Bug type

Regression (worked before, now fails)

Summary

With OpenClaw 2026.3.8, node-backed exec in webchat/control-ui still emits approval-required and prompts for approval even when tools.exec.security is full and tools.exec.ask is off.

Steps to reproduce

1. Configure exec defaults to security=full and ask=off.
2. Use webchat/control-ui path that triggers node-backed exec (system.run path).
3. Run a simple command.
4. Observe system event reports approval-required and approval workflow still appears.

Expected:

• Command should execute directly without approval prompt in full/off mode.

Actual:

• approval-required still appears; approval gate still involved before/while execution.

Expected behavior

Commands should execute immediately without approval prompts when policy is explicitly set to tools.exec.security=full and tools.exec.ask=off.

Actual behavior

System events continue to report "approval-required" and approval workflow is still invoked before run completion on node-backed exec path.

OpenClaw version

2026.3.8

Operating system

Windows 11

Install method

No response

Model

openai-codex/gpt-5.3-codex

Provider / routing chain

openclaw gateway (local host) -> paired node system.run path via control-ui/webchat

Config file / key location

No response

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Representative events observed:
- Exec denied (... approval-required): <command>
- Exec finished (... code 0)
This pattern repeats even after setting tools.exec.security=full and tools.exec.ask=off, specifically on node-backed execution path.

Impact and severity

Affected: operator using control-ui/webchat with node-backed exec
Severity: Medium-High (breaks expected trust in approval mode + adds friction)
Frequency: Frequent/reproducible in this setup
Consequence: repeated manual approval interruptions and confusing denied/finished event mix

Additional information

No response