#gateway disconnected after kimi claw
robust orioleBOT
delicate flaxBOT
First thing: please delete/edit your message to remove that bot token โ itโs now public in a Discord thread, so you should rotate/regenerate it immediately on the Kimi side. Donโt paste new tokens here.
On the OpenClaw side, openclaw tui showing:
gateway disconnected: closed
usually comes down to one of these:
- the gateway service isnโt actually running (or is crash-looping)
- port 18789 is taken by something else (possibly the kimi-claw install)
- auth/config mismatch: the systemd service is using a different config/token than your CLI/TUI
Run these and paste the output (redact tokens/keys):
openclaw --version
openclaw gateway status --deep
openclaw status
openclaw logs --last 200
Then also check whether something else is sitting on the gateway port:
sudo ss -lntp | rg ':18789' || true
Common fixes (depending on what the above shows)
A) โConfig (cli)โ vs โConfig (service)โ mismatch in gateway status --deep:
openclaw gateway install --force
openclaw gateway restart
B) Port conflict (something else is using 18789):
Either stop the conflicting service, or move OpenClaw to a new port:
openclaw config set gateway.port 18790 --json
openclaw gateway restart
openclaw tui --url ws://127.0.0.1:18790
Docs runbook (matches the commands above): https://docs.openclaw.ai/gateway/troubleshooting
Paste openclaw gateway status --deep + the ss output and we can pinpoint which case youโre in.
cobalt summit
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Error: Config validation failed: plugins.load.paths: plugin: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
axis@vmi3046347:~$ openclaw tui
Invalid config at /home/axis/.openclaw/openclaw.json:\n- plugins.load.paths: plugin: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
๐ฆ OpenClaw 2026.2.13 (203b5bd) โ Pairing codes exist because even bots believe in consentโand good security hygiene.
โ
โ Config โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ Config invalid; doctor will run with best-effort config. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Config invalid
File: ~/.openclaw/openclaw.json
Problem:
- plugins.load.paths: plugin: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
delicate flaxBOT
That explains it: your OpenClaw config is invalid, so the gateway wonโt start and the TUI canโt connect.
plugins.load.paths: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
So your config is pointing at a plugin directory that no longer exists (or never existed).
Fix (recommended): remove the broken plugin path from config
- Back up your config:
cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak
- Edit it:
nano ~/.openclaw/openclaw.json
- Find and remove the entry that mentions:
plugins: {
load: { paths: ["/home/axis/.openclaw/extensions/kimi-claw"] }
}
If you donโt care about plugins right now, simplest is: remove the whole plugins: { ... } block (anything referencing kimi-claw).
- Restart:
openclaw gateway restart
openclaw tui
If you wanted that plugin
Then you must reinstall it so the path exists and contains a valid openclaw.plugin.json manifest (missing/invalid plugins will also fail validation). Use OpenClawโs plugin tooling rather than random scripts:
Important security note
You posted a bot token earlier in the thread โ assume itโs compromised and rotate/regenerate it (donโt paste the new one into Discord).
If you paste the plugins section of your ~/.openclaw/openclaw.json (redacting secrets), I can tell you exactly what to delete.
cobalt summit
}
}
},
"plugins": {
"load": {
"paths": [
"/home/axis/.openclaw/extensions/kimi-claw"
]
},
delicate flaxBOT
Yep โ that snippet is exactly the thing breaking your config.
Do this:
- Find every โkimiโ reference in the config:
grep -n "kimi" ~/.openclaw/openclaw.json
- Edit the file:
nano ~/.openclaw/openclaw.json
- Remove the whole
plugins.load.pathsentry (or simplest: remove the entire"plugins": { ... }block), i.e. delete:
"plugins": {
"load": {
"paths": [
"/home/axis/.openclaw/extensions/kimi-claw"
]
},
},
Important: make sure the commas/braces still match after deleting (JSON5 is tolerant, but missing/extra commas/braces will still break it).
- Restart + test:
openclaw gateway restart
openclaw tui
If you run into another validation error after removing that path, paste the new error (it may be another plugins.entries / allowlist referencing the same plugin).
cobalt summit
}
}
},
},
"entries": {
"telegram": {
"enabled": true
}
}
}
}
its deleted, is this fine now
@delicate flax
delicate flaxBOT
Not sure yet โ that pasted snippet looks not fine (it has extra }, / braces), and it also shows:
"entries": { "telegram": { "enabled": true } }
If thatโs under plugins, it will likely still fail validation because:
plugins.entries.<id>must refer to a real installed plugin idtelegramis a channel, not a plugin id (unless you installed a plugin literally namedtelegram, which is uncommon)
Fastest โget me unstuckโ fix
Open ~/.openclaw/openclaw.json and delete the entire "plugins": { ... } block (including entries), then:
openclaw gateway restart
openclaw tui
How to confirm
Just run this โ it will tell you immediately if the config is valid:
openclaw doctor
If it still errors, paste the new exact validation error text (no need to paste the whole config).
Run this and paste the output (itโll tell us immediately if the config is still invalid and why):
openclaw doctor
If it still complains about plugins, also paste:
openclaw gateway status --deep
openclaw logs --last 200
(Please donโt paste any tokens/secrets.)
cobalt summit
bruh
"wizard": {
"lastRunAt": "2026-02-15T22:04:04.039Z",
"lastRunVersion": "2026.2.13",
"lastRunCommand": "doctor",
"lastRunMode": "local"
},
"commands": {
"native": "auto",
"nativeSkills": "auto"
},
"meta": {
"lastTouchedVersion": "2026.2.13",
"lastTouchedAt": "2026-02-15T22:04:04.070Z"
}
}
openclaw deleted everything? how do i get back my shit
โ Config: /home/axis/.openclaw/openclaw.json โ
โ Bind: loopback โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Config overwrite: /home/axis/.openclaw/openclaw.json (sha256 c0e496bd1a8346e28c4c20bb4ba4c2cc18f1579365e1428e259df97c95ac3f31 -> ff9567212f767f44bb8472793fd9f65a00d6bf369e8b26fd56be9801f0d033ef, backup=/home/axis/.openclaw/openclaw.json.bak)
Config write anomaly: /home/axis/.openclaw/openclaw.json (size-drop:4652->335, missing-meta-before-write)
Updated ~/.openclaw/openclaw.json
Backup: ~/.openclaw/openclaw.json.bak
โ
โ Doctor complete.
delicate flaxBOT
Those "wizard" / "commands" / "meta" blocks are normal โ they get appended/stamped whenever you run openclaw doctor/configure/onboard. By itself, that doesnโt mean your config was wiped.
But if your ~/.openclaw/openclaw.json now contains only that stuff, then yeah: the rest of the file got deleted/overwritten (usually by an edit gone wrong, or a โbest-effortโ rewrite after a badly-broken JSON5 file).
1) Check if your config still has your real settings
On the server, run:
head -n 40 ~/.openclaw/openclaw.json
You should see keys like channels, agents, models, etc.
If you donโt, continue below.
2) Restore from a backup (most likely fix)
List any backups Nano/you/doctor might have left:
ls -la ~/.openclaw | rg "openclaw\\.json"
If you see something like openclaw.json.bak, restore it safely:
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.now
cp -a ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
openclaw gateway restart
3) If thereโs no backup
Then we canโt โrecoverโ the old config from OpenClaw alone โ but your state (sessions/credentials) is probably still there in ~/.openclaw/ (doctor doesnโt nuke that).
Reply with the output of:
ls -la ~/.openclaw
(and tell me which channels you had configured: telegram/discord/whatsapp/etc). Then Iโll tell you the cleanest way to rebuild the config without re-breaking it.
Good news: itโs recoverable. Doctor explicitly says it made a backup:
backup=/home/axis/.openclaw/openclaw.json.bak
and it also detected a size drop 4652 โ 335 bytes, so your โshitโ is in the backup.
Restore your old config
Run:
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.doctor-broken
cp -a ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
openclaw gateway restart
openclaw tui
After itโs back up
Youโll still want to remove the bad kimi-claw plugin reference (so it doesnโt break again). Do it safely this time:
grep -n "kimi-claw" ~/.openclaw/openclaw.json
nano ~/.openclaw/openclaw.json
# delete the plugins.load.paths entry that points to kimi-claw
openclaw gateway restart
If you want, paste the plugins block from the restored config and Iโll tell you exactly what to delete without breaking braces/commas again.
cobalt summit
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
axis@vmi3046347:~$ head -n 40 ~/.openclaw/openclaw.json
{
"wizard": {
"lastRunAt": "2026-02-15T22:04:04.039Z",
"lastRunVersion": "2026.2.13",
"lastRunCommand": "doctor",
"lastRunMode": "local"
},
"commands": {
"native": "auto",
"nativeSkills": "auto"
},
"meta": {
"lastTouchedVersion": "2026.2.13",
"lastTouchedAt": "2026-02-15T22:04:04.070Z"
}
}
axis@vmi3046347:~$ s -la ~/.openclaw | rg "openclaw\.json"
s: command not found
Command 'rg' not found, but can be installed with:
sudo snap install ripgrep # version 12.1.0, or
sudo apt install ripgrep # version 13.0.0-2ubuntu0.1
See 'snap info ripgrep' for additional versions.
axis@vmi3046347:~$ ls -la ~/.openclaw | rg "openclaw\.json"
Command 'rg' not found, but can be installed with:
sudo snap install ripgrep # version 12.1.0, or
sudo apt install ripgrep # version 13.0.0-2ubuntu0.1
See 'snap info ripgrep' for additional versions.
axis@vmi3046347:~$ ls -la ~/.openclaw
total 212
drwx------ 21 axis axis 4096 Feb 15 23:06 .
drwxr-x--- 39 axis axis 4096 Feb 15 22:41 ..
-rw------- 1 axis axis 569 Feb 7 23:54 .env
drwx------ 3 axis axis 4096 Jan 30 20:40 agents
drwxrwxr-x 5 axis axis 4096 Jan 31 19:24 backup-20260131
-rw-rw-r-- 1 axis axis 14360 Jan 31 19:24 backup-20260131.tar.gz
drwxrwxr-x 4 axis axis 4096 Feb 1 11:17 browser
drwxrwxr-x 2 axis axis 4096 Jan 30 21:49 canvas
drwxrwxr-x 2 axis axis 4096 Feb 9 11:12 completions
drwx------ 2 axis axis 4096 Jan 31 01:22 credentials
drwxrwxr-x 3 axis axis 4096 Feb 15 22:49 cron
drwx------ 3 axis axis 4096 Feb 15 21:07 delivery-queue
drwxrwxr-x 2 axis axis 4096 Feb 15 22:48 devices
drwxrwxr-x 2 axis axis 4096 Feb 15 22:49 extensions
drwxrwxr-x 3 axis axis 4096 Feb 15 22:37 extensions-backups
drwxrwxr-x 2 axis axis 4096 Jan 30 21:52 identity
drwxrwxr-x 2 axis axis 4096 Feb 15 22:43 logs
drwx------ 3 axis axis 4096 Feb 4 02:22 media
drwxrwxr-x 2 axis axis 4096 Feb 9 10:07 memory
-rw------- 1 axis axis 335 Feb 15 23:04 openclaw.json
-rw------- 1 axis axis 7625 Jan 31 23:10 openclaw.json.backup
-rw------- 1 axis axis 8426 Feb 2 15:58 openclaw.json.backup.20260202_155823
-rw------- 1 axis axis 4652 Feb 15 23:04 openclaw.json.bak
-rw------- 1 axis axis 4758 Feb 15 22:56 openclaw.json.bak.1
-rw------- 1 axis axis 4643 Feb 10 04:02 openclaw.json.bak.2
-rw------- 1 axis axis 4643 Feb 9 00:40 openclaw.json.bak.3
-rw------- 1 axis axis 4440 Feb 9 00:40 openclaw.json.bak.4
-rw------- 1 axis axis 18520 Jan 31 09:53 openclaw.json.save
-rw------- 1 axis axis 16391 Jan 31 11:45 openclaw.json.save.1
drwxrwxr-x 3 axis axis 4096 Feb 15 22:41 plugins
drwx------ 2 axis axis 4096 Jan 31 23:52 subagents
drwx------ 2 axis axis 4096 Feb 15 21:10 telegram
-rw-rw-r-- 1 axis axis 118 Feb 15 21:34 update-check.json
drwxrwxr-x 35 axis axis 4096 Feb 15 22:36 workspace
delicate flaxBOT
Perfect โ you have lots of backups. The one doctor just created is:
~/.openclaw/openclaw.json.bak(4652 bytes) โ this is the pre-wipe config
Restore it now
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.doctor-broken
cp -a ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
Sanity check:
head -n 20 ~/.openclaw/openclaw.json
You should see way more than just wizard/commands/meta.
Then remove the broken kimi-claw plugin reference (so it wonโt break again)
Find it:
grep -n "kimi" ~/.openclaw/openclaw.json
Edit:
nano ~/.openclaw/openclaw.json
Delete the line/block that references:
/home/axis/.openclaw/extensions/kimi-claw
Restart + test
openclaw gateway restart
Your openclaw.json is currently the tiny โwizard/meta onlyโ file (335 bytes). The real config is in the backup ~/.openclaw/openclaw.json.bak.
Also: you donโt have rg (ripgrep) installed โ no problem, weโll use plain ls/grep.
1) Confirm the backup exists
ls -la ~/.openclaw/openclaw.json*
You should see openclaw.json.bak.
2) Restore it
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.doctor-broken
cp -a ~/.openclaw/openclaw.json.bak ~/.openclaw/openclaw.json
openclaw tui
If grep -n "kimi" ~/.openclaw/openclaw.json shows multiple hits (like plugins.entries too), paste those few lines and Iโll tell you exactly what to delete.
3) Remove the broken kimi-claw plugin line (so it doesnโt break again)
Find it:
grep -n "kimi-claw" ~/.openclaw/openclaw.json
Edit the file (use whichever editor you have):
nano ~/.openclaw/openclaw.json
# or: vi ~/.openclaw/openclaw.json
Delete the plugins.load.paths entry that points to:
/home/axis/.openclaw/extensions/kimi-claw
(or delete the whole "plugins": { ... } block if youโre not using plugins)
4) Restart + test
openclaw gateway restart
openclaw tui
If you paste the output of ls -la ~/.openclaw/openclaw.json* and grep -n "plugins" ~/.openclaw/openclaw.json I can tell you exactly what to delete without breaking the braces/commas.
cobalt summit
axis@vmi3046347:~$ openclaw gateway restartopenclaw gateway restart
Failed to read config at /home/axis/.openclaw/openclaw.json SyntaxError: JSON5: invalid character ',' at 204:6
at syntaxError (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:1110:17)
at invalidChar (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:1055:12)
at Object.end (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:704:15)
at Object.default (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:168:37)
at lex (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js๐ฏ42)
at Object.parse (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:25:17)
at Object.loadConfig (file:///home/axis/.local/lib/node_modules/openclaw/dist/config-BJWIHf6x.js:5193:111)
at loadConfig (file:///home/axis/.local/lib/node_modules/openclaw/dist/config-BJWIHf6x.js:5576:20)
at file:///home/axis/.local/lib/node_modules/openclaw/dist/context-DPQWp4WP.js:10:34 {
lineNumber: 204,
columnNumber: 6
delicate flaxBOT
That error is just a syntax problem in ~/.openclaw/openclaw.json (extra/misplaced comma). Until the file parses as JSON5, nothing can start.
1) Show the broken area (line ~204)
Run:
nl -ba ~/.openclaw/openclaw.json | sed -n '195,215p'
Paste those lines here (feel free to redact any tokens/secrets).
2) Fix it quickly in an editor (jump to the line)
If you have nano:
nano +204 ~/.openclaw/openclaw.json
Go to line 204 and look for something like:
- a line that is just
, },,],,- a comma right after
{like{,
Delete the extra comma, save, exit.
3) Restart
openclaw gateway restart
If you just want a fast restore to a different backup
You have multiple backups (openclaw.json.bak.1, .bak.2, etc). If the .bak you restored is corrupted, try the most recent older one:
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bad-syntax
cp -a ~/.openclaw/openclaw.json.bak.1 ~/.openclaw/openclaw.json
openclaw gateway restart
(And if that one also errors, try .bak.2, .bak.3, etc.)
Paste the sed -n '195,215p' output and Iโll tell you exactly what character to remove.
cobalt summit
axis@vmi3046347:~$ ^C
axis@vmi3046347:~$ nl -ba ~/.openclaw/openclaw.json | sed -n '195,215p'
195 "install": {
196 "nodeManager": "npm"
197 },
198 "entries": {
199 "nano-banana-pro": {
200 "apiKey": "dont mind this its just so i dont share my apik"
201 }
202 }
203 },
204 },
205 "entries": {
206 "telegram": {
207 "enabled": true
208 }
209 }
210 }
211 }
delicate flaxBOT
That snippet shows the exact problem.
Fix the JSON5 syntax error
Line 204 is a stray }, that doesnโt belong there.
Do this:
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.pre-fix
nano +195 ~/.openclaw/openclaw.json
In nano, go to line 204 (you can use Ctrl+_ then type 204) and delete this whole line:
},
Also: your Telegram config is in the wrong place
Lines 205โ210:
"entries": {
"telegram": { "enabled": true }
}
โฆshould not be under plugins.entries (thatโs for plugin ids). Telegram belongs under:
channels.telegram.enabled(andchannels.telegram.botToken, etc.)
So for now, delete that whole telegram โentriesโ block from the plugins section (lines 205โ210), save, exit.
Then restart
openclaw gateway restart
openclaw tui
If it complains next about Telegram missing/disabled, weโll add it back under channels.telegram in the right spot (donโt paste your bot token here).
cobalt summit
idk i think i fucked it up because its showing this after : onfig invalid
File: ~/.openclaw/openclaw.json
Problem:
- <root>: JSON5 parse failed: SyntaxError: JSON5: invalid character '}' at 210:1
Run: openclaw doctor --fix
Restarted systemd service: openclaw-gateway.service
Failed to read config at /home/axis/.openclaw/openclaw.json SyntaxError: JSON5: invalid character '}' at 210:1
at syntaxError (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:1110:17)
at invalidChar (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:1055:12)
at Object.end (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:704:15)
at Object.default (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:168:37)
at lex (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js๐ฏ42)
at Object.parse (/home/axis/.local/lib/node_modules/openclaw/node_modules/json5/lib/parse.js:25:17)
at Object.loadConfig (file:///home/axis/.local/lib/node_modules/openclaw/dist/config-BJWIHf6x.js:5193:111)
at loadConfig (file:///home/axis/.local/lib/node_modules/openclaw/dist/config-BJWIHf6x.js:5576:20)
at file:///home/axis/.local/lib/node_modules/openclaw/dist/context-DPQWp4WP.js:10:34 {
lineNumber: 210,
columnNumber: 1
}
๐ฆ OpenClaw 2026.2.13 (203b5bd) โ curl for conversations.
โ
โ Config โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ Config invalid; doctor will run with best-effort config. โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Config invalid
File: ~/.openclaw/openclaw.json
Problem:
- <root>: JSON5 parse failed: SyntaxError: JSON5: invalid character '}' at 210:1
Run: openclaw doctor --fix
delicate flaxBOT
You didnโt lose your sessions/credentials โ you just made ~/.openclaw/openclaw.json syntactically broken (extra/mismatched }), so OpenClaw canโt even parse the config now.
Fastest recovery: restore a known-good backup again, then redo the โremove kimi-claw pathโ edit carefully.
1) Restore from a clean backup (pick the newest that parses)
Run:
cp -a ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bad-parse
cp -a ~/.openclaw/openclaw.json.bak.1 ~/.openclaw/openclaw.json
Now test parsing:
openclaw doctor
- If it still says JSON5 parse failed, try the next backup:
cp -a ~/.openclaw/openclaw.json.bak.2 ~/.openclaw/openclaw.json
openclaw doctor
(keep going with .bak.3, .bak.4, or even openclaw.json.save if needed)
2) Once it parses again: remove the one bad kimi-claw path
After youโre back to a parseable config, do:
grep -n "kimi-claw" ~/.openclaw/openclaw.json
nano ~/.openclaw/openclaw.json
โฆand delete only the entry that points to:
/home/axis/.openclaw/extensions/kimi-claw
Then:
openclaw gateway restart
openclaw tui
If you paste the output of:
grep -n "kimi-claw\\|plugins\"\\s*:" ~/.openclaw/openclaw.json
(just those lines, no tokens), Iโll tell you exactly what to delete so braces/commas stay valid.
cobalt summit
d: 5 โ
โ Disabled: 31 โ
โ Errors: 0 โ
โ โ
โโโโโโโโโโโโโโโโโโฏ
โ
โ Plugin diagnostics โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ - ERROR: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw โ
โ (/home/axis/.openclaw/extensions/kimi-claw) โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Invalid config at /home/axis/.openclaw/openclaw.json:\n- plugins.load.paths: plugin: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
โ
โ โ
โ Gateway target: ws://127.0.0.1:18789 โ
โ Source: local loopback โ
โ Config: /home/axis/.openclaw/openclaw.json โ
โ Bind: loopback โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โ
โ Gateway โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ Runtime: stopped (state activating, sub auto-restart, last exit 1, reason 1) โ
โ Service is loaded but not running (likely exited immediately). โ
โ File logs: /tmp/openclaw/openclaw-2026-02-15.log โ
โ Logs: journalctl --user -u openclaw-gateway.service -n 200 --no-pager โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โ
โ Start gateway service now?
โ Yes
Restarted systemd service: openclaw-gateway.service
Run "openclaw doctor --fix" to apply changes.
Invalid config:
- plugins.load.paths: plugin: plugin path not found: /home/axis/.openclaw/extensions/kimi-claw
โ
โ Doctor complete.
delicate flaxBOT
Thatโs back to the original issue (and itโs good news): your config parses again, but itโs invalid because it still references the missing kimi-claw plugin path.
You need to remove this from ~/.openclaw/openclaw.json:
/home/axis/.openclaw/extensions/kimi-claw
Remove the bad plugin path (no ripgrep needed)
- Show where it is:
grep -n "kimi-claw" ~/.openclaw/openclaw.json
- Edit the config:
nano ~/.openclaw/openclaw.json
- Find this block and delete just the kimi-claw entry (or delete the whole
load.pathsblock if it only contains that one path):
plugins: {
load: {
paths: [
"/home/axis/.openclaw/extensions/kimi-claw",
],
},
}
If that paths: [...] array becomes empty, you can leave it as:
paths: []
(or remove load entirely).
- Restart + verify:
openclaw gateway restart
openclaw doctor
openclaw tui
If after removing it you get a new plugins error like plugins.entries: unknown plugin id ..., paste that exact error text and weโll remove that reference too.
cobalt summit
}
}
},
"plugins": {
"load": {
"paths": [
"/home/axis/.openclaw/extensions/kimi-claw"
]
},
"entries": {
"telegram": {
"enabled": true
}
}
}
delicate flaxBOT
Cool โ thatโs the exact block we need to fix.
Edit it to this (minimal + correct)
Option A (recommended): remove plugins entirely
If youโre not intentionally using plugins, delete the whole "plugins": { ... } section, so you end up with just:
}
}
(i.e., no plugins key at all)
Option B: keep plugins enabled but remove the broken path
Replace your block with:
"plugins": {
"load": {
"paths": []
}
}
Important: delete the "telegram" entry under plugins
This part is wrong and will bite you later:
"entries": { "telegram": { "enabled": true } }
Telegram is a channel, not a plugin. If you want Telegram enabled, it should be under channels.telegram.enabled instead.
After editing
openclaw gateway restart
openclaw doctor
openclaw tui
If it complains that Telegram is disabled/missing, paste just the channels section (without the bot token) and Iโll point you to the right key.
cobalt summit
so how do io make kimiclaw work bro bash <(curl -fsSL https://cdn.kimi.com/kimi-claw/install.sh) --bot-token
delicate flaxBOT
That kimi-claw curl|bash installer isnโt needed to use Kimi with OpenClaw, and in your case it just left you with a config that points at a plugin folder that doesnโt exist (~/.openclaw/extensions/kimi-claw) โ which hard-breaks the gateway.
Youโve basically got two choices:
Option 1 (recommended): Use Kimi the supported way (no plugin)
OpenClaw already has a Moonshot (Kimi) provider built-in.
Do this on the VPS (donโt paste your key into Discord):
openclaw onboard --auth-choice moonshot-api-key
Then pick Moonshot/Kimi in the prompts, restart gateway, and youโre done.
Option 2: You insist on โkimi-clawโ plugin/script
Then you must make this path actually exist and contain a valid OpenClaw plugin:
/home/axis/.openclaw/extensions/kimi-claw/- and inside it there must be
openclaw.plugin.json
Right now itโs missing, so OpenClaw will always fail config validation.
Check whatโs there:
ls -la ~/.openclaw/extensions
ls -la ~/.openclaw/extensions/kimi-claw 2>/dev/null || echo "kimi-claw dir missing"
If itโs missing, youโd have to reinstall that plugin from Kimiโs own docs/support (I canโt vouch for or debug a third-party curl|bash installer).
Also: rotate that key
You posted a sk-... token earlier in a public thread โ assume itโs compromised and rotate/revoke it immediately.
If you tell me which you actually want (Moonshot/Kimi provider vs that plugin), Iโll give you the exact clean config steps for that path.
cobalt summit
Last login: Tue Feb 17 04:43:46 2026 from 209.35.167.169
axis@vmi3046347:~$ openclaw tui
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Say "stop" and I'll stopโsay "ship" and we'll both learn a lesson.
