PR #50961: fix(gateway): skip local workdir resolution for remote node execution

• Repository: openclaw/openclaw
• Author: openperf
• State: closed | merged: True
• Link: https://github.com/openclaw/openclaw/pull/50961

Description (problem / solution / changelog)

Summary

• Problem: When executing remote commands with host=node in a multi-user setup (e.g., Linux gateway to macOS node), the execution fails with exec INVALID_REQUEST: SYSTEM_RUN_DENIED: approval requires canonical cwd (no symlink cwd). This happens even if the working directory on the node is a valid absolute path. The issue originates in src/agents/bash-tools.exec.ts around line 361.
• Root Cause: The gateway incorrectly applies resolveWorkdir() to the host=node request. resolveWorkdir() uses fs.statSync() to verify if the directory exists on the local gateway filesystem. Since the remote node's path (e.g., /Users/vv) doesn't exist on the Linux gateway, it falls back to the gateway's local process.cwd() or homedir(). This incorrect fallback path is then sent to the remote node, which subsequently fails the strict resolveCanonicalApprovalCwdSync checks during the approval phase on the node side.
• Fix: Modified the else branch in src/agents/bash-tools.exec.ts to else if (host !== "node"). This prevents the gateway from attempting to resolve and validate the working directory locally when the target host is a remote node. The node is now responsible for resolving and validating its own cwd, which is the correct architectural behavior. This fix completely avoids side effects because it only changes the behavior for host=node, leaving host=gateway and host=sandbox paths untouched.
• What changed:
  • src/agents/bash-tools.exec.ts: Added if (host !== "node") condition before calling resolveWorkdir(rawWorkdir, warnings).
• What did NOT change (scope boundary):
  • No changes were made to how host=gateway or host=sandbox resolve their working directories.
  • No changes were made to the node-side approval logic (resolveCanonicalApprovalCwdSync); the strict security checks on the node remain fully intact.

Reproduction

1. Setup an OpenClaw architecture with a Linux Gateway and a macOS Node.
2. Connect the macOS node to the gateway.
3. Run a command targeting the node: openclaw nodes run --node --cwd /Users/username -- /usr/bin/pwd
4. Before this PR, it fails with the canonical cwd error. With this PR, it executes successfully and returns the correct path.

Risk / Mitigation

• Risk: Low. The change is highly localized to the host=node condition in the exec tool.
• Mitigation: The strict canonical cwd checks on the node side (src/node-host/invoke-system-run-plan.ts) are left untouched, ensuring that security boundaries are maintained at the execution endpoint. The change simply ensures the correct path is passed to those checks.

Change Type (select all)

• Bug fix

Scope (select all touched areas)

• Gateway / orchestration

Linked Issue/PR

Fixes #50783

AI-Assisted Contribution

• AI Usage: This PR was developed with AI assistance.
• Human Review: I have personally reviewed, designed, and fully understand all the code changes.
• Testing: Fully tested locally with my OpenClaw instance.

Changed files

• CHANGELOG.md (modified, +1/-0)
• src/agents/bash-tools.exec.approval-id.test.ts (modified, +34/-0)
• src/agents/bash-tools.exec.ts (modified, +4/-1)