Redesign WSL gateway setup and OpenClaw onboard UX#792
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 2, 2026, 5:35 PM ET / 21:35 UTC. Summary Reproducibility: not applicable. this is a feature/UX PR rather than a single bug report, and the changed behavior was assessed from source, tests, and exact-head proof. Review metrics: 3 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Mantis proof suggestion Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land only after maintainers explicitly accept this as the canonical local-gateway onboarding rollout and accept the startup and capability defaults for fresh setup. Do we have a high-confidence way to reproduce the issue? Not applicable: this is a feature/UX PR rather than a single bug report, and the changed behavior was assessed from source, tests, and exact-head proof. Is this the best way to solve the issue? Yes for the implementation shape: deriving review copy from SetupConfig and persisting capability gates in setup-engine code fits the architecture, with the remaining question being rollout acceptance. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 74604aebafef. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
e2f2f28 to
5e5a0e3
Compare
5e5a0e3 to
6d89068
Compare
|
@clawsweeper re-review |
* Fix connection snapshot truth Make GatewayConnectionManager snapshots the lifecycle source of truth for connection surfaces. Capture node intent/blockers before startup can silently skip, make MCP startup failures visible, and keep legacy status consumers derived from manager state while preserving operator-live behavior. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Block node snapshot when connector throws Publish a blocked node snapshot if node connector startup throws before status events can transition the manager. Add a focused regression test for the throwing connector path. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Expose blocked node truth through MCP Publish blocked node snapshots when previous node connector retirement fails. Include manager-owned overall/node fields in MCP app.status and app.menu so MCP clients can see degraded or blocked node truth instead of only legacy connected status. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Co-authored-by: Scott Hanselman <scott@hanselman.com>
Presentation-only redesign of the OpenClaw Windows setup/onboarding flow. No changes to connection, pairing, the install pipeline, credentials, or the gateway protocol. - Welcome: 2-card chooser (Install a local gateway [WSL, recommended] / Connect to an existing gateway). - Capabilities: rebuilt into a stepped, accreting flow like the gateway-onboard transcript: (1) what your agent can do (profile + fine-tune toggles), (2) Windows permissions (merged in from the old standalone step; each OS permission row shows only when its capability is enabled), (3) review & install. Honors SetupConfig.SkipPermissions by hiding step 2 (2-step flow) without touching the SetupConfig schema. Writes the 9 CapabilitiesConfig flags before the pipeline runs. - Gateway onboard: restyle + vertical transcript of answered steps; auto-scroll keeps the active step's title in view (so long option lists no longer hide the step intro). Protocol methods unchanged. - Progress: tighter step rows; "Live activity" ledger flows below the steps and opens downward instead of being pinned to the window bottom; themed spinner. - Complete: summary cards + node-mode callout (removed the "what changed" expander). - Brand-red accent themed for the setup window only (light + dark). Filled controls use WCAG-AA reds (white text >= 5:1); the bright coral #FF5C5C failed AA at 3.03:1, so it is kept only for accent text/links. - Shared SetupPermissionHelper used by both the merged step and the legacy standalone PermissionsPage (kept for the dev preview route). - Dev-only preview route via OPENCLAW_SETUP_PREVIEW_PAGE, gated to DEBUG builds (inert in Release) so it can never bypass the setup run lock or pipeline. Before/after + real onboard walkthrough screenshots in docs/onboarding-redesign/. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Refine the setup flow around transparent WSL gateway installation, native WinUI styling, milestone handoff, and onboarding recovery actions. Keep gateway/install behavior unchanged while making the user-facing steps clearer and more consistent. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Restore the main-branch off-UI-thread existing gateway detection contract for the redesigned Welcome page, and make onboarding progress indicators advance through the gateway install and onboard steps separately. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Remove stale setup screenshots, delete the unused tray SetupWizardWindow and obsolete SetupEngine permissions page, and route direct OpenClaw onboard entry points through the new gateway-installed handoff so users keep the redesigned setup context. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Expose preview-only setup error and OpenClaw onboard error states so the PR screenshot set can cover the recovery UI without checking image artifacts into the repo. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Use the OpenClaw mascot with a corner success badge for the setup complete state, matching the gateway-installed and setup-failed visual language. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Delete the abandoned Onboarding V2 preview harness and visual-diff assets, remove stale lobster branding references, and harden the gateway-installed handoff with inline feedback if onboarding cannot start immediately. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Persist capability profile selections into the runtime node settings used after tray restart, and save the final launch-at-startup choice before restarting the tray. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Ensure capability profile selections are written to the runtime Node* settings used after restart, and persist only the final startup preference when setup completes so direct onboard does not reset existing capability choices. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Start direct onboard windows directly at the gateway-installed handoff and surface permission status read failures inline so setup never silently degrades. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Hide and skip persisting the startup preference for direct OpenClaw onboard sessions so existing AutoStart choices are not overwritten, while fresh setup still defaults startup on. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
