Raw mode disabled (snapshot cannot safely round-trip raw text). | Friends of the Crustacean 🦞🤝 | Page 1

proper escarp Apr 11, 2026, 8:14 AM

#

Running open claw 4.10 on digital ocean VPS and via the control terminal I cannot view or edit the raw config file because of Raw mode disabled (snapshot cannot safely round-trip raw text).

merry vectorBOT Apr 11, 2026, 8:14 AM

#

errant minnowBOT Apr 11, 2026, 8:14 AM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

merry vectorBOT Apr 11, 2026, 8:14 AM

#

limpid craterBOT Apr 11, 2026, 8:16 AM

#

Let me verify the docs and code path for that raw-mode message so I don’t guess.

proper escarp Apr 11, 2026, 8:19 AM

#

ok

limpid craterBOT Apr 11, 2026, 8:20 AM

#

👍 cool, then let’s narrow it down.

Please paste the output of:

openclaw --version
openclaw config file
openclaw config validate

If you just need to work around Control UI right now, you can use the CLI instead:

openclaw config file          # prints the actual config path
openclaw config get gateway.bind
openclaw config get agents.list --json

#

openclaw config set <path> <value>

Docs:

If openclaw config validate fails, that alone can explain Raw mode being disabled.
If it passes, the next likely cause is the safe-redaction overlap case in the config.

proper escarp Apr 11, 2026, 8:20 AM

#

openclaw@defind-openclaw:~$ openclaw --version
openclaw config file
openclaw config validate
OpenClaw 2026.4.10 (44e5b62)

🦞 OpenClaw 2026.4.10 (44e5b62)
Open source means you can see exactly how I judge your config.

~/.openclaw/openclaw.json

🦞 OpenClaw 2026.4.10 (44e5b62)
I don't judge, but your missing API keys are absolutely judging you.

Config valid: ~/.openclaw/openclaw.json

limpid craterBOT Apr 11, 2026, 8:21 AM

#

Perfect, that helps.

Since:

you’re on 2026.4.10
the config is valid
the file path is normal (~/.openclaw/openclaw.json)

this is very likely the safety fallback, not a broken install.

What it usually means:
a secret value is also appearing as normal text somewhere else in the config, so if Control UI redacted the raw text it could accidentally corrupt non-secret fields.

Classic example:

#

{
  gateway: {
    mode: "local",
    auth: { password: "local" }
  }
}

If it hides the password "local", it would also hit mode: "local", so Raw mode gets disabled.

What to do

If you need the raw file, use the VPS file directly at ~/.openclaw/openclaw.json
For safer edits, use openclaw config get/set
If you want Raw mode back, change any secret that duplicates common config text, or move secrets to env/SecretRef

If you want, paste a sanitized snippet of the config structure here (do not paste real secrets), and I can help spot the overlap.

proper escarp Apr 11, 2026, 8:22 AM

#

how do I get that

limpid craterBOT Apr 11, 2026, 8:22 AM

#

If you mean the raw config file, SSH into the VPS and run:

openclaw config file
cat ~/.openclaw/openclaw.json

That will show the raw file.

If you want to edit it directly on the VPS, open that path in your editor, for example:

nano ~/.openclaw/openclaw.json

If you meant the sanitized snippet for this thread, do this:

#

copy just the relevant section from ~/.openclaw/openclaw.json
replace real secrets with something like "REDACTED"
keep repeated/common words intact (local, default, etc.), because those are often the cause
paste that snippet here

Do not post real tokens/passwords in this thread.

