Audience: teams running an OpenClaw gateway on a remote Mac who want Discord CI alerts with least privilege. You get: Node install paths, onboard, webhook curl checks, JSON template, retries, silent-channel FAQ. See Telegram/Slack FAQ, multi-endpoint CI summary, help—no login.
  • Secret sprawl: the Discord webhook URL lands in a public repo, a screenshot, or world-readable shell history instead of a service-owned file.
  • Environment drift: CI runners use Node twenty while the Mac gateway runs a different major version, so openclaw doctor results never match production.
  • Silent failures: pipelines exit zero because the alert step was skipped, while Discord returns 429 or empty responses that nobody logs.

① Environment prerequisites and least-privilege principles

Use Node 22 LTS minimum; prefer Node 24 on new hosts. Install via official curl script or npm install -g openclaw, then openclaw onboard and openclaw doctor as the launchd user.

After onboard, open the gateway dashboard URL your build prints, confirm listeners match docs for 2026.x releases, and bind 127.0.0.1 when a reverse proxy terminates TLS. Document the /health or equivalent route for on-call probes.

Keep outbound credentials in ~/.config/openclaw/*.env at mode 600 owned by the gateway account. Never commit Discord URLs; mirror the same discipline you use for cloud API keys.

Install path Best for Watch item
curl installer Golden Mac images Pin checksum or tag
npm global Interactive dev hosts Match npm prefix to daemon PATH
devDependency Short CI CLI tasks Not for long-lived gateway

Least privilege. One webhook per env, rotate same day after incidents, limit who sees integration URLs.

② Discord webhook creation and gateway-side binding

Discord: Server Settings → Integrations → WebhooksIncoming Webhook → pick channel → copy URL. Put DISCORD_WEBHOOK_URL=... in the gateway 600 env file, reload launchd, and wire the variable in OpenClaw’s notification config per your release’s dashboard sample.

1
Verify Node and CLI. Run node -v, which openclaw, and openclaw doctor until clean.
2
Start gateway. Health check must pass locally first.
3
Config. Paste URL, reload, confirm log line for channel bind.
4
curl. POST JSON straight to Discord to prove egress.
5
OpenClaw test. Fire built-in ping or dry CI step.
export DISCORD_WEBHOOK_URL="$(cat ~/.config/openclaw/discord.env | cut -d= -f2-)"
curl -sS -X POST -H "Content-Type: application/json" \
  -d '{"username":"openclaw-gw","content":"Gateway webhook probe OK"}' \
  "$DISCORD_WEBHOOK_URL"

Expect 204 or empty 200. If curl works but OpenClaw is silent, diff env via ps eww or launchctl print. Common misses include a stale plist EnvironmentVariables block, running the CLI as your personal user while the daemon uses _openclaw, or a proxy HTTPS_PROXY present in CI but absent under launchd.

③ CI build summary payload template and field mapping

Use content and optional embeds; cap plain text under two thousand characters; embed fields keep matrices readable. Map github.workflow to title text, job.conclusion to a colored sidebar, and append artifact or test counts only when under Discord field limits.

{
  "username": "ci-macpull",
  "embeds": [{
    "title": "Build summary",
    "color": 5763719,
    "fields": [
      { "name": "Workflow", "value": "${GITHUB_WORKFLOW}", "inline": true },
      { "name": "Conclusion", "value": "${JOB_CONCLUSION}", "inline": true },
      { "name": "Ref", "value": "${GITHUB_REF_NAME}", "inline": true },
      { "name": "SHA", "value": "${GITHUB_SHA}", "inline": false },
      { "name": "Actor", "value": "${GITHUB_ACTOR}", "inline": true },
      { "name": "Run", "value": "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}", "inline": false }
    ]
  }]
}

Substitute CI vars, scrub secrets, mirror to GITHUB_STEP_SUMMARY if desired. Prefer a small relay if workflows must not hold the raw webhook.

④ Signature handling, rate limits, and failure retry parameters

Webhook URLs are secrets—rotate like passwords. Log correlation IDs on internal relays but never print the full Discord path. Discord 429 includes Retry-After; sleep that many seconds before the next attempt.

Alerts: three tries, backoff two, four, eight seconds, light jitter, one concurrent POST per webhook per repo, curl --max-time 25. Raise concurrency only after p95 latency stays flat during business hours.

⑤ Common error FAQ: HTTP 403, HTTP 429, and timeouts

HTTP 403

Deleted webhook, bad copy, or proxy path filter. Re-mint URL, 600 file, curl from gateway before CI.

HTTP 429

Matrix jobs spam one URL. Batch per workflow; obey Retry-After.

Timeouts

TLS inspection or DNS on Mac shows as thirty second hangs. Compare curl -v from runner, gateway, laptop.

Hardening: gateway security. Runners: build node guide.

Still no message? Check the workflow actually reached the notify step, confirm Content-Type: application/json, validate JSON with jq empty in CI, and ensure outbound 443 to Discord is allowed from both the Mac gateway and ephemeral runners.

Summary

One Node major, onboard, 600 webhook files, curl proof, compact CI embeds. A remote Mac keeps Apple Silicon egress and launchd stable while Discord shows build health.

Open home, purchase, help, or the blog—no login.

Remote Mac rental lands automation: gateway on metal, CI worldwide, Discord as one alert surface.

Remote Mac for OpenClaw gateways & Discord CI alerts

Dedicated Mac Mini nodes for stable gateways, dashboard access, and outbound webhook delivery. Open the homepage, purchase path, help center, or blog—no sign-in required to browse.

Home Purchase Help Blog