How can my agent access my computer if the Gateway is hosted remotely

Short answer: pair your computer as a node. The Gateway runs elsewhere, but it can call node.* tools (screen, camera, system) on your local machine over the Gateway WebSocket.
Typical setup:
Run the Gateway on the always‑on host (VPS/home server).
Put the Gateway host + your computer on the same tailnet.
Ensure the Gateway WS is reachable (tailnet bind or SSH tunnel).
Open the macOS app locally and connect in Remote over SSH mode (or direct tailnet) so it can register as a node.
Approve the node on the Gateway:
openclaw nodes pending
openclaw nodes approve <requestId>
No separate TCP bridge is required; nodes connect over the Gateway WebSocket.
Security reminder: pairing a macOS node allows system.run on that machine. Only pair devices you trust, and review Security.
Docs: Nodes, Gateway protocol, macOS remote mode, Security.