[Bug]: Control UI Settings page shows wrong Exec Policy — reads from wrong config path

[markvivv]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Bug Description

The Control UI Settings/Exec section displays Exec Policy: allowlist even after the user has set tools.exec.security to "full" in openclaw.json. Restarting the gateway does not fix it because the frontend reads from an incorrect (non-existent) config path.

Root Cause

The Control UI frontend reads from agents.defaults.exec.security, but the actual config key that controls exec security policy is tools.exec.security. These are different config paths.
User sets: tools.exec.security = "full" ✅ (takes effect immediately)
UI reads: agents.defaults.exec.security ❌ (path doesn't exist, falls back to default "allowlist")

Expected Behavior

UI should read from tools.exec.security and display the correct value (full).

Actual Config (verified working via CLI):

$ openclaw config get tools.exec.security
full

Config file path: ~/.openclaw/openclaw.json

Proposed Fix

Update the Control UI settings component to read tools.exec.security instead of agents.defaults.exec.security.

Steps to reproduce

1. Edit ~/.openclaw/openclaw.json and add "tools": { "exec": { "security": "full", "ask": "off" } }
2. Open Control UI Settings page
3. Observe that Exec Policy still shows allowlist

Expected behavior

NOT_ENOUGH_INFO

Actual behavior

NOT_ENOUGH_INFO

OpenClaw version

2026.5.4

Operating system

macOS 15.7.5

Install method

No response

Model

Qwen3.6-35B-A3B

Provider / routing chain

openclaw -> newapi -> Qwen3.6-35B-A3B

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still derives the quick Settings Exec policy badge from the wrong config branch, so an explicit tools.exec.security="full" can be ignored in the Control UI display.

Reproducibility: yes. Source inspection gives a high-confidence path: render quick Settings with configForm or configSnapshot.config containing tools.exec.security="full" and no agents.defaults.exec.security; current main will still pass allowlist to the badge helper.

Next step
This is a narrow, source-proven Control UI bug with a clear config-contract fix and focused UI regression path.

Review details

Best possible solution:

Update the quick Settings security summary to prefer the explicit tools.exec.security value for the Exec policy badge, keep any fallback behavior intentional, and add focused regression coverage plus a changelog fix entry.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection gives a high-confidence path: render quick Settings with configForm or configSnapshot.config containing tools.exec.security="full" and no agents.defaults.exec.security; current main will still pass allowlist to the badge helper.

Is this the best way to solve the issue?

Yes. The narrow maintainable fix is to read the documented tools.exec.security path in extractQuickSettingsSecurity and cover that behavior in a focused Control UI render test; no new config key or product decision is needed.

Acceptance criteria:

• pnpm test ui/src/ui/app-render.assistant-avatar.test.ts ui/src/ui/views/config-quick.test.ts
• pnpm exec oxfmt --check --threads=1 ui/src/ui/app-render.ts ui/src/ui/app-render.assistant-avatar.test.ts ui/src/ui/views/config-quick.test.ts
• pnpm check:changed

What I checked:

• current-main wrong read path: extractQuickSettingsSecurity initializes the badge to allowlist and only checks cfg.agents.defaults.exec.security; there is no cfg.tools.exec.security branch in the current helper. (ui/src/ui/app-render.ts:581, 98cbf7f11c35)
• badge renders helper output: The Quick Settings Security card renders props.security.execPolicy as the visible Exec policy badge, so the wrong helper value is user-facing. (ui/src/ui/views/config-quick.ts:505, 98cbf7f11c35)
• documented config path: The exec tool docs define tools.exec.security and tools.exec.ask as the config fields controlling exec policy. Public docs: docs/tools/exec.md. (docs/tools/exec.md:101, 98cbf7f11c35)
• runtime config contract: The typed config exposes ExecToolConfig.security under tools.exec, and effective-policy resolution reads params.cfg.tools?.exec as the global policy scope. (src/infra/exec-approvals-effective.ts:151, 98cbf7f11c35)
• current UI history: git blame attributes the current quick Settings security helper and card rendering in this checkout to snapshot commit 4ee234f8ee4887cd4d028e56bd64bafed885cca6; adjacent exec-approvals UI history includes 9fab0d2ced25e802800a9af0c76b456a49e19a26. (ui/src/ui/app-render.ts:548, 4ee234f8ee48)

Likely related people:

• @vincentkoc: Current checkout blame for extractQuickSettingsSecurity and the Quick Settings Security card points to Vincent Koc on commit 4ee234f8ee4887cd4d028e56bd64bafed885cca6. (role: current UI helper history; confidence: medium; commits: 4ee234f8ee48; files: ui/src/ui/app-render.ts, ui/src/ui/views/config-quick.ts)
• @steipete: Peter Steinberger split the nodes exec approvals UI module and shared exec approvals CLI save flow, making him a likely reviewer for Control UI exec-policy display behavior. (role: adjacent Control UI exec approvals maintainer; confidence: medium; commits: 9fab0d2ced25, 0024ea49d32c; files: ui/src/ui/views/nodes-exec-approvals.ts, src/cli/exec-approvals-cli.ts)
• @jacobtomlinson: Jacob Tomlinson recently changed exec approvals policy behavior around allow-always targets, relevant to reviewing security-policy wording and defaults. (role: adjacent exec approvals policy maintainer; confidence: low; commits: 9ec44fad390f; files: src/infra/exec-approvals-effective.ts, src/infra/exec-approvals-policy.test.ts)

Remaining risk / open question:

• No live browser/gateway reproduction was run in this read-only pass; the source path is direct, but the fix PR should include an actual focused UI render test.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 98cbf7f11c35.