Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

Setting ask: off / security: full in exec-approvals.json has no effect on Windows; every exec call returns exec denied: allowlist miss even after gateway restart.

Steps to reproduce

1. Edit ~/.openclaw/exec-approvals.json, add "ask": "off" and "security": "full" under agents.main
2. Run openclaw gateway restart
3. Agent exec call returns exec denied: allowlist miss
4. Tried openclaw approvals set --file <new-config.json> — config was accepted (Defaults: security=full, ask=off shown in output), but exec still denied

Expected behavior

Setting security: full and ask: off should bypass all exec approval checks. Agent should be able to run commands without approval prompts.

Actual behavior

Every exec call returns exec denied: allowlist miss regardless of ask or security settings in exec-approvals.json. The allowlist uses command hashes (=command:<hash>) that change with every slight variation, making allow-always effectively useless on Windows.

OpenClaw version

2026.4.1 (da64a97)

Operating system

Windows 11

Install method

npm global

Model

kimi

Provider / routing chain

openclaw -> kimi

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response