OpenClaw 2026.3.13 local CLI status/gateway probe reports missing scope: operator.read even though CLI device token includes operator.read

[meizhenwei-dot]

Environment

• OpenClaw version: 2026.3.13
• OS: macOS 26.3.1 (arm64)
• Gateway mode: local
• Gateway service: LaunchAgent running
• Channel: Telegram enabled and working

Problem

After upgrading to OpenClaw 2026.3.13, the following commands report that the Gateway is reachable but RPC is limited because of a missing scope:

• openclaw status
• openclaw gateway probe

Typical output:

missing scope: operator.read

However, the paired CLI device token already includes operator.read.

This makes it look like the CLI is not actually using the paired CLI device token for these RPC calls, or is preferring another auth path with reduced scopes.

Symptoms

openclaw status

Shows something like:

Gateway ... unreachable (missing scope: operator.read)

openclaw gateway probe

Shows something like:

Connect: ok
RPC: limited - missing scope: operator.read

What still works

• Gateway service is running
• Telegram channel works normally
• Sessions work
• Security audit is clean
• CLI can connect to the gateway
• The issue appears limited to status/probe diagnostic RPC scope resolution

Evidence

openclaw devices list --json

The CLI device shows full operator scopes, including operator.read.

Example:

{
  "clientId": "cli",
  "clientMode": "cli",
  "role": "operator",
  "scopes": [
    "operator.read",
    "operator.admin",
    "operator.write",
    "operator.approvals",
    "operator.pairing"
  ],
  "tokens": [
    {
      "role": "operator",
      "scopes": [
        "operator.admin",
        "operator.approvals",
        "operator.pairing",
        "operator.read",
        "operator.write"
      ]
    }
  ]
}

Despite this, status and gateway probe still report missing operator.read.

Gateway logs

Gateway logs show RPC failures like:

errorCode=INVALID_REQUEST
errorMessage=missing scope: operator.read

Affected RPCs include:

• status
• system-presence
• config.get

This suggests that the CLI connection succeeds, but the RPC auth context is using a credential source that does not include operator.read.

Troubleshooting already attempted

I already tried all of the following and the issue still persists:

1. Upgraded to 2026.3.13
2. Ran openclaw doctor and accepted the gateway service entrypoint fix (entry.js → index.js)
3. Rotated the CLI device token
4. Removed and recreated the CLI device
5. Deleted local identity cache files:
   • ~/.openclaw/identity/device.json
   • ~/.openclaw/identity/device-auth.json
6. Restarted the gateway
7. Opened a fresh terminal and retried
8. Replaced gateway.auth.token with a newly generated token
9. Re-ran openclaw doctor

The paired CLI device still ends up having full scopes in devices list --json, but status / gateway probe still fail with missing operator.read.

Additional observations

There are also operator devices for webchat / control-ui that only have partial scopes:

• operator.admin
• operator.approvals
• operator.pairing

But even after isolating and repairing the CLI device, the problem still persists.

This suggests one of the following:

1. CLI status/probe is not actually using the paired CLI device token
2. CLI prefers gateway.auth.token over device token and that path lacks operator.read
3. There is a regression in 2026.3.13 around local gateway auth scope resolution

Expected behavior

If the CLI device token includes operator.read, then:

• openclaw status
• openclaw gateway probe

should return full normal output, rather than reporting:

missing scope: operator.read

Actual behavior

The Gateway connection succeeds, but RPC calls are restricted due to:

missing scope: operator.read

Severity

This does not appear to break core runtime behavior:

• Gateway works
• Telegram works
• Sessions work

So this seems like a diagnostic/auth scope bug rather than a total service failure.

[mateu]

Repro’d on 2026.3.13 (61d171a) with local loopback gateway + Control UI (, allowedOrigins set).\n\n- Control UI websocket connects ().\n- Rotated active control-ui device token to full scopes incl. .\n- shows contains .\n- But live RPCs still fail on active connection:\n - , , -> \n- [plugins] Chorus plugin initializing — http://localhost:3001 (all projects)
[plugins] [lcm] Plugin loaded (enabled=true, db=/home/hunter/.openclaw/state/lcm/lcm.db, threshold=0.75)
[plugins] Chorus plugin initializing — http://localhost:3001 (all projects)
[plugins] [lcm] Plugin loaded (enabled=true, db=/home/hunter/.openclaw/state/lcm/lcm.db, threshold=0.75)
OpenClaw status

