docs/nodes/troubleshooting.md
Use this page when a node is visible in status but node tools fail.
openclaw status
openclaw gateway status
openclaw logs --follow
openclaw doctor
openclaw channels status --probe
Then run node-specific checks:
openclaw nodes status
openclaw nodes describe --node <idOrNameOrIp>
openclaw approvals get --node <idOrNameOrIp>
Healthy signals:
node.nodes describe includes the capability you're calling.canvas.*, camera.*, and screen.* are foreground-only on iOS/Android nodes.
Quick check and fix:
openclaw nodes describe --node <idOrNameOrIp>
openclaw nodes canvas snapshot --node <idOrNameOrIp>
openclaw logs --follow
If you see NODE_BACKGROUND_UNAVAILABLE, bring the node app to the foreground and retry.
| Capability | iOS | Android | macOS node app | Typical failure code |
|---|---|---|---|---|
camera.snap, camera.clip | Camera (+ mic for clip audio) | Camera (+ mic for clip audio) | Camera (+ mic for clip audio) | *_PERMISSION_REQUIRED |
screen.record | Screen Recording (+ mic optional) | Screen capture prompt (+ mic optional) | Screen Recording | *_PERMISSION_REQUIRED |
location.get | While Using or Always (depends on mode) | Foreground/Background location based on mode | Location permission | LOCATION_PERMISSION_REQUIRED |
system.run | n/a (node host path) | n/a (node host path) | Exec approvals required | SYSTEM_RUN_DENIED |
Three separate gates control whether a node command succeeds:
gateway.nodes.allowCommands / denyCommands and platform defaults?Node pairing is an identity/trust gate, not a per-command approval surface. For system.run, the per-node policy lives in that node's exec approvals file (openclaw approvals get --node ...), not in the gateway pairing record.
Quick checks:
openclaw devices list
openclaw nodes status
openclaw approvals get --node <idOrNameOrIp>
openclaw approvals allowlist add --node <idOrNameOrIp> "/usr/bin/uname"
nodes describe missing a command: check the gateway node command policy and whether the node actually declared that command on connect.system.run fails: fix exec approvals/allowlist on that node.For approval-backed host=node runs, the gateway also binds execution to the prepared canonical systemRunPlan. If a later caller mutates the command, cwd, or session metadata before the approved run is forwarded, the gateway rejects the run as an approval mismatch instead of trusting the edited payload.
| Code | Meaning |
|---|---|
NODE_BACKGROUND_UNAVAILABLE | App is backgrounded; bring it to the foreground. |
CAMERA_DISABLED | Camera toggle disabled in node settings. |
*_PERMISSION_REQUIRED | OS permission missing/denied. |
LOCATION_DISABLED | Location mode is off. |
LOCATION_PERMISSION_REQUIRED | Requested location mode not granted. |
LOCATION_BACKGROUND_UNAVAILABLE | App is backgrounded but only While Using permission exists. |
SYSTEM_RUN_DENIED: approval required | Exec request needs explicit approval. |
SYSTEM_RUN_DENIED: allowlist miss | Command blocked by allowlist mode. On Windows node hosts, shell-wrapper forms like cmd.exe /c ... are treated as allowlist misses in allowlist mode unless approved via the ask flow. |
openclaw nodes status
openclaw nodes describe --node <idOrNameOrIp>
openclaw approvals get --node <idOrNameOrIp>
openclaw logs --follow
If still stuck: