Description
After updating to OpenClaw v2026.3.13, openclaw status reports Gateway as unreachable with error missing scope: operator.read, but openclaw gateway probe shows the Gateway is actually reachable and functional.
Environment
- OpenClaw Version: 2026.3.13
- OS: macOS 26.3.1 (arm64)
- Node: 25.8.1
- Gateway Mode: local (loopback)
Symptoms
openclaw status
# Shows: Gateway · unreachable (missing scope: operator.read)
openclaw gateway probe
# Shows: Reachable: yes, Connect: ok (9ms)
# Warning: missing scope: operator.read
Diagnosis
- Gateway is running normally (PID active, RPC probe: ok)
- WebSocket connection succeeds (9ms latency)
- Device auth token exists at
~/.openclaw/identity/device-auth.json
- Operator token scopes are:
operator.admin, operator.approvals, operator.pairing
- Missing scope:
operator.read
Attempts to Fix
- Gateway restart: No change
- Delete device-auth.json + restart: New token generated but still missing
operator.read scope
Expected Behavior
openclaw status should show Gateway as reachable- Operator token should include
operator.read scope by default, OR
- Gateway should grant
operator.read scope during device pairing
Actual Behavior
- Gateway connection works but status shows unreachable
- Device auth token lacks
operator.read scope
- Warning message: "Hint: pair device identity or use credentials with operator.read"
Impact
- Functionality: No impact - Gateway and agents work normally
- Monitoring:
openclaw status shows false unreachable warning
- Alternative: Use
openclaw gateway status for accurate status
Request
Please clarify:
- Is
operator.read a new required scope in v2026.3.13?
- How should device pairing grant this scope?
- Is this a bug in token generation or scope validation?
Logs
// device-auth.json operator token
{
"scopes": [
"operator.admin",
"operator.approvals",
"operator.pairing"
]
}// openclaw gateway probe output
Reachable: yes
Connect: ok (9ms) · RPC: limited - missing scope: operator.read
Description
After updating to OpenClaw v2026.3.13,
openclaw statusreports Gateway as unreachable with errormissing scope: operator.read, butopenclaw gateway probeshows the Gateway is actually reachable and functional.Environment
Symptoms
Diagnosis
~/.openclaw/identity/device-auth.jsonoperator.admin,operator.approvals,operator.pairingoperator.readAttempts to Fix
operator.readscopeExpected Behavior
openclaw statusshould show Gateway as reachableoperator.readscope by default, ORoperator.readscope during device pairingActual Behavior
operator.readscopeImpact
openclaw statusshows false unreachable warningopenclaw gateway statusfor accurate statusRequest
Please clarify:
operator.reada new required scope in v2026.3.13?Logs