Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix doctor --fix corrupts access control on multi-account Telegram installs (2026.4.5) [1 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#62200Fetched 2026-04-08 03:07:43
View on GitHub
Comments
0
Participants
1
Timeline
2
Reactions
0
Author
chas41chas41
Participants
chas41chas41
Timeline (top)
closed ×1cross-referenced ×1

openclaw doctor --fix migrates top-level channels.telegram.{dmPolicy,allowFrom,groupPolicy} into a new channels.telegram.accounts.default entry. This is correct for installs that started single-account and got promoted, but incorrect for multi-account installs where the top-level fields act as a fallback for the real account entries (e.g. accounts.bot1, accounts.bot2, etc.).

After migration, none of the real bot accounts have allowlist coverage anywhere, and every previously-allowlisted user hits the "access not configured" lockout.

Root Cause

openclaw doctor --fix migrates top-level channels.telegram.{dmPolicy,allowFrom,groupPolicy} into a new channels.telegram.accounts.default entry. This is correct for installs that started single-account and got promoted, but incorrect for multi-account installs where the top-level fields act as a fallback for the real account entries (e.g. accounts.bot1, accounts.bot2, etc.).

After migration, none of the real bot accounts have allowlist coverage anywhere, and every previously-allowlisted user hits the "access not configured" lockout.

Fix Action

Workaround

Restore the pre-migration config from ~/.openclaw/openclaw.json.bak (which doctor writes automatically) and restart the gateway. The 4.5 compat layer handles the legacy shape transparently, so the migration can be deferred indefinitely until either upstream fixes the migration logic or the compat layer is removed.

sudo cp ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
sudo systemctl restart openclaw-gateway

PR fix notes

PR #62263: Fix Telegram doctor migration for multi-account configs

Description (problem / solution / changelog)

Fixes #62200.

Summary:

  • keep top-level Telegram access-control fallback when named accounts already exist
  • add regression coverage for doctor normalization on multi-account Telegram configs

Testing:

  • bun --eval 'import { normalizeCompatibilityConfigValues } from "./src/commands/doctor-legacy-config.ts"; import { mergeTelegramAccountConfig } from "./extensions/telegram/src/accounts.ts"; const res = normalizeCompatibilityConfigValues({ channels: { telegram: { enabled: true, dmPolicy: "allowlist", allowFrom: ["123"], groupPolicy: "allowlist", accounts: { bot1: { enabled: true, botToken: "bot-1-token" }, bot2: { enabled: true, botToken: "bot-2-token" } } } } }); console.log(JSON.stringify({ changes: res.changes, bot1: mergeTelegramAccountConfig(res.config, "bot1"), bot2: mergeTelegramAccountConfig(res.config, "bot2") }, null, 2));'
  • pnpm test src/commands/doctor-legacy-config.migrations.test.ts -t 'preserves top-level Telegram allowlist fallback for existing named accounts' (hangs locally after starting Vitest; no result flushed)
  • pnpm check blocked by unrelated existing tsgo failures on this branch base

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • extensions/telegram/src/setup-contract.ts (modified, +1/-0)
  • extensions/telegram/src/shared.ts (modified, +2/-1)
  • src/channels/plugins/setup-helpers.ts (modified, +0/-1)
  • src/commands/doctor-legacy-config.migrations.test.ts (modified, +17/-15)
  • src/commands/doctor/shared/legacy-config-core-normalizers.ts (modified, +5/-10)

Code Example

{
  "channels": {
    "telegram": {
      "enabled": true,
      "dmPolicy": "allowlist",
      "allowFrom": ["<USER_ID>"],
      "groupPolicy": "allowlist",
      "accounts": {
        "bot1": { "botToken": "..." },
        "bot2": { "botToken": "..." },
        "bot3": { "botToken": "..." }
      }
    }
  }
}

---

sudo -u openclaw -H openclaw doctor --fix

---

{
  "channels": {
    "telegram": {
      "enabled": true,
      "accounts": {
        "bot1": { "botToken": "..." },
        "bot2": { "botToken": "..." },
        "bot3": { "botToken": "..." },
        "default": {
          "dmPolicy": "allowlist",
          "allowFrom": ["<USER_ID>"],
          "groupPolicy": "allowlist"
        }
      }
    }
  }
}

---

OpenClaw: access not configured.

Your Telegram user id: <USER_ID>
Pairing code: <CODE>
Ask the bot owner to approve with:
openclaw pairing approve telegram <CODE>

---

sudo cp ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
sudo systemctl restart openclaw-gateway

---

sudo cat ~/.openclaw/openclaw.json | python3 -c "
import json, sys
tg = json.load(sys.stdin).get('channels', {}).get('telegram', {})
accts = list(tg.get('accounts', {}).keys())
top_level = [k for k in ('dmPolicy','allowFrom','groupPolicy') if k in tg]
print('AFFECTED' if len(accts) > 1 and top_level else 'safe')
"
RAW_BUFFERClick to expand / collapse

Summary

openclaw doctor --fix migrates top-level channels.telegram.{dmPolicy,allowFrom,groupPolicy} into a new channels.telegram.accounts.default entry. This is correct for installs that started single-account and got promoted, but incorrect for multi-account installs where the top-level fields act as a fallback for the real account entries (e.g. accounts.bot1, accounts.bot2, etc.).

