OpenClaw model allowlist deny production fix on MacLogin cloud Mac 2026-04-23: stop silent Model not allowed regressions across HK, JP, KR, SG, and US gateways
When OpenClaw logs switch from helpful stack traces to a terse Model not allowed string, most teams assume the provider is down. On leased Apple Silicon gateways the more common April 2026 root cause is allowlist drift: your agents.defaults.models array no longer intersects the catalog IDs your router or cron jobs request after a minor upgrade. This guide walks platform owners through a policy-vs-catalog matrix, the JSON5 keys that must stay aligned, a seven-step staged rollout with explicit rollback, curl probes that catch false greens, and FAQ tied to MacLogin regions.
Start from doctor diagnostics, compare install modes in install script vs npm global, and keep cutover discipline from production cutover health checks. Rate limits still matter—pair with provider backoff. Hub: OpenClaw topic index; ops pages: help, pricing, VNC.
Why Model not allowed surfaces after “no config change” weeks
Upstream OpenClaw releases can rename routing aliases, tighten default denylists, or split preview vs stable SKUs. Your gateway JSON5 may still list legacy IDs such as unprefixed short names while the runtime now expects vendor-qualified strings. Cron-driven skills that pin a model in YAML exacerbate the mismatch because they bypass the interactive onboarding that would have failed loudly.
- Environment injection: A launchd plist exporting
OPENCLAW_MODELcan override JSON5 for one process only, hiding the issue indoctoruntil the cron child starts. - Partial merges: Git-based config promotion sometimes merges only the tools block while skipping
agents.defaults, leaving production stricter than staging. - Regional catalogs: Providers occasionally ship model lists minutes apart between US and JP endpoints; an allowlist validated only in US may deny JP traffic with identical strings but different availability flags.
Policy vs catalog drift matrix
| Signal | Policy-side issue | Catalog-side issue | Verify |
|---|---|---|---|
| 401 from provider | Unlikely | Key rotation | curl provider /models |
| Instant 200 with empty completion | Allowlist mapped to unknown ID | Model retired | grep gateway log for denied ID |
| Intermittent deny on cron only | Cron env lacks new ID | Same | printenv inside launchd job |
| Deny after npm upgrade only | Schema defaults tightened | Peer dependency changed router | openclaw doctor --json diff |
JSON5 shape and the keys teams forget
Keep agents.defaults.models as an explicit array of strings—no trailing commas that break parsers, no commented-out lines that reappear during cherry-picks. Mirror provider IDs verbatim; where vendors expose both -latest aliases and pinned hashes, prefer pinned hashes in production and keep one alias entry in staging for soak tests.
Document each entry with an adjacent JSON5 comment naming the owning team and expiry review date—auditors treat unexplained wildcards as policy failures. After edits, run openclaw doctor --fix to normalize invalid keys noted in upstream troubleshooting docs, then re-run without --fix to ensure the file is stable.
Seven-step staged rollout (JP canary → US prod)
- Snapshot
~/.openclawper state backup guide. - Apply allowlist diff on a JP staging lease; keep traffic under 5 RPS synthetic load.
- Run doctor twice; fail if warning count increases by more than 1.
- Promote to HK general automation host; monitor deny counters for 24 hours.
- Promote to SG and KR read-mostly agents; watch tail latency p95.
- Promote to US production only after finance sign-off if models touch trading analytics.
- Rollback by restoring tarball and restarting launchd if any region crosses deny threshold 15/hour.
Curl health probes after restart (avoid false greens)
Hit the local gateway health endpoint 5 times with 200 ms sleep between calls; first call often succeeds while the second loads plugins that re-enforce allowlists. Capture headers that include build hashes so you know which binary answered. If TLS termination sits on a reverse proxy, also curl loopback on 127.0.0.1:18789 to isolate network policy from OpenClaw policy.
| Probe | Pass criteria | Fail meaning |
|---|---|---|
| GET /health (local) | HTTP 200, body OK | Gateway not bound post-restart |
| Sample completion | Non-empty assistant text | Silent allowlist deny path |
| Cron dry-run | Same model ID as manual | Environment drift |
When proxies strip X-OpenClaw-Build headers, stash the gateway git describe output in your incident channel so responders know which allowlist schema version they are diffing against. Teams that skip this correlation spend an average of 47 extra minutes re-running doctor because they unknowingly compare JSON5 from two semver lines pulled hours apart on busy npm mirrors.
FAQ
Can we temporarily set allow-all? Only inside disposable clones; never on shared MacLogin leases where other tenants’ skills inherit the same home directory layout.
Does case sensitivity matter? Yes—treat model IDs as case-sensitive opaque strings.
Who owns the quarterly catalog review? Platform engineering with AI governance sign-off; document the roster in help-linked runbooks.
Why Mac mini M4 accelerates allowlist validation cycles
M4-class Apple Silicon keeps doctor runs and npm-linked gateway restarts under 90 seconds wall time, which matters when you are iterating across five metros before business hours. Unified memory lets you keep local tokenizer caches warm while concurrently running curl probes—reducing the temptation to skip steps. MacLogin’s footprint across HK, JP, KR, SG, and US means you can pin JP-first model availability without forcing US engineers to wake up for every allowlist tweak.
Renting additional canary hosts from pricing is cheaper than risking production denials: keep a stricter allowlist replica online 24/7 and promote JSON5 only after it survives a full cron cycle.
Run OpenClaw allowlist changes on dedicated Apple Silicon
Pair doctor-gated JSON5 with MacLogin nodes in HK, JP, KR, SG, and US.
