← Back to Tutorials
Troubleshooting · 4 min
Applied Security Hardening and Now Your Agent Is "Broken"?
This usually means your restrictions are too broad, overlapping, or blocking normal tool execution—not that the model failed.
Fast reality check
If your agent can still chat but can’t do actions, you likely hit a policy collision:
- approval policy now blocks routine commands
- network restrictions block tool access
- timeout values are too aggressive for real tasks
- multiple guardrails overlap and cancel normal behavior
2-minute recovery flow (safe rollback)
- Run one tiny canary task.
Ask for: Create a file named canary.txt containing OK and show the full path.
- If canary fails, revert only the newest hardening block.
Don’t wipe everything. Remove one recent policy cluster, then retest.
- Re-enable guardrails one-by-one.
Add back exactly one restriction, run canary again, continue.
- Stop at first failure.
The last re-added rule is likely the blocker. Tune that rule only.
This finds the exact bad rule fast without losing your full security posture.
High-friction mistakes to avoid
- Changing 10 things at once: you can’t isolate the blocker.
- Using heartbeat as a workaround: this hides root cause instead of fixing policy collisions.
- Skipping restart/reload after config edits: stale runtime state can make old failures look persistent.
- Treating all failures as model issues: most are execution-policy issues after hardening.
If you copied hardening commands from OpenClaw docs into a HeyRon container
This is a common break pattern from community reports: settings that are safe for direct OpenClaw self-hosting can block HeyRon’s managed gateway path.
- Symptom: chat opens, then tools/actions fail, or you get auth/connect loops.
- Likely cause: overly strict network/approval/deny defaults that block HeyRon-required gateway behavior.
- Fix path: roll back the newest hardening block first (not your whole setup), then retest with canary.
Important: if rollback does not restore behavior quickly, open a support ticket and note that the break started immediately after applying docs.openclaw.ai/security recommendations.
Copy/paste recovery prompt
Act as a rollback assistant. First run one tiny canary task and report pass/fail with evidence. If fail, identify the most recently added security/policy block, disable only that block, and rerun the canary. Repeat one change at a time until pass. Then list which exact rule caused failure and provide a narrower safer replacement instead of broad deny rules.
When to escalate to #help
- timestamp + timezone
- the exact hardening block(s) added recently
- canary task prompt + exact failure output
- which single rollback step restored behavior (if any)
Post exact policy text (redact secrets) so support can identify collision patterns quickly.