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
connecting | idle
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | idle
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
how to fix pls
@delicate flax
delicate flaxBOT
That error means your CLI/TUI is presenting a stale device token (cached locally), but the Gateway now expects a different one (often after a restore, reinstall, or token rotation).
Fix (usually 1 command)
Run TUI once using the Gateway auth token (NOT the device token). Donโt paste tokens into Discord.
openclaw tui --url ws://127.0.0.1:18789 --token <gateway.auth.token>
If that connects, it should automatically re-issue + persist a fresh device token, and then plain openclaw tui will work again.
Docs: https://docs.openclaw.ai/cli/tui
If you donโt know the gateway token
On the gateway host, retrieve it from config (locally):
openclaw config get gateway.auth.token
If it still fails: rotate the device token
openclaw devices list --url ws://127.0.0.1:18789 --token <gateway.auth.token>
openclaw devices rotate --url ws://127.0.0.1:18789 --token <gateway.auth.token> --device <deviceId> --role operator
Docs: https://docs.openclaw.ai/cli/devices
Last resort: clear the local cached device token and re-connect
This only affects the machine you run it on:
mv ~/.openclaw/identity/device-auth.json ~/.openclaw/identity/device-auth.json.bak
# then run the tui command again with --token <gateway.auth.token>
If you try the โFix (usually 1 command)โ step and it still says device token mismatch, paste (redacting secrets) the output of:
openclaw gateway status
Iโm here โ did you try connecting once with the gateway auth token (not the cached device token)?
- On the gateway host, get the token:
openclaw config get gateway.auth.token
- Then run:
openclaw tui --url ws://127.0.0.1:18789 --token <that-token>
If that works, it should refresh your cached device token and plain openclaw tui should stop erroring.
If it still says device token mismatch, run this and paste the output (redact any tokens/secrets):
openclaw gateway status
openclaw devices list
Last login: Tue Feb 17 04:48:52 2026 from 112.198.104.232
axis@vmi3046347:~$ openclaw tui --url ws://127.0.0.1:18789 --token <gateway.auth.token>
-bash: syntax error near unexpected token `newline'
delicate flaxBOT
Yeah โ that happened because you pasted my placeholder literally. In bash, the < character is input redirection, so --token <...> blows up.
Do this instead:
- Print the actual gateway token (donโt paste it into Discord):
openclaw config get gateway.auth.token
- Copy that output and run without any
< >:
openclaw tui --url ws://127.0.0.1:18789 --token "PASTE_THE_TOKEN_HERE"
If config get prints the token with quotes already, keep them (or just wrap in "..." like above).
If you paste what openclaw config get gateway.auth.token prints but redact most of it (e.g. keep first/last 4 chars), I can tell you if it looks formatted right.
cobalt summit
its connected now thank u, is this ok now
delicate flaxBOT
Yep โ thatโs exactly what we wanted. Once you connect successfully with the gateway auth token, OpenClaw re-issues/saves a fresh device token, and the reconnect loop stops.
Quick sanity check:
- Quit the TUI and run just:
openclaw tui
If it connects without --token, youโre fully good.
If it helped, please right-click my solution message โ Apps โ โ Mark Solution so Answer Overflow indexes it for the next person.
cobalt summit
connecting | idle
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | idle
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
it did this
@delicate flax
delicate flaxBOT
That message means your client is trying to authenticate with a stale device token (device pairing token), so the Gateway rejects it.
This usually happens after switching Gateways, reinstalling/wiping Gateway state, or rotating/revoking device tokens.
Two quick fixes (depending on where youโre seeing it):
If this is the TUI (openclaw tui)
- Run the TUI once with the Gateway token explicitly (this overrides any cached device token and will re-issue a fresh one):
openclaw tui --url ws://<host>:18789 --token <gateway-token>
- If it then says โpairing requiredโ, approve it on the gateway host:
openclaw devices list
openclaw devices approve <requestId>
If this is the browser Control UI
- Open the dashboard URL from
openclaw gateway status(or runopenclaw dashboard) and paste the gateway token in the Control UI settings again. - If it keeps looping, clear the site data for that dashboard URL (or try an Incognito window) to force a fresh device pairing, then approve via
openclaw devices approve โฆ.
Docs:
To pinpoint which path youโre on: is this happening in openclaw tui or the web Control UI? And what does openclaw --version show (on the machine youโre running that from, and on the gateway host if different)?
That output looks like the TUI (openclaw tui) reconnect loop.
It means the TUI is sending a token the gateway doesnโt accept anymore (often a cached device token, sometimes itโs actually the gateway token that changed โ the error message is a bit misleading when a device id is present).
Try this in order:
- Force the TUI to use the gateway token once (this should mint/store a fresh device token):
openclaw tui --url ws://<gateway-host>:18789 --token <gateway-token>
-
If you donโt know the correct gateway token, get it on the gateway host (or wherever the gateway config lives) and make sure your client token matches
gateway.auth.token. -
If it still keeps failing, delete the cached device token on the machine running the TUI and reconnect:
rm -f ~/.openclaw/identity/device-auth.json
(then rerun step 1)
- Last resort (if you have access on the gateway host): rotate/revoke the device token and re-pair:
openclaw devices list
openclaw devices rotate --device <deviceId> --role operator
# or: openclaw devices revoke --device <deviceId> --role operator
If you paste:
openclaw --version- how you started the TUI (exact command)
- and whether you recently reinstalled/changed machines/rotated tokens
โฆI can tell which of the above is the right fix.
cobalt summit
Sounds good โ standing by!
reset failed: Error: invalid sessions.reset params: at root: unexpected property 'reason'
reset failed: Error: invalid sessions.reset params: at root: unexpected property 'reason'
connected | idle
agent main | session main (telegram:g-agent-main-main) | kimi-coding/k2p5 | think low | tokens 39k/262k (15%)
delicate flaxBOT
Thatโs actually a different issue now (and a good clue): youโre connected, but your client and gateway are on different versions.
sessions.reset in your TUI is sending { key, reason }, but the Gateway youโre connected to is older and its schema rejects the extra field:
invalid sessions.reset params: โฆ unexpected property 'reason'
Fix (recommended): align versions
Run these on the machine running the TUI and on the gateway host and paste the outputs (no tokens):
openclaw --version
openclaw gateway status
Then update whichever side is older so they match, and restart the gateway.
