Gateway unhandled_rejection: resolveTelegramToken called against disabled exec-SecretRef accounts

[maximus-dss]

Summary

OpenClaw 2026.4.24's gateway crashes with unhandled_rejection every ~5 minutes when channels.telegram.accounts.<name>.botToken is configured as an exec-SecretRef. The crash is caused by resolveTelegramToken being called against ALL configured telegram accounts during getRuntimeSnapshot and listEnabledTelegramAccounts, BEFORE any enabled filtering. The exec-SecretRef requires an active gateway runtime snapshot to resolve, but it's invoked during snapshot construction → throws Resolve this command against an active gateway runtime snapshot before reading it.

Volume: ~10 crashes/hour, ~250+ per day on a 7-account config. Functionality otherwise unaffected (gateway auto-restarts each time), but log noise is severe and the unhandled-rejection pattern indicates a real promise-handling bug.

Reproduction

1. Configure channels.telegram.accounts.<name>.botToken as an exec-SecretRef:

   "channels": {
     "telegram": {
       "accounts": {
         "branson": {
           "botToken": {
             "source": "exec",
             "provider": "kc_openclaw_telegram_bottoken_branson",
             "id": "value"
           },
           "streaming": { "mode": "partial" }
         }
       }
     }
   }

2. Start the gateway: openclaw gateway restart.
3. Watch ~/.openclaw/logs/gateway.err.log and the stability bundle dir ~/.openclaw/logs/stability/.
4. Within 5 minutes, observe the unhandled rejection:

   [openclaw] Unhandled promise rejection: Error: channels.telegram.accounts.branson.botToken: *** SecretRef "exec:kc_openclaw_telegram_bottoken_branson:value". Resolve this command against an active gateway runtime snapshot before reading it.
   [openclaw] wrote stability bundle: openclaw-stability-…-unhandled_rejection.json
   

5. Crash repeats every ~5 minutes thereafter.

Smoking gun: deleting the offending account just shifts the crash to the next one

Test sequence performed:

• t=0: branson botToken present → crashes name=branson
• Apply jq 'del(.channels.telegram.accounts.branson.botToken)' → restart
• t=+5min: crash now names zoe (next account in iteration order with exec-SecretRef botToken)
• Apply jq 'del(.channels.telegram.accounts.zoe.botToken)' → restart
• t=+5min: crash will name the next exec-SecretRef account

The bug is not specific to one account — it's the resolution path being called against any/all accounts before any enabled filter.

Code-level analysis (from inspecting the bundle)

In dist/extensions/telegram/accounts-<hash>.js:

function listEnabledTelegramAccounts(cfg) {
  return listTelegramAccountIds(cfg)
    .map((accountId) => resolveTelegramAccount({ cfg, accountId }))   // ← calls resolveTelegramToken inside
    .filter((account) => account.enabled);                              // ← filter happens AFTER
}

resolveTelegramAccount (line ~207) calls resolveTelegramToken(params.cfg, { accountId }) for every accountId listed by listTelegramAccountIds, regardless of whether that account is enabled. resolveTelegramToken then attempts to resolve the SecretRef synchronously, which fails because the runtime snapshot isn't active yet during this preflight pass.

The [SECRETS_REF_IGNORED_INACTIVE_SURFACE] log line (Telegram account is disabled or tokenFile is configured) shows openclaw KNOWS the account is disabled — but the unhandled rejection fires regardless because the resolution happens in a different code path that doesn't check enabled.

The file is byte-identical between OpenClaw 2026.4.24 and 2026.4.29 (same line numbers, same content) per local diff. Bug is present in both.

Suggested fix

Either:

1. Filter before resolving — change listEnabledTelegramAccounts to filter by enabled from the raw account config first (cheap field read, no SecretRef resolution), then call resolveTelegramAccount only on enabled accounts.

2. Lazy SecretRef resolution — defer resolving the SecretRef in resolveTelegramToken until actual dispatch needs the token. The preflight pass should only check the SHAPE of the config (is botToken present? is it an exec-SecretRef vs tokenFile vs literal?), not actually resolve the value.

3. Catch + log — at minimum, wrap the resolveTelegramToken call in resolveTelegramAccount with a try/catch that logs and returns { token: "", source: "unresolved" } instead of throwing. This prevents the unhandled rejection.

Workaround we're using

Switching exec-SecretRef botTokens to tokenFile:

"branson": {
-  "botToken": {
-    "source": "exec",
-    "provider": "kc_openclaw_telegram_bottoken_branson",
-    "id": "value"
-  }
+  "tokenFile": "/Users/maximus/.openclaw/secrets/telegram/branson.token"
}

resolveTelegramToken checks accountCfg?.tokenFile?.trim() BEFORE the SecretRef resolution path, so this bypasses the bug entirely. Tradeoff: token is on disk in plaintext (mode 0600) instead of in Keychain.

Environment

• OpenClaw: 2026.4.24 (cbcfdf6)
• OS: macOS 15.4 (Darwin 25.4.0), M3 Ultra / 256GB
• Affected accounts: 6 (sydney, maximus, atlas, zoe, donnie, chigurh) all use exec-SecretRef botTokens
• Crash rate: ~10/hour, ~250+/day (24h sustained pattern)
• Pre-existing since: 2026-04-30 evening — first stability bundles appear there

Sample stability bundle

~/.openclaw/logs/stability/openclaw-stability-2026-05-02T23-39-44-242Z-20415-unhandled_rejection.json

Bundle content is sparse (error.message/error.stack empty in the JSON) but the gateway log immediately preceding the bundle write contains the full error string with the SecretRef reference + suggestion text.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main still has the reported Telegram snapshot/action-discovery path: account resolution reads the token before disabled filtering, and strict non-env SecretRef handling can throw while the health monitor asks for a runtime snapshot every five minutes.

Reproducibility: yes. source inspection gives a high-confidence reproduction path: a disabled Telegram account with an exec/file botToken reaches resolveTelegramToken through getRuntimeSnapshot or listEnabledTelegramAccounts before enabled filtering. I did not execute the live gateway path in this read-only review.

Next step
This is a narrow, source-reproducible Telegram bug with clear likely files and regression coverage targets, so it is suitable for a focused repair PR.

Review details

Best possible solution:

Keep the fix Telegram-owned: avoid strict token resolution for disabled accounts during snapshot/action discovery, add a regression test for a disabled account with a non-env SecretRef, and leave shared SecretRef semantics unchanged unless a minimal generic seam is proven necessary.

Do we have a high-confidence way to reproduce the issue?

Yes, source inspection gives a high-confidence reproduction path: a disabled Telegram account with an exec/file botToken reaches resolveTelegramToken through getRuntimeSnapshot or listEnabledTelegramAccounts before enabled filtering. I did not execute the live gateway path in this read-only review.

Is this the best way to solve the issue?

Yes, the narrowest maintainable fix is to filter or inspect disabled Telegram accounts before strict token resolution in discovery/snapshot paths while preserving strict resolution for active runtime send/start paths.

Acceptance criteria:

• pnpm test extensions/telegram/src/accounts.test.ts extensions/telegram/src/channel-actions.test.ts src/gateway/server-channels.test.ts src/secrets/runtime-inactive-telegram-surfaces.test.ts
• pnpm check:changed

What I checked:

• Current main: The review was performed on current main at e1a73d380db7cea0e960b5463041bc5c644e54aa. (e1a73d380db7)
• Token resolves before enabled filtering: resolveTelegramAccount computes enabled, but still calls resolveTelegramToken; listEnabledTelegramAccounts maps every listed account through that resolver before filtering disabled accounts. (extensions/telegram/src/accounts.ts:151, e1a73d380db7)
• Strict SecretRef throw path: resolveRuntimeTokenValue inspects SecretRefs but then re-enters strict mode for non-env refs, which matches the unresolved-runtime-snapshot error described for exec SecretRefs. (extensions/telegram/src/token.ts:86, e1a73d380db7)
• Gateway snapshot entry point: getRuntimeSnapshot calls each channel plugin's resolveAccount for every account before isEnabled and describeAccount, so Telegram's resolver can throw before disabled status is applied. (src/gateway/server-channels.ts:758, e1a73d380db7)
• Five-minute trigger matches report: The channel health monitor defaults to a five-minute interval and calls channelManager.getRuntimeSnapshot(), matching the reported repeated crash cadence. (src/gateway/channel-health-monitor.ts:14, e1a73d380db7)
• Inactive Telegram SecretRefs are intended to be skipped: Telegram's secret contract marks account botToken inactive when the account is disabled or tokenFile is configured, and the existing runtime snapshot test expects disabled Telegram refs to remain skipped with warnings. (extensions/telegram/src/secret-contract.ts:97, e1a73d380db7)

Likely related people:

• Vincent Koc: Git blame and path-local history attribute the Telegram account resolver, token resolver, action-discovery path, gateway snapshot loop, and Telegram secret contract in this checkout to commit 7a540767701b67dab56cf442818b3a030e0085fd. (role: recent maintainer / current local history owner; confidence: medium; commits: 7a540767701b; files: extensions/telegram/src/accounts.ts, extensions/telegram/src/token.ts, extensions/telegram/src/channel-actions.ts)
• openclaw/openclaw-secops: CODEOWNERS marks src/secrets/ and secret-related config/gateway paths for secops review, which becomes relevant if the fix expands beyond the Telegram plugin into shared SecretRef resolution. (role: adjacent reviewer for shared SecretRef boundary; confidence: low; files: .github/CODEOWNERS, src/secrets/, src/config/types.secrets.ts)

Remaining risk / open question:

• This was a source-level reproduction only; no live gateway or Vitest reproduction was run because the requested review was read-only.
• A fix must preserve active-account strict SecretRef resolution, token precedence, duplicate-token checks, and the binding-created account fallback documented by the existing #53876 comments.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e1a73d380db7.

[joshavant]

Thanks @maximus-dss for the report. The merged fix in #76449 addresses this Telegram path by skipping disabled accounts before token resolution, so disabled exec-backed SecretRefs are no longer invoked during enabled-account enumeration. Closing this out.