Skip to content

2026.3.13 regression: CLI WS clients get 'missing scope: operator.read' on loopback gateway #47640

Closed
#48950
Closed
2026.3.13 regression: CLI WS clients get 'missing scope: operator.read' on loopback gateway#47640
#48950
@crshdn

Description

@crshdn
crshdn
opened on Mar 15, 2026

Description

After upgrading to 2026.3.13, all CLI WebSocket clients (openclaw logs, openclaw status, and third-party apps using the gateway WS API with token auth) receive repeated INVALID_REQUEST - missing scope: operator.read errors for status, system-presence, and config.get RPC calls.

This did not happen on 2026.3.12. The same gateway token that worked before now fails these three calls.

Environment

  • OpenClaw 2026.3.13 (61d171a)
  • macOS (arm64), Node v25.6.0
  • Gateway: bind: loopback (127.0.0.1:18789)
  • Auth: mode: token

Reproduction

  1. Fresh 2026.3.13 install or upgrade from 2026.3.12
  2. Run openclaw logs in a terminal
  3. Observe repeated log entries every ~32 seconds:
info gateway/ws ⇄ res ✗ status 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
info gateway/ws ⇄ res ✗ system-presence 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
info gateway/ws ⇄ res ✗ config.get 0ms errorCode=INVALID_REQUEST errorMessage=missing scope: operator.read
  1. openclaw security audit --deep also reports: gateway.probe_failed: missing scope: operator.read

Root Cause Analysis

2026.3.13 added stricter device-auth enforcement for operator.read scope. The changelog mentions:

Gateway/Control UI: restore the operator-only device-auth bypass

This fix covers the Control UI browser path, but not generic WS RPC clients. The CLI connects with a valid gateway token but without a registered device identity, so status, system-presence, and config.get calls are rejected.

Third-party Next.js apps using the OPENCLAW_GATEWAY_TOKEN for WS RPC are also affected.

Attempted Workarounds (none work)

  • gateway.controlUi.dangerouslyDisableDeviceAuth: true — only affects Control UI, not WS RPC
  • gateway.controlUi.allowInsecureAuth: true — same, Control UI only
  • gateway.controlUi.allowedOrigins — only affects browser origin checks

Expected Behavior

CLI clients authenticating with a valid gateway token on loopback should have operator.read scope granted, matching 2026.3.12 behavior. The device-auth enforcement should not apply to token-authenticated loopback connections, or at minimum there should be a config knob to bypass it for WS RPC clients (not just the Control UI).

Impact

  • Fills logs with ~5,400 error entries/day (3 errors × every 32s × 24h) per connected client
  • openclaw security audit --deep fails its own gateway probe
  • No functional breakage, but significant log noise

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions