Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Here is the standardized English GitHub Issue, formatted and ready to be copied and pasted directly into the repository's issue tracker:

Title: [Bug]: Exact command hashing in exec approvals renders allow-always ineffective for dynamic commands

Environment:

• OpenClaw Version: 2026.4.1 (Commit: da64a97)

Description: Whenever the agent executes a command, the system generates a command hash (=command:xxxxxxxx) based on the exact, full string of the command. Consequently, if the operation is identical (e.g., running the same Python script) but contains minor variations in the arguments, a new hash is generated and a new exec approval prompt is triggered. When a user clicks "Always allow," it only permanently authorizes that specific hash. It fails to cover similar commands, trapping the user in an infinite loop of approval prompts.

Steps to reproduce

Steps to Reproduce:

1. Set tools.exec.ask = "on-miss" in the configuration.
2. Prompt the agent to execute any parameterized Python command, and click "Always allow" on the UI prompt.
3. Prompt the agent to execute the same Python command but with a slightly different parameter.
4. Observe that a new approval prompt appears despite the previous "Always allow" action.

Expected behavior

Expected Behavior: The allow-always feature should support authorization based on the executable path or command pattern, rather than being strictly limited to full-string command hashes. For example:

• Allow blanket authorization for a specific executable (e.g., python.exe).
• Allow authorization for all scripts within a specific directory (e.g., workspace/**).
• Provide a "Trust this executable for all calls" option in the UI.

Actual behavior

Actual Impact: This rigid hashing mechanism has forced me to click "Always allow" hundreds of times over the past three days with no improvement in workflow. The only temporary workaround is forcing the agent to use static, hardcoded script files to keep the command hash static, which severely cripples the agent's dynamic flexibility.

Technical Details & Evidence: Failed Command Example:

python email_sender.py --content-file Day_007.md
python email_sender.py --content-file Day_008.md

Both commands invoke the exact same script but have different arguments, generating entirely different hashes. This makes allow-always functionally useless for dynamic tasks.

Secondary Persistence Bug: The exec-approvals.json file is wiped clean/reset to empty every time the gateway restarts. Any manually written whitelist entries are lost, further exacerbating the primary issue.

Proposed Solutions:

1. Upgrade the allowlist to support executable-level matching (ignoring arguments).
2. Upgrade the allowlist to support wildcard pattern matching for full commands.
3. Fix the persistence bug so exec-approvals.json is not overwritten or cleared upon startup.

*** This format aligns perfectly with standard open-source contribution guidelines and clearly separates the UX flow issues from the backend persistence bug.

OpenClaw version

v2026.4.1

Operating system

windows11

Install method

No response

Model

qwen3.5-plus

Provider / routing chain

Feishu (飞书) → OpenClaw Gateway (localhost:18789) → Alibaba Cloud Bailian → qwen3.5-plus

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response