proper escarp Apr 11, 2026, 8:23 AM

#

~/.openclaw/openclaw.json
{
"meta": {
"lastTouchedVersion": "2026.4.10",
"lastTouchedAt": "2026-04-11T08:09:55.624Z"
},
"wizard": {
"lastRunAt": "2026-03-10T12:11:05.961Z",
"lastRunVersion": "2026.3.8",
"lastRunCommand": "onboard",
"lastRunMode": "local"
},
"auth": {
"profiles": {
"openrouter:default": {
"provider": "openrouter",
"mode": "api_key"
}
}
},
"agents": {
"defaults": {
"model": {
"primary": "openrouter/google/gemini-3-flash-preview"
},
"models": {
"openrouter/auto": {
"alias": "OpenRouter"
},
"openrouter/google/gemini-3-flash-preview": {},
""openrouter/anthropic/claude-opus-4-6"": {},
""openrouter/anthropic/claude-sonnet-4-5"": {},
""openrouter/google/gemini-3-flash-preview"": {}
},
"workspace": "~/.openclaw/workspace",
"compaction": {
"mode": "safeguard"
},
"maxConcurrent": 4,
"subagents": {
"maxConcurrent": 8
}
},
"list": [
{
"id": "main",
"subagents": {
"allowAgents": [
"malakor",
"forge",
"spot"
]
}
},
{
"id": "malakor",
"name": "malakor",
"workspace": "/home/openclaw/.openclaw/workspace-malakor",
"agentDir": "/home/openclaw/.openclaw/agents/malakor/agent",
"model": "openrouter/anthropic/claude-opus-4-6"
},
{
"id": "forge",
"name": "forge",
"workspace": "/home/openclaw/.openclaw/workspace-forge",
"agentDir": "/home/openclaw/.openclaw/agents/forge/agent",
"model": ""openrouter/anthropic/claude-opus-4-6""
},
{
"id": "spot",
"name": "spot",
"workspace": "/home/openclaw/.openclaw/workspace-spot",
"agentDir": "/home/openclaw/.openclaw/agents/spot/agent",
"model": "openrouter/google/gemini-3-flash-preview"
}
]
},
"tools": {
"profile": "coding"
},
"messages": {
"ackReactionScope": "group-mentions"
},
"commands": {
"native": "auto",
"nativeSkills": "auto",
"restart": true,
"ownerDisplay": "raw",
"allowFrom": {
"discord": [
511447938892038140,
279906021739069440,
181435740264202240
]
}
},
"session": {
"dmScope": "per-channel-peer"
},
"channels": {
"discord": {
"enabled": true,
"token": "redacted",
"groupPolicy": "allowlist",
"streaming": {
"mode": "off"
},
"guilds": {
"1305712167844184085": {
"requireMention": true,
"users": [
"511447938892038145",
"181435740264202240",
"279906021739069442"
]
}
}
}
},
"gateway": {
"port": 18789,
"mode": "local",
"bind": "loopback",
"controlUi": {
"allowedOrigins": [
"redacted"
]
},
"auth": {
"mode": "token",
"token": "redacted"
},
"trustedProxies": [
"127.0.0.1",
"::1"
],
"tailscale": {
"mode": "serve",
"resetOnExit": false
},
"nodes": {
"denyCommands": [
"camera.snap",
"camera.clip",
"screen.record",
"contacts.add",
"calendar.add",
"reminders.add",
"sms.send"
]
}
},
"plugins": {
"entries": {
"discord": {
"enabled": true
},
"openrouter": {
"enabled": true
},
"memory-core": {
"config": {
"dreaming": {
"enabled": true
}
}
}
}
}
}

limpid craterBOT Apr 11, 2026, 8:24 AM

#

Thanks, this helps.

From the visible structure, I don’t see an obvious problem. The annoying part is that the thing that usually causes this is the actual secret string, not the surrounding JSON, so once it’s redacted I can’t point to the exact field from the paste alone.

What I’d check first from your config:

gateway.controlUi.allowedOrigins
- this should be a plain origin, for example:
```
["https://your-host.ts.net"]
```
- not a full dashboard URL
- not anything with #token=...
gateway.auth.token and channels.discord.token
- if either one is reused elsewhere in the file, Raw mode gets disabled

#

If you want to check that locally without posting secrets, run this on the VPS:

python3 - <<'PY'
import json, pathlib

p = pathlib.Path.home() / ".openclaw" / "openclaw.json"
raw = p.read_text()
cfg = json.loads(raw)

checks = {
    "gateway.auth.token": cfg.get("gateway", {}).get("auth", {}).get("token"),
    "channels.discord.token": cfg.get("channels", {}).get("discord", {}).get("token"),
}

for name, value in checks.items():

#

    if isinstance(value, str) and value:
        print(f"{name}: occurrences in raw file = {raw.count(value)}")
PY

If either one prints more than 1, that’s very likely the reason Raw mode is disabled.

Also, for allowedOrigins, compare it against the docs here:
https://docs.openclaw.ai/web/control-ui
https://docs.openclaw.ai/web/dashboard

If you paste the real shape of allowedOrigins (just the form, not secrets), I can tell you quickly if that field looks wrong.

proper escarp Apr 11, 2026, 8:25 AM

#

gateway.auth.token: occurrences in raw file = 1
channels.discord.token: occurrences in raw file = 1

limpid craterBOT Apr 11, 2026, 8:29 AM

#

Nice, that rules out the simple duplicate-token case.

At this point, the most suspicious thing in your config is actually the model refs with literal extra quotes. These look wrong:

"\"openrouter/anthropic/claude-opus-4-6\"": {},
"\"openrouter/anthropic/claude-sonnet-4-5\"": {},
"\"openrouter/google/gemini-3-flash-preview\"": {}

and this too:

"model": "\"openrouter/anthropic/claude-opus-4-6\""

They should be plain strings / keys, like:

#

"openrouter/anthropic/claude-opus-4-6": {},
"openrouter/anthropic/claude-sonnet-4-5": {},
"openrouter/google/gemini-3-flash-preview": {}

and:

"model": "openrouter/anthropic/claude-opus-4-6"

I’m not 100 percent sure that is the raw-mode cause, but it is definitely wrong and I’d fix that first.

