exec approval system unusable: TUI dialog disappears instantly, all channels blocked

[Augusta-waveryu]

Bug Description

After upgrading from 3.14 to 3.29 (running main branch at commit 7169362), exec is completely unusable due to broken approval UX.

Steps to Reproduce

1. Any exec command triggers approval prompt
2. In terminal UI (tty): approval dialog appears for ~0.1s then disappears — cannot click/select/respond (default action appears to be deny)
3. In Control UI chat: approval message is delivered but no interactive button is shown
4. In Telegram: error message "chat exec approvals are not enabled on Telegram"
5. No way to approve → exec permanently blocked for all channels

Environment

• OpenClaw: 3.29 (main branch, commit 716936262340c0f2029fda476d8e554955ba9fb7)
• Config version: 3.14
• Gateway: local mode
• Channels: Telegram, Feishu, WeChat plugin (openclaw-weixin)

Investigation Notes

• tools.exec.host defaults to "sandbox" but sandbox runtime unavailable → exec fails with "sandbox runtime unavailable"
• Patch to tools.exec.host: "gateway" → sandbox error fixed
• But tools.exec.security defaults to "deny" (not shown in config, hardcoded default)
• "deny" mode completely blocks exec
• Changed to "allowlist" mode → approval required for each exec
• TUI approval dialog is broken (flashes and disappears) → cannot approve
• Changed to "full" mode as workaround → exec works but security completely disabled

Root Cause Hypothesis

1. TUI approval dialog has a race condition — it auto-closes before user can respond
2. No channel (Telegram, Control UI chat, Feishu) can approve exec requests via chat
3. No persistent approval policy mechanism that survives gateway restarts

Expected Behavior

• User should be able to approve exec from TUI reliably
• OR: tools.exec.security "allowlist" should support persistent source allowlisting (not just per-session approval)
• OR: gateway should have a CLI command to set permanent exec policy

Workaround

Set security: "full" — but this is insecure for production use.

[vincentkoc]

Thanks for the report. Closing this as a duplicate of #58769 so the remaining exec-regression follow-up stays in one place.

The landing fix set is in #58792. This cluster included a few real runtime regressions, plus a lot of confusion from conflicting or stale local exec policy after the approval changes. Where relevant, check both tools.exec and ~/.openclaw/exec-approvals.json after the release lands.

If you retest on the next release build and still see a distinct failure that is not covered by #58769, comment there and we can reopen or split it back out.