Overview
┌─────────────────┬────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Item │ Value │
├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Dashboard │ http://127.0.0.1:18789/ │
│ OS │ linux 6.17.4-2-pve (x64) · node 24.14.0 │
│ Tailscale │ off │
│ Channel │ stable (config) │
│ Update │ pnpm · npm latest 2026.3.13 │
│ Gateway │ local · ws://127.0.0.1:18789 (local loopback) · unreachable (missing scope: operator.read) │
│ Gateway service │ systemd installed · enabled · running (pid 668634, state active) │
│ Node service │ systemd not installed │
│ Agents │ 1 · no bootstrap files · sessions 61 · default main active just now │
│ Memory │ 281 files · 281 chunks · sources memory, sessions · plugin memory-core · vector ready │
│ Probes │ skipped (use --deep) │
│ Events │ none │
│ Heartbeat │ 30m (main) │
│ Sessions │ 61 active · default gpt-5.3-codex (272k ctx) · ~/.openclaw/agents/main/sessions/sessions.json │
└─────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────┘

Security audit
Summary: 0 critical · 0 warn · 2 info
No critical or warn findings detected.
Full report: openclaw security audit
Deep probe: openclaw security audit --deep

Channels
┌──────────┬─────────┬────────┬────────────────────────────────────────────────────────────────────────────────────────┐
│ Channel │ Enabled │ State │ Detail │
├──────────┼─────────┼────────┼────────────────────────────────────────────────────────────────────────────────────────┤
│ Telegram │ ON │ OK │ token config (8337…HXhk · len 46) · accounts 1/1 │
└──────────┴─────────┴────────┴────────────────────────────────────────────────────────────────────────────────────────┘

Sessions
┌────────────────────────────────┬────────┬──────────┬───────────────────────────────┬─────────────────────────────────┐
│ Key │ Kind │ Age │ Model │ Tokens │
├────────────────────────────────┼────────┼──────────┼───────────────────────────────┼─────────────────────────────────┤
│ agent:main:main │ direct │ just now │ gpt-5.3-codex │ 35k/272k (13%) · 🗄️ 96% cached │
│ agent:main:cron:417d74a4-77e1- │ direct │ 15m ago │ gpt-5.3-codex │ 9.6k/272k (4%) · 🗄️ 133% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:417d74a4-77e1- │ direct │ 15m ago │ gpt-5.3-codex │ 9.6k/272k (4%) · 🗄️ 133% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:417d74a4-77e1- │ direct │ 30m ago │ gpt-5.3-codex │ 11k/272k (4%) · 🗄️ 157% cached │
│ 4… │ │ │ │ │
│ agent:main:heartbeat- │ direct │ 41m ago │ gemini-3.1-flash-lite-preview │ 13k/1049k (1%) │
│ flashlite-… │ │ │ │ │
│ agent:main:cron:417d74a4-77e1- │ direct │ 45m ago │ gpt-5.3-codex │ 9.6k/272k (4%) · 🗄️ 37% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:417d74a4-77e1- │ direct │ 1h ago │ gpt-5.3-codex │ 11k/272k (4%) · 🗄️ 212% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:afb013d0-5ff9- │ direct │ 1h ago │ gpt-5.3-codex │ 9.3k/272k (3%) · 🗄️ 113% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:afb013d0-5ff9- │ direct │ 1h ago │ gpt-5.3-codex │ 9.3k/272k (3%) · 🗄️ 113% cached │
│ 4… │ │ │ │ │
│ agent:main:cron:417d74a4-77e1- │ direct │ 1h ago │ gpt-5.3-codex │ 9.5k/272k (4%) · 🗄️ 95% cached │
│ 4… │ │ │ │ │
└────────────────────────────────┴────────┴──────────┴───────────────────────────────┴─────────────────────────────────┘

FAQ: https://docs.openclaw.ai/faq
Troubleshooting: https://docs.openclaw.ai/troubleshooting

Next steps:
Need to share? openclaw status --all
Need to debug live? openclaw logs --follow
Fix reachability first: openclaw gateway probe continues showing gateway unreachable/missing scope.\n- Persisted after duplicate-device cleanup, hard refresh/incognito re-pair, and gateway restart.\n\nAdditional pattern observed: top-level paired device scopes often remain limited () while includes , and runtime behavior appears to follow the limited path.\n\nThis looks like scope/session resolution drift, not just stale browser auth.

[mateu]

Follow-up (corrected; prior comment was malformed by shell quoting):

Repro’d on 2026.3.13 (61d171a) with local loopback gateway + Control UI (https://claw.mso.mt, allowedOrigins set).

• Control UI websocket connects (webchat connected).
• Rotated active control-ui device token to full scopes incl. operator.read/write.
• openclaw devices list --json shows tokens[].scopes contains operator.read.
• But live RPCs still fail on active connection:
  • status, system-presence, config.get -> missing scope: operator.read
• openclaw status continues showing gateway unreachable/missing scope.
• Persisted after duplicate-device cleanup, hard refresh/incognito re-pair, and gateway restart.

