security audit --deep fails with missing scope: operator.read when probing gateway

[ArchMa9e]

Description

When running openclaw security audit --deep, the command attempts to connect to the gateway WebSocket but fails with:

⇄ res ✗ status 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read

This causes the gateway.probe_failed warning in the security audit output:

gateway.probe_failed Gateway probe failed (deep)
  missing scope: operator.read
  Fix: Run "openclaw status --all" to debug connectivity/auth, then re-run "openclaw security audit --deep".

Steps to Reproduce

1. Run openclaw security audit --deep
2. Observe the warning about gateway.probe_failed
3. Check gateway logs - see missing scope: operator.read errors

Expected Behavior

The security audit --deep command should have sufficient permissions to probe the gateway, or should handle this gracefully without errors.

Environment

• OpenClaw version: 2026.3.13
• Node: v22.22.1
• OS: Ubuntu Linux 6.8.0-55-generic

Additional Context

The connection ID in logs matches the timing of running security audit --deep, confirming it's the audit command itself connecting to the gateway with insufficient token scope.

[Ryce]

Bit ironic that the security audit itself can't authenticate to the gateway it's supposed to be auditing. The scope issue means the audit tool connects with a token that doesn't have permission to read the gateway state it needs for deep probes.

This surfaces a general problem: when scope mismatches happen, the error message is technically correct but doesn't tell you why the scope is missing. Is it a token config issue? A default permissions problem? The audit tool should either auto-request the right scopes, or the error should point to the specific config path that controls operator scope permissions.

Side effect: users running security audit get a 'gateway probe failed' warning and assume something is broken with their gateway, when really the audit tool just needs better credentials. That erodes trust in the audit output itself.

[ArchMa9e]

@Ryce Totally agree with your analysis!

I experienced the same side effect - at first I thought my Gateway was misconfigured and spent quite a while debugging, only to realize later that it was the security audit --deep command itself connecting to the Gateway with insufficient token scope.

The error message missing scope: operator.read is technically correct but doesn't tell the user:

1. Where this scope should be configured
2. Whether it's a CLI tool issue or a user configuration issue
3. How to fix it

Hope the error message can be improved, or the audit tool could automatically request the correct scope.

[kraka40]

is there a known fix for this issue .. i've been having a hell of a time, changed the device pairing scopes, etc. no fix.

[steipete]

Closing this as implemented after Codex review.

Current main already contains a gateway-probe fix for this exact failure mode: authenticated local probes now keep a device identity so deep read RPCs are not scope-limited, and security audit --deep routes through that probe/auth path. The fix is present on main in commit ed6b487e2033d87a85b5713a964cc677c70353f8, but I could not confirm a tagged release containing it from this checkout.

What I checked:

• Gateway probe now preserves device identity for authenticated local probes: src/gateway/probe.ts explicitly says local authenticated probes should stay device-bound so read/detail RPCs are not scope-limited by shared-auth scope stripping, then loads device identity for that case. (src/gateway/probe.ts:155, ed6b487e2033)
• Integration test covers the reported symptom: probeGateway is tested against a live gateway server and asserts that a local authenticated probe succeeds and returns health, status, and configSnapshot, which is the detail-RPC path that previously failed with missing scope: operator.read. (src/gateway/probe.auth.integration.test.ts:29, ed6b487e2033)
• Security audit deep probe uses the fixed auth/probe path: maybeProbeGateway() resolves gateway probe auth and then calls the shared probe implementation for security audit --deep, so the fixed probe behavior applies to this command path. (src/security/audit.ts:875, d38ed0831d73)
• Auth-selection coverage exists for security audit deep probes: src/security/audit-gateway-auth-selection.test.ts verifies local/remote auth precedence for the deep probe path, including explicit token/password handling and safe SecretRef fallback behavior. (src/security/audit-gateway-auth-selection.test.ts:6, ed6b487e2033)
• Fix commit is on current main but not tied to a release tag here: Current main d38ed0831d7372c8505dc944aea69b5b83da1435 contains commit ed6b487e2033d87a85b5713a964cc677c70353f8 (git merge-base --is-ancestor returned success), while git tag --contains ed6b487e... returned no tags in this checkout. (ed6b487e2033)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against d38ed0831d73; fix evidence: commit ed6b487e2033.