[Bug]: openclaw-cli token auth scope operator.read missing

[porist]

Bug type

Regression (worked before, now fails)

Summary

找到了！gateway probe 的关键信息：

  Connect: ok (32ms) · RPC: limited - missing scope: operator.read                                                                                                                                 

CLI 连接成功（TCP ok），但 RPC 操作被 scope 权限限制了——缺少 operator.read。这是 token 认证模式下 CLI 的权限问题，不是 Gateway 本身坏了。

结论：这是 OpenClaw 2026.3.13 的一个 bug —— CLI 在 token 认证模式下无法通过 RPC 鉴权，导致所有 CLI 命令（cron/status 等）都失败。

目前可用的管理方式：

1. Web UI：http://127.0.0.1:18789/ — 可以完整管理 cron
2. TUI：openclaw tui — 另一个界面
3. 让我帮忙 — 直接用 cron 工具创建/管理，不需要 CLI

建议去 GitHub 反馈这个问题（openclaw-cli token auth scope operator.read missing），这是真实存在的 bug。

你想用哪种方式继续？我可以直接帮你创建 cron 任务。

Steps to reproduce

bash:
% openclaw cron list
ouput:
gateway connect failed: Error: gateway closed (1000):
Error: gateway closed (1000 normal closure): no close reason
Gateway target: ws://127.0.0.1:18789
Source: local loopback
Config: /Users/{USER}/.openclaw/openclaw.json
Bind: loopback
{USER}@Mac ~ %

Expected behavior

--

Actual behavior

--

OpenClaw version

OpenClaw 2026.3.13

Operating system

macOS 14.6.1 (23G93)

Install method

npm g

Model

minimax

Provider / routing chain

minimax

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[cbcampos]

Workaround applied on v2026.3.13:

Patched the following gateway distribution files to ensure token and password authentication modes correctly grant admin privileges:

• /home/ccampos/.npm-global/lib/node_modules/openclaw/dist/gateway-cli-CuZs0RlJ.js
• /home/ccampos/.npm-global/lib/node_modules/openclaw/dist/gateway-cli-Ol-vpIk7.js

The bug: successful token/password auth failed to assign operator.admin scope to the connection, causing 'missing scope: operator.read' on all RPC calls.

After patching and restarting the gateway, openclaw status confirms: reachable 11ms · auth token

Files were edited to ensure auth-granting code paths (for static token and password modes) correctly apply admin privileges to the authenticated session.

[SnowSky1]

Opened a small regression-coverage PR for the CLI scope-routing path used by top-level commands such as openclaw cron list: #50512

[lishoulong]

Workaround applied on v2026.3.13:

Patched the following gateway distribution files to ensure token and password authentication modes correctly grant admin privileges:

• /home/ccampos/.npm-global/lib/node_modules/openclaw/dist/gateway-cli-CuZs0RlJ.js
• /home/ccampos/.npm-global/lib/node_modules/openclaw/dist/gateway-cli-Ol-vpIk7.js

The bug: successful token/password auth failed to assign operator.admin scope to the connection, causing 'missing scope: operator.read' on all RPC calls.

After patching and restarting the gateway, openclaw status confirms: reachable 11ms · auth token

Files were edited to ensure auth-granting code paths (for static token and password modes) correctly apply admin privileges to the authenticated session.

Hi, @cbcampos can you show the specified line to change .

[cbcampos]

The workaround: after authOk check for token/password auth, added around line 22712 in both gateway-cli files: if (!scopes.includes('operator.admin')) { scopes.push('operator.admin'); } This ensures authenticated token/password connections get operator.admin scope assigned.

[YoungCodeBro]

GitHub Issue #50474 - Workaround Summary

Problem

When connecting to OpenClaw Gateway using token or password authentication, all RPC calls fail with missing scope: operator.read or missing scope: operator.write errors, even though the connect request includes the required scopes.

Root Cause

In handleMissingDeviceIdentity() function within the Gateway WebSocket handler, there's a logic path that calls clearUnboundScopes() when:

• No device identity is present, AND
• Authentication method is token or password

This clears all scopes from the connection, causing subsequent RPC calls to fail authorization checks.

Workaround

Add the following code patch after the if (!authOk) check in the Gateway distribution file:

File: /usr/lib/node_modules/openclaw/dist/gateway-cli-DlnlX7IW.js

Location: Around line 26067, after:

if (!authOk) {
    rejectUnauthorized(authResult);
    return;
}

Add this patch:

// Bug fix: ensure token/password auth gets operator.admin scope (issue #50474)
if ((authMethod === "token" || authMethod === "password") && !scopes.includes("operator.admin")) {
    scopes.push("operator.admin");
    connectParams.scopes = scopes;
}

Steps to Apply

1. Locate your OpenClaw installation directory
2. Find gateway-cli-DlnlX7IW.js (or similar hashed filename) in dist/
3. Apply the patch above
4. Restart Gateway: openclaw gateway restart

Verification

After applying the fix and restarting:

• openclaw status should show: reachable · auth token
• All CLI commands (cron list, sessions list, etc.) should work normally
• WebSocket clients using token auth should have full operator scope access

Note

This is a temporary workaround until the official fix is released in a future version.

