# 2026-02-27

## Incident: OpenClaw gateway token mismatch after token rotation

- Time window: late 2026-02-26 through early 2026-02-27 (America/Los_Angeles)
- Symptom: local CLI/tooling intermittently failed with `unauthorized: gateway token mismatch`.
- Impact:
  - `openclaw gateway probe` and `openclaw status` showed unauthorized.
  - `cron` tool actions were blocked during mismatch periods.
  - Requested follow-up cron check (post-midnight git push verification) was not scheduled at the time requested.
- Likely cause: partial/interrupted token-rotation/restart workflow left control-plane auth out of sync temporarily.
- Recovery completed:
  - ensured `gateway.remote.token` matched `gateway.auth.token`
  - restarted gateway service
  - verified gateway reachability/auth and cron access
- Verification at recovery:
  - gateway status/probe returned OK
  - `cron list` succeeded without auth errors

## Follow-up

- When rotating gateway tokens, run and capture this fixed post-check sequence every time:
  1) `openclaw gateway probe`
  2) `openclaw status`
  3) `cron list`
- Do not mark token rotation complete until all three checks pass.