Skip to content

Instantly share code, notes, and snippets.

@thanakijwanavit

thanakijwanavit/SETUP-NOTES.md

Created February 4, 2026 17:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save thanakijwanavit/18e26b1096c252e2ffcdc57c44a9a1de to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save thanakijwanavit/18e26b1096c252e2ffcdc57c44a9a1de to your computer and use it in GitHub Desktop.
Download ZIP
OpenClaw Auto-Approve Configuration
Raw
SETUP-NOTES.md

OpenClaw Auto-Approve Configuration

This document describes how to configure OpenClaw to automatically approve all exec commands without manual intervention.

Overview

OpenClaw has two layers of exec approval controls:

  1. Tool policy (openclaw.jsontools.exec)
  2. Exec approvals (exec-approvals.json)

Both must be configured for full auto-approve.

Step 1: Configure Tool Policy

Set the exec tool to allow all commands without prompting:

openclaw config set tools.exec.security full
openclaw config set tools.exec.ask off

Verify:

openclaw config get tools.exec

Expected output:

{
  "security": "full",
  "ask": "off"
}

Step 2: Configure Exec Approvals

Edit ~/.openclaw/exec-approvals.json to include:

{
  "version": 1,
  "socket": {
    "path": "/Users/nic/.openclaw/exec-approvals.sock",
    "token": "<your-token>"
  },
  "defaults": {
    "security": "full",
    "ask": "off",
    "askFallback": "full"
  },
  "agents": {
    "*": {
      "security": "full",
      "ask": "off",
      "askFallback": "full",
      "allowlist": [
        { "pattern": "**" }
      ]
    },
    "main": {
      "security": "full",
      "ask": "off",
      "askFallback": "full",
      "allowlist": [
        { "pattern": "**" }
      ]
    }
  }
}

Alternative: Use CLI to add allowlist patterns

openclaw approvals allowlist add --agent "*" "**"
openclaw approvals allowlist add --agent "main" "**"

Verify:

openclaw approvals get

Expected output should show:

  • Defaults: security=full, ask=off, askFallback=full
  • Allowlist entries for * and main agents

Step 3: Restart Gateway

The gateway must be restarted to pick up config changes:

openclaw gateway --force

Verify gateway is running:

openclaw gateway health

Step 4: Test Auto-Approve

openclaw agent --agent main --message "run: echo 'auto-approve test'" --timeout 30

Expected: Command executes immediately without showing an approval ID prompt.

Configuration Reference

Security Levels (security)

Value Description
deny Block all exec requests
allowlist Allow only allowlisted commands
full Allow everything (no restrictions)

Ask Levels (ask)

Value Description
off Never prompt for approval
on-miss Prompt only when allowlist doesn't match
always Prompt on every command

Ask Fallback (askFallback)

Value Description
deny Block if UI unavailable
allowlist Allow only if allowlist matches
full Allow anyway

Files Modified

File Purpose
~/.openclaw/openclaw.json Main config (tools.exec settings)
~/.openclaw/exec-approvals.json Exec approval policy and allowlists

Troubleshooting

Still getting approval prompts?

  1. Ensure both tools.exec AND exec-approvals.json are configured
  2. Restart gateway: openclaw gateway --force
  3. Check config: openclaw approvals get --gateway

Check current config:

openclaw config get tools.exec
openclaw approvals get

Generated: 2026-02-04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment