#lobster workflow failing

I'm running a lobster worklflow, the invoke llm script is failing with this error

llm-task args: {
"provider": "lmstudio",
"model": "lmstudio/qwen3.6-35b-a3b-mtp",
"timeoutMs": 1800000,
"maxTokens": 32000,
"temperature": 0,
"requestTimeoutMs": 2100000
}
Gateway HTTP request failed
URL: http://127.0.0.1:18789/tools/invoke
Status: 401 Unauthorized
Raw response:
{"error":{"message":"Unauthorized","type":"unauthorized"}}

That 401 is coming from the OpenClaw Gateway, before it ever reaches LM Studio. So this is almost certainly not the lmstudio/qwen... model config; the workflow’s /tools/invoke request is missing the gateway shared-secret auth, or using the wrong one.

First, please include your version so we don’t chase old behavior:

openclaw --version

Quick checks on the gateway host:

openclaw gateway status
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.token

Do not paste the token here. The script calling:

http://127.0.0.1:18789/tools/invoke

needs to send the gateway secret as a bearer token:

Authorization: Bearer <gateway token or gateway password>

If token auth is enabled but no token exists yet, generate one:

openclaw doctor --generate-gateway-token
openclaw gateway restart

Then make sure the workflow process has the same secret available, commonly via:

export OPENCLAW_GATEWAY_TOKEN="$(openclaw config get gateway.auth.token)"

and that the invoke script actually maps it into the HTTP Authorization header. If you’re using password mode instead, same idea but with OPENCLAW_GATEWAY_PASSWORD.

Relevant docs:
https://docs.openclaw.ai/gateway/configuration
https://docs.openclaw.ai/gateway/troubleshooting
https://docs.openclaw.ai/web/dashboard

Script can be found here https://cl1p.net/4561

I checked the script. It already sends:

if (token) headers.authorization = `Bearer ${token}`;

So the 401 means token is empty or doesn’t match what the gateway expects.

In your script, token only comes from:

process.env.OPENCLAW_GATEWAY_TOKEN || process.env.SHARED_GATEWAY_TOKEN || ""

So fix depends on your gateway auth mode:

openclaw --version
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.token

Don’t paste the token here. If gateway.auth.mode is token, run the workflow from a shell that has:

export OPENCLAW_GATEWAY_TOKEN="$(openclaw config get gateway.auth.token)"

If your gateway is using password auth, the script currently does not read OPENCLAW_GATEWAY_PASSWORD. Change this line:

const token = process.env.OPENCLAW_GATEWAY_TOKEN || process.env.SHARED_GATEWAY_TOKEN || "";

to:

const token =
  process.env.OPENCLAW_GATEWAY_TOKEN ||
  process.env.OPENCLAW_GATEWAY_PASSWORD ||
  process.env.SHARED_GATEWAY_TOKEN ||
  "";

Then rerun. Also make sure the workflow process is actually inheriting that env var; daemon/GUI-launched workflows often don’t inherit your interactive shell env.

Docs: https://docs.openclaw.ai/gateway/configuration and https://docs.openclaw.ai/gateway/troubleshooting

I'm seeing these errors in the openclaw log

22:19:43
warn
tools-invoke
tool execution failed: Error: LLM JSON did not match schema: leads.0.contact: must be string; leads.1.contact: must be string; leads.2.contact: must be string; leads.3.contact: must be string; leads.4.contact: must be string
22:19:43
error
[tools] lobster failed: workflow command failed (1): sh -c 'node /home/admin/.openclaw/workspace-dba-scout/lobster-scripts/invoke-llm-task.js 2> /home/admin/.openclaw/workspace-dba-scout/debug-draft-email-stderr.txt' raw_params={"action":"run","pipeline":"/home/admin/.openclaw/workspace-dba-scout/sql-leads-draft.lobster","timeoutMs":1800000,"maxStdoutBytes":512000}
22:19:43
error
[tools] lobster failed: workflow command failed (1): sh -c 'node /home/admin/.openclaw/workspace-dba-scout/lobster-scripts/invoke-llm-task.js 2> /home/admin/.openclaw/workspace-dba-scout/debug-draft-email-stderr.txt' raw_params={"action":"run","pipeline":"/home/admin/.openclaw/workspace-dba-scout/sql-leads-draft.lobster","timeoutMs":1800000,"maxStdoutBytes":512000}

Good, that means the gateway auth problem is past this step. This new failure is inside the llm-task schema validation.

