openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/.generated/plugin-sdk-api-baseline.sha256‎
Lines changed: 2 additions & 2 deletions b/‎docs/.generated/plugin-sdk-api-baseline.sha256‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/plugins/sdk-subpaths.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/plugins/sdk-subpaths.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎extensions/codex/src/app-server/auth-bridge.ts‎
Lines changed: 2 additions & 2 deletions b/‎extensions/codex/src/app-server/auth-bridge.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎extensions/codex/src/app-server/models.test.ts‎
Lines changed: 2 additions & 2 deletions b/‎extensions/codex/src/app-server/models.test.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎extensions/codex/src/app-server/run-attempt.ts‎
Lines changed: 3 additions & 3 deletions b/‎extensions/codex/src/app-server/run-attempt.ts‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎extensions/codex/src/app-server/session-binding.ts‎
Lines changed: 8 additions & 4 deletions b/‎extensions/codex/src/app-server/session-binding.ts‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎extensions/codex/src/app-server/shared-client.test.ts‎
Lines changed: 4 additions & 4 deletions b/‎extensions/codex/src/app-server/shared-client.test.ts‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎extensions/codex/src/app-server/shared-client.ts‎
Lines changed: 3 additions & 3 deletions b/‎extensions/codex/src/app-server/shared-client.ts‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎extensions/codex/src/conversation-binding.test.ts‎
Lines changed: 3 additions & 3 deletions b/‎extensions/codex/src/conversation-binding.test.ts‎
Lines changed: 3 additions & 3 deletions
@@ -80,6 +80,7 @@ Docs: https://docs.openclaw.ai
 - Providers/Fireworks: expose Kimi models as thinking-off-only and keep K2.5/K2.6 requests on `thinking: disabled`, so manual model switches do not send Fireworks-rejected `reasoning*` parameters. Refs #74289. Thanks @frankekn.
 - WhatsApp responsiveness: stop only verified stale local TUI clients when they degrade the Gateway event loop and delay replies. Thanks @vincentkoc.
 - Hooks/session-memory: add collision suffixes to fallback memory filenames so repeated `/new` or `/reset` captures in the same minute do not overwrite the earlier session archive. Thanks @vincentkoc.
+- Agents/config: remove the ambiguous legacy `main` agent dir helper from runtime paths; model, auth, gateway, bundled plugin, and test helpers now resolve default/session agent dirs through `agents.list`/agent-scope helpers while plugin SDK keeps a deprecated compatibility export.
 - Video generation: wait up to 20 minutes for slow fal/MiniMax queue-backed jobs, stop forwarding unsupported Google Veo generated-audio options, and normalize MiniMax `720P` requests to its supported `768P` resolution with the usual override warning/details instead of failing fallback.
 - Video generation: accept provider-specific aspect-ratio and resolution hints at the tool boundary, normalize `720P` to MiniMax's supported `768P`, and stop sending Google `generateAudio` on Gemini video requests so provider fallback can recover from model-specific parameter differences. Thanks @vincentkoc.
 - OpenAI/Google Meet: fail realtime voice connection attempts when the socket closes before `session.updated`, avoiding stuck Meet joins waiting on a bridge that never became ready. Thanks @vincentkoc.
 
@@ -1,2 +1,2 @@
-43c6f668cd8301f485c64e6a663dc1b19d38c146ce2572943e2dc961973e0c6f  plugin-sdk-api-baseline.json
-1d877d94bebb634d90d929fe0581ba4bccf4d12d8342d179ae9bf1053e68c013  plugin-sdk-api-baseline.jsonl
+2164ea491c61e643f0a9c68f7b9bd2e41ab338eb93bbdf301da2fae548722581  plugin-sdk-api-baseline.json
+c07c3719218a12482e2a76e6b9654da2ddddf75d8d70145cdaef3da2b2eaccef  plugin-sdk-api-baseline.jsonl
@@ -117,7 +117,7 @@ For the plugin authoring guide, see [Plugin SDK overview](/plugins/sdk-overview)
     | `plugin-sdk/provider-auth-result` | Standard OAuth auth-result builder |
     | `plugin-sdk/provider-auth-login` | Shared interactive login helpers for provider plugins |
     | `plugin-sdk/provider-env-vars` | Provider auth env-var lookup helpers |
-    | `plugin-sdk/provider-auth` | `createProviderApiKeyAuthMethod`, `ensureApiKeyFromOptionEnvOrPrompt`, `upsertAuthProfile`, `upsertApiKeyProfile`, `writeOAuthCredentials` |
+    | `plugin-sdk/provider-auth` | `createProviderApiