fix: detect launchd supervision via xpc service name (#20555 ) (thanks @dimat)

ci: retrigger checks
fix(gateway): detect launchd supervision via XPC_SERVICE_NAME
2026-03-09 05:56:33 +00:00 · 2026-03-09 05:55:10 +00:00 · 2026-03-09 05:55:08 +00:00
3 changed files with 13 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -65,6 +65,8 @@ Docs: https://docs.openclaw.ai
 - Matrix/DM routing: add safer fallback detection for broken `m.direct` homeservers, honor explicit room bindings over DM classification, and preserve room-bound agent selection for Matrix DM rooms. (#19736) Thanks @derbronko.
 - Cron/Telegram announce delivery: route text-only announce jobs through the real outbound adapters after finalizing descendant output so plain Telegram targets no longer report `delivered: true` when no message actually reached Telegram. (#40575) thanks @obviyus.
 - Gateway/restart timeout recovery: exit non-zero when restart-triggered shutdown drains time out so launchd/systemd restart the gateway instead of treating the failed restart as a clean stop. Landed from contributor PR #40380 by @dsantoreis. Thanks @dsantoreis.
+- Gateway/config restart guard: validate config before service start/restart and keep post-SIGUSR1 startup failures from crashing the gateway process, reducing invalid-config restart loops and macOS permission loss. Landed from contributor PR #38699 by @lml2468. Thanks @lml2468.
+- Gateway/launchd respawn detection: treat `XPC_SERVICE_NAME` as a launchd supervision hint so macOS restarts exit cleanly under launchd instead of attempting detached self-respawn. Landed from contributor PR #20555 by @dimat. Thanks @dimat.
 - Cron/owner-only tools: pass trusted isolated cron runs into the embedded agent with owner context so `cron`/`gateway` tooling remains available after the owner-auth hardening narrowed direct-message ownership inference.

 ## 2026.3.7
--- a/src/infra/process-respawn.test.ts
+++ b/src/infra/process-respawn.test.ts
@ -108,6 +108,16 @@ describe("restartGatewayProcessWithFreshPid", () => {
    expect(spawnMock).not.toHaveBeenCalled();
  });

+  it("returns supervised when XPC_SERVICE_NAME is set by launchd", () => {
+    clearSupervisorHints();
+    setPlatform("darwin");
+    process.env.XPC_SERVICE_NAME = "ai.openclaw.gateway";
+    const result = restartGatewayProcessWithFreshPid();
+    expect(result.mode).toBe("supervised");
+    expect(triggerOpenClawRestartMock).not.toHaveBeenCalled();
+    expect(spawnMock).not.toHaveBeenCalled();
+  });
+
  it("spawns detached child with current exec argv", () => {
    delete process.env.OPENCLAW_NO_RESPAWN;
    clearSupervisorHints();
--- a/src/infra/supervisor-markers.ts
+++ b/src/infra/supervisor-markers.ts
@ -1,6 +1,7 @@
 const LAUNCHD_SUPERVISOR_HINT_ENV_VARS = [
  "LAUNCH_JOB_LABEL",
  "LAUNCH_JOB_NAME",
+  "XPC_SERVICE_NAME",
  "OPENCLAW_LAUNCHD_LABEL",
 ] as const;