Remote Mac
Use when the user says MacBook, Mac Studio, clawmac, moltymac, Molty, Tailscale, or asks to run/check something on one of Peter's Macs.
Peter's Topology
- Primary daily driver: Peter's MacBook Pro, local host
steipete-mbp, Tailscalepeters-macbook-pro-1. - Corporate workhorse: Mac Studio, Tailscale
peters-mac-studio-1, usually best reached as[email protected]. - Personal cloud OpenClaw:
clawmac(Peter may typo/saycrabmac), Tailscale/SSHsteipete@clawmac, gateway via LaunchAgentai.openclaw.gateway, loopback127.0.0.1:18789, Telegram connected. - Network split:
corporate: Peter's work-managed environment. Treat Mac Studio as the main remote Mac to configure and inspect there.personal: Peter's personal LAN / personal cloud environment, includingclawmac.
- Network boundary:
clawmacand the personal LAN are unreachable from Peter's corporate Mac. Never useclawmacas a relay or LAN vantage from there. - Molty: runs on Mac Studio, not
moltymac, when healthy. Expected runtime is tmux sessionopenclaw-gateway-watch-mainfrom/Users/steipete/clawdbotwithpnpm gateway:watch --benchmark, LAN bind*:18789, Discord botMolty, plus Slack and Telegram connected. moltymac: old/alternate node. If Tailscale shows it offline or SSH times out, do not treat it as the live Molty runtime.
Manager repo source of truth:
/Users/steipete/Projects/manager/computers.yaml/Users/steipete/Projects/manager/agents.yaml
Discovery
- Start with live
tailscale status --json; match hostname/DNS name and use the node's current IP. Manager-cached Tailscale IPs may be stale. - In the
corporateenvironment, default to Mac Studio for remote configuration work. Reach it through its live Tailscale node. MagicDNS may be disabled; use the currentTailscaleIPs[0]directly. Do not tryclawmac, mDNS, or personal-LAN discovery from there. - In the
personalenvironment, if Tailscale is down or SSH times out, try LAN discovery:
dns-sd -B _ssh._tcp local
arp -a
- Try mDNS names such as
HOST.localonly when on the same LAN. - If Mac Studio's live Tailscale node is offline from the
corporateenvironment, stop: it must wake or reconnect before SSH or Screen Sharing diagnosis can continue.
SSH Rules
Use non-interactive SSH by default:
ssh -o RequestTTY=no -o RemoteCommand=none HOST 'COMMAND'
The local SSH alias mac-studio auto-attaches tmux. For one-shot commands, either use [email protected] or override both options above.
For long-running or interactive remote work, use tmux on the remote host and keep the session name obvious.
OpenClaw Checks
Use login shells on remote Macs so Homebrew and pnpm are on PATH:
ssh -o RequestTTY=no -o RemoteCommand=none [email protected] \
'zsh -lc "openclaw gateway status --json; openclaw channels status --json"'
Mac Studio / Molty healthy shape:
tmux list-sessionsincludesopenclaw-gateway-watch-main.ps axwwincludespnpm gateway:watch --benchmark.lsof -nP -iTCP:18789 -sTCP:LISTENshows a listener on*:18789.openclaw channels status --jsonshows DiscordMolty, Slack, and Telegram connected.
clawmac healthy shape:
launchctl listincludesai.openclaw.gateway.lsof -nP -iTCP:18789 -sTCP:LISTENshows loopback listeners.openclaw channels status --jsonshows Telegram connected.
Codex Automations
- Codex cron automations are host-local scheduler state, not generic cloud jobs.
- In the
corporateenvironment, configure or mirror those automations on Mac Studio unless Peter says otherwise. - Treat
~/.codex/automations/<automation-id>/automation.tomlon the target host as the source of truth for the scheduled job definition on that machine. - If the goal is to move a cron automation from Peter's current corporate machine to Mac Studio, do the machine work on Mac Studio:
- ensure the intended repo checkout exists there
- sync the required repo-local policy files
- create or update the matching
~/.codex/automations/...entry on Mac Studio - disable or pause the old corporate-host copy if Peter wants only one runner
- Do not assume Codex app thread handoff moves cron scheduler ownership; thread movement and cron ownership are separate.
clawmac GUI Access
- Prefer direct clawmac automation over Tailscale/SSH first:
open -a "Google Chrome", AppleScript, Chrome DOM JavaScript, and remote Peekaboo clicks. - For
gogOAuth on clawmac, keep the browser on clawmac. Startgog auth addin remote tmux, open the printed URL on clawmac Chrome, click consent with AppleScript/DOM automation, then verify withzsh -lc 'gog auth list --check --json --no-input'. - If
GOG_KEYRING_PASSWORDis exported by the remote shell environment, use the matching login shell for checks and tmux prompt feeding, and never print the value. - If SSH/cron hits GUI-only prompts that direct automation cannot handle, use local Peekaboo through Jump Desktop's
clawmacwindow as fallback. - Find it with
peekaboo list windows --app "Jump Desktop" --json; capture by--window-title clawmacor the reported--window-id. - Clicks use local global coordinates through the Jump Desktop window; verify with a raw window screenshot before clicking.
- Chrome cookie/keychain issues:
securitymay prompt forChrome Safe Storage; Peter must enter the login keychain password, then clickAlways Allow. - After approval, verify over SSH with
/Users/steipete/Projects/bird/bird checkand/Users/steipete/.openclaw/bin/bird-gui check.
Safety
- Do not assume host identity from a stale IP; verify hostname/user when possible.
- Do not print secrets from remote files or shells.
- If a host is unavailable after Tailscale + LAN fallback, say what was tried.
- For OpenClaw Gateway on Peter's machines, follow repo docs/AGENTS; do not install/start/stop services unless asked.