Environment
- macOS 15.3.1 (arm64, Mac mini — no Touch ID, no companion app)
- OpenClaw 2026.2.19-2
Description
After every openclaw gateway restart, exec calls from the agent return Approval required for anywhere between 2.5 and 18 minutes, even though:
exec-approvals.json has security=full, ask=off, askFallback=fullopenclaw approvals get --gateway confirms the gateway loaded the correct config (security=full, ask=off)- The exec calls do eventually resolve successfully (they're not permanently blocked)
Steps to Reproduce
- Set
~/.openclaw/exec-approvals.json with security=full, ask=off, askFallback=full for both defaults and all agents
- Run
openclaw gateway restart
- Immediately attempt an exec call from the agent
- Observe: returns
Approval required (id ...) and sits pending for several minutes
- Eventually resolves with
Exec finished system event
What I Tried
- Set
tools.exec.host=gateway, security=full, ask=off in openclaw.json — no change
- Explicitly passing
host=gateway in exec tool calls — same delay
openclaw approvals get --gateway shows correct config is loaded- No companion app / macOS app installed (Mac mini without Touch ID)
Expected Behavior
With security=full and ask=off, exec should work immediately after gateway restart with no approval prompts or delays.
Actual Behavior
3–18 minute delay before exec calls resolve. Delay is inconsistent across restarts. During this window, all exec calls queue as Approval required and eventually complete — none are permanently denied.
Notes
The exec-approvals.sock file is never created (no companion app), which may be related. askFallback=full was added specifically to handle the no-UI case.
Environment
Description
After every
openclaw gateway restart, exec calls from the agent returnApproval requiredfor anywhere between 2.5 and 18 minutes, even though:exec-approvals.jsonhassecurity=full, ask=off, askFallback=fullopenclaw approvals get --gatewayconfirms the gateway loaded the correct config (security=full, ask=off)Steps to Reproduce
~/.openclaw/exec-approvals.jsonwithsecurity=full, ask=off, askFallback=fullfor bothdefaultsand all agentsopenclaw gateway restartApproval required (id ...)and sits pending for several minutesExec finishedsystem eventWhat I Tried
tools.exec.host=gateway,security=full,ask=offinopenclaw.json— no changehost=gatewayin exec tool calls — same delayopenclaw approvals get --gatewayshows correct config is loadedExpected Behavior
With
security=fullandask=off, exec should work immediately after gateway restart with no approval prompts or delays.Actual Behavior
3–18 minute delay before exec calls resolve. Delay is inconsistent across restarts. During this window, all exec calls queue as
Approval requiredand eventually complete — none are permanently denied.Notes
The
exec-approvals.sockfile is never created (no companion app), which may be related.askFallback=fullwas added specifically to handle the no-UI case.