OpenClaw gateway denial report
OpenClaw gateway denial report
Generated: 2026-04-23 17:00 PDT
Window analyzed: 2026-04-16 17:00:20 PDT through 2026-04-23 17:00:20 PDT, rolling 7 days ending at analysis time.
Findings summary
- True logged denials found: 25
- Counting rule used: counted only explicit session-history notices with this exact structure:
An async command did not run ... Exec denied (gateway id=..., approval-timeout): <command> - Deny kind found: all 25 were
approval-timeout - Command-level source of truth: authenticated Gateway session history via
sessions.list+chat.history, cross-checked against the underlying session JSONL files under~/.openclaw/agents/david/sessions/ - Standalone gateway logs:
/tmp/openclaw/openclaw-2026-04-21.log,-2026-04-22.log, and-2026-04-23.logcontained denial-adjacent warnings, but not a clean command-level ledger for the full 7-day window. They were used as corroboration, not as the counted source. - No counted
SYSTEM_RUN_DENIEDorstrictInlineEvalevents were found in the 25 explicit denial records in this window.
Total denial count
25 true logged denial events
Daily counts
| Local day | Logged denials |
|---|---|
| 2026-04-16 | 4 |
| 2026-04-17 | 0 |
| 2026-04-18 | 0 |
| 2026-04-19 | 0 |
| 2026-04-20 | 0 |
| 2026-04-21 | 1 |
| 2026-04-22 | 6 |
| 2026-04-23 | 14 |
| Total | 25 |
Counts by command family
| Command family | Total | 04-16 | 04-17 | 04-18 | 04-19 | 04-20 | 04-21 | 04-22 | 04-23 |
|---|---|---|---|---|---|---|---|---|---|
| pwd/ls probe | 7 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 5 |
| find scan | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 4 | 1 |
| python3 heredoc | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 4 |
| python3 script/file | 5 | 1 | 0 | 0 | 0 | 0 | 0 | 1 | 3 |
| cat file read | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| openclaw cli | 1 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 |
| ripgrep search | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Top exact command shapes
| Command shape | Total | By day | ||
|---|---|---|---|---|
python3 heredoc | 5 | 04-22: 1, 04-23: 4 | ||
| `find records -maxdepth 2 -type f | sort | sed -n 1,120p` | 2 | 04-22: 2 |
ls -1 $WORKSPACE/data/lantronix-uas-workbench-phase1/records/companies | 2 | 04-23: 2 | ||
pwd | 2 | 04-16: 1, 04-23: 1 | ||
python3 lantronix_backfill_filter_fields.py | 2 | 04-23: 2 | ||
cat $WORKSPACE/data/lantronix-uas-workbench-phase1/records/companies/company-{...}.json | 1 | 04-23: 1 | ||
| `find $WORKSPACE/data/lantronix-uas-workbench-phase1 -maxdepth 3 -type f | sort` | 1 | 04-22: 1 | |
| `find $WORKSPACE/data/lantronix-uas-workbench-phase1/records -maxdepth 2 (companies/evidence/customer-segments) | sort | sed -n '1,60p'` | 1 | 04-22: 1 |
| `find $WORKSPACE/scripts -maxdepth 1 -type f | sed 's#^#/##' | sort` | 1 | 04-23: 1 |
ls $WORKSPACE/scripts/lantronix_broader_migrate.py | 1 | 04-23: 1 |
Representative examples
- 2026-04-16 17:02:05 PDT
- Gateway id:
342efe9e-9629-499b-8fd1-829916060490 - Deny kind:
approval-timeout - Command:
pwd - Source:
/Users/vinny/.openclaw/agents/david/sessions/d3b6ece8-e57f-4695-bcd9-3b16352df648.jsonl
- 2026-04-21 21:35:27 PDT
- Gateway id:
b020ab9e-90e8-4d7a-8aa1-09afac89c5ba - Deny kind:
approval-timeout - Command:
openclaw --version 2>/dev/null || true; printf '\n---\n'; openclaw help 2>/dev/null | sed -n '1,80p' - Source:
/Users/vinny/.openclaw/agents/david/sessions/a62f9d4f-672a-4736-8836-ee99bf6a6ccd.jsonl
- 2026-04-22 16:30:57 PDT
- Gateway id:
36f4c73e-5090-48c0-acf7-1d8bfc588e95 - Deny kind:
approval-timeout - Command:
find /Users/vinny/.openclaw/workspace/data/lantronix-uas-workbench-phase1/records -maxdepth 2 -type f | sort | sed -n '1,120p' - Source:
/Users/vinny/.openclaw/agents/david/sessions/1855a66a-0861-4d0b-ac36-6b887d8093de.jsonl
- 2026-04-23 10:45:11 PDT
- Gateway id:
c0a1a56c-07e6-4da5-99cc-57a4e0512402 - Deny kind:
approval-timeout - Command:
ls -1 /Users/vinny/.openclaw/workspace/data/lantronix-uas-workbench-phase1/records/companies - Source:
/Users/vinny/.openclaw/agents/david/sessions/78b34f4c-17a8-4255-9475-b9b8620f3f4c.jsonl
- 2026-04-23 11:34:46 PDT
- Gateway id:
f7a9dd84-f322-4512-80e7-49e48ddc6412 - Deny kind:
approval-timeout - Command shape:
python3 heredocagainstall_enriched.json - Source:
/Users/vinny/.openclaw/agents/david/sessions/33123e6c-a416-4857-bbf3-38af9e834e2a.jsonl
- 2026-04-23 16:39:37 PDT
- Gateway id:
72a870f7-5bb3-4ecc-a56c-931ccfde51ba - Deny kind:
approval-timeout - Command:
pwd && echo '\n== openclaw root ==' && ls -la /Users/vinny/.openclaw | sed -n '1,120p' && echo '\n== workspace ==' && ls -la /Users/vinny/.openclaw/workspace | sed -n '1,120p' && echo '\n== possible logs ==' && find /Users/vinny/.openclaw -maxdepth 3 \( -iname '*log*' -o -path '*/runtime/*' -o -path '*/logs/*' \) | sed -n '1,240p' - Source:
/Users/vinny/.openclaw/agents/david/sessions/1cac067e-378b-4b90-bca7-67de1febc74e.jsonl
True denials versus excluded nearby events
Counted as true denials
Only records that explicitly logged:
An async command did not runExact completion details:Exec denied (gateway id=..., approval-timeout): <command>
These records carry a timestamp, a gateway id, and the denied command shape. They are the cleanest command-level evidence found.
Explicitly excluded from the 25 count
The following were observed but not counted because they are related failures, not the same thing as a direct logged denial record:
- Sandbox-runtime errors in
/tmp/openclaw/openclaw-2026-04-23.log
- Example:
[tools] exec failed: exec host=sandbox requires a sandbox runtime for this session. - Reason excluded: this is an execution-routing/runtime error, not a gateway approval denial.
- Approval followup dispatch warnings in
/tmp/openclaw/openclaw-2026-04-23.log
- Example:
exec approval followup dispatch failed (id=fe91a1c1-dcec-4e23-990d-ef3a822befc9): gateway timeout after 60000ms - Reason excluded: useful corroboration, but it does not carry the denied command text and is not the user-visible denial record used for exact counting.
- Artifact text or analysis text that quoted denial strings
- Reason excluded: references to denial text inside later analysis are not new denial events.