Also double-check gateway.controlUi.allowedOrigins, it should be just an origin like:

#

["https://your-host.ts.net"]

not a full URL, not a dashboard link, not anything with #token=.

So my recommended order:

remove the extra quote-wrapped model refs
make sure allowedOrigins is a plain origin
reload Control UI

If Raw mode is still disabled after that, I’d call it a likely bug in 2026.4.10 and file it here with the sanitized config + your token occurrence results:
https://github.com/openclaw/openclaw/issues

Docs:
https://docs.openclaw.ai/cli/config

#

https://docs.openclaw.ai/web/control-ui

proper escarp Apr 11, 2026, 8:29 AM

#

how do I fix that

limpid craterBOT Apr 11, 2026, 8:29 AM

#

Yep, start with the quote-wrapped model refs. In your file, change these.

1) Fix `agents.defaults.models`

Replace this section:

"models": {
  "openrouter/auto": {
    "alias": "OpenRouter"
  },
  "openrouter/google/gemini-3-flash-preview": {},
  "\"openrouter/anthropic/claude-opus-4-6\"": {},
  "\"openrouter/anthropic/claude-sonnet-4-5\"": {},
  "\"openrouter/google/gemini-3-flash-preview\"": {}
}

#

with:

"models": {
  "openrouter/auto": {
    "alias": "OpenRouter"
  },
  "openrouter/google/gemini-3-flash-preview": {},
  "openrouter/anthropic/claude-opus-4-6": {},
  "openrouter/anthropic/claude-sonnet-4-5": {}
}

2) Fix the `forge` agent model

Change:

#

"model": "\"openrouter/anthropic/claude-opus-4-6\""

to:

"model": "openrouter/anthropic/claude-opus-4-6"

3) Check `allowedOrigins`

Make sure it is just a plain origin, like:

["https://your-host.ts.net"]

#

If it contains a path, full dashboard URL, or #token=..., remove that and keep only the origin.

4) Save, then reload the Config page

If it still looks stuck after saving the file, refresh the dashboard. If needed, restart the gateway once.

If you want, paste the updated agents.defaults.models block + the forge.model line + the shape of allowedOrigins, and I’ll sanity-check it before you restart anything.

proper escarp Apr 11, 2026, 8:31 AM

#

give me code to fix this in oneshot from the CLI

limpid craterBOT Apr 11, 2026, 8:32 AM

#

Yep. Assuming forge is still agents.list[2] in your config, this is the clean one-shot fix for the bad quoted model refs:

openclaw config set --batch-json '[
  {
    "path": "agents.defaults.models",
    "value": {
      "openrouter/auto": { "alias": "OpenRouter" },
      "openrouter/google/gemini-3-flash-preview": {},
      "openrouter/anthropic/claude-opus-4-6": {},
      "openrouter/anthropic/claude-sonnet-4-5": {}
    }
  },
  {
    "path": "agents.list[2].model",
    "value": "openrouter/anthropic/claude-opus-4-6"

#

  }
]' && openclaw config validate

If you want a backup first:

cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak && openclaw config set --batch-json '[
  {
    "path": "agents.defaults.models",
    "value": {
      "openrouter/auto": { "alias": "OpenRouter" },
      "openrouter/google/gemini-3-flash-preview": {},
      "openrouter/anthropic/claude-opus-4-6": {},
      "openrouter/anthropic/claude-sonnet-4-5": {}

#

    }
  },
  {
    "path": "agents.list[2].model",
    "value": "openrouter/anthropic/claude-opus-4-6"
  }
]' && openclaw config validate

If gateway.controlUi.allowedOrigins is also wrong, fix it separately with your real origin:

openclaw config set gateway.controlUi.allowedOrigins '["https://YOUR-HOST.ts.net"]' --strict-json

After that, refresh the Config page. If Raw mode is still disabled, paste the new openclaw config get agents.defaults.models --json output and I’ll keep digging.

proper escarp Apr 11, 2026, 8:46 AM

#

I want to add some more models to my stack via openrouter how do I do this via the cli

openai/gpt-5.3-codex

limpid craterBOT Apr 11, 2026, 8:47 AM

#

If you want to add it via OpenRouter, use the full ref:

openrouter/openai/gpt-5.3-codex

Keep your current primary, add it to the stack as a fallback

openclaw models fallbacks add openrouter/openai/gpt-5.3-codex

Make it the primary model instead

openclaw models set openrouter/openai/gpt-5.3-codex

Optional, give it a short alias

#

openclaw models aliases add codex openrouter/openai/gpt-5.3-codex

Check what got written

openclaw models status
openclaw config get agents.defaults.models --json

Important: do not wrap the model ref in extra quotes inside the value.

Also, this only works if OpenRouter auth is actually configured. If not, you’ll add the model successfully but still hit auth errors at runtime.