After migration, none of the real bot accounts have allowlist coverage anywhere, and every previously-allowlisted user hits the "access not configured" lockout.

Version

OpenClaw 2026.4.5 (3e72c03), Node v22.22.2, Ubuntu 24.04 ARM64

Reproduction

Starting from a working multi-account Telegram config of this shape:

{
  "channels": {
    "telegram": {
      "enabled": true,
      "dmPolicy": "allowlist",
      "allowFrom": ["<USER_ID>"],
      "groupPolicy": "allowlist",
      "accounts": {
        "bot1": { "botToken": "..." },
        "bot2": { "botToken": "..." },
        "bot3": { "botToken": "..." }
      }
    }
  }
}

Run:

sudo -u openclaw -H openclaw doctor --fix

Doctor reports:

Moved channels.telegram single-account top-level values into channels.telegram.accounts.default.

After migration the config becomes:

{
  "channels": {
    "telegram": {
      "enabled": true,
      "accounts": {
        "bot1": { "botToken": "..." },
        "bot2": { "botToken": "..." },
        "bot3": { "botToken": "..." },
        "default": {
          "dmPolicy": "allowlist",
          "allowFrom": ["<USER_ID>"],
          "groupPolicy": "allowlist"
        }
      }
    }
  }
}

After systemctl restart openclaw-gateway, every previously-allowlisted user sending a message to any of the three bots receives:

OpenClaw: access not configured.

Your Telegram user id: <USER_ID>
Pairing code: <CODE>
Ask the bot owner to approve with:
openclaw pairing approve telegram <CODE>

Doctor's own readback after the migration also reports Telegram: not configured, even though the bot providers (bot1, bot2, bot3) start successfully and connect to Telegram normally per the gateway logs.

Expected behavior

Doctor should detect when accounts already contains real entries (not just default) and either:

  1. Copy the policy fields into each existing account entry (preserving the fallback semantics across all bots), or
  2. Set defaultAccount to whichever account should inherit the legacy fields, rather than creating a fictitious default entry, or
  3. Refuse to auto-migrate and emit a warning telling the user to canonicalize manually.

The current behavior silently breaks access control on a category of installs that the migration heuristic does not handle.

Workaround

Restore the pre-migration config from ~/.openclaw/openclaw.json.bak (which doctor writes automatically) and restart the gateway. The 4.5 compat layer handles the legacy shape transparently, so the migration can be deferred indefinitely until either upstream fixes the migration logic or the compat layer is removed.

sudo cp ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
sudo systemctl restart openclaw-gateway

Detection script for affected installs

sudo cat ~/.openclaw/openclaw.json | python3 -c "
import json, sys
tg = json.load(sys.stdin).get('channels', {}).get('telegram', {})
accts = list(tg.get('accounts', {}).keys())
top_level = [k for k in ('dmPolicy','allowFrom','groupPolicy') if k in tg]
print('AFFECTED' if len(accts) > 1 and top_level else 'safe')
"

Severity

High for affected installs: silent loss of access control, requires manual rollback. The compat layer means there's a clean workaround, so it's not a blocker for the 4.5 upgrade itself, but the migration command is currently a footgun.

extent analysis

TL;DR

The most likely fix is to restore the pre-migration configuration from the backup file and restart the gateway to avoid silent loss of access control.

Guidance

  • Identify if your installation is affected by running the provided detection script, which checks for multiple accounts and top-level policy fields in the openclaw.json file.
  • If affected, restore the pre-migration configuration from ~/.openclaw/openclaw.json.bak to maintain access control.
  • Restart the gateway after restoring the configuration to apply the changes.
  • Consider deferring the migration until the upstream migration logic is fixed or the compatibility layer is removed.

Example

No code snippet is necessary as the workaround involves restoring a backup file and restarting the service.

Notes

The current migration logic in openclaw doctor --fix does not handle multi-account installations correctly, leading to a loss of access control. The provided workaround restores the original configuration, allowing the installation to function as expected until a proper fix is available.

Recommendation

Apply the workaround by restoring the pre-migration configuration and restarting the gateway, as this ensures access control is maintained for affected installations.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

Doctor should detect when accounts already contains real entries (not just default) and either:

  1. Copy the policy fields into each existing account entry (preserving the fallback semantics across all bots), or
  2. Set defaultAccount to whichever account should inherit the legacy fields, rather than creating a fictitious default entry, or
  3. Refuse to auto-migrate and emit a warning telling the user to canonicalize manually.

The current behavior silently breaks access control on a category of installs that the migration heuristic does not handle.

#file not found#serialization error#model compatibility#GPU setup#container setup

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING