#14026: gateway: expose fork/upstream identity metadata with override
docs
app: web-ui
gateway
stale
Upstreaming gateway identity metadata from DeanoC/openclaw#15 in a clean branch based on upstream/main.
Adds a lightweight identity signal in WS hello metadata so clients can detect fork vs upstream and support compatibility behavior.
Included in this upstream slice:
- `hello-ok.server.identity` with `kind`, `mode`, `source`
- identity mode override via config/env
- schema/type wiring
- focused tests for resolver + hello payload
- docs updates (protocol/config/index)
Related fork PR: https://github.com/DeanoC/openclaw/pull/15
Earlier upstream attempt (superseded by this clean branch): https://github.com/openclaw/openclaw/pull/14025
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
Adds lightweight identity metadata to gateway `hello-ok` handshake, enabling clients to distinguish fork vs upstream instances. The implementation includes:
- New `gateway.identity.mode` config option (`auto|upstream|fork`) with env override via `OPENCLAW_GATEWAY_IDENTITY_MODE`
- Identity resolver that respects precedence: env > config > default
- Schema wiring for `hello-ok.server.identity` with `kind`, `mode`, and `source` fields
- Comprehensive unit tests for the resolver logic
- E2E tests validating the identity appears correctly in handshake responses
- Documentation updates across protocol, config, and gateway index
The change is well-isolated, follows existing patterns for config/env resolution, and provides the compatibility testing capability described in the PR description.
<h3>Confidence Score: 5/5</h3>
- This PR is safe to merge with minimal risk
- The implementation is clean, well-tested, and narrowly scoped. All new code follows established patterns (config resolution with env override), includes comprehensive test coverage (unit + E2E), and doesn't modify any critical paths. The identity metadata is purely informational and consumed by clients, not used for authorization or control flow.
- No files require special attention
<!-- greptile_other_comments_section -->
<!-- /greptile_comment -->
Most Similar PRs
#23361: Gateway: reject scope assertions without identity binding
by bmendonca3 · 2026-02-22
71.9%
#6430: feat(protocol): include agent identity in hello-ok handshake response
by astoreyai · 2026-02-01
71.5%
#12234: gateway: incident tracking, recover command, and ciao ERR_SERVER_CL...
by levineam · 2026-02-09
71.3%
#6770: fix(gateway): protect host-local transport fields from config.patch
by ryx2 · 2026-02-02
70.6%
#22804: fix: prioritize loopback for internal gateway calls (issue #22706)
by ambicuity · 2026-02-21
70.2%
#11455: fix(gateway): default gateway.mode to local when unset
by AnonO6 · 2026-02-07
69.5%
#23355: Gateway: fail closed on untrusted proxy headers
by bmendonca3 · 2026-02-22
69.4%
#23444: Gateway: move auth token storage to state dotenv by default
by bmendonca3 · 2026-02-22
69.2%
#23364: Gateway: add risk-ack interlock for dangerous Control UI flags
by bmendonca3 · 2026-02-22
68.9%
#12694: Devin/1770645191 add elizaos adapter
by latamapac · 2026-02-09
68.6%