CONFIG • OpenClaw quick fix

Hook calls stopped routing? Check `sessionKey` after OpenClaw 2026.2.12.

OpenClaw 2026.2.12 changed a small field with big integration consequences: `POST /hooks/agent` rejects payload `sessionKey` overrides by default. That is safer, but any webhook caller that used per-request `sessionKey` routing can start failing, landing in the wrong session, or looking like a generic hook outage after an update. Treat the repair as a routing audit, not a blind rollback: pick a fixed hook context when possible, only re-enable request-level session keys deliberately, then prove the exact inbound path with one known test request.

In simple words: Make a safe copy if the step could change your setup, try the smallest check, then confirm OpenClaw is back to normal before doing more. The source link and commands stay below for people who want the technical detail.

Checklist

Find every external job, webhook, CRM, script, or plugin that calls `POST /hooks/agent` and sends `sessionKey` in the JSON body.

If the hook should always land in the same context, configure `hooks.defaultSessionKey` and prefer a narrow prefix such as `hooks.allowedSessionKeyPrefixes: ["hook:"]`.

Hook routing config shape to review, not paste blindly

{
  "hooks": {
    "defaultSessionKey": "hook:ops-inbound",
    "allowedSessionKeyPrefixes": ["hook:"],
    "allowRequestSessionKey": false
  }
}

If a trusted caller truly needs per-request routing, explicitly set `hooks.allowRequestSessionKey: true` and write down which caller is allowed to use it.

Run `openclaw doctor` or schema validation before restarting; unknown or mistyped config keys should fail before a real integration depends on them.

Send one known hook payload after restart and confirm it reaches the intended session or route, not just that the HTTP request returned 200.

Inbound hook routing receipt

- OpenClaw version before/after update:
- Caller sending POST /hooks/agent:
- Does caller send payload sessionKey? yes/no
- Fixed defaultSessionKey chosen, if any:
- Request-level routing allowed? why and from whom:
- Test payload ID/time:
- Expected session/route:
- Observed session/route:
- Rollback label or config snapshot:

Keep a rollback label or config snapshot before changing hook routing, especially if hooks can start agents, send messages, or call tools.

Success looks like

• Every hook caller that depended on payload `sessionKey` routing is either moved to a fixed default session or deliberately allowed back in.

• The config validates before restart, so the Gateway does not fail because of a misspelled hook key.

• A real inbound test proves the hook landed in the intended session/route before unattended automations resume.

Source: OpenClaw v2026.2.12 release notes + hooks docs · link

Before the next risky OpenClaw change

Turn this quick fix into a repeatable rollback path.

If this touches tokens, providers, upgrades, plugins, or shared-agent settings, do the free check first — then use a verified snapshot and one restore drill before trusting unattended work again.

What openclaw.json Mastery adds

hook-routing inventory before changing session context
safe config worksheet for default session keys and allowed prefixes
post-update hook smoke-test receipt with rollback label

Use the free fix when: you only need to unblock this one low-risk change and can write the backup label, smoke result, and rollback trigger in your own notes.

Buy when: this same risk will happen again, another person needs to repeat the fix, or you want a purchase-to-first-GREEN receipt, restore drill, and written rollback record before agents run unattended.

Do not buy yet if: you have not tried the free checklist, you need live support, or you are not ready to make a verified backup before changing a working setup.

Free proof → repeatable proof

Use the quick fix once. Buy only when the same evidence needs to be repeatable before future OpenClaw changes.

Free proof: One webhook caller is traced from payload to intended session after the 2026.2.12 routing change.

Repeatable proof: Config Mastery turns that into a reusable hook/config change worksheet with schema checks, safe defaults, and rollback notes.

Free proof: A written decision says whether request-level session routing stays disabled or is explicitly allowed for one trusted caller.

Repeatable proof: Config Mastery keeps those decisions beside your OpenClaw config so the next update does not recreate hidden routing drift.

Use openclaw.json Mastery before the risky change →

Free fix first; buy the playbook only when the rollback path needs a repeatable first-GREEN proof record.

Have a high‑value nugget? Submit it.