Workaround (right now)
If you just wanted a clean slate, you can avoid reset entirely by switching to a new session key in the TUI:
/session scratch(or any new name)
That gives you a fresh session even while reset is broken.
(And donโt paste any gateway tokens in hereโjust versions/status.)
cobalt summit
axis@vmi3046347:~$ openclaw --version
openclaw gateway status
2026.2.15
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Your inbox, your infra, your rules.
โ
โ
Service: systemd (enabled)
File logs: /tmp/openclaw-1000/openclaw-2026-02-17.log
Command: /usr/bin/node /home/axis/.local/lib/node_modules/openclaw/dist/index.js gateway --port 18789
Service file: ~/.config/systemd/user/openclaw-gateway.service
Service env: OPENCLAW_GATEWAY_PORT=18789
Config (cli): ~/.openclaw/openclaw.json
Config (service): ~/.openclaw/openclaw.json
Gateway: bind=loopback (127.0.0.1), port=18789 (service args)
Probe target: ws://127.0.0.1:18789
Dashboard: http://127.0.0.1:18789/
Probe note: Loopback-only gateway; only local clients can connect.
Runtime: running (pid 1526200, state active, sub running, last exit 0, reason 0)
RPC probe: ok
Listening: 127.0.0.1:18789
Troubles: run openclaw status
Troubleshooting: https://docs.openclaw.ai/troubleshooting
delicate flaxBOT
Youโre on 2026.2.15 and the gateway is healthy (RPC probe: ok) โ nice.
That sessions.reset error:
unexpected property 'reason'
means your client is calling sessions.reset with { key, reason }, but the Gateway youโre connected to is validating against a schema that doesnโt allow reason. In practice this happens when:
- the TUI and Gateway are on different OpenClaw versions, or
- thereโs a protocol/schema mismatch bug in that build.
Quick workaround (no reset needed)
In the TUI, just start a fresh session by switching to a new session key:
/session scratch(or any new name)
That gives you a clean slate immediately.
Real fix
- Run
openclaw --versionon the machine where you runopenclaw tui(might be different from the gateway host). - Make sure both sides match, ideally by updating to the latest OpenClaw on both, then restart the gateway:
openclaw gateway restart
If after updating you still see unexpected property 'reason', paste the TUI-side openclaw --version and weโll nail down whether youโre accidentally connecting to a different gateway URL than you think.
cobalt summit
reset failed: Error: invalid sessions.reset params: at root: unexpected property 'reason'
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Your inbox, your infra, your rules.
โ
โ
Service: systemd (enabled)
File logs: /tmp/openclaw-1000/openclaw-2026-02-17.log
Command: /usr/bin/node /home/axis/.local/lib/node_modules/openclaw/dist/index.js gateway --port 18789
Service file: ~/.config/systemd/user/openclaw-gateway.service
Service env: OPENCLAW_GATEWAY_PORT=18789
Config (cli): ~/.openclaw/openclaw.json
Config (service): ~/.openclaw/openclaw.json
Gateway: bind=loopback (127.0.0.1), port=18789 (service args)
Probe target: ws://127.0.0.1:18789
Dashboard: http://127.0.0.1:18789/
Probe note: Loopback-only gateway; only local clients can connect.
Runtime: running (pid 1526200, state active, sub running, last exit 0, reason 0)
RPC probe: ok
Listening: 127.0.0.1:18789
Troubles: run openclaw status
Troubleshooting: https://docs.openclaw.ai/troubleshooting
axis@vmi3046347:~$ openclaw --version
2026.2.15
axis@vmi3046347:~$ openclaw gateway restart
Restarted systemd service: openclaw-gateway.service
axis@vmi3046347:~$ openclaw tui
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ I read logs so you can keep pretending you don't have to.
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
gateway disconnected: closed | idle
delicate flaxBOT
Ok โ so version mismatch isnโt it (both CLI + gateway are 2026.2.15).
1) /reset failing with unexpected property 'reason'
That points to a bug/protocol mismatch inside 2026.2.15 (the TUI sends {key, reason}, but the gateway validator on your side rejects reason).
Workarounds:
-
In the TUI, just start fresh via a new session key:
/session scratch(or any new name)
-
Or reset from the shell without
reason:openclaw gateway call sessions.reset --params '{"key":"main"}'
2) openclaw tui immediately โ gateway disconnected: closed
A blank close-reason usually means โserver dropped the socketโ and the why will be in the gateway logs.
Run this, then start openclaw tui in a second terminal and paste the relevant lines:
openclaw logs --follow --plain
One more important note: your gateway is bind=loopback, so only clients on the VPS itself can connect. If you were trying to run the TUI from your laptop, itโll just disconnect until you expose the gateway (tailnet/serve/ssh tunnel).
cobalt summit
โ
โ Gateway connection โโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ Gateway target: ws://127.0.0.1:18789 โ
โ Source: local loopback โ
โ Config: /home/axis/.openclaw/openclaw.json โ
โ Bind: loopback โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Config overwrite: /home/axis/.openclaw/openclaw.json (sha256 2951bc2e12c1609d4009c0c16f0255adeed46b0b2c6930ee5f6079795dc14cc9 -> fe96944fb77b8f6b3e669425f70a47f88eb0101bfaa5959f2a3f9cee6b0650ab, backup=/home/axis/.openclaw/openclaw.json.bak)
Updated ~/.openclaw/openclaw.json
Backup: ~/.openclaw/openclaw.json.bak
โ
โ Doctor complete.
axis@vmi3046347:~$ openclaw tui
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Pairing codes exist because even bots believe in consentโand good security hygiene.
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
gateway disconnected: closed | idle
agent main | session main | unknown | tokens ?
how do i fix this
@delicate flax
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Because texting yourself reminders is so 2024.
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
gateway disconnected: closed | idle
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | idle
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)โโโโโโโโโโโโโโโ
delicate flaxBOT
gateway disconnected: closed (with an empty reason) usually means the socket got dropped without a proper close reason โ most often because the gateway process crashed/restarted right when the TUI tried to connect (or hit an unhandled exception during handshake).
The next step is: look at the gateway logs at the moment you run openclaw tui.
1) Grab the log lines around the disconnect
In one terminal, run:
tail -n 200 /tmp/openclaw-1000/openclaw-2026-02-17.log
Then run openclaw tui again, and immediately run:
tail -n 200 /tmp/openclaw-1000/openclaw-2026-02-17.log
Paste the new lines that appeared (theyโll usually say exactly why it closed: unauthorized / invalid handshake / stack trace / etc).
