Summary
When the gateway rejects a device signature with device signature invalid, HandleRequestError advances _signatureTokenMode to the next fallback mode but never re-sends the connect message. The client sits stuck in Connecting state — the WebSocket is open but unauthenticated.
Location
src/OpenClaw.Shared/OpenClawGatewayClient.cs lines ~776-796
Impact
Client gets permanently stuck if the initial signature mode is rejected. The advanced mode only takes effect if the connection drops and a full reconnect cycle happens, which may not occur.
Flagged by
Multi-model code review consensus (2/3 models: Opus, GPT-5.4)
Suggested Fix
After advancing the signature mode, either:
- Re-send
SendConnectMessageAsync with the stored challenge nonce, or
- Force a reconnect/challenge cycle
Repro
Trigger a device signature invalid rejection from the gateway (e.g., clock skew, key mismatch) and observe the client never retries with the fallback mode.
Summary
When the gateway rejects a device signature with
device signature invalid,HandleRequestErroradvances_signatureTokenModeto the next fallback mode but never re-sends the connect message. The client sits stuck inConnectingstate — the WebSocket is open but unauthenticated.Location
src/OpenClaw.Shared/OpenClawGatewayClient.cslines ~776-796Impact
Client gets permanently stuck if the initial signature mode is rejected. The advanced mode only takes effect if the connection drops and a full reconnect cycle happens, which may not occur.
Flagged by
Multi-model code review consensus (2/3 models: Opus, GPT-5.4)
Suggested Fix
After advancing the signature mode, either:
SendConnectMessageAsyncwith the stored challenge nonce, orRepro
Trigger a
device signature invalidrejection from the gateway (e.g., clock skew, key mismatch) and observe the client never retries with the fallback mode.