When direct OpenClaw onboard hides the startup preference row, compute the completion AutoStart payload from the row visibility so existing Start with Windows choices are preserved. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Allow idle setup windows to switch to the safe direct-onboard handoff, remove an unreachable wizard error branch, and make corrupt settings backups collision-proof. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Drop an accidentally committed local cache file from the onboarding review cleanup. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Only apply the Standard profile fallback for the bundled placeholder config, allow idle setup windows to switch to the direct-onboard handoff, and clean up small review edge cases. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Remove a local impeccable cache artifact from the post-rebase review fixes. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…/onboarding-ux-audit
Derive the setup install review and completion summary from the live setup configuration so custom distro, port, bind, and installer values are shown truthfully. Sync runtime Node capability settings from SetupConfig.Capabilities inside the setup engine settings writer so headless/config-driven runs do not persist default-on capability gates. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Summary
Change Type (select all)
Scope (select all touched areas)
winnodeLinked Issue/PR
Validation
Required closeout:
.\build.ps1✅dotnet test .\tests\OpenClaw.SetupEngine.Tests\\OpenClaw.SetupEngine.Tests.csproj --no-restore✅ 363 passeddotnet test .\tests\OpenClaw.Shared.Tests\\OpenClaw.Shared.Tests.csproj --no-restore✅ 2689 passed, 31 skippeddotnet test .\tests\OpenClaw.Tray.Tests\\OpenClaw.Tray.Tests.csproj --no-restore✅ 1454 passedMaintainer closeout (70b5648) after config/security-boundary patch:
dotnet restore .\src\OpenClaw.SetupEngine.UI\OpenClaw.SetupEngine.UI.csproj -r win-x64✅.\build.ps1✅dotnet test .\tests\OpenClaw.SetupEngine.Tests\OpenClaw.SetupEngine.Tests.csproj --no-restore✅ 367 passeddotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore✅ 2691 passed, 31 skippeddotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore✅ 1512 passeddotnet test .\tests\OpenClaw.Connection.Tests\OpenClaw.Connection.Tests.csproj --no-restore✅ 395 passeddotnet test .\tests\OpenClaw.WinNode.Cli.Tests\OpenClaw.WinNode.Cli.Tests.csproj --no-restore✅ 120 passed (known OnnxRuntime version conflict warnings)Additional sweep:
dotnet test .\tests\OpenClaw.Connection.Tests\OpenClaw.Connection.Tests.csproj✅ 376 passeddotnet test .\tests\OpenClaw.WinNode.Cli.Tests\OpenClaw.WinNode.Cli.Tests.csproj✅ 120 passeddotnet test .\tests\OpenClawTray.FunctionalUI.Tests\OpenClawTray.FunctionalUI.Tests.csproj✅ 10 passeddotnet test .\tests\OpenClaw.Tray.UITests\OpenClaw.Tray.UITests.csproj -r win-arm64✅ 76 passeddotnet test .\tests\OpenClaw.E2ETests\OpenClaw.E2ETests.csproj✅ 20 skipped (real-gateway gated)dotnet test .\tests\OpenClaw.Tray.IntegrationTests\OpenClaw.Tray.IntegrationTests.csproj✅ 18 skipped (integration-gated)Real behavior proof
win-arm64, isolated tray data.70b5648f26db5e2fe743a807a2cd9e3124ebce92.Key excerpts:
Maintainer proof for the patched security/config behavior on
70b5648f26db5e2fe743a807a2cd9e3124ebce92:ext SetupReviewSummary_UsesActiveSetupConfig: custom DistroName=CustomClaw, BaseDistro=Debian, GatewayPort=19999, Gateway.Bind=lan, and HTTPS install host produce CustomClaw/LAN:19999 review and completion text. WriteSettingsJson_AppliesConfiguredCapabilitiesBeforePersisting: System/Camera/Location/Browser/Stt disabled in SetupConfig.Capabilities persist as false Node* runtime gates in settings.json.Code/security re-review and rubber-duck review found the previous hard-coded setup-copy and capability-persistence findings fixed with no remaining blocker.
Runtime capability enforcement proof:
Focused persistence regression proof:
Security Impact (required)
No— no new capability or OS permission surface added.No.No.No.Yes— default capability profile is now Standard instead of silently inheriting the prior full default; users can still choose Full access before install.Yes, explain risk + mitigation: The default is intentionally more explicit and reviewable. The capability profile, relevant Windows permissions, and install review are visible before setup runs.Compatibility / Migration
Yes.No.No.Review Conversations
Rubber-duck review
Final rubber-duck/Hanselman reviews found no blocking issues after fixes. Post-rebase dual review found no high-consensus issues; single-model feedback was fixed or validated. Follow-up cleanups from review were applied: stale Lobster attribution/wording removed, old V2 preview artifacts deleted, direct onboard lock-contention path now surfaces inline feedback, the milestone feedback is a live region for accessibility, selected capability profiles persist into runtime Node* settings, completion persists only AutoStart, direct onboard starts at the milestone without flashing the security page, direct onboard preserves existing startup preferences all the way through the tray restart payload, existing idle setup windows can switch to the safe direct-onboard handoff without interrupting active installs, permission-status probe failures show inline warning UI, and corrupt settings backups use collision-proof names.