Thatโs the smoking gun:
unauthorized: device token mismatch
Your TUI has a cached device token that no longer matches what the gateway has for that device (common after doctor/migrations, resets, or token rotation).
Fix (fast)
On the same machine where you run openclaw tui (your VPS), delete the cached device token and reconnect:
rm -f ~/.openclaw/identity/device-auth.json
openclaw gateway restart
openclaw tui
If it still says device token mismatch
Nuke the device identity too (this forces a brand new device ID; on loopback it should auto-approve):
rm -f ~/.openclaw/identity/device.json ~/.openclaw/identity/device-auth.json
openclaw gateway restart
openclaw tui
Side note: your /reset error
That sessions.reset โฆ unexpected property 'reason' is a separate bug in this build. Workaround in TUI: use a fresh session key instead:
/session scratch
If you try the token-cache delete and it still fails, paste the few new lines from:
tail -n 80 /tmp/openclaw-1000/openclaw-2026-02-17.log
right after the disconnect.
Also check if systemd restarted the gateway:
journalctl --user -u openclaw-gateway.service -n 200 --no-pager
2) Separate issue: /reset is broken in 2026.2.15
That sessions.reset โฆ unexpected property 'reason' is a real bug in that release.
Workarounds:
- Easiest: start a fresh session in the TUI:
/session scratch
- Or from shell (no
reasonfield):openclaw gateway call sessions.reset --params '{"key":"main"}'
3) Likely โreal fixโ
cobalt summit
disconnected | press ctrl+c again to exit
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
axis@vmi3046347:~$ rm -f ~/.openclaw/identity/device-auth.json
openclaw gateway restart
openclaw tui
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ Pairing codes exist because even bots believe in consentโand good security hygiene.
Restarted systemd service: openclaw-gateway.service
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ If something's on fire, I can't extinguish itโbut I can write a beautiful postmortem.
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
gateway disconnected: closed | idle
agent main | session main | unknown | tokens ?
delicate flaxBOT
Once we confirm the log error, itโs probably โupdate to the next patch releaseโ (this smells like a 2026.2.15 protocol/schema mismatch).
Send the log snippet and Iโll tell you the exact fix (and whether itโs an update vs a one-line config/state cleanup).
That error is almost always: your TUI is sending the wrong auth.token (so shared-secret auth fails), and then the gateway tries to interpret that token as a device token โ mismatch.
On a VPS this commonly happens because:
- your shell has
OPENCLAW_GATEWAY_TOKENset (maybe an old value or even a device token), but - the systemd gateway service does not have that env var, so itโs using the token from
~/.openclaw/openclaw.json(or none).
So the TUI and the gateway end up using different tokens.
Fix
- In the same terminal you run
openclaw tui, clear any gateway auth env vars:
unset OPENCLAW_GATEWAY_TOKEN OPENCLAW_GATEWAY_PASSWORD
openclaw tui
If you want to be extra safe without changing your shell permanently:
OPENCLAW_GATEWAY_TOKEN= OPENCLAW_GATEWAY_PASSWORD= openclaw tui
- If it still fails, tell me what auth mode youโre in (this is safe to paste):
openclaw config get gateway.auth.mode
(Do not paste the actual token/password.)
If you run those and it still says device token mismatch, paste the newest few lines from:
tail -n 80 /tmp/openclaw-1000/openclaw-2026-02-17.log
right after attempting openclaw tui.
cobalt summit
gateway disconnected: closed | idle
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | press ctrl+c again to exit
axis@vmi3046347:~$ [200~tail -n 200 /tmp/openclaw-1000/openclaw-2026-02-17.log~
[200~tail: command not found
axis@vmi3046347:~$ openclaw tui
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
connecting | idle
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | idle
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
axis@vmi3046347:~$ Read from remote host 217.216.33.14: Operation timed out
what do i do please help me fix
@delicate flax
delicate flaxBOT
Youโre super close โ the annoying part is that โdevice token mismatchโ is often a misleading error here. It usually means:
- the TUI is sending a token, but
- the gateway is expecting a different gateway auth token (or is getting it from a different place like
~/.openclaw/.env/ systemd env), - then the gateway falls back to trying that token as a device token and says โdevice token mismatchโ.
Also: that tail: command not found happened because you pasted while still in a mode that injected "[200~" (bracketed paste). Make sure youโre at a normal shell prompt.
Step 1 โ Force the TUI to use the token from your config (no pasting secrets)
SSH back in, then run:
unset OPENCLAW_GATEWAY_TOKEN OPENCLAW_GATEWAY_PASSWORD
OPENCLAW_GATEWAY_TOKEN="$(openclaw config get gateway.auth.token)" openclaw tui
That makes the TUI use exactly what ~/.openclaw/openclaw.json says.
Step 2 โ If it STILL says device token mismatch, your gateway service is using a different token via env
Check (this does not print the token value):
test -f ~/.openclaw/.env && grep -q '^OPENCLAW_GATEWAY_TOKEN=' ~/.openclaw/.env && echo ".openclaw/.env sets OPENCLAW_GATEWAY_TOKEN"
systemctl --user show openclaw-gateway.service -p Environment | grep -q OPENCLAW_GATEWAY_TOKEN && echo "systemd service has OPENCLAW_GATEWAY_TOKEN set"
If either line prints, thatโs your mismatch. Fix is to make them consistent (pick ONE source of truth):
- simplest: remove the
OPENCLAW_GATEWAY_TOKEN=...line from~/.openclaw/.env(if present), then:
and retry the Step 1 command.openclaw gateway restart
Step 3 โ Your SSH โOperation timed outโ
While debugging, run inside tmux so you donโt lose the session when the network blips:
tmux new -s claw
If you reply with just the output of:
openclaw config get gateway.auth.mode
and whether those two โsets OPENCLAW_GATEWAY_TOKENโ checks print anything, I can tell you exactly which branch to take.
Youโre getting kicked because the TUI is still sending a token that the gateway doesnโt accept (and the gateway reports it as โdevice token mismatchโ).
Do this on the VPS (as user axis), ideally inside tmux so your SSH doesnโt time out:
0) Donโt lose your session
tmux new -s fix
1) Remove any shell env overrides (most common cause)
env | grep OPENCLAW_GATEWAY || true
unset OPENCLAW_GATEWAY_TOKEN OPENCLAW_GATEWAY_PASSWORD
openclaw tui
2) Force the TUI to use the token from your config (without printing it)
(Do not paste the token into chat.)
