Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: control-ui writes exec approval entries with unsupported `source` field, causing repeated INVALID_REQUEST errors [3 pull requests, 2 comments, 3 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#60000Fetched 2026-04-08 02:37:42
View on GitHub
Comments
2
Participants
3
Timeline
9
Reactions
0
Author
sd1471123sd1471123
Participants
Harvindar994Harvindar994sd1471123sd1471123sharkqwysharkqwy
Timeline (top)
cross-referenced ×4commented ×2labeled ×2referenced ×1

Every time the OpenClaw control-ui (webchat) connects to the gateway, it attempts to sync exec approval data via exec.approvals.set. The entries it writes include a source field (e.g., "source": "allow-always"), which the current version of the OpenClaw Gateway rejects with: INVALID_REQUEST: invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'

Error Message

This error is repeated on every control-ui reconnect, causing logspam. 3. Observe gateway logs: every time the webchat connects, an error like the above appears The gateway validates and rejects the incoming approval data because of the unsupported source field. The error is: The error repeats every time the control-ui tab reconnects (browser refresh, network flap, etc.) Logspam: The error log entry is written on every control-ui reconnect

Root Cause

The gateway validates and rejects the incoming approval data because of the unsupported source field. The error is:

Fix Action

Fixed

PR fix notes

PR #60064: fix(gateway): accept allow-always exec approval metadata

Description (problem / solution / changelog)

Summary

  • accept source: "allow-always" in gateway exec approvals set payloads
  • add validator coverage for both gateway and node exec approvals set params
  • align the Control UI allowlist entry type with the runtime and gateway shape

Testing

  • pnpm.cmd exec vitest run src/gateway/protocol/exec-approvals-validators.test.ts
  • pnpm.cmd exec vitest run src/gateway/server.ios-client-id.test.ts src/gateway/protocol/cron-validators.test.ts
  • pnpm.cmd lint src/gateway/protocol/schema/exec-approvals.ts src/gateway/protocol/exec-approvals-validators.test.ts ui/src/ui/controllers/exec-approvals.ts

Closes #60000.

Changed files

  • src/gateway/protocol/exec-approvals-validators.test.ts (added, +39/-0)
  • src/gateway/protocol/schema/exec-approvals.ts (modified, +1/-0)
  • ui/src/ui/controllers/exec-approvals.ts (modified, +2/-0)

PR #60073: fix(gateway): add source field to exec approvals allowlist entry schema

Description (problem / solution / changelog)

Summary

The AJV schema for exec.approvals.set (ExecApprovalsAllowlistEntrySchema) was missing the source field that is present in the ExecAllowlistEntry TypeScript type (source?: "allow-always").

The control-ui includes source: "allow-always" on allowlist entries it writes (entries approved via "allow always"). Since the gateway validates incoming params strictly with additionalProperties: false, it rejected every such entry with:

INVALID_REQUEST: invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'

This error repeated on every control-ui reconnect, causing log spam without any data corruption (the gateway correctly rejected the bad payload).

Fix: add source: Type.Optional(Type.Literal("allow-always")) to the schema, matching the TypeScript type.

Test plan

  • Open control-ui, connect to gateway — no more INVALID_REQUEST errors in gateway logs on reconnect
  • Exec approvals tests pass (7/7)
  • Gateway protocol schema tests pass (37/37)

Fixes #60000

🤖 Generated with Claude Code

Changed files

  • src/agents/pi-embedded-subscribe.handlers.tools.ts (modified, +2/-8)
  • src/gateway/protocol/schema/exec-approvals.ts (modified, +1/-0)

PR #60099: fix(exec): accept allowlist metadata in approval sync

Description (problem / solution / changelog)

Summary

  • accept llowlist[].source and llowlist[].commandText in exec approvals protocol payloads
  • align the Control UI exec approvals allowlist type with the runtime metadata fields it round-trips
  • add validator coverage for gateway and node exec approvals saves

Testing

  • pnpm.cmd exec vitest run src/gateway/protocol/exec-approvals-validators.test.ts
  • pnpm.cmd lint src/gateway/protocol/schema/exec-approvals.ts src/gateway/protocol/exec-approvals-validators.test.ts ui/src/ui/controllers/exec-approvals.ts
  • pnpm.cmd check

Fixes #60000

Changed files

  • src/gateway/protocol/exec-approvals-validators.test.ts (added, +34/-0)
  • src/gateway/protocol/schema/exec-approvals.ts (modified, +2/-0)
  • ui/src/ui/controllers/exec-approvals.ts (modified, +2/-0)

Code Example

openclaw logs 2>&1 | grep "exec.approvals.set"

### Expected behavior

The gateway should either:

Accept the source field as a valid property, or
The control-ui should not write entries with this field in the first place

### Actual behavior

The gateway validates and rejects the incoming approval data because of the unsupported source field. The error is:

Copy
⇄ res ✗ exec.approvals.set 1ms errorCode=INVALID_REQUEST errorMessage=invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'; ...
Connection: conn=<id> remote=127.0.0.1 client=openclaw-control-ui webchat vcontrol-ui
The error repeats every time the control-ui tab reconnects (browser refresh, network flap, etc.)

Impact
Logspam: The error log entry is written on every control-ui reconnect
No data corruption: The gateway correctly rejects the malformed entries, so is not corruptedexec-approvals.json
User confusion: Repeated errors may cause users to think something is broken

### OpenClaw version

2026.4.2 (d74a122)

### Operating system

ubuntu26.04

### Install method

_No response_

### Model

minimax-2.7

### Provider / routing chain

openclaw--minimax

### Additional provider/model setup details

_No response_

### Logs, screenshots, and evidence

logs

2026-04-03T01:53:29.803Z info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✗ exec.approvals.set 1ms errorCode=INVALID_REQUEST errorMessage=invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'; at /file/agents/main/allowlist/112: unexpected property 'source'; at /file/agents/main/allowlist/113: unexpected property 'source'; ... conn=5beee31a...6816 id=479811c3...126b
RAW_BUFFERClick to expand / collapse

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Every time the OpenClaw control-ui (webchat) connects to the gateway, it attempts to sync exec approval data via exec.approvals.set. The entries it writes include a source field (e.g., "source": "allow-always"), which the current version of the OpenClaw Gateway rejects with: INVALID_REQUEST: invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'

Steps to reproduce

This error is repeated on every control-ui reconnect, causing logspam.

Steps to Reproduce

  1. Have a running OpenClaw gateway (v2026.4.x)
  2. Open the OpenClaw Control UI (openclaw dashboard or directly via http://<host>:18789/)
  3. Observe gateway logs: every time the webchat connects, an error like the above appears
openclaw logs 2>&1 | grep "exec.approvals.set"

### Expected behavior

The gateway should either:

Accept the source field as a valid property, or
The control-ui should not write entries with this field in the first place

### Actual behavior

The gateway validates and rejects the incoming approval data because of the unsupported source field. The error is:

Copy
⇄ res ✗ exec.approvals.set 1ms errorCode=INVALID_REQUEST errorMessage=invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'; ...
Connection: conn=<id> remote=127.0.0.1 client=openclaw-control-ui webchat vcontrol-ui
The error repeats every time the control-ui tab reconnects (browser refresh, network flap, etc.)

Impact
Logspam: The error log entry is written on every control-ui reconnect
No data corruption: The gateway correctly rejects the malformed entries, so is not corruptedexec-approvals.json
User confusion: Repeated errors may cause users to think something is broken

### OpenClaw version

2026.4.2 (d74a122)

### Operating system

ubuntu26.04

### Install method

_No response_

### Model

minimax-2.7

### Provider / routing chain

openclaw--minimax

### Additional provider/model setup details

_No response_

### Logs, screenshots, and evidence

logs

2026-04-03T01:53:29.803Z info gateway/ws {"subsystem":"gateway/ws"} ⇄ res ✗ exec.approvals.set 1ms errorCode=INVALID_REQUEST errorMessage=invalid exec.approvals.set params: at /file/agents/main/allowlist/96: unexpected property 'source'; at /file/agents/main/allowlist/112: unexpected property 'source'; at /file/agents/main/allowlist/113: unexpected property 'source'; ... conn=5beee31a...6816 id=479811c3...126b

Impact and severity

No response

Additional information

No response

extent analysis

TL;DR

The OpenClaw Gateway rejects exec.approvals.set requests from the control-ui due to an unexpected 'source' property, causing logspam on every reconnect.

Guidance

  • Verify the OpenClaw Gateway version (2026.4.2) and check if there are any updates or patches available that may address this issue.
  • Consider modifying the control-ui to exclude the 'source' field from the exec.approvals.set requests, if possible, to prevent the gateway from rejecting them.
  • Review the gateway configuration to see if there are any settings that can be adjusted to accept or ignore the 'source' field in the approval data.
  • Check the control-ui documentation to see if there are any known issues or workarounds related to this problem.

Example

No code snippet is provided as the issue does not imply a specific code change.

Notes

The issue seems to be related to a version mismatch or incompatibility between the control-ui and the OpenClaw Gateway. The 'source' field may have been added in a newer version of the control-ui, but the gateway does not support it yet.

Recommendation

Apply a workaround by modifying the control-ui to exclude the 'source' field from the exec.approvals.set requests, if possible, to prevent the gateway from rejecting them and causing logspam. This should mitigate the issue until a more permanent fix is available.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

The gateway should either:

Accept the source field as a valid property, or The control-ui should not write entries with this field in the first place

#ISR setup#authentication setup#request error#file not found#serialization error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING