ancient vortex
Running OpenClaw v2026.3.31 on macOS (Mac Mini M4), local mode.
Problem: Cron-triggered systemEvent sessions can't run gog (Google Workspace CLI) because exec requires approval, and cron sessions have no interactive approver. Even after changing settings, exec still denies with "allowlist miss".
What I've tried:
Added gog to tools.exec.safeBins in openclaw.json — still prompts (makes sense, safeBins is for stdin-only tools)
Set security: "full" and ask: "off" in ~/.openclaw/exec-approvals.json for the main agent:
Still returns "exec denied: allowlist miss" after gateway restart.
Tried config.patch on tools.exec.security and tools.exec.ask — rejected as protected paths.
Expected: With security: "full" on the main agent, exec should allow all commands without prompts.
Question: What's the correct way to let the main agent run exec commands (specifically gog) without approval, especially in cron/systemEvent sessions where no interactive approver is available?