openclaw - 💡(How to fix) Fix [Bug]: exec-approvals.json defaults not honored — per-call parameters required to bypass allowlist [3 comments, 3 participants]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

exec-approvals.json has correct defaults (ask: "off", security: "full", wildcard * pattern in allowlist), but the gateway does not honor them consistently. Exec calls from one channel (Telegram) fail with "exec denied: allowlist miss" while the identical agent on another channel (webchat) can force through by explicitly passing security: "full" and ask: "off" as per-call parameters.

Steps to reproduce

1. Configure exec-approvals.json as shown above (ask: off, wildcard allowlist)
2. From Telegram channel, have the agent call exec with just the command (no per-call security parameters)
3. Result: exec denied: allowlist miss
4. From webchat channel, have the same agent call exec with explicit security: "full" and ask: "off" parameters on the tool call
5. Result: Command executes successfully

Both channels use the same gateway, same agent (agent:main), same exec-approvals.json.

Expected behavior

• exec-approvals.json defaults should be honored regardless of channel (Telegram, webchat, Discord)
• If ask: "off" and wildcard * are in the allowlist, ALL exec calls should pass without per-call overrides
• Channel should have no effect on exec permission resolution

Actual behavior

• The gateway ignores exec-approvals.json defaults for Telegram sessions
• Webchat sessions can work around it by passing per-call parameters, but this is a workaround, not correct behavior
• The agent should NOT need to pass per-call security parameters when exec-approvals.json already specifies them

OpenClaw version

• OpenClaw 2026.3.13

Operating system

• macOS (arm64)

Install method

npm global

Model

anthropic/claude-opus-4.6

Provider / routing chain

openclaw ai gateway

Additional provider/model setup details

• Two channels: webchat and Telegram

exec-approvals.json (correct, verified)

{
  "defaults": {
    "security": "full",
    "ask": "off",
    "askFallback": "full",
    "autoAllowSkills": true
  },
  "agents": {
    "main": {
      "security": "full",
      "ask": "off",
      "askFallback": "full",
      "autoAllowSkills": true,
      "allowlist": [
        { "pattern": "*" },
        { "pattern": "/bin/sh" },
        { "pattern": "/bin/bash" },
        { "pattern": "/bin/zsh" },
        { "pattern": "/**/*" }
      ]
    },
    "*": {
      "security": "full",
      "ask": "off",
      "allowlist": [
        { "pattern": "*" },
        { "pattern": "/**/*" }
      ]
    }
  }
}

Logs, screenshots, and evidence

Impact and severity

• Telegram sessions cannot run exec commands (scripts, health checks, cron tasks that need exec)
• Recurring 2-7 hour debugging sessions trying to fix config that is already correct
• False fix (exec block in openclaw.json) breaks gateway startup

Additional information

• Previously believed a top-level exec.defaults block in openclaw.json was the fix. This is wrong — exec is not a valid key in openclaw.json and causes Config invalid: Unrecognized key: "exec" on gateway restart.
• The MEMORY.md entry claiming this fix works has been propagating the error across sessions, causing repeated gateway failures.
• This has been a recurring issue since March 17, 2026 (7+ hours debugging), reoccurred March 31 (2 hours), and again April 1.

Related issues

• #59224 (exec-approvals not honored in isolated cron sessions)