Summary

When a channel is configured with dmPolicy: "open" but without allowFrom: ["*"], the gateway rejects the config and crashes on startup with:

Config invalid
File: ~/.openclaw/openclaw.json
Problem:
  - channels.discord.dm.allowFrom: channels.discord.dmPolicy="open" requires
    channels.discord.allowFrom (or channels.discord.dm.allowFrom) to include "*"
Run: openclaw doctor --fix

The error message tells users to run openclaw doctor --fix, but the doctor has no repair logic for this case — it just reports the same error again.

Changes

Adds maybeRepairOpenPolicyAllowFrom() to the doctor's repair flow that:

1. Scans all channel configs (discord, slack, telegram, etc.) for dmPolicy: "open" without allowFrom containing "*"
2. If allowFrom array exists, appends "*" to it
3. If no allowFrom exists, creates allowFrom: ["*"]
4. Handles both top-level (channels.X.allowFrom) and nested (channels.X.dm.allowFrom) paths
5. Handles per-account configs (channels.X.accounts.Y.allowFrom)

This also fixes the gateway startup crash, since the gateway runs doctor in best-effort mode before starting — with this fix, the doctor will auto-repair the config and the gateway will start successfully.

Reproduction

1. Set this in openclaw.json:

   {
     "channels": {
       "discord": {
         "token": "your-bot-token",
         "dmPolicy": "open",
         "groupPolicy": "open"
       }
     }
   }
   

2. Run openclaw gateway — crashes with config invalid error
3. Run openclaw doctor --fix — reports the same error, doesn't fix it

After this fix:

• openclaw doctor --fix adds allowFrom: ["*"] automatically
• openclaw gateway starts successfully (doctor auto-repairs during startup)

Testing

• All existing doctor config tests pass
• 5 new test cases covering: missing allowFrom, existing allowFrom array, nested dm.allowFrom, already-valid config (no-op), and per-account configs
• Tested against a production OpenClaw v2026.2.15 gateway deployment where this exact crash occurred

[AI-assisted] Created with Claude Code. Tested in production.

Greptile Summary

Adds auto-repair logic to openclaw doctor --fix for the case where dmPolicy: "open" is set without allowFrom: ["*"], which causes the schema validator to reject the config and crash the gateway on startup. The new maybeRepairOpenPolicyAllowFrom() function scans all channel configs (including per-account and nested dm.allowFrom paths) and adds the required wildcard entry. The non-repair path (running doctor without --fix) now also detects this misconfiguration and suggests the fix command.

• Repair logic correctly mirrors the schema validation in requireOpenAllowFrom (checks both account.dmPolicy and account.dm.policy)
• Handles three cases: appending "*" to existing top-level allowFrom, appending to nested dm.allowFrom, or creating new allowFrom: ["*"]
• 5 new test cases covering the key scenarios
• Minor style issue: unused channelName parameter in the ensureWildcard helper

Confidence Score: 4/5

• This PR is safe to merge — it adds a targeted repair for a known crash scenario with correct logic and good test coverage.
• The repair function correctly handles all the dmPolicy resolution paths that the schema validator checks (top-level dmPolicy, nested dm.policy, top-level allowFrom, nested dm.allowFrom, per-account configs). The structuredClone approach ensures no unintended mutation. Tests cover the main scenarios. One minor style issue (unused parameter) does not affect correctness.
• No files require special attention — both changed files are straightforward additions to existing patterns.

_{Last reviewed commit: 2151684}

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}