Additional pattern: top-level paired device scopes often remain limited (operator.admin/operator.approvals/operator.pairing) while tokens[].scopes includes operator.read/write, and runtime behavior appears to follow the limited path.

This points to scope/session resolution drift, not just stale browser auth.

[mateu]

Note for maintainers: please ignore my earlier malformed comment in this thread (shell quoting issue pasted local CLI output). The corrected reproduction details are in my follow-up comment here: #46117 (comment)

[ccoxkk-coder]

I can reproduce this on macOS as well, with a very similar local-loopback/token-auth setup, and I have additional evidence that may help narrow it down.

Environment

• OpenClaw: 2026.3.13
• OS: macOS 15.7.4 (arm64)
• Node: 25.3.0
• Gateway mode: local
• Gateway bind: loopback
• Gateway auth mode: token
• Target URL: ws://127.0.0.1:18789

Symptoms

The following both reproduce consistently:

openclaw status --all
openclaw gateway probe

Observed behavior:

• connect succeeds
• gateway is reachable
• RPC is scope-limited with missing scope: operator.read

Typical output:

Gateway ... unreachable (missing scope: operator.read)

and:

Reachable: yes
Connect: ok
RPC: limited - missing scope: operator.read

Evidence

Both of these local files show a paired CLI operator device with full scopes including operator.read and operator.write:

• ~/.openclaw/devices/paired.json
• ~/.openclaw/identity/device-auth.json

Scopes present in both:

• operator.admin
• operator.approvals
• operator.pairing
• operator.read
• operator.write

Gateway logs still show these RPC failures:

[ws] ⇄ res ✗ status ... errorMessage=missing scope: operator.read
[ws] ⇄ res ✗ system-presence ... errorMessage=missing scope: operator.read
[ws] ⇄ res ✗ config.get ... errorMessage=missing scope: operator.read

Important extra detail

Earlier in the same environment, gateway logs also showed a token mismatch during CLI probe attempts:

[ws] unauthorized ... client=cli probe ... reason=token_mismatch

After that, the CLI seems to connect successfully but only with the reduced-scope behavior above.

Troubleshooting already attempted

I tried all of the following, and the problem still persisted:

1. Restarted the gateway service
2. Verified the paired device exists and has full scopes via openclaw devices list
3. Verified device-auth.json and paired.json both contain a full-scope operator token
4. Used the gateway shared token to explicitly revoke and rotate the CLI operator device token:

openclaw devices revoke --device <deviceId> --role operator --token <gateway-token> --json
openclaw devices rotate --device <deviceId> --role operator \
  --scope operator.admin \
  --scope operator.approvals \
  --scope operator.pairing \
  --scope operator.read \
  --scope operator.write \
  --token <gateway-token> --json

5. Manually aligned ~/.openclaw/identity/device-auth.json to the newly rotated token from paired.json
6. Restarted the gateway again
7. Re-ran openclaw status --all

Even after the revoke/rotate + file alignment + restart sequence, the issue was still reproducible.

Current diagnosis

This makes it look less like simple local token drift, and more like the CLI status/probe auth path is not actually ending up with the paired device-backed operator scopes for those RPCs.

In other words, on local loopback + gateway.auth.mode=token:

• transport connect succeeds
• but the effective RPC auth context still does not include operator.read
• even when the paired CLI device and local device-auth cache both clearly do

So this does seem consistent with a CLI/local-gateway auth resolution regression rather than just stale local state.

[mateu]

Unfortunately a March snowstorm has kept my main Internet connection down today, so I'm posting something that may be a one line fix, but I haven't been able to properly test it. The patch is for src/gateway/server/ws-connection/message-handler.ts

// Before (current 3.13):
if (!device && (!isControlUi || decision.kind !== "allow")) {
    clearUnboundScopes();
}

// After (fix):
if (!device && (!isControlUi || decision.kind !== "allow") && !(isLocalClient && sharedAuthOk)) {
    clearUnboundScopes();
}

Here's some rational:
The old version (from the earlier issue #17095) had !sharedAuthOk as a guard inside clearUnboundScopes. That was moved out during the 3.12 security hardening, and the call-site guard only exempts Control UI connections. Local authenticated CLI connections get their scopes wiped.
For the CLI probe/status path: !device is true (probe connects without device identity), !isControlUi is true (it's CLI), so the condition short-circuits and clearUnboundScopes() fires — killing operator.read.
Meanwhile gateway call health works because health is an unscoped method that doesn't require operator.read.

[tyler6204]

Resolved by #50101, merge commit: 7b61ca1. Thanks for the report!