OPENCLAW_GATEWAY_PASSWORD= OPENCLAW_GATEWAY_TOKEN="$(openclaw config get gateway.auth.token)" openclaw tui
3) If it STILL says โdevice token mismatchโ, your gateway service is probably using a different token via systemd env or ~/.openclaw/.env
Run these (they redact the token):
systemctl --user show openclaw-gateway.service -p Environment \
| sed -E 's/(OPENCLAW_GATEWAY_TOKEN=)[^ ]+/\\1<redacted>/g'
sed -n 's/^OPENCLAW_GATEWAY_TOKEN=.*/OPENCLAW_GATEWAY_TOKEN=<redacted>/p' ~/.openclaw/.env
If either of those prints a line, remove that OPENCLAW_GATEWAY_TOKEN=... override (so the gateway uses ~/.openclaw/openclaw.json), then:
openclaw gateway restart
openclaw tui
If you paste the output of Step 3 (the redacted lines), I can tell you exactly which place is overriding your token and what to edit.
cobalt summit
test -f ~/.openclaw/.env && grep -q '^OPENCLAW_GATEWAY_TOKEN=' ~/.openclaw/.env && echo ".openclaw/.env sets OPENCLAW_GATEWAY_TOKEN"
systemctl --user show openclaw-gateway.service -p Environment | grep -q OPENCLAW_GATEWAY_TOKEN && echo "systemd service has OPENCLAW_GATEWAY_TOKEN set"
when i did this the gateway was connected is this fixed already? or is there still more that needs to be done so that we can fix this properly with no more errors let me know please
delicate flaxBOT
Those two commands are just checks โ they donโt change anything by themselves.
How to tell if itโs actually โfixedโ
- Did either command print a line?
- If you saw no output, thatโs good: no token override from
~/.openclaw/.envand none baked into the systemd unit env.
- The real test: run the TUI and see if it stays connected:
openclaw tui
If it sits on connected | idle (and you can run /status) for ~30โ60 seconds, youโre good.
The most common remaining โgotchaโ
Even if .env and systemd are clean, your current shell might still have an old token exported, which makes the TUI send the wrong token and triggers the misleading โdevice token mismatchโ.
Check:
env | grep OPENCLAW_GATEWAY || true
If you see OPENCLAW_GATEWAY_TOKEN=..., do:
unset OPENCLAW_GATEWAY_TOKEN OPENCLAW_GATEWAY_PASSWORD
openclaw tui
If you want it โfixed properlyโ long-term
If OPENCLAW_GATEWAY_TOKEN is showing up in env, remove it from your shell startup files (e.g. ~/.bashrc, ~/.profile, ~/.zshrc) so it wonโt come back.
If you tell me whether those two check commands printed anything, and what env | grep OPENCLAW_GATEWAY shows (you can redact values), Iโll tell you exactly what to clean up.
cobalt summit
gateway disconnected: unauthorized: device token mismatch (rotate/reissue device token) | press ctrl+c again to exit
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
gateway connect failed: Error: unauthorized: device token mismatch (rotate/reissue device token)
axis@vmi3046347:~$ systemctl --user show openclaw-gateway.service -p Environment
| sed -E 's/(OPENCLAW_GATEWAY_TOKEN=)[^ ]+/\1<redacted>/g'
sed -n 's/^OPENCLAW_GATEWAY_TOKEN=.*/OPENCLAW_GATEWAY_TOKEN=<redacted>/p' ~/.openclaw/.env
Environment=HOME=/home/axis PATH=/home/axis/.local/bin:/home/axis/.npm-global/bin:/home/axis/bin:/home/axis/.nvm/current/bin:/home/axis/.fnm/current/bin:/home/axis/.volta/bin:/home/axis/.asdf/shims:/home/axis/.local/share/pnpm:/home/axis/.bun/bin:/usr/local/bin:/usr/bin:/bin OPENCLAW_GATEWAY_PORT=18789 \1<redacted> OPENCLAW_SYSTEMD_UNIT=openclaw-gateway.service OPENCLAW_SERVICE_MARKER=openclaw OPENCLAW_SERVICE_KIND=gateway OPENCLAW_SERVICE_VERSION=2026.2.6-3
OPENCLAW_GATEWAY_TOKEN=<redacted>
axis@vmi3046347:~$ bash
axis@vmi3046347:~$ openclaw gateway restart
openclaw tui
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ I can't fix your code taste, but I can fix your build and your backlog.
Restarted systemd service: openclaw-gateway.service
๐ฆ OpenClaw 2026.2.15 (3fe22ea) โ It's not "failing," it's "discovering new ways to configure the same thing wrong."
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
gateway disconnected: closed | idle
@delicate flax
@delicate flax please help me
@delicate flax
delicate flaxBOT
That error is not about OPENCLAW_GATEWAY_TOKEN โ it means a paired device is trying to auth with an old/stale per-device token, and the Gatewayโs record doesnโt match anymore (device pairing state lives in $OPENCLAW_STATE_DIR/devices/paired.json).
The usual fixes are:
- See which device is failing
openclaw devices list --json
This output is safe to paste here (it doesnโt print the raw tokens), and it will show the deviceId, role (operator = dashboard/CLI, node = iOS/node), and last-used timestamps.
- Rotate / reissue the token for that device+role
openclaw devices rotate --device <deviceId> --role operator
# or: --role node
Then reconnect/restart the client thatโs spamming โdevice token mismatchโ.
- If you recently changed profiles / state dirs: make sure the systemd service and your CLI are using the same state dir (profile mismatch is a super common cause of โtoken mismatchโ weirdness). If needed, reinstall service metadata from the same profile/state dir:
openclaw gateway install --force
openclaw gateway restart
Docs:
- https://docs.openclaw.ai/cli/devices
- https://docs.openclaw.ai/gateway/troubleshooting (section โPairing and device identity state changedโ)
If you paste openclaw devices list --json and tell me which client is disconnecting (Dashboard in browser vs openclaw tui vs an iOS/node), I can tell you exactly which deviceId/role to rotate.
Nira โ that specific error usually means your CLI/dashboard is trying to log in with a cached device token that no longer matches what the Gateway has on record.
Two quick things to do:
1) Check the paired devices (safe to paste)
Run on the gateway host:
openclaw devices list --json
Paste the output here (it wonโt include the raw tokens). That tells us which device/role is failing.
2) Clear the client-side cached device token (often fixes immediately)
The CLI caches the last issued device token here:
$OPENCLAW_STATE_DIR/identity/device-auth.json(default:~/.openclaw/identity/device-auth.json)
Do a safe โmove asideโ (not delete), then reconnect: