Tool subsystem fails to resolve SecretRefs for Discord token (message tool)

[williamschatten]

Bug Description

The message tool fails to resolve SecretRefs when making proactive Discord API calls from non-Discord sessions (e.g., webchat, cron). The error is:

channels.discord.accounts.default.token: unresolved SecretRef "env:default:DISCORD_TOKEN_DEFAULT". Resolve this command against an active gateway runtime snapshot before reading it.

Environment

• OpenClaw version: 2026.3.13 (61d171a)
• OS: macOS (Darwin 25.3.0, arm64)
• Node: v25.6.1
• Secrets provider: env (source: ~/.openclaw/.env)

Steps to Reproduce

1. Configure Discord tokens using SecretRefs with source: "env" in openclaw.json
2. Ensure env vars exist in ~/.openclaw/.env (e.g., DISCORD_TOKEN_DEFAULT=...)
3. Start the gateway — Discord bots connect successfully (fetch-bot-identity completes for all accounts)
4. From a webchat or cron session, call the message tool with action: "channel-list" and channel: "discord"
5. Observe the unresolved SecretRef error

Expected Behavior

The message tool should read from the gateway runtime snapshot (where secrets are already resolved), not the raw config file.

Actual Behavior

The tool subsystem reads the raw config containing the SecretRef object { source: "env", provider: "default", id: "DISCORD_TOKEN_DEFAULT" } instead of the resolved token value from the runtime snapshot.

Impact

• ✅ Discord inbound works — gateway receives and processes Discord messages normally
• ✅ Discord reply delivery works — the gateway channel layer uses the resolved snapshot
• ❌ Proactive message tool calls from non-Discord sessions fail (channel-list, send, search, etc.)
• ❌ openclaw doctor reports the same error (also does not resolve against runtime snapshot)
• ❌ openclaw secrets audit reports 0 unresolved refs (audit sees the env var exists)
• ❌ openclaw secrets reload completes successfully but does not fix the tool issue

Workaround Attempted

• Gateway restart (SIGUSR1) — does not fix
• openclaw secrets reload — does not fix
• Both confirm the gateway itself resolves secrets fine (bots connect), but the tool path remains broken

Additional Context

All four Discord accounts (default, brick, pixel, quill) are affected. The config uses the standard SecretRef format:

{
  "token": {
    "source": "env",
    "provider": "default",
    "id": "DISCORD_TOKEN_DEFAULT"
  }
}

The secrets provider is configured as:

{
  "secrets": {
    "providers": {
      "default": { "source": "env" }
    }
  }
}

[Hollychou924]

Root Cause Analysis

The issue is a two-context problem: the gateway runtime has secrets resolved in memory, but the message tool reads from the raw config object (with unresolved SecretRef shapes) rather than the runtime snapshot.

Where it breaks

When the message tool needs to make a proactive Discord API call from a non-Discord session (webchat, cron), it likely calls something like:

const config = getChannelConfig('discord')  // ← raw config with SecretRef objects
const token = config.accounts.default.token  // ← { source: 'env', provider: 'default', id: 'DISCORD_TOKEN_DEFAULT' }

But the Discord bots themselves connect via the gateway's runtime snapshot, where secrets are already resolved to actual string values.

Why Discord inbound/reply works but proactive calls fail

• Inbound + reply: handled by the gateway channel layer, which uses the resolved runtime snapshot ✅
• Proactive message tool calls: executed in the tool subsystem, which reads raw config ❌

Fix direction

The message tool's Discord path should:

1. Use the resolved runtime config (the same snapshot the channel layer uses) instead of the raw config reader
2. OR call through the gateway channel layer (which already has the token resolved) rather than making raw Discord API calls

The fact that openclaw doctor shows the same error (but openclaw secrets audit shows 0 unresolved refs) confirms the issue is specifically in the tool subsystem's config reading path — it's using the wrong reader.

Quick test: if you can find where the message tool reads channels.discord.accounts in the source, check if it calls getRuntimeConfig() or getStaticConfig() (or similar). It should be using the runtime snapshot, not the raw file.

[Ryce]

SecretRef resolution failures in non-Discord sessions are a session configuration state problem — the session has a Discord channel configured but the SecretRef can't resolve when the message tool is invoked from a different session context.

The session state dimension:

When SecretRefs fail to resolve for a channel token, the session's tool resolution state becomes inconsistent. The channel is configured (it appears in ), but the actual credential it depends on () isn't accessible from the session context where the tool is being invoked. This means:

1. The session thinks Discord is configured
2. The session thinks the message tool should work for Discord
3. But the actual credential resolution fails at invoke time

Why snapshots matter here:

The failed SecretRef resolution gets recorded in the session history as an error state. If the session is later restored or audited, there's no durable record of why the Discord message failed — only that it did fail. A session snapshot taken at the time of failure would preserve the full resolution context (what SecretRefs were tried, what the error was, what the session's channel config looked like at that moment), making it possible to diagnose configuration drift after the fact.

The deeper issue:

SecretRef resolution should be consistent regardless of which session context invokes a channel tool. If it's not, session snapshots become important diagnostics for understanding when and why configuration state diverged across sessions.

KeepMyClaw snapshots session state including configuration context — so if a SecretRef resolution failure causes unexpected behavior, you have a point-in-time record of what the session actually knew at the time.

keepmyclaw.com — encrypted session-state backup for OpenClaw agents.

[luke-swarm-hub]

Experiencing the same issue on 2026.3.13. My setup uses exec-based SecretRefs (1Password CLI) rather than env, and I see the identical error on message(action=read) — the tool path reads raw config instead of the resolved runtime snapshot. Websocket connections and message sending work fine. Affects all accounts on the affected gateway.

[JWiryo]

Experienced the issue on 2026.3.13 as well.

Tried both with env variable and also .env file and running openclaw secrets reload and openclaw doctor causes same error.

Any workaround on this? Or do I have to update to the latest version?

[steipete]

Fixed on current main.

This is covered by #48728, which scoped message-command/tool SecretRef resolution to the selected channel/account and threaded the resolved config into Discord message action paths.

Current evidence:

• src/agents/tools/message-tool.ts resolves scoped channel/account SecretRefs before runMessageAction.
• src/commands/message.ts does the same for CLI message calls.
• extensions/discord/src/actions/runtime.messaging.ts forwards that provided cfg into Discord read/fetch action calls.
• Regression coverage exists in src/agents/tools/message-tool.test.ts, src/commands/message.test.ts, and extensions/discord/src/actions/runtime.test.ts.

I re-ran the focused tests on current main:

pnpm test src/agents/tools/message-tool.test.ts src/commands/message.test.ts extensions/discord/src/actions/runtime.test.ts
# 3 files passed, 83 tests passed

Closing as completed. Note that this is separate from #51794, which is about the unsupported secretref-env:... string marker being accepted as plaintext.