Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

exec-approvals.json with security:"full" and ask:"off" is not respected on Telegram channel — commands are routed through approval flow and timeout-denied. Setting tools.exec.security:"full" in openclaw.json works as a workaround.

Steps to reproduce

1.Install OpenClaw 2026.3.31 on macOS (Mac Mini M4, headless, no companion app).
2.Configure ~/.openclaw/exec-approvals.json with security: "full" and ask: "off" in both defaults and agents.main.
3.Leave tools.exec in openclaw.json empty ({}).
4.Start the gateway via LaunchAgent.
5.From Telegram, send a message that triggers exec (e.g., "run uptime").
6.Command times out after ~120 seconds and is denied.

Expected behavior

With security:"full" and ask:"off" configured in exec-approvals.json, all exec requests from Telegram should auto-approve and execute immediately without requiring an interactive approval client.

Actual behavior

Exec requests from Telegram generate approval requests that time out:
Exec denied (gateway id=57794a9b-..., approval-timeout)
Exec denied (gateway id=0c35c704-..., approval-timeout)
The agent responds: "shell commands are restricted by the current security policy".
Sending /exec security=full in the Telegram session restores exec functionality for that session only.

OpenClaw version

2026.3.31 (213a704)

Operating system

macOS (Apple Silicon, Mac Mini M4)

Install method

npm global

Model

anthropic/claude-opus-4-6 (primary), openai-codex/gpt-5.4 (subagent)

Provider / routing chain

openclaw gateway (direct, no proxy)

Additional provider/model setup details

This bug is about exec approvals, not model routing. The issue occurs regardless of which model is active. Config: tools.profile="full", exec in tools.allow list. exec-approvals.json configured with security:"full" and ask:"off" but not respected on Telegram channel.

Workaround: setting tools.exec.security:"full" in openclaw.json resolves the issue.

Related issues: #26739, #20141

Logs, screenshots, and evidence

Gateway logs show approval-timeout denials:
Exec denied (gateway id=57794a9b-7cee-4bdd-bcfe-fe57d2e9110f, approval-timeout)
Exec denied (gateway id=0c35c704-6ea5-4aeb-9c26-16af9e3f9120, approval-timeout)

Impact and severity

Affected users/systems/channels: Telegram channel (headless gateway setups without macOS companion app or Web UI)
Severity: blocks all exec functionality on Telegram — agent cannot run any shell commands until user manually sends /exec security=full per session
Frequency: 100% reproducible on every new session
Workaround exists: yes (tools.exec config in openclaw.json)

Additional information

Last known good version: unclear (new to headless Telegram setup on 2026.3.31)
First known bad version: 2026.3.31 (213a704)
Related issues: #26739 (same symptom, v2026.2.23), #20141 (same symptom, v2026.2.17)