Scale gateway configuration timeout with config command count

[kkaminsk]

Problem

#652 raised the WSL configure-gateway timeout 30s→120s, but the cap is fixed while BuildConfigCommands keeps growing — it appends openclaw config set calls for the device-pair public URL, device-pair.enabled, and every Gateway.ExtraConfig key. Each config set spawns the Node CLI fresh inside WSL (~4–5s apiece on a newly created distro with a cold cache), so a config-heavy setup can creep right back into the same timeout the fixed cap was meant to prevent.

Change

Budget the step by the number of config set commands actually emitted, instead of a fixed value:

• ConfigBaseBudget = 45s + PerConfigCommandBudget = 15s/command, floored at MinConfigurationTimeout = 180s.
• ComputeConfigurationTimeout(configCommands) counts the emitted commands; ExecuteAsync uses it and reports the computed value in the timeout message (no hardcoded seconds).
• Today's ~8-command setup → 45 + 15×8 = 165s, floored to 180s (~3–4× the observed per-command cost); extra config keys scale the budget up automatically.

Tests

• New ComputeConfigurationTimeout_ScalesWithConfigCommandCount and ComputeConfigurationTimeout_NeverBelowFloor.
• Updated ConfigureGateway_UsesExtendedTimeoutForWslConfig to assert the computed value + floor (the old test pinned the now-removed constant) and ConfigureGateway_ReturnsTimeoutSpecificFailure to not hardcode the seconds. Tests assert the scaling/floor relationship rather than a magic number.

Validation

Per AGENTS.md: ./build.ps1 ✅ (all 5 projects), SetupEngine tests ✅ 239, Shared ✅ 2049, Tray ✅ 958.

🤖 Generated with Claude Code

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 6, 2026, 9:19 PM ET / 01:19 UTC.

Summary
The PR replaces the fixed WSL configure-gateway timeout with a timeout computed from emitted openclaw config set command count, updates the timeout message, and adds setup-engine tests for scaling and floor behavior.

Reproducibility: no. there is no live high-confidence reproduction from this review. Source inspection does show the current 120s fixed timeout and a config command builder that grows with device-pair and Gateway.ExtraConfig entries.

Review metrics: 2 noteworthy metrics.

• Changed surface: 2 files, +80/-5. The patch is limited to the setup-engine timeout path and its tests.
• Timeout behavior: fixed 120s -> 45s + 15s/command with 180s floor. This changes how long the local WSL setup can wait during gateway configuration.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Post redacted terminal/live output from a real WSL setup that runs configure-gateway with enough ExtraConfig keys to exercise the computed timeout.
• Redact private IPs, API keys, phone numbers, non-public endpoints, and other private details from any proof.
• After updating the PR body, ClawSweeper should re-review automatically; if it does not, a maintainer can comment @clawsweeper re-review.

Proof guidance:

• [P1] Needs real behavior proof before merge: The PR body reports build and test validation, but it does not include after-fix live WSL output, logs, or a terminal screenshot showing the changed configure-gateway behavior. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P2] The PR body lists build and unit-test validation, but it does not show a real WSL cold-cache or config-heavy setup run, which is the behavior this timeout change is meant to protect.
• [P1] The minimum failed configure-gateway wait increases from 120s to 180s, so maintainers should accept that setup-failure latency tradeoff before merge.

Maintainer options:

1. Decide the mitigation before merge
   Land the scoped dynamic timeout after maintainers accept the longer setup wait tradeoff and the contributor adds redacted real WSL proof for a config-heavy configure-gateway run.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Keep the PR open for maintainer review and contributor-provided real WSL proof; there is no narrow automated repair to request.

Security
Cleared: The diff only changes setup timeout budgeting and tests; I found no concrete security or supply-chain concern.

Review details

Best possible solution:

Land the scoped dynamic timeout after maintainers accept the longer setup wait tradeoff and the contributor adds redacted real WSL proof for a config-heavy configure-gateway run.

Do we have a high-confidence way to reproduce the issue?

No, there is no live high-confidence reproduction from this review. Source inspection does show the current 120s fixed timeout and a config command builder that grows with device-pair and Gateway.ExtraConfig entries.

Is this the best way to solve the issue?

Yes, the proposed direction is narrow and maintainable: compute the WSL timeout from the generated config command list and cover the scaling/floor behavior in setup-engine tests. The remaining gap is real WSL behavior proof, not a different code shape.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 4be005707f44.

Label changes

Label changes:

• add P2: This is a normal-priority setup reliability improvement with limited blast radius around local WSL gateway configuration.
• add rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body reports build and test validation, but it does not include after-fix live WSL output, logs, or a terminal screenshot showing the changed configure-gateway behavior. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Label justifications:

• P2: This is a normal-priority setup reliability improvement with limited blast radius around local WSL gateway configuration.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body reports build and test validation, but it does not include after-fix live WSL output, logs, or a terminal screenshot showing the changed configure-gateway behavior. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Current main uses a fixed timeout: Current main defines GatewayConfigurationTimeout as 120 seconds and passes that fixed value to the configure-gateway WSL script. (src/OpenClaw.SetupEngine/SetupSteps.cs:1227, 4be005707f44)
• Command count can grow: Current main builds seven baseline openclaw config set calls, can append device-pair config calls, and appends one command for every Gateway.ExtraConfig entry. (src/OpenClaw.SetupEngine/SetupSteps.cs:1295, 4be005707f44)
• PR diff implements dynamic timeout: The PR computes timeout = ComputeConfigurationTimeout(configCommands), passes that value to RunInWslAsync, and reports the computed seconds in timeout failures. (src/OpenClaw.SetupEngine/SetupSteps.cs:1284, 9f48838d40a6)
• PR diff adds focused tests: The PR updates the existing timeout tests and adds coverage that the computed timeout scales with command count and never drops below the configured floor. (tests/OpenClaw.SetupEngine.Tests/SetupStepsTests.cs:935, 9f48838d40a6)
• History points to the relevant setup area: Blame shows the current ConfigureGatewayStep timeout and command builder in the available main history, with recent device-pair command additions in the same method. (src/OpenClaw.SetupEngine/SetupSteps.cs:1223, 85445c78066b)
• AGENTS.md policy was read: The repository policy requires build/shared/tray validation after changes and directs agents to inspect gateway/onboarding docs for connection and setup behavior; this review stayed read-only and used those constraints as review context. (AGENTS.md:1, 4be005707f44)

Likely related people:

• Christine Yan: Blame attributes the current ConfigureGatewayStep, fixed timeout, and baseline config command builder to the release commit present in this checkout. (role: introduced current setup implementation in available main history; confidence: medium; commits: 85445c78066b; files: src/OpenClaw.SetupEngine/SetupSteps.cs, tests/OpenClaw.SetupEngine.Tests/SetupStepsTests.cs)
• Barbara Kudiess: Recent history and blame show device-pair configuration commands and related setup tests added in the same configure-gateway path that this PR budgets for. (role: recent adjacent contributor; confidence: medium; commits: 8f134b354df0; files: src/OpenClaw.SetupEngine/SetupSteps.cs, tests/OpenClaw.SetupEngine.Tests/SetupStepsTests.cs)
• ranjeshj: The provided GitHub context links the merged timeout PR at Extend gateway configuration timeout #652, which raised this same WSL configure-gateway timeout and added timeout-specific tests. (role: related timeout change contributor; confidence: medium; commits: 3ddade7072b0; files: src/OpenClaw.SetupEngine/SetupSteps.cs, tests/OpenClaw.SetupEngine.Tests/SetupStepsTests.cs)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.