (a374c3a)

node --version

v24.14.1

uname -a

Linux openclaw-01 6.8.0-110-generic #110-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 19 15:09:20 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux

git status --short --branch

## main...origin/main

Before disabling Brave:

gateway probe: no_gateway_reachable / timeout gateway status --require-rpc: RPC timeout openclaw status --json: timeout Immediately after disabling Brave:

gateway status --require-rpc: rpc.ok=true gateway probe: connected but degraded openclaw status --json: still timeout Later read-only recheck:

gateway probe --json: timeout, exit 124 gateway status --json --require-rpc: rpc.ok=true, server.version=2026.5.22 openclaw status --json: timeout, exit 124 Relevant plugin state:

brave: enabled=false status=disabled activationReason=disabled in config hookCount=0 services=[]

codex: enabled=true status=loaded activationReason=enabled in config package=@openclaw/codex version=2026.5.22 commands=["codex"] providers=["codex"] mediaUnderstandingProviders=["codex"] Earlier sanitized incident evidence:

liveness warning event_loop_delay event_loop_utilization cpu eventLoopDelayP99Ms=6572.5 eventLoopDelayMaxMs=11299.5 eventLoopUtilization=0.967 handshake timeout closed before connect websocket close code 1005 / 1006 openclaw-hooks with high CPU Codex app-server active under Gateway Latest scoped journal check:

journalctl --user -u openclaw-gateway.service --since '10 minutes ago' --no-pager
| rg -i 'event_loop|codex|hooks|timeout' Result: no matches No current evidence found for:

token_mismatch gateway auth changed OOM fatal / uncaught missing scope invalid request explicit protocol mismatch

### Impact and severity

Affected users/systems/channels: This affects the local OpenClaw Gateway control/status path on the Laia/OpenClaw runtime.

Severity: High operational impact. Gateway direct RPC status can work, but broader probe/status diagnostics still time out, blocking safe continuation of Gateway-related maintenance.

Frequency: Observed repeatedly before and after disabling Brave. After Brave was disabled, improvement was partial but not complete.

Consequence: SEC-4B / Gateway secret migration remains blocked until Gateway/RPC is stable. Codex isolation has not been attempted because Codex is critical for the active runtime.

### Additional information

Questions for upstream:

1. Is there a known `2026.5.22` issue where `gateway status --require-rpc` succeeds while `gateway probe --json` and `openclaw status --json` time out?
2. Can Codex app-server or harness integration starve Gateway probe/status paths while leaving direct RPC status partially functional?
3. Are `gateway probe`, `gateway status --require-rpc`, and `openclaw status --json` exercising different Gateway paths, plugin discovery paths, or app-server/harness paths?
4. Is there a supported read-only diagnostic for Codex app-server backlog, harness queue, hook queue, Gateway request backlog, or event-loop starvation?
5. What is the recommended safe way to isolate Codex temporarily without breaking the main OpenClaw agent runtime?
6. Is disabling Brave expected to affect Gateway probe/status paths, or was the partial improvement likely incidental/load-related?
7. Should production installs explicitly configure `plugins.allow` to avoid global plugin discovery/load ambiguity?
8. Are there supported flags/env vars to start a temporary Gateway or status check without Codex/app-server for diagnosis?
9. Is there a known interaction between Node `24.14.1`, OpenClaw `2026.5.22`, and Codex app-server?
10. What artifacts would upstream prefer next: bounded `gateway probe` output, `status --require-rpc`, plugin inspect output, scoped journal logs, process CPU snapshots, or something else?

Safety note: this report intentionally excludes secrets, token values, bearer values, credential file contents, EnvironmentFile contents, raw long logs, private session/message content, and raw tool payloads.