🐛 Bug: Missing scope operator.read after upgrade to 2026.3.13
Description
After upgrading to OpenClaw 2026.3.13, the Control UI cannot read Gateway status and consistently shows the error: missing scope: operator.read.
Environment
| Item |
Value |
| OpenClaw Version |
2026.3.13 (commit: 61d171a) |
| Node.js Version |
v24.14.0 |
| OS |
macOS 12.7.6 (21H1320) |
| Architecture |
x64 |
| Gateway Mode |
local, bind=loopback (127.0.0.1:18789) |
| Gateway Status |
Running normally (service pid 15575) |
Steps to Reproduce
- Upgrade to OpenClaw 2026.3.13
- Start Gateway (LaunchAgent running normally)
- Open Control UI (http://127.0.0.1:18789/)
- Try to view Gateway status
Actual Behavior
openclaw status shows:
Gateway: local · ws://127.0.0.1:18789 (local loopback) · unreachable (missing scope: operator.read)
Gateway logs show multiple errors:
⇄ res ✗ status 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
⇄ res ✗ system-presence 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
⇄ res ✗ config.get 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
Control UI also shows connection failure with warnings:
origin-mismatch
reason="origin not allowed"
open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins
Expected Behavior
Control UI should successfully connect to Gateway and read status information.
Current Gateway Configuration
{
"gateway": {
"port": 18789,
"mode": "local",
"bind": "loopback",
"trustedProxies": ["127.0.0.1", "::1", "localhost"],
"controlUi": {
"allowedOrigins": ["http://127.0.0.1:18789", "http://localhost:18789"]
},
"auth": {
"mode": "token",
"token": "12e55090eda2a6b8f7fc802b4d03c7bec97079cefce06619"
},
"tailscale": {
"mode": "off",
"resetOnExit": false
},
"nodes": {
"allowCommands": ["*"],
"denyCommands": [
"camera.snap",
"camera.clip",
"screen.record",
"contacts.add",
"calendar.add",
"reminders.add",
"sms.send"
]
}
}
}Attempted Fixes (All Failed)
- Added
trustedProxies configuration
- Added
controlUi.allowedOrigins configuration
- Added
nodes.allowCommands
- Restarted Gateway with
openclaw gateway restart
Additional Information
- Agent works completely normally (all skills functional)
- This issue does not affect main functionality
- Only affects
openclaw status command showing Gateway details
- Control UI cannot connect
Console Output
openclaw status
-> Gateway: local · ws://127.0.0.1:18789 (local loopback) · unreachable (missing scope: operator.read)
openclaw gateway status
-> Runtime: running (pid 15575)
-> RPC probe: ok
-> Listening: 127.0.0.1:18789
🐛 Bug: Missing scope operator.read after upgrade to 2026.3.13
Description
After upgrading to OpenClaw 2026.3.13, the Control UI cannot read Gateway status and consistently shows the error:
missing scope: operator.read.Environment
Steps to Reproduce
Actual Behavior
Gateway logs show multiple errors:
Control UI also shows connection failure with warnings:
Expected Behavior
Control UI should successfully connect to Gateway and read status information.
Current Gateway Configuration
{ "gateway": { "port": 18789, "mode": "local", "bind": "loopback", "trustedProxies": ["127.0.0.1", "::1", "localhost"], "controlUi": { "allowedOrigins": ["http://127.0.0.1:18789", "http://localhost:18789"] }, "auth": { "mode": "token", "token": "12e55090eda2a6b8f7fc802b4d03c7bec97079cefce06619" }, "tailscale": { "mode": "off", "resetOnExit": false }, "nodes": { "allowCommands": ["*"], "denyCommands": [ "camera.snap", "camera.clip", "screen.record", "contacts.add", "calendar.add", "reminders.add", "sms.send" ] } } }Attempted Fixes (All Failed)
trustedProxiesconfigurationcontrolUi.allowedOriginsconfigurationnodes.allowCommandsopenclaw gateway restartAdditional Information
openclaw statuscommand showing Gateway detailsConsole Output