Skip to content

Exec approval gating intermittent on Windows despite security=full, ask=off, sandbox.mode=off #28283

Closed as not planned
Closed as not planned
Exec approval gating intermittent on Windows despite security=full, ask=off, sandbox.mode=off#28283
Labels
staleMarked as stale due to inactivity
@Nietzsche247

Description

@Nietzsche247
Nietzsche247
opened on Feb 27, 2026

GitHub Issue Draft: Intermittent exec approval gating despite full/off config

Repo: clawdbot/clawdbot
Title: Exec approval gating intermittent despite security=full, ask=off in both config files

Description

Exec commands are intermittently gated with "Approval required" despite both clawdbot.json and exec-approvals.json being configured for unrestricted access. Commands sometimes execute instantly, then start requiring approval again within the same session — without any config changes.

Environment

  • Clawdbot: 2026.1.24-3 (885167d)
  • OS: Windows 10.0.26200 (x64)
  • Node: v22.21.0
  • Channel: Google Chat
  • Model: anthropic/claude-opus-4-6 (OAuth, claude-cli)
  • Gateway: local, host=gateway

Configuration

clawdbot.json (tools section)

"tools": {
  "exec": {
    "host": "gateway",
    "security": "full",
    "ask": "off"
  },
  "elevated": {
    "enabled": true,
    "allowFrom": {
      "googlechat": ["*"],
      "agent": ["*"]
    }
  }
}

exec-approvals.json

{
  "version": 1,
  "socket": { "path": "...", "token": "..." },
  "defaults": {
    "security": "full",
    "ask": "off",
    "askFallback": "full"
  },
  "agents": {}
}

Observed Behavior

  1. After gateway restart, exec works instantly for ~3-5 commands
  2. Then starts returning "Approval required (id xxx)" for every command
  3. Commands eventually execute (after ~60-120s timeout?) but with massive delay
  4. Pattern repeats: works briefly after restart, then gates again
  5. No config changes occur between working and gated states

Expected Behavior

With security: "full", ask: "off", and askFallback: "full" in both config files, exec should NEVER gate or require approval. Every command should execute immediately.

Reproduction

  1. Set both config files as shown above
  2. Restart gateway: clawdbot gateway restart
  3. Send 3-5 exec commands via agent (e.g., echo test) — they work
  4. Wait ~2-3 minutes or send more commands
  5. Commands start requiring approval

Impact

Critical for autonomous operation. When exec gates, the agent cannot:

  • Run bridge client scripts
  • Execute PowerShell scripts
  • Use git, npm, or any CLI tools
  • Operate independently when the human is away

The human becomes a bottleneck, which defeats the purpose of an autonomous agent.

Possible Causes

  • Gateway session-level state overriding file config
  • Approval timeout resetting internal state
  • Race condition between approval socket and gateway process
  • OAuth/claude-cli layer injecting its own approval requirements
  • Post-compaction session state not inheriting exec permissions

Workaround

Frequent clawdbot gateway restart temporarily restores exec access, but it's not durable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    staleMarked as stale due to inactivity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions