Gateway Runbook
このコンテンツはまだ日本語訳がありません。
Gateway runbook
Section titled “Gateway runbook”Use this page for day-1 startup and day-2 operations of the Gateway service.
5-minute local startup
Section titled “5-minute local startup”coderclaw gateway --port 18789# debug/trace mirrored to stdiocoderclaw gateway --port 18789 --verbose# force-kill listener on selected port, then startcoderclaw gateway --forcecoderclaw gateway statuscoderclaw statuscoderclaw logs --followHealthy baseline: Runtime: running and RPC probe: ok.
coderclaw channels status --probeRuntime model
Section titled “Runtime model”- One always-on process for routing, control plane, and channel connections.
- Single multiplexed port for:
- WebSocket control/RPC
- HTTP APIs (OpenAI-compatible, Responses, tools invoke)
- Control UI and hooks
- Default bind mode:
loopback. - Auth is required by default (
gateway.auth.token/gateway.auth.password, orCODERCLAW_GATEWAY_TOKEN/CODERCLAW_GATEWAY_PASSWORD).
Port and bind precedence
Section titled “Port and bind precedence”| Setting | Resolution order |
|---|---|
| Gateway port | --port → CODERCLAW_GATEWAY_PORT → gateway.port → 18789 |
| Bind mode | CLI/override → gateway.bind → loopback |
Hot reload modes
Section titled “Hot reload modes”gateway.reload.mode | Behavior |
|---|---|
off | No config reload |
hot | Apply only hot-safe changes |
restart | Restart on reload-required changes |
hybrid (default) | Hot-apply when safe, restart when required |
Operator command set
Section titled “Operator command set”coderclaw gateway statuscoderclaw gateway status --deepcoderclaw gateway status --jsoncoderclaw gateway installcoderclaw gateway restartcoderclaw gateway stopcoderclaw logs --followcoderclaw doctorRemote access
Section titled “Remote access”Preferred: Tailscale/VPN. Fallback: SSH tunnel.
ssh -N -L 18789:127.0.0.1:18789 user@hostThen connect clients to ws://127.0.0.1:18789 locally.
See: Remote Gateway, Authentication, Tailscale.
Supervision and service lifecycle
Section titled “Supervision and service lifecycle”Use supervised runs for production-like reliability.
coderclaw gateway installcoderclaw gateway statuscoderclaw gateway restartcoderclaw gateway stopLaunchAgent labels are ai.coderclaw.gateway (default) or ai.coderclaw.<profile> (named profile). coderclaw doctor audits and repairs service config drift.
coderclaw gateway installsystemctl --user enable --now coderclaw-gateway[-<profile>].servicecoderclaw gateway statusFor persistence after logout, enable lingering:
sudo loginctl enable-linger <user>Use a system unit for multi-user/always-on hosts.
sudo systemctl daemon-reloadsudo systemctl enable --now coderclaw-gateway[-<profile>].serviceMultiple gateways on one host
Section titled “Multiple gateways on one host”Most setups should run one Gateway. Use multiple only for strict isolation/redundancy (for example a rescue profile).
Checklist per instance:
- Unique
gateway.port - Unique
CODERCLAW_CONFIG_PATH - Unique
CODERCLAW_STATE_DIR - Unique
agents.defaults.workspace
Example:
CODERCLAW_CONFIG_PATH=~/.coderclaw/a.json CODERCLAW_STATE_DIR=~/.coderclaw-a coderclaw gateway --port 19001CODERCLAW_CONFIG_PATH=~/.coderclaw/b.json CODERCLAW_STATE_DIR=~/.coderclaw-b coderclaw gateway --port 19002See: Multiple gateways.
Dev profile quick path
Section titled “Dev profile quick path”coderclaw --dev setupcoderclaw --dev gateway --allow-unconfiguredcoderclaw --dev statusDefaults include isolated state/config and base gateway port 19001.
Protocol quick reference (operator view)
Section titled “Protocol quick reference (operator view)”- First client frame must be
connect. - Gateway returns
hello-oksnapshot (presence,health,stateVersion,uptimeMs, limits/policy). - Requests:
req(method, params)→res(ok/payload|error). - Common events:
connect.challenge,agent,chat,presence,tick,health,heartbeat,shutdown.
Agent runs are two-stage:
- Immediate accepted ack (
status:"accepted") - Final completion response (
status:"ok"|"error"), with streamedagentevents in between.
See full protocol docs: Gateway Protocol.
Operational checks
Section titled “Operational checks”Liveness
Section titled “Liveness”- Open WS and send
connect. - Expect
hello-okresponse with snapshot.
Readiness
Section titled “Readiness”coderclaw gateway statuscoderclaw channels status --probecoderclaw healthGap recovery
Section titled “Gap recovery”Events are not replayed. On sequence gaps, refresh state (health, system-presence) before continuing.
Common failure signatures
Section titled “Common failure signatures”| Signature | Likely issue |
|---|---|
refusing to bind gateway ... without auth | Non-loopback bind without token/password |
another gateway instance is already listening / EADDRINUSE | Port conflict |
Gateway start blocked: set gateway.mode=local | Config set to remote mode |
unauthorized during connect | Auth mismatch between client and gateway |
For full diagnosis ladders, use Gateway Troubleshooting.
Safety guarantees
Section titled “Safety guarantees”- Gateway protocol clients fail fast when Gateway is unavailable (no implicit direct-channel fallback).
- Invalid/non-connect first frames are rejected and closed.
- Graceful shutdown emits
shutdownevent before socket close.
Related: