Bug Description

Regression of #25376 — This was fixed in v2026.3.2 but has resurfaced in v2026.3.12/v2026.3.13.

When using tools.exec with security: "allowlist" and ask: "on-miss" on Windows, commands intermittently fail with:

exec denied: allowlist execution plan unavailable (unsupported platform)

This blocks ALL commands — including those explicitly listed in safeBins (e.g., Select-String, openclaw, Get-ChildItem, gh). The approval flow never triggers; the command is rejected before the user even gets a chance to approve.

Root Cause

The issue originates in buildSafeShellCommand() (introduced in commit 77b8971, Feb 14 2026):

if (isWindowsPlatform(platform)) {
  return { ok: false, reason: "unsupported platform" };
}

This unconditionally rejects all Windows exec when the allowlist path requires buildSafeShellCommand. The function was designed to make safeBins stdin-only by single-quoting argv tokens — a technique that doesn't translate to cmd.exe/PowerShell quoting.

However, the current behavior is a complete block rather than a graceful fallback. On Windows, even simple commands like openclaw cron list or Select-String -Path file.json -Pattern text are rejected.

Environment

• OS: Windows 10 (10.0.26200, x64)
• OpenClaw Version: v2026.3.12 (stable)
• Node Version: v22.16.0
• Shell: PowerShell (pwsh)

Exec Config

{
  "security": "allowlist",
  "ask": "on-miss",
  "safeBins": [
    "git", "cat", "ls", "dir", "echo", "pwd",
    "Get-ChildItem", "Get-Content", "Get-Location",
    "Select-String", "curl", "curl.exe",
    "openclaw", "python", "gh"
  ]
}

Steps to Reproduce

1. On Windows, configure tools.exec.security: "allowlist" with ask: "on-miss"
2. Add common Windows commands to safeBins
3. Agent attempts any exec command, e.g.: openclaw cron list
4. Result: Immediate rejection with exec denied: allowlist execution plan unavailable (unsupported platform)
5. No approval prompt is shown to the user

Expected Behavior

• SafeBins commands on Windows should either work (with appropriate Windows-compatible quoting) or fall through to the approval flow (ask: on-miss) so the user can manually approve
• The approval UI should still be reachable even if buildSafeShellCommand doesn't support Windows

Actual Behavior

• ALL exec commands are blocked before reaching the approval flow
• User cannot approve any command
• Agent is effectively unable to execute any shell command on Windows

Impact

• Breaks automated workflows on Windows entirely
• Blocks cron management (openclaw cron list/remove)
• Blocks GitHub CLI (gh issue list/create)
• Blocks file operations through agent (Select-String, Get-Content)
• Forces users to manually run every command in a separate terminal

Suggested Fix

When buildSafeShellCommand returns { ok: false } on Windows, the exec pipeline should fall through to the approval-based path (ask: on-miss) rather than hard-rejecting. This way, Windows users can still approve commands manually while the safeBins quoting logic is being ported.

Alternatively, implement Windows-compatible quoting (PowerShell single-quoting or escaping) in buildSafeShellCommand.