What does “pairing expired” mean in OpenClaw?

A time-bound pairing code or OAuth state was not completed before its TTL. Reissue pairing from a trusted client, keep clocks in sync with NTP, and avoid reusing stale deep links. Document the new pairing id in your change log.

How do per-channel or per-DM model overrides resolve?

Usually most-specific wins: conversation override beats channel, channel beats org default. If two rules match, the lexicographic or priority field in your openclaw.json (per release) decides; avoid duplicate channel ids across sections.

Where should I look first on a headless physical Mac?

launchd or process logs for the OpenClaw gateway, reverse-proxy access logs for 401/404 on the app URL, and the vendor delivery dashboard (Slack retries, Discord gateway intents). Pair with /metrics or JSONL audit if enabled.

Deployment Guide 2026-04-22

2026 OpenClaw Inbound Channel Governance: Slack/Discord DM Pairing and groupPolicy on a Remote Physical Mac—A Reproducible Runbook for Dropped Messages, Expired Pairing, and Per-Channel Model Overrides (openclaw.json + FAQ)

Q: Why do Slack or Discord DMs reach the platform but OpenClaw stays silent?

Check signing secret alignment, app installation to the right workspace, event subscriptions, and that DM pairing completed—an unbound DM session is often dropped by policy. Confirm groupPolicy allows the conversation and that the gateway process is running on the same host that owns the public ingress.

Teams that run OpenClaw on a ZoneMac remote physical Mac often need Slack and Discord in the same inbound governance story: private DM pairing to bind a human identity, groupPolicy to gate multi-party spaces, and explicit per-channel (or per-DM) model overrides so cost and latency match risk. This guide is for operators who get no user-visible response, pairing expired loops, or “the wrong model” on a specific thread. It includes a decision matrix, paste-ready openclaw.json structure, a seven-step runbook, citable checkpoints, and an FAQ. For gateway-wide health, see also OpenClaw multi-channel doctor & Discord/Telegram runbook (2026).

2026 OpenClaw Slack Discord DM pairing and groupPolicy on a remote physical Mac

1. Introduction & scope

DM pairing (sometimes called a pairing code flow) is how many gateway deployments prove “this human may talk to the agent in private” before expensive tools or secrets are in play. groupPolicy is the allowlist layer for shared spaces—only listed channel, thread, or group ids may invoke tools or the higher-cost models. On a headless physical Mac, the failure modes look like the chat apps work for humans, but the OpenClaw process never acks: usually it is signature/URL mismatch, incomplete OAuth or pairing, missing intents or event subscriptions, or a policy block (including model routing precedence).

This article assumes you can SSH to the node and edit openclaw.json with backups. For continuous observability of the same gateway, wire /metrics as in OpenClaw gateway Prometheus & Grafana on a remote Mac (2026).

2. Pain points (why “nothing happens”)

Treating chat delivery as “proof” the agent saw the message. Vendors can accept a webhook, return 200, and still not reach your app if the signing secret is wrong or a duplicate endpoint stole the event. You need verifiable HMAC or equivalent plus one active app URL on the public edge.
Assuming a DM is authorized without pairing. DM pairing exists to map user id ↔ internal policy subject. If pairing expired, was never completed, or a workspace reinstall invalidated bot membership, the gateway is right to drop or no-op.
Forgetting the group allowlist and model matrix interact. A channel can be allowed for chat while a stricter model policy routes that traffic to a cheaper or stub profile—so operators see “wrong model” instead of a hard deny. The fix is a defined precedence and an explicit override table per id.

3. Decision matrix: Slack vs Discord surfaces

Use this when choosing defaults for the same remote physical Mac gateway.

Dimension	Slack	Discord
Identity + enterprise guardrails	Mature workspace + app model, audit-friendly	Server model; intent and permission bits must be exact
DM & threads	Threads and app mentions well-defined in Events API	Thread ids differ; watch Gateway and message content intents
Pairing / bind workflow	Often a slash command or DM code to OpenClaw	Often OAuth + DMs; respect user id snowflakes
Default ops posture for ZoneMac	Fits corporate chat already on Slack	Fits community / dev groups

4. openclaw.json snippets (illustrative)

Structural example only: key names and nesting must follow your OpenClaw build. Use SecretRef / env indirection in production, merge with an existing gateway block, and back up before apply.

4.1 Slack: signing + DM pairing + groupPolicy

{
  "channels": {
    "slack": {
      "enabled": true,
      "appIdRef": "env:SLACK_APP_ID",
      "clientIdRef": "env:SLACK_CLIENT_ID",
      "clientSecretRef": "env:SLACK_CLIENT_SECRET",
      "botTokenRef": "env:SLACK_BOT_TOKEN",
      "signingSecretRef": "env:SLACK_SIGNING_SECRET",
      "inbound": {
        "urlPath": "/openclaw/slack/events",
        "verifyRequestSigning": true
      },
      "dmPairing": {
        "mode": "inline-code",
        "codeTtlMinutes": 15,
        "requireNewPairingOnWorkspaceReinstall": true
      },
      "groupPolicy": {
        "default": "deny",
        "allowChannelIds": ["C0123456789"],
        "allowThreadOnlyChannelIds": []
      },
      "modelByConversation": {
        "C0123456789": "anthropic:claude-3-5-sonnet",
        "DMBIND:U0ABCDEF": "openai:gpt-4.1-mini"
      }
    }
  }
}

4.2 Discord: bot token + intents + allowlist

{
  "channels": {
    "discord": {
      "enabled": true,
      "botTokenRef": "env:DISCORD_BOT_TOKEN",
      "applicationIdRef": "env:DISCORD_APP_ID",
      "gateway": {
        "intents": ["GUILDS", "GUILD_MESSAGES", "DIRECT_MESSAGES", "MESSAGE_CONTENT"]
      },
      "groupPolicy": {
        "default": "deny",
        "allowGuildIds": ["9876543210"],
        "allowChannelIds": ["111122223333444455"]
      },
      "dmPairing": {
        "mode": "dm-code",
        "codeTtlMinutes": 15
      }
    }
  }
}

Align codeTtlMinutes with the message you show users; when they see pairing expired, increase clarity before you increase TTL. Map modelByConversation keys to your build’s canonical id format (channel, DM, or thread), and avoid double-defining the same id under different spellings. For router-level model chains (failover) instead of per-chat overrides, align the same gateway’s upstream router and channel policy so rules do not fight across layers.

5. Seven-step runbook (remote physical Mac)

Snapshot and freeze config. cp openclaw.json openclaw.json.bak.$(date +%Y%m%d%H%M); record OpenClaw build id and the chat app’s app id in your ticket.
Prove public ingress to this Mac. From the internet, hit the vendor challenge URL; confirm the reverse proxy forwards to the same loopback port your gateway binds (e.g. 127.0.0.1:18789).
Reconcile signing and secrets. Slack: request signature. Discord: intents + bot auth. A single wrong secret looks like total silence in user chat.
Complete (or re-do) DM pairing. Issue a fresh code; if your pair store lives on disk, back it up before you wipe. Confirm the mapping appears in info-level logs or a local bind table.
Tighten groupPolicy, then test deny → allow. Start in default: deny for new installs; add one known channel id, send a test, then add more.
Check model override precedence. Send the same text in DM vs channel: you should see different upstream profiles if your matrix requires it. If not, the override key is wrong, not the model name.
Hand off to metrics + audit. Export the allowlist, pairing TTL, and the reverse-proxy vhost. On-call can load the next shift without re-deriving ids from screenshots.

6. Triage: silence, expired pairing, wrong model

Symptom	Likely root cause	First action
No user-visible response	Bad signature, wrong URL path, or groupPolicy deny; bot not in channel	Verify HMAC or vendor verification, re-invite bot, compare channel id to allowlist; watch gateway logs and proxy 4xx rates
“Pairing expired”	TTL shorter than the human loop; system clock skew; reused link	Confirm `sntp` / NTP on the Mac, reissue a code, tighten UX copy; avoid bumping TTL without threat review
Message handled but “wrong” model or tools	Override not keyed on the resolved conversation id; or router fallback masked it	Log resolved ids and compare to `modelByConversation`; de-duplicate router vs channel policy

7. Citable numbers & checklist items

Pairing code TTL (example): 15 minutes in the snippets—tune with your org’s SLO, but always document changes next to the OpenClaw version number.
Default deny on groupPolicy: Treat default: "deny" as the 2026 baseline for any bot that can run tools; widen allowlists in small batches.
Local listener: Binding the gateway to 127.0.0.1 and terminating TLS at the edge matches the common ZoneMac SSH + reverse proxy pattern and limits lateral exposure on the host.

8. FAQ

Q: Why do Slack or Discord DMs reach the platform but OpenClaw stays silent?
Most often: request signing is misaligned, the event subscription does not include the event you think you sent, or the DM is not paired under the current groupPolicy. If you recently rotated secrets, the edge may still 200 to the vendor while the process rejects internally—compare raw body verification against your env.

Q: Is raising pairing TTL the right fix for busy users?
Sometimes, but the safer sequence is: clearer instructions, clock checks, and a one-click re-pair path. Longer TTLs increase the window for accidental or malicious code reuse.

Q: How do I debug two channels that should differ in model but do not?
Dump the resolved conversation id after the adapter normalizes it; Slack thread vs channel ids and Discord thread ids differ. Keep one authoritative key namespace in modelByConversation and add tests when you add channels.

Q: Can I run Discord intents without the message content scope?
For many agents you cannot—MESSAGE_CONTENT (or the equivalent capability in your app manifest) is often required to interpret user text. Deny by policy at OpenClaw after receipt, not by starving the client.

9. Summary & why Mac mini fits this stack

Getting Slack/Discord inbounds right on the first try is less about product hype than about a boring sequence: verify signatures, prove pairing, and lock down groupPolicy before you widen tools. A ZoneMac remote physical Mac—especially a Mac mini M4 class node—is a strong match: Apple Silicon idle power on the order of a few watts, a Unix toolchain that matches openssh, launchd, and Homebrew workflows, and a low-crash desktop stack for unattended services.

Security and stability matter for long-lived webhooks: macOS ships Gatekeeper, SIP, and FileVault, which most commodity Windows utility hosts do not offer in the same integrated package. A quiet metal box in the corner beats chasing flaky VMs when your pair codes and allowlists must be correct at 3 a.m.

If you want a remote Mac to host OpenClaw, reverse proxies, and the observability in this runbook, Mac mini M4 is a sensible starting point. Get a dedicated physical node through ZoneMac and run this play on real hardware—then your Slack and Discord inbounds stay predictable, auditable, and on-policy.

Limited Time Offer

Need a remote physical Mac to host OpenClaw Slack/Discord inbounds?

ZoneMac Mac mini cloud gives you a stable macOS target for openclaw.json, reverse proxy, and signing secrets on one node—reproduce this runbook without simulators.

7×24 friendly Physical Mac SSH ready