Control UI throws missing scope: operator.read and only shows main chat over Tailscale Serve

[AboutLabs]

Bug report draft: Control UI only shows main chat and throws GatewayRequestError: missing scope: operator.read

Summary

When accessing the OpenClaw Control UI through a private Tailscale Serve setup, the web UI loads and basic chat access works, but richer operator/dashboard views remain unavailable. The UI shows:

• GatewayRequestError: missing scope: operator.read

Observed behavior:

• only the main chat appears accessible in the web UI
• the error appears in that same location
• issue persists after fixing runtime/service mismatch and re-authenticating

Environment

Host:

• macOS 26.3.1
• OpenClaw source checkout at a local source path
• active gateway service now launches:
  • /opt/homebrew/opt/node/bin/node <source-checkout>/dist/index.js gateway --port 18789

Client devices tested:

• macOS notebook via Safari
• Windows 11 notebook

Network/access model:

• private Tailscale tailnet
• Tailscale Serve HTTPS
• no Funnel / no public exposure

Working remote URL:

• https://<magicdns-host>/

Local URL:

• http://127.0.0.1:18789/

Relevant config

{
  "gateway": {
    "bind": "loopback",
    "auth": {
      "mode": "token",
      "allowTailscale": true
    },
    "controlUi": {
      "allowedOrigins": [
        "http://localhost:18789",
        "http://127.0.0.1:18789",
        "https://<magicdns-host>"
      ],
      "dangerouslyDisableDeviceAuth": true
    },
    "tailscale": {
      "mode": "serve",
      "resetOnExit": false
    }
  }
}

Reproduction

1. Run OpenClaw gateway on macOS from source checkout.
2. Configure gateway for:
   • bind = loopback
   • tailscale.mode = serve
   • auth.mode = token
   • auth.allowTailscale = true
   • Control UI allowed origin = Tailscale HTTPS URL
   • dangerouslyDisableDeviceAuth = true
3. Enable Tailscale Serve on the tailnet and publish the local gateway:
   • tailscale serve --bg 127.0.0.1:18789
4. Open the Control UI from another tailnet device at:
   • https://<magicdns-host>/
5. Authenticate with the gateway token.

Expected behavior

After successful auth, the Control UI should have normal operator read access and show the usual operator/dashboard/session views.

Actual behavior

• UI loads
• auth succeeds sufficiently to enter the UI
• only main chat is accessible
• richer operator views fail with:
  • GatewayRequestError: missing scope: operator.read

What was ruled out

Not a network problem

• Tailscale connectivity works across all devices
• remote HTTPS Control UI access works
• local loopback gateway responds with HTTP 200

Not a stale browser-token issue

• browser history/storage was cleared on Safari on the host
• current token from gateway.auth.token was pasted fresh
• same error persists

Not an old service entrypoint problem

Initially there was a runtime mismatch:

• older Homebrew CLI in PATH
• service running source checkout via dist/entry.js

This was corrected by reinstalling/restarting the LaunchAgent so it now runs dist/index.js.

After correction:

• openclaw gateway status shows service loaded
• runtime running
• RPC probe ok
• error still persists

Additional notes

• openclaw gateway probe / status now report healthy connectivity
• the issue appears to be specifically about missing operator scope in the web UI session, not general gateway reachability
• docs indicate operator.read is an operator scope used for richer control-plane metadata calls

Question

Is this expected behavior for token-auth / Tailscale Serve browser sessions, or is the Control UI failing to request / receive operator.read when authenticating in this setup?

[steipete]

Closing this as implemented after Codex review.

Current main already implements the reported behavior: Control UI token sessions in the gateway.controlUi.dangerouslyDisableDeviceAuth=true path keep operator.read instead of dropping to chat-only access, and that behavior shipped in v2026.4.22.

What I checked:

• Control UI requests operator scopes by default: The browser client always builds Control UI connects with the operator scope set including operator.read, operator.write, operator.admin, operator.approvals, and operator.pairing. (ui/src/ui/gateway.ts:403, 34896839ba22)
• Bypass path does not clear scopes: shouldClearUnboundScopesForMissingDeviceIdentity only clears unbound scopes when allowBypass is false. With gateway.controlUi.dangerouslyDisableDeviceAuth=true, allowBypass is true, so the missing-device Control UI bypass keeps requested scopes. (src/gateway/server/ws-connection/connect-policy.ts:84, 34896839ba22)
• Handshake applies the preserved-scope rule: The connect handler only calls clearUnboundScopes() when shouldClearUnboundScopesForMissingDeviceIdentity(...) says to do so; in the bypass case it skips that clearing before allowing the session. (src/gateway/server/ws-connection/message-handler.ts:621, 34896839ba22)
• Release-covered regression test matches the report: The Control UI auth suite has an explicit test for dangerouslyDisableDeviceAuth=true plus token auth. It asserts the connect succeeds and helloOk.auth.scopes equals ["operator.read"], with a succeeding health call. The same test is present in release v2026.4.22. (src/gateway/server.auth.control-ui.suite.ts:427, 00bd2cf7a376)
• Docs now describe the intended Serve and break-glass flows: Current docs distinguish Tailscale Serve identity-header auth from explicit token/password auth and document gateway.controlUi.dangerouslyDisableDeviceAuth=true as the break-glass path for device-less Control UI sessions. Public docs: docs/web/control-ui.md. (docs/web/control-ui.md:228, 34896839ba22)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 34896839ba22; fix evidence: release v2026.4.22, commit 00bd2cf7a376.