Bug Report

Summary

When an invalid config key is written directly to openclaw.json and a SIGUSR1 restart is triggered, the gateway crashes rather than performing a clean reload. macOS then spawns a new process which does not inherit the Full Disk Access permissions granted to the original process — causing tool sandboxing failures (e.g. file reads, Downloads folder access).

Steps to Reproduce

1. Add an invalid/unrecognised key directly to openclaw.json (e.g. agents.defaults.pdfModel)
2. Trigger a restart via gateway restart or SIGUSR1
3. Gateway crashes on startup due to config validation failure
4. A new process is spawned (by launchd or similar)
5. The new process does not have macOS Full Disk Access
6. File access tools (Read, exec) lose access to protected directories (Downloads, Desktop, etc.)

Expected Behaviour

• Gateway should validate config before attempting reload
• If config is invalid, it should refuse the restart gracefully and log the error, keeping the existing process alive with the last known good config
• Should NOT crash and respawn as a new process, which loses macOS TCC (Transparency, Consent, and Control) permissions

Actual Behaviour

• Gateway crashes on invalid config during reload
• New process spawned without Full Disk Access
• All file access to macOS protected directories fails until permissions are manually re-granted in System Settings or openclaw doctor is run

Recovery

Running openclaw doctor --non-interactive stripped the invalid key and restarted cleanly, restoring normal operation.

Environment

• OpenClaw: v2026.3.2
• OS: macOS (Darwin 24.6.0, arm64)
• Node: v24.13.0

Impact

High — a config mistake causes loss of macOS file permissions system-wide, requiring manual intervention via System Settings or openclaw doctor. This is not obvious to users and can appear as an unrelated file access bug.