[YoungCodeBro]

From model kimi-k2.5

GitHub Issue #50474 - Complete Analysis & Summary

Problem

When connecting to OpenClaw Gateway using token or password authentication, all RPC calls fail with missing scope: operator.read/write errors.

Root Cause Analysis

This is NOT a bug—it's an intentional security design.

Code location: handleMissingDeviceIdentity() in gateway-cli-DlnlX7IW.js:

if (!device && (decision.kind !== "allow" || !controlUiAuthPolicy.allowBypass && !preserveInsecureLocalControlUiScopes && (authMethod === "token" || authMethod === "password" || trustedProxyAuthOk))) 
    clearUnboundScopes();

Design Intent:

Scenario	Behavior	Reason
With Device	Normal scope authorization	Device private key signature = proof of local possession, cannot be forged
Without Device + Token/Password	Clear all scopes	Token/Password may leak, restrict remote operations
Without Device + Control UI + Localhost + allowInsecureAuth	Preserve scopes	Local browser trusted environment exception

Device Authentication Mechanism

Key Storage:

• Private key: ~/.openclaw/identity/device.json (local storage, never transmitted)
• Public key: Sent to Gateway for signature verification
• Device ID: Derived from public key, ensures uniqueness

Authentication Flow:

1. Client signs challenge with local private key
2. Gateway verifies with stored public key
3. Private key never leaves the machine, cannot be stolen by MITM

Comparison:

Method	Credential	Security
Device	Ed25519 private key signature	✅ Cannot be remotely stolen
Token	Shared string	⚠️ May leak, logged, screenshot

Discussion on Control UI Exception

Potential Issue: client.id: "openclaw-control-ui" is self-reported by client without verification—can be spoofed.

Conclusion:

• Device authentication is a valid security design
• Control UI exception may be bypassable
• But core security (private key never transmitted) is sound

Temporary Workaround

If you need token auth without Device, apply this patch:

// After: if (!authOk) { rejectUnauthorized(...); return; }

if ((authMethod === "token" || authMethod === "password") && !scopes.includes("operator.admin")) {
    scopes.push("operator.admin");
    connectParams.scopes = scopes;
}

Note: This reduces security level—use only in trusted internal networks.

Official Recommendation

For production environments, use Device authentication instead of token auth to ensure:

1. Private key never leaves the deployment machine
2. Cannot be remotely stolen or forged
3. Aligns with OpenClaw's security design intent

[steipete]

Closing this as implemented after Codex review.

Current main already handles local CLI shared-token/password auth by attaching a device identity for gateway calls, which preserves operator scopes for CLI RPCs like status/cron instead of relying on device-less shared-secret scopes. The old device-less path still intentionally clears self-declared scopes, so the issue’s proposed fix of force-granting admin on token/password auth does not match the shipped design.

What I checked:

• CLI RPC path goes through shared gateway caller: Top-level CLI RPC helpers route commands such as openclaw cron list through callGateway(...), so the current gateway-call behavior applies to CLI commands. (src/cli/gateway-rpc.runtime.ts:20, 9b7f6250f43b)
• Local shared-auth gateway calls now auto-load device identity: resolveDeviceIdentityForGatewayCall() explicitly says shared-auth local calls should stay device-bound so operator scopes remain available for status / system-presence / last-heartbeat, and that identity is passed into GatewayClient by default. (src/gateway/call.ts:196, 9b7f6250f43b)
• Regression coverage for the CLI fix exists: Tests cover that local loopback shared-token auth keeps device identity enabled, while restricted environments fall back to token/password auth without crashing. (src/gateway/call.test.ts:306, 9b7f6250f43b)
• Current server behavior still intentionally clears device-less shared-secret scopes: Gateway compat tests assert that shared-token/shared-password operator connects without device identity have requested scopes cleared, which means the old workaround of force-adding operator.admin is not the intended model on current main. (src/gateway/server.auth.compat-baseline.test.ts:123, 9b7f6250f43b)
• Shipped release already contains the implementation: The released tag v2026.4.22 contains the same resolveDeviceIdentityForGatewayCall() logic, so this was already shipped by that release. (src/gateway/call.ts:196, 00bd2cf7a376)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 9b7f6250f43b; fix evidence: release v2026.4.22, commit 00bd2cf7a376.