#status failed: Error: gateway not connected

https://pastebin.com/mzKgjNt3

Short answer: no, there isn’t a separate TUI token cache/config.
openclaw tui reads the normal config via loadConfig().

Given your report, this is most likely one of these:

1. CLI config vs service config mismatch (different profile/state dir)
2. TUI is effectively in URL-override path (when --url is used, it won’t auto-pull token)
3. gateway.mode is remote, so TUI looks at gateway.remote.token, not gateway.auth.token

Can you run these and paste output?

openclaw --version
openclaw gateway status --deep
openclaw config get gateway.mode
openclaw config get gateway.auth.mode

openclaw config get gateway.auth.token

If gateway status shows Config (cli) != Config (service), fix is usually:

openclaw gateway install --force
openclaw gateway restart

Also double-check you’re not launching TUI through an alias/wrapper that injects --url (that path requires explicit --token).

Docs:

• https://docs.openclaw.ai/web/tui
• https://docs.openclaw.ai/gateway/troubleshooting

If this is still reproducible on latest after the config-path check, it’s likely a bug worth filing: https://github.com/openclaw/openclaw/issues

https://pastebin.com/mzKgjNt3 neuer inhalt

Nice report — this is super useful.

Quick answers to your 4 questions (based on current docs/runtime behavior):

1. Protected config paths (for config.patch)

• As far as documented/supported: no user-configurable protected-path list yet.
• Best supported mitigation right now is to deny control-plane tools for that agent/surface:
• deny gateway (and usually cron) via tool policy.
• Relevant doc: https://docs.openclaw.ai/gateway/security (Control plane tools risk section)

2. Batch-change guardrail

• There is currently no documented “N restart-required fields touched” guard.
• Existing safeguards are:
• control-plane write rate limit (3/60s per deviceId+IP),
• restart coalescing + cooldown.
• Doc: https://docs.openclaw.ai/gateway/configuration

3. Restart deferral timeout

• Yes, this is configurable: gateway.reload.deferralTimeoutMs
• Default is 300000 (5 min).
• So you can raise it if you want less mid-run forcing.

4. MEMORY.md truncation

• This is configurable:
• agents.defaults.bootstrapMaxChars (default 20000)
• agents.defaults.bootstrapTotalMaxChars (default 150000)
• agents.defaults.bootstrapPromptTruncationWarning (off|once|always)
• Also recommended: keep MEMORY.md compact and move long detail into memory/*.md (on-demand retrieval).
• Docs: https://docs.openclaw.ai/concepts/context and https://docs.openclaw.ai/reference/token-use

Given this includes feature requests + stability impact, please open a GitHub issue with that exact report text (it’s excellent as-is):
https://github.com/openclaw/openclaw/issues

If you want, I can help you turn it into a minimal repro + expected/actual format before you post.

Thanks it did work