Understand Gateway Lifecycle Control
Built-in OpenClaw and Hermes images support two direct-container lifecycle topologies for recover and gateway restart.
The managed controller authenticates the host lifecycle action and prevents PID reuse from redirecting its signal. It cannot prove process provenance against a malicious process running under the same sandbox UID, and it does not create gateway and agent UID isolation.
Mutable managed config retains the trust and time-of-check/time-of-use limits of managed cold start.
This compatibility path remains necessary while the OpenShell-managed topology owns a nonroot supervisor and shared gateway-agent UID. Remove it only after the minimum supported OpenShell provides a root-owned lifecycle supervisor or a gateway UID distinct from the agent, then migrate both built-in agents to that boundary.
Verify Recovery Health
For built-in OpenClaw and Hermes controllers, a successful recover or gateway restart response supplies the initial authenticated gateway-health proof.
After the settle window, NemoClaw sends one read-only authenticated probe through the same controller before it declares success.
The controller rechecks the exact managed child, listener, HTTP health, and required auxiliary processes from inside the gateway network namespace without restarting the gateway. A failed managed probe is authoritative and cannot be overridden by an outer-namespace HTTP response.
Custom agents that recover through an SSH script do not use this controller probe and continue to poll ordinary gateway health.
Fail Closed on Unsupported Topologies
The host selects the matching controller automatically for recover and gateway restart.
Ordinary openshell sandbox exec and manual in-sandbox relaunch are not fallback paths.
A current built-in image supports both the direct root-entrypoint and OpenShell-managed topologies.
An arbitrary nonroot entrypoint that does not match the managed OpenShell process shape fails closed with privileged control unavailable.
Kubernetes and other deployments without a matching direct container also fail closed with privileged control unavailable.
Older images without the matching supervisor or managed controller helper must be updated:
Related Topics
- Recover and Rebuild Sandboxes for recovery commands and rebuild fallback.
gateway restartorrecoverreportsprivileged control unavailablefor remediation.- Trusted Computing Base for the broader security boundary.