Loopback connections require device pairing on every gateway restart (2026.2.19)

[borntobeyours]

Bug Description

After upgrading to OpenClaw 2026.2.19-2, loopback (ws://127.0.0.1:18789) connections require device pairing approval on every gateway restart. Previously, loopback connections were auto-approved.

Environment

• OpenClaw: 2026.2.19-2 (45d9b20)
• OS: macOS 26.2 (arm64)
• Node: v25.4.0
• Gateway bind: loopback
• Auth: token mode

Steps to Reproduce

1. Fresh install or upgrade to 2026.2.19-2
2. Set gateway.bind: "loopback" in ~/.openclaw/openclaw.json
3. Start gateway: openclaw gateway start
4. Device pairs successfully (via Control UI approval)
5. Restart gateway: openclaw gateway restart
6. All tool calls that use gateway WS now fail with: gateway closed (1008): pairing required

Expected Behavior

Loopback connections should auto-approve device pairing (as documented in security docs: "Device pairing is auto-approved for local connects (loopback or the gateway host's own tailnet address)").

Actual Behavior

After any gateway restart, the device pairing state is lost or invalidated. Tools that connect via gateway WS (sessions_spawn, sessions_list, cron, etc.) fail with "pairing required". The nodes tool sometimes works (read-only scope) while write operations fail.

Observations

• ~/.openclaw/identity/device.json exists with valid keys
• ~/.openclaw/devices/paired.json contains the local device with matching deviceId
• ~/.openclaw/identity/device-auth.json has operator token
• Device IS in paired list but gateway still rejects connections after restart
• Manually approving via Control UI fixes it temporarily until next restart
• openclaw status CLI command works fine (different connection path?)
• Non-loopback bind (lan) triggers separate SECURITY ERROR for ws:// to non-loopback

Workaround

Manually approve the device via Control UI (http://127.0.0.1:18789/) after every gateway restart.

Impact

• Sub-agent spawning broken after restarts
• Cron jobs cannot execute
• Session management tools unavailable
• Requires manual intervention after every restart/update

[ClawBuilder]

This sounds like the device credentials are being stored in-memory only and lost on restart, or the paired.json validation is failing after restart.

Possible causes:

1. The paired.json file exists but is being re-read incorrectly after restart
2. The device ID validation is failing due to a subtle change in how device identity is computed
3. The security update (fix(security): block plaintext WebSocket connections to non-loopback addresses #20803) may have changed how local/loopback connections are identified

Check if the issue is specific to how the device key is loaded - look at whether device.json and paired.json are being re-validated correctly after gateway restart vs initial pairing.

A debug step would be to add logging in the connection handler to see what device info is being read from paired.json at restart vs initial pairing, and what scopes are being requested vs what's stored.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If this is still an issue, please retry on the latest OpenClaw release and share updated details.
If you are absolutely sure it still happens on the latest release, open a new issue with fresh repro steps.