fix(gateway): enforce session kill HTTP scopes

[eleqtrizit]

Summary

• Aligns HTTP session-kill authorization with the gateway operator scope model already enforced on WebSocket RPC
• Preserves the requester-owned kill flow while removing shared-secret bearer access to admin and write paths without trusted scopes

Changes

• Switched src/gateway/session-kill-http.ts to the hardened HTTP request-auth path that only trusts declared scopes on trusted auth surfaces
• Required sessions.delete scope for local admin kills and sessions.abort scope for requester-owned kills
• Added regression coverage for bearer-auth denial, untrusted x-openclaw-scopes headers, and trusted-scope success cases on both branches

Validation

• Ran corepack pnpm test -- src/gateway/session-kill-http.test.ts
• Ran PATH="/app/.local/bin:$PATH" corepack pnpm build
• Ran local agentic review with claude -p "/review"; the command requested PR context and returned no actionable code feedback

Notes

• This follow-up incorporates the earlier HTTP session-kill hardening direction from Gateway: require requester ownership for HTTP session kills #55308 and the later requester-header tightening attempt from fix(gateway): require local-direct auth for HTTP session kills #58174 without removing the intended requester-owned control path
• Residual verification gap: the local review slash command did not perform a diff review without PR context, so the substantive gates here are the targeted regression file and the full build

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9e1525fb44

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[greptile-apps]

Greptile Summary

This PR hardens the HTTP session-kill endpoint by enforcing the operator scope model already present on the WebSocket RPC path. It switches from authorizeGatewayBearerRequestOrReply (which returned a plain boolean) to authorizeGatewayHttpRequestOrReply (which returns an AuthorizedGatewayHttpRequest carrying trustDeclaredOperatorScopes), then gates admin kills behind sessions.delete → operator.admin and requester-owned kills behind sessions.abort → operator.write. Shared-secret bearer auth can no longer self-assert scopes via x-openclaw-scopes headers, aligning this endpoint with the broader gateway security model.

Key changes:

• session-kill-http.ts: Replaced authorizeGatewayBearerRequestOrReply with authorizeGatewayHttpRequestOrReply and added a post-path-gate scope check using authorizeOperatorScopesForMethod
• session-kill-http.test.ts: Updated existing admin-kill tests to supply method: "trusted-proxy" auth + the x-openclaw-scopes: operator.admin header; added four new regression tests covering bearer-auth denial, untrusted scope header rejection, and trusted-scope success on both kill branches

Logic correctness: The requiredOperatorMethod ternary (sessions.abort when requester-owned, sessions.delete otherwise) is exactly consistent with the execution branch further down (if (!allowLocalAdminKill && requesterSessionKey)), so scope requirement and code path are always in sync.

No issues found that would block merging.

Confidence Score: 5/5

This PR is safe to merge; the scope enforcement is logically sound and the new regression tests cover all critical paths.

All findings are P2 or below. The scope-method mapping is consistent with the execution branches, resolveTrustedHttpOperatorScopes correctly drops scopes for shared-secret bearer auth, and the test suite covers bearer-denial, untrusted-header rejection, and trusted-scope success for both kill paths.

No files require special attention.

Important Files Changed

Filename	Overview
src/gateway/session-kill-http.ts	Replaced boolean auth helper with AuthorizedGatewayHttpRequest-returning helper; added scope enforcement gate for both admin and requester-owned kill paths using correct scope names.
src/gateway/session-kill-http.test.ts	Updated existing tests to supply trusted-proxy auth method and admin scope header; added four new regression tests covering bearer-auth denial and trusted-scope success on both kill branches.

_{Reviews (1): Last reviewed commit: "fix(gateway): enforce session kill HTTP ..." | Re-trigger Greptile}

[openclaw-barnacle]

Closing this PR because the author has more than 10 active PRs in this repo. Please reduce the active PR queue and reopen or resubmit once it is back under the limit. You can close your own PRs to get back under the limit.

[jacobtomlinson]

It looks like this was already fixed in 54a0878