The model returned JSON, but the workflow schema says each lead must have:

"contact": "some string"

and the model likely returned something like:

"contact": { "email": "...", "phone": "..." }

or null / an array. The validator is rejecting all 5 leads because contact is not a string.

Smallest fixes:

1. Inspect the actual model output if your script captured it, especially:

cat /home/admin/.openclaw/workspace-dba-scout/debug-draft-email-stderr.txt

2. In sql-leads-draft.lobster, either change the schema so contact matches what you actually want, or tighten the prompt to require a string. For example:

For each lead, contact must be a single string. If no contact is available, use "".
Do not return an object, array, or null for contact.

3. If using Qwen/LM Studio for JSON, I’d also add a cleanup rule in the script/workflow before validation: convert missing/null/object contact values into a string. Local models often drift on nested JSON schemas.

So: 401 Unauthorized was gateway auth. This one is output shape/schema mismatch. Different layer.

This is the active.md file https://cl1p.net/4562

Yep, that active.md explains the validation error.

Each lead’s Contact section is multi-line structured Markdown, for example:

- **Contact:**
  - Nigel Muirhead — CEO
  - LinkedIn: ...
  - Email pattern: ...
  - Fiona Phillips — Chief People Officer
  - LinkedIn: ...

Your workflow schema apparently expects:

"contact": "string"

but the model is probably interpreting that contact block as an object or list, like:

"contact": [
  { "name": "Nigel Muirhead", "role": "CEO", "linkedin": "..." }
]

That is why every leads.N.contact fails with “must be string”.

Smallest prompt/schema fix: tell the LLM to keep contact as one plain string, preserving the Markdown contact block:

For each lead, contact MUST be a single string.
Copy the full Contact section into that string, using newline characters if needed.
Do not return contact as an object, array, null, or structured subfields.
If no contact exists, return "".

Expected shape:

{
  "company": "Agilisys",
  "contact": "Nigel Muirhead — CEO
LinkedIn: https://www.linkedin.com/in/nigel-muirhead-bbb25a47
Email pattern: nigel.muirhead@agilisys.co.uk (constructed)
Fiona Phillips — Chief People Officer

LinkedIn: https://www.agilisys.co.uk/team/fiona-phillips/"
}

Better longer-term fix: change the schema so contact is an array of contact objects, because your source data is naturally structured. But if the rest of the workflow expects a simple draft-email string, coercing it to one string is the least invasive fix.

This is the script that read it https://cl1p.net/4564

The reader script confirms it: the schema is strict here:

contact: {
  type: "string"
}

but the prompt only says:

- Contact -> contact

For your active.md, Contact is a nested Markdown section, so the model is “helpfully” turning it into structured data. The schema then rejects it.

Smallest change: add an explicit rule right after "- Contact -> contact", in the prompt:

"Contact -> contact as one plain string. Preserve names, roles, LinkedIn URLs, email patterns, and contact routes in that string.",
"Never return contact as an object, array, null, or nested fields.",
"If Contact is missing, set contact to 'Not specified'.",

I’d also strengthen the general missing-field rule from:

"If a field is missing from the Markdown, use 'Not specified' rather than guessing.",

to:

"All schema fields except score must be strings. If a field is missing from the Markdown, use 'Not specified' rather than guessing.",

"Do not use objects, arrays, or null for any string field.",

If you want the more robust fix, change the schema instead:

contact: {
  type: "array",
  items: {
    type: "object",
    properties: {
      name: { type: "string" },
      role: { type: "string" },
      linkedin: { type: "string" },
      email: { type: "string" },

      note: { type: "string" }
    },
    required: ["name"],
    additionalProperties: false
  }
}

But that will require the downstream email renderer to understand contact as an array. For your current pipeline, prompt-tightening is probably the quickest fix.

Can you give me the updated script then

Hello?

I attached it just above as active-leads-reader-updated.js. If Discord didn’t show the attachment on your side, say so and I’ll paste the full script inline instead.

Can you write it here https://cl1p.net/4565

Done: https://cl1p.net/4565

I read it back and confirmed the updated script is there. I set the cl1p TTL to 1 hour.