Summary

After changing WhatsApp configuration to add a new number and adjust group reaction settings, the agent backend cannot connect to the gateway WebSocket due to "device token mismatch" errors, while WhatsApp itself remains connected and functional.

Steps to reproduce

1. Start OpenClaw gateway (version 2026.2.15)
2. Agent is running and can communicate normally
3. Edit openclaw.json to add new number to channels.whatsapp.allowFrom
4. Edit openclaw.json to change channels.whatsapp.ackReaction.group from "mentions" to "always"
5. Restart gateway (or it auto-restarts on config change)
6. WhatsApp reconnects successfully
7. Try to use agent tools (sessions_list, message, etc.)
8. All tools fail with "unauthorized: device token mismatch"

Expected behavior

After config change and gateway restart, agent backend should be able to connect to gateway WebSocket and use all tools normally. Both inbound and outbound WhatsApp messaging should work.

Actual behavior

gateway closed (1008): unauthorized: device token mismatch (rotate/reissue device token)
Gateway target: ws://127.0.0.1:18789
Source: local loopback

OpenClaw version

2026.2.15

Operating system

Linux 6.12.47+rpt-rpi-2712 (arm64) - Raspberry Pi

Install method

npm global

Logs, screenshots, and evidence

gateway closed (1008): unauthorized: device token mismatch (rotate/reissue device token)
Gateway target: ws://127.0.0.1:18789
Source: local loopback

Impact and severity

Affected: OpenClaw agent users who modify WhatsApp configuration
Severity: High (blocks all agent tool usage, prevents sending messages)
Frequency: 100% reproducible after config change
Consequence: Agent becomes read-only - can receive but cannot send messages or use any tools. Requires manual intervention or complete reset.

What I've tried:

1. Gateway restart multiple times (openclaw gateway restart)
2. Regenerated and set new gateway.auth.token (64-char random hex string)
3. Restored config backup (openclaw.json.bak)
4. Changed auth mode (token → none → back to token)
5. Deleted device files (~/.openclaw/.device, .gateway_device_token)
6. Set env variable OPENCLAW_GATEWAY_TOKEN=...
7. Complete gateway stop/start cycle with sleep between
8. Gateway dashboard loads at http://127.0.0.1:18789/ but websocket connection fails

Workaround:
None found. Agent is currently read-only - can receive WhatsApp messages but cannot send or use tools.

Additional information

• Gateway runs as systemd service
• Bind mode: loopback, port: 18789
• Auth mode: token
• WhatsApp connection is healthy and authenticated
• This is a regression - agent and gateway were working before config change
• Issue appears similar to Webchat UI fails to authenticate: 'gateway token missing' even with token in URL #1690 (webchat auth issue) but affects CLI/agent backend
• No errors/warnings in startup logs before first tool call