SecretRef resolution fails at reply time for channel tokens (Slack/Telegram)

[SigmundSigmund]

Bug Description

SecretRef-based channel tokens (botToken, appToken) fail to resolve at reply time with:

channels.slack.accounts.default.botToken: unresolved SecretRef "exec:keychain_slack_bot:value". 
Resolve this command against an active gateway runtime snapshot before reading it.

Tokens resolve fine at startup (socket mode connects), but when the gateway tries to send a reply, SecretRef resolution fails. Affects both Slack and Telegram channels.

Environment

• OS: macOS 26.3.1 (arm64), Apple Silicon
• Node: v25.8.0
• OpenClaw: Reproduced on 2026.3.12 and 2026.3.13
• Channel mode: Slack socket mode
• SecretRef provider: exec (keychain wrapper scripts calling security find-generic-password)

Steps to Reproduce

1. Configure Slack channel with SecretRef-based botToken and appToken (exec provider, keychain scripts)
2. Gateway starts fine — socket mode connects, channel resolve runs
3. Send a message in a configured Slack channel
4. Gateway receives the message and attempts to reply
5. Reply fails with unresolved SecretRef error

Timeline

• Working: 2026-03-13 14:54 PDT — last successful delivered reply to channel
• Broken: 2026-03-13 15:04 PDT — first final reply failed after a gateway restart (npm update from 2026.3.11 to 2026.3.12)
• Attempted fixes: Multiple gateway restarts, hard stop/start, update to 2026.3.13 — none resolved it
• Workaround: Hardcoding tokens as plain strings in config works

Relevant Logs

Startup (works fine)

[slack] [default] starting provider
[slack] socket mode connected

Reply attempt (fails)

[slack] final reply failed: Error: channels.slack.accounts.default.botToken: unresolved SecretRef "exec:keychain_slack_bot:value". Resolve this command against an active gateway runtime snapshot before reading it.

Also affects Telegram

Error: channels.telegram.botToken: unresolved SecretRef "exec:keychain_telegram:value". Resolve this command against an active gateway runtime snapshot before reading it.

Workaround

Replace SecretRef objects with hardcoded token strings in openclaw.json:

// Before (broken)
"botToken": { "source": "exec", "provider": "keychain_slack_bot", "id": "value" }

// After (works)
"botToken": "xoxb-..."

Notes

• The missing_scope error on channel resolve is a separate pre-existing issue (non-fatal)
• The stale-socket health monitor restarts every ~35 min may be related
• The error message suggests the runtime snapshot context is not being passed to the reply code path

[dsantoreis]

This is a SecretRef lifecycle bug. The resolution works at startup because the gateway runs all SecretRef commands during config initialization and caches the resolved values. But at reply time, the code path is hitting the raw config object (with unresolved SecretRef placeholders) instead of the resolved runtime snapshot.

Two possible causes:

1. Config hot-reload race: if the config was reloaded after startup (due to file watcher or manual reload), the new config object has unresolved SecretRefs and the resolution step didn't re-run
2. Reply-path config access: the channel adapter's reply codepath reads from a different config reference than the one populated during startup resolution

The error message itself confirms this: "Resolve this command against an active gateway runtime snapshot" — the code is aware it has a raw ref, not a resolved value.

Workaround: use environment variables instead of exec-based SecretRefs for channel tokens. env:SLACK_BOT_TOKEN should resolve consistently since env vars don't need re-execution.

The fix should ensure the channel adapter always reads from the resolved config snapshot, not the raw parsed config.

[kouka-t0yohei]

I hit what looks like the same broader SecretRef/runtime-snapshot problem on macOS, but in my case it affected startup/control-ui paths too, not only reply-time delivery.

Environment

• OpenClaw: 2026.3.13
• macOS: Apple Silicon
• Channels involved: Discord + Slack

What I tried

I moved channel tokens out of plaintext for:

• channels.discord.token
• channels.slack.botToken
• channels.slack.appToken

1) exec SecretRef via macOS Keychain

Config shape was effectively:

• source: "exec"
• provider: macos_keychain
• ids like openclaw/discord/default and openclaw/slack-bot/default

Observed failures included:

• channels.discord.token: unresolved SecretRef "exec:macos_keychain:openclaw/discord/default". Resolve this command against an active gateway runtime snapshot before reading it.
• Exec provider "macos_keychain" failed for id "openclaw/slack-bot/default" (not found in keychain)
• [SECRETS_RELOADER_DEGRADED] Secret resolution failed; runtime remains on last-known-good snapshot

In some cases the existing runtime limped along on the last-known-good snapshot, but fresh gateway startup failed.

2) env SecretRef

Then I tried env refs instead:

• env:default:DISCORD_BOT_TOKEN
• env:default:SLACK_BOT_TOKEN
• env:default:SLACK_APP_TOKEN

That also failed in practice on control-ui / gateway runtime paths with unresolved SecretRef errors. .env alone was not enough because the service/runtime path did not consistently see those env vars.

Practical outcome

The only reliable recovery was to put the channel tokens back as plaintext strings in openclaw.json.

Why I think this is related

This seems like the same family of bug:

• channel token SecretRefs may validate or work in one path
• but fail in another path (startup, status, control-ui, reply, etc.)
• runtime snapshot / service environment / secret resolution behavior is inconsistent depending on call path

So this issue may be broader than reply-time delivery only.

If helpful, I can provide a cleaned repro matrix of:

• plaintext ✅
• exec SecretRef via macOS Keychain ❌
• env SecretRef via .env / launchd env ❌