[Bug]: openclaw doctor crashes on exec SecretRef channel credentials (exit 1)

[SerAgentCape]

[Bug]: openclaw doctor crashes on exec SecretRef channel credentials (exit 1)

Summary

openclaw doctor (and doctor --non-interactive) exits with code 1 and a fatal error when any channel credential (e.g. channels.telegram.botToken) is configured as an exec-based SecretRef. The gateway resolves these credentials correctly at runtime — openclaw status reports the channel as ON/OK — but the doctor CLI reads config directly without resolving exec SecretRefs against the running gateway, causing a hard failure.

This makes doctor entirely unusable for deployments that follow the recommended security practice of storing channel credentials in external secret managers (sops, 1Password, pass, etc.).

Steps to reproduce

1. Configure a channel credential as an exec SecretRef:

   channels: {
     telegram: {
       botToken: {
         source: "exec",
         command: "sops",
         args: ["decrypt", "--extract", "[\"telegram_token\"]", "~/.openclaw/secrets.enc.json"]
       }
     }
   }

2. Confirm the gateway starts and resolves the token correctly:

   openclaw status
   # → Telegram: ON / OK (token resolved)

3. Run doctor:

   openclaw doctor --non-interactive

Expected behavior

Doctor should either:

• Resolve exec SecretRefs by querying the running gateway's runtime config snapshot (via secrets.resolve, already used by openclaw memory status and openclaw models status), or
• Degrade gracefully on unresolvable exec SecretRefs — log a non-blocking warning and continue remaining checks, exiting 0 if no structural issues are found

Actual behavior

Doctor hard-exits with code 1:

Error: channels.telegram.botToken: unresolved SecretRef "exec:<provider>:value".
Resolve this command against an active gateway runtime snapshot before reading it.

The error message itself names the intended fix ("resolve against an active gateway runtime snapshot") but doctor does not implement it.

Environment

• OpenClaw version: 2026.3.12 (6472949) — also present in 2026.3.11
• OS: Linux 6.18.7 (x64)
• Install method: sudo npm install -g openclaw@latest (system prefix)

Severity / impact

Medium. openclaw doctor is the primary health-check and self-repair tool, but it is completely broken for any deployment that uses exec SecretRefs for channel credentials. This is the recommended way to store bot tokens securely (per the secrets docs), so this failure mode affects exactly the users following best practices.

Practical impact:

• Cannot use doctor for post-update health checks
• Cannot use doctor --fix for automated repairs (e.g. cron delivery normalization migrations)
• Workaround: use openclaw status for channel health; manually verify remaining doctor checks

Additional context

Related issues:

• [Bug]: models status --probe reports "missing or expired" for exec-based SecretRef auth profiles #30311 — models status --probe has the same exec SecretRef resolution gap (auth profiles)
• Memory: handle SecretRef keys in doctor embeddings #36835 — Memory/doctor SecretRef handling: memory-search API keys were fixed to degrade gracefully rather than crash; channel credentials were not included in that fix
• CLI: make read-only SecretRef status flows degrade safely #37023 — CLI: make read-only SecretRef status flows degrade safely: similar class of fix for other CLI status paths; doctor was not covered

The pattern is consistent: the gateway runtime resolves exec SecretRefs correctly, but CLI tooling that reads config directly hits unresolved refs. Each surface has been fixed ad-hoc (#36835, #37023, #30311). A systematic fix would have doctor call secrets.resolve against the gateway snapshot before reading credential fields — which is exactly what the error message already suggests.

[GMTekAI]

Did a source pass on this one and the report looks credible.

The key issue seems to be that doctor is only partially on the gateway-backed SecretRef resolution path today.

What I found:

• There is already a command-time SecretRef flow for CLI surfaces that need runtime-resolved config, via src/cli/command-secret-gateway.ts
• That path is already used by commands like channels status, memory, models, and even part of doctor --fix (for example the Telegram allowFrom auto-repair path in src/commands/doctor-config-flow.ts)
• But doctor still has read-only/security paths that operate directly on config objects instead of a gateway-resolved snapshot

One concrete path:

• src/commands/doctor-security.ts calls resolveDefaultChannelAccountContext()
• src/commands/channel-account-context.ts currently uses plugin.config.resolveAccount(cfg, accountId)
• For channels like Telegram, that goes through src/telegram/token.ts, which calls normalizeResolvedSecretInputString(...)
• That helper throws the exact unresolved-SecretRef error from src/config/types.secrets.ts when the credential is still an exec/file ref in command-local config

That matches the issue’s symptom pretty well:

• runtime gateway path can be healthy
• openclaw status / channels status --probe can work
• but doctor can still crash because one of its local config-inspection paths resolves channel credentials too eagerly

There is already a safer read-only channel inspection path in the tree (inspectReadOnlyChannelAccount / buildReadOnlySourceChannelAccountSnapshot), so my read is that the likely fix is one of:

• make doctor use gateway-resolved config consistently for channel credential reads, or
• switch the doctor/security/read-only channel checks to the non-throwing inspect path instead of plugin.config.resolveAccount(...)

So yes: this looks like a real gap, and it also fits the broader pattern the issue calls out where runtime SecretRef support exists but some CLI read-only flows are still bypassing it.

[pandego]

Confirmed this matches my setup on macOS with Telegram configured as a named account and the bot token stored as an exec SecretRef.

My failing path is under channels.telegram.accounts.<account-id>.botToken.

openclaw doctor fails with unresolved SecretRef "exec:telegram_keychain:value", while runtime is healthy and Telegram works normally.

From reading PR #45741, it appears to cover this case too by falling back to read-only account inspection through the plugin account ID path instead of requiring plaintext or already-resolved token access in doctor.

[joshavant]

Thanks for raising this, @SerAgentCape.

Closing this as addressed by #47794, which supersedes this issue’s fix surface.

How it relates:

• secrets: harden read-only SecretRef command paths and diagnostics #47794 hardens read-only doctor/status account evaluation so unresolved SecretRefs (including exec-backed refs) degrade safely with diagnostics instead of crashing.
• It adds regression coverage around the read-only resolution path and doctor/security command flow so this failure mode stays covered.

Thanks again for the report and for helping drive this fix.