mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-17 04:50:51 +00:00
d799a3994f
`openclaw doctor` audited gateway service runtime/path settings but did not check whether the daemon's `OPENCLAW_GATEWAY_TOKEN` matched `gateway.auth.token` in `openclaw.json`. After re-pairing or token rotation, the config token and service env token can drift. The daemon may keep running with a stale service token, leading to unauthorized handshake failures for cron/tool clients. Add a gateway service audit check for token drift and pass `cfg.gateway.auth.token` into service audits so doctor treats config as the source of truth when deciding whether to reinstall the service. Key design decisions: - Use `gateway.auth.token` from `openclaw.json` as the authority for service token drift detection - Only flag mismatch when an authoritative config token exists - Keep fix in existing doctor service-repair flow (no separate migration step) - Add focused tests for both audit mismatch behavior and doctor wiring Fixes #18175