Ordered enablement on a remote Mac · decision matrix · twenty-minute VNC acceptance
v2026.5.18 (2026-05-18 stable rollup) moves subagents from “sometimes spawns” to trackable, queueable, and handoff-complete: a spawn must succeed at initial registry persistence before the stack reports accepted; the main session gains queued follow-ups with manual-turn priority; finished child work returns through completion handoff to the originating run session, with tighter session locks and sandbox-peer ownership. If OpenClaw already runs on a leased remote Mac but you see “the subagent ran yet the main chat went quiet,” “spawn succeeds intermittently yet nothing appears in the list,” or “Codex native children look orphaned,” this article is an ordered runbook: draw boundaries between subagents, ACP binds, and memory subpaths; back up and upgrade; then cross-check the Gateway console and logs in a VNC desktop session as the same user that owns the daemon. Cross-link no-reply troubleshooting, launchd daemon checklist, v2026.5.7 plugin publish chain, and multi-project isolation so operations and security reviewers share one evidence bundle instead of parallel Slack threads.
Across the 5.12–5.17 beta line, subagent incidents rarely look like “the model got dumber.” They look like orchestration state drift: the registry never persisted yet the UI said accepted, completion events never reached the originating session, or Codex native subagent mirrors diverged from OpenClaw child sessions. The Agents/Subagents section in 5.18 hardens those reproducible paths instead of adding headline features.
Registry write failure still reported success (fixed): 5.18 requires an initial registry save before accepted; a failed write should surface as an explicit spawn error, not a ghost child.
Completion never reaches the main session: handoff must land on the originating run session; sandbox-peer controller ownership and announcement routing received dedicated fixes so work finished in an isolated sandbox is not discarded.
Concurrent follow-ups reorder unpredictably: queued follow-ups plus manual-turn priority make user preemption instructions and background child tasks schedulable on IM channels with less race noise.
Codex native subagents orphaned: app-server maintenance can recover stale childless mirrors and cancel registry rows when no OpenClaw child exists—keep Codex evidence separate from pure OpenClaw spawn tickets.
Remote Mac user mismatch: when SSH login differs from the VNC desktop user, you will not see console spawn lists or system permission prompts, and you may mislabel a configuration gap as a 5.18 regression.
Release notes also mention cross-cutting channel fixes—Telegram isolated polling, Discord final-reply recovery, Gateway restart draining pending replies—that change how “handoff succeeded in logs yet IM shows nothing” presents. When Gateway handoff lines look healthy but the channel lacks a final answer, walk the delivery chapter in no-reply triage before reopening registry hypotheses.
| Acceptance action | SSH only | VNC recommended | Pass criteria |
|---|---|---|---|
| openclaw --version / doctor | Sufficient | Optional | CLI ≥ 2026.5.18, doctor non-blocking |
| Post-spawn registry visibility | Logs + CLI state | Console tasks / subagent panel | Row visible within 30s |
| Completion handoff | Main session transcript excerpt | Same-user browser Network | Readable summary or result on main channel |
| Queued follow-up preemption | Priority keywords in logs | Send two real IM commands | Manual-turn handled before queued work |
| Codex native subagent | trajectory / doctor | OAuth and permission dialogs | No orphaned mirror warnings |
| Config cleanup (subagents) | Edit config + doctor --fix | Graphical diff of config tree | Remove invalid timeoutMs and stray keys |
Minimum-cost subagent acceptance: SSH for forensics plus VNC reproduction as the daemon user, not either/or.
Contrast with ACP channel binding: ACP answers “attach this conversation to a coding runtime.” Subagents answer “parallel child run + registry lifecycle + handoff.” Contrast with Active Memory: memory subpaths inject retrieval before the main reply; they do not spawn a separate run. If your team already validated v2026.5.7 plugin publish and Cron/Channels splits, treat 5.18 as the next incremental gate—registry semantics—not a full reinstall of every prior checklist.
Freeze and back up: export the OpenClaw config tree, record openclaw --version, Gateway build identifiers, and remote node lease IDs; on multi-tenant hosts align directory buckets per multi-project isolation before spawning children.
Upgrade to 5.18: apply your channel (npm, package manager, or container), then run openclaw doctor and note subagents cleanup hints plus plugin registry repair messages.
Minimal spawn smoke test: trigger a short-lived subagent on a test channel with an explicit end condition; confirm registry persistence precedes accepted; on failure retain stderr and request identifiers.
Verify handoff: after the child completes, the originating session should show a readable summary; if not, search Gateway logs for handoff, announcement, and session lock lines.
Queued follow-up drill: while a child still runs, send a preempting instruction and confirm manual-turn priority; avoid mixing cron or heartbeat traffic into the same window.
Codex path (if enabled): for agents using Codex app-server, document native subagent versus OpenClaw child session mapping; on orphaned mirrors follow release-note maintenance instead of registry-only fixes.
Daemon and restart: confirm LaunchAgent or systemd plus Gateway restart preserve registry rows your keep modes require; see launchd checklist.
Rollback evidence: attach before/after log excerpts and main-session transcript captures to the change ticket; chain to staged upgrade and rollback when you need a fleet-wide revert narrative.
openclaw --version openclaw doctor openclaw status # Trigger one short subagent on a test channel, then inspect Gateway logs: # rg -i "subagent|handoff|registry|spawn" /path/to/gateway.log | tail -n 80
Treat spawn like a database transaction: accepted without a registry row is a failed transaction even when the model started thinking. Capture the first successful handoff as a transcript plus log slice pair so on-call engineers can diff against future regressions without re-running a thirty-minute child job.
Quantitative guardrails help leased hosts: cap concurrent spawns during acceptance so session lock wait time stays interpretable; keep three times workspace footprint free before long child runs; store request IDs in the ticket system, not chat alone. When Discord progress modes or Telegram forum topics sit in the path, note channel mode in the same ticket—final payload delivery fixes in 5.18 interact with how handoff surfaces to humans.
When something breaks, fix the order before you change configuration and channels simultaneously:
Version and doctor: confirm CLI and Gateway both sit on the 5.18 line; doctor should flag legacy subagents keys or plugin registry repair.
Registry presence: if the list stays empty after spawn, suspect write failure or user context mismatch before model timeout.
Handoff logs: search handoff, announcement, session lock; when the child finished but the main session is empty, check whether final payload delivery fixes apply to your channel adapter.
Channel layer: Telegram forum topics and Discord progress settings can yield “handoff OK, no visible final reply.”
Resources and locks: on CPU-starved remote Macs, session lock waits lengthen; reduce concurrent spawns before swapping models.
This sequence mirrors how no-reply triage separates heartbeat and thinking stalls from delivery failures: registry and handoff prove orchestration; channel adapters prove human-visible text.
| Check | VNC evidence | SSH evidence | Pass |
|---|---|---|---|
| Gateway console version | About footer and Network 200 | Process boot log | Matches CLI 5.18 |
| Post-spawn subagent list | UI or session panel row | Registry-related log lines | Visible within 30s |
| Handoff to main session | Final message on main channel | handoff keywords | Readable summary or result |
| Manual-turn preemption | Two-command ordering correct | priority log lines | Preempting command handled first |
| Same-user context | Desktop user equals daemon user | whoami comparison | No cross-user false negatives |
On rented remote Macs, a physically isolated Apple Silicon node lets you align Gateway, browser console, and Privacy & Security prompts in one graphical session instead of guessing whether a dialog was dismissed. Windows-first teams should standardize “SSH pulls logs, VNC clicks permissions” in the same playbook as headless Linux versus macOS with VNC. Print echo $OPENCLAW_HOME in both sessions before comparing artifacts—multi-home hosts amplify user mismatch bugs during spawn acceptance.
Budget twenty minutes wall clock: five for version and doctor, five for spawn and registry proof, five for handoff and manual-turn, five for captures (screenshots, log tail, transcript snippet). Anything that slips past twenty minutes usually indicates environment contention—another operator on the same GUI user, or a second Gateway listener—not a mysterious 5.18 defect.
Doctor, heartbeat, channel delivery.
Read →Plugin publish chain and Cron/Channels.
Read →Always-on Gateway and log patrol.
Read →Check initial registry write and originating session context, then handoff logs. Pre-5.18 “write failed yet accepted” should now collapse into an explicit spawn error.
No. ACP binds the current IM session to a coding runtime; subagents are independent child runs with registry lifecycle and handoff. Use separate docs and evidence bundles.
CLI and logs yes; console visibility and permission dialogs need VNC cross-check as the same user that owns the daemon.
Run doctor, remove invalid timeoutMs under subagents, converge model settings to primary/fallback, and back up the config directory before bumping versions.
v2026.5.18 turns parallel automation from luck into auditable orchestration: registry, queueing, and handoff are three links—break any one and IM shows “the AI went silent,” which is exactly the boundary between this article and no-reply triage.
Owning hardware still leaves sleep policies, egress bandwidth, and session-lock contention when several people share one Mac. On a leased remote Apple Silicon host you place Gateway and the graphical console on one VNC desktop, compressing spawn-and-handoff acceptance from hours of debate to roughly twenty minutes without buying a machine for occasional child parallelism.
When you need a host built for the section-six graphical acceptance workflow, use VNCMac: purchase for node and plan selection; help center for SSH and VNC baselines.