Evidence paths and sources used
Config and gateway access
/Users/vinny/.openclaw/openclaw.json- Local Gateway Dashboard at
http://127.0.0.1:18789, authenticated, then queried viasessions.listandchat.history
Session index
/Users/vinny/.openclaw/agents/main/sessions/sessions.json
Denial-bearing session files
/Users/vinny/.openclaw/agents/david/sessions/1178dfdf-c059-46d4-8e37-1808afafb4f9.jsonl/Users/vinny/.openclaw/agents/david/sessions/1855a66a-0861-4d0b-ac36-6b887d8093de.jsonl/Users/vinny/.openclaw/agents/david/sessions/1cac067e-378b-4b90-bca7-67de1febc74e.jsonl/Users/vinny/.openclaw/agents/david/sessions/33123e6c-a416-4857-bbf3-38af9e834e2a.jsonl/Users/vinny/.openclaw/agents/david/sessions/3c06636f-c326-4f25-bccf-054a131e74cf.jsonl/Users/vinny/.openclaw/agents/david/sessions/3fffd041-e463-4f20-85b1-8627aecd481b.jsonl/Users/vinny/.openclaw/agents/david/sessions/467059f6-0118-4e0f-9467-0ba393bc1ba7.jsonl/Users/vinny/.openclaw/agents/david/sessions/6f03405b-0abb-481e-b1dc-8d88d95a3a20.jsonl/Users/vinny/.openclaw/agents/david/sessions/78b34f4c-17a8-4255-9475-b9b8620f3f4c.jsonl/Users/vinny/.openclaw/agents/david/sessions/a62f9d4f-672a-4736-8836-ee99bf6a6ccd.jsonl/Users/vinny/.openclaw/agents/david/sessions/b8eca1aa-f347-4b09-9b54-21debe48ff47.jsonl/Users/vinny/.openclaw/agents/david/sessions/d042e2bf-0a0c-4fb3-8efb-b89482bbc1ed.jsonl/Users/vinny/.openclaw/agents/david/sessions/d3b6ece8-e57f-4695-bcd9-3b16352df648.jsonl/Users/vinny/.openclaw/agents/david/sessions/f7c357d5-0b72-4754-8a75-42a07aee0ebb.jsonl/Users/vinny/.openclaw/agents/david/sessions/fb1a04a8-725f-4100-93a9-d7effdf02b1b.jsonl
Standalone gateway log files checked
/tmp/openclaw/openclaw-2026-04-21.log/tmp/openclaw/openclaw-2026-04-22.log/tmp/openclaw/openclaw-2026-04-23.log
Uncertainties and limits
/tmp/openclaw/openclaw-2026-04-16.logthrough/tmp/openclaw/openclaw-2026-04-20.logwere not present at the same path, so the standalone daily log series was incomplete for the full window.- Because of that, the counted 7-day ledger comes from session-history denial notices, not from the
/tmp/openclaw/files. - If a denial ever occurred without generating the async followup notice in session history, it would not be counted here. I did not find a better command-level source in the checked runtime logs.
- The Gateway dashboard log stream exposed current daily log content and denial-adjacent warnings, but not a richer command-level denial table than the session records.
Recommendation
Keep exec security unchanged for now. You now have a clean evidence-backed baseline: 25 actual logged gateway denial events in the last 7 rolling days, all approval-timeout, concentrated on 2026-04-22 and 2026-04-23, mostly read-only probes and data-inspection commands. If you want the next step, add a dedicated denial log sink that records timestamp, command, deny reason, and session key in one place. That would remove the need to reconstruct counts from session history.
Validation summary
- Verified the counting logic against the authenticated Gateway session history.
- Cross-checked representative raw session files with
read, including: /Users/vinny/.openclaw/agents/david/sessions/d3b6ece8-e57f-4695-bcd9-3b16352df648.jsonl/Users/vinny/.openclaw/agents/david/sessions/a62f9d4f-672a-4736-8836-ee99bf6a6ccd.jsonl/Users/vinny/.openclaw/agents/david/sessions/1855a66a-0861-4d0b-ac36-6b887d8093de.jsonl/Users/vinny/.openclaw/agents/david/sessions/1cac067e-378b-4b90-bca7-67de1febc74e.jsonl- Checked standalone gateway logs for corroboration. They showed denial-adjacent warnings, but not a better command-level count source.