Best possible solution:

Keep WSL recovery tied to explicit setup-managed records or setup-state evidence while preserving documented legacy WSL ownership markers where upgrades still need them.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main returns true for any active local loopback record in WslKeepAlivePolicy.ShouldStart and treats any local loopback registry record as setup evidence in SetupExistingGatewayClassifier. I did not run the Windows tray path because this review is read-only and the environment is not the real Windows runtime.

Is this the best way to solve the issue?

Mostly yes; reusing IsSetupManagedLocalRecord is the narrowest maintainable source fix, but the no-active-record legacy fallback should be covered by upgrade proof before merge.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against d392f7d4ea0d.

Label changes:

• add P2: Incorrect WSL recovery can restart or stop the local gateway path for a limited set of Windows gateway users.
• add merge-risk: 🚨 compatibility: The PR changes upgrade behavior for users whose local gateway is represented only by legacy settings rather than an active setup-managed registry record.
• add merge-risk: 🚨 availability: A wrong keepalive decision can either restart stale WSL recovery or fail to keep an app-owned WSL gateway alive across tray exits.
• add rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body lists build and test validation but does not include after-fix real runtime proof from a native loopback gateway setup; screenshots, terminal output, copied live output, linked artifacts, recordings, or redacted logs would count, and private details should be redacted. After proof is added to the PR body, a fresh ClawSweeper review should run automatically; otherwise a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Label justifications:

• P2: Incorrect WSL recovery can restart or stop the local gateway path for a limited set of Windows gateway users.
• merge-risk: 🚨 compatibility: The PR changes upgrade behavior for users whose local gateway is represented only by legacy settings rather than an active setup-managed registry record.
• merge-risk: 🚨 availability: A wrong keepalive decision can either restart stale WSL recovery or fail to keep an app-owned WSL gateway alive across tray exits.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body lists build and test validation but does not include after-fix real runtime proof from a native loopback gateway setup; screenshots, terminal output, copied live output, linked artifacts, recordings, or redacted logs would count, and private details should be redacted. After proof is added to the PR body, a fresh ClawSweeper review should run automatically; otherwise a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Acceptance criteria:

• [P1] ./build.ps1.
• [P1] dotnet test ./tests/OpenClaw.Shared.Tests/OpenClaw.Shared.Tests.csproj --no-restore.
• [P1] dotnet test ./tests/OpenClaw.Tray.Tests/OpenClaw.Tray.Tests.csproj --no-restore.

What I checked:

• Current main starts keepalive for any active local loopback record: On current main, ShouldStart returns true for activeRecord.IsLocal, any SetupManagedDistroName, or a local gateway URL, so a native local record can enter the WSL keepalive path. (src/OpenClaw.Tray.WinUI/Services/WslKeepAlivePolicy.cs:18, d392f7d4ea0d)
• Current main treats any local loopback record as setup evidence: On current main, HasLocalSetupEvidence accepts any local, non-SSH, loopback gateway record rather than requiring setup-managed ownership. (src/OpenClaw.Tray.WinUI/Services/SetupExistingGatewayClassifier.cs:108, d392f7d4ea0d)
• PR narrows keepalive to setup-managed records: The PR version of ShouldStart ignores legacy URL fallback and returns true only when the active record satisfies IsSetupManagedLocalRecord. (src/OpenClaw.Tray.WinUI/Services/WslKeepAlivePolicy.cs:15, 8b4bced536bf)
• PR narrows setup classifier evidence: The PR version of HasLocalSetupEvidence reuses WslKeepAlivePolicy.IsSetupManagedLocalRecord, matching the requested ownership boundary. (src/OpenClaw.Tray.WinUI/Services/SetupExistingGatewayClassifier.cs:108, 8b4bced536bf)
• SetupEngine persists explicit WSL ownership: Fresh app-owned WSL setup records include SetupManagedDistroName, so the proposed policy still has a positive ownership marker for current setup-managed WSL gateways. (src/OpenClaw.SetupEngine/SetupSteps.cs:1692, d392f7d4ea0d)
• Legacy migration does not add setup-managed ownership: Registry migration creates an active local record from legacy settings but does not populate SetupManagedDistroName, which is the compatibility-sensitive part of this PR. (src/OpenClaw.Connection/GatewayRegistry.cs:270, d392f7d4ea0d)

Likely related people:

• indierawk2k2: History shows the WSL local gateway onboarding and WSL keepalive behavior date through commits adding WSL onboarding and keepalive support. (role: feature-history contributor; confidence: high; commits: 581f78d276e1, 4baf01d768c0; files: src/OpenClaw.Tray.WinUI/Services/WslKeepAlivePolicy.cs, src/OpenClaw.Tray.WinUI/Services/SetupExistingGatewayClassifier.cs)
• ranjeshj: Recent history includes setup-managed WSL gateway behavior changes and SetupEngine refactor work touching the affected setup/WSL ownership area. (role: recent area contributor; confidence: medium; commits: cefce3952ab1, f4d4793f744f; files: src/OpenClaw.Tray.WinUI/Services/WslKeepAlivePolicy.cs, src/OpenClaw.Tray.WinUI/Services/SetupExistingGatewayClassifier.cs, src/OpenClaw.SetupEngine/SetupSteps.cs)
• AlexAlves87: History shows the keepalive service was recently extracted from App.xaml.cs, making this person relevant for service-level regressions. (role: recent refactor contributor; confidence: medium; commits: b175439fbfd4; files: src/OpenClaw.Tray.WinUI/Services/WslGatewayKeepAliveService.cs, src/OpenClaw.Tray.WinUI/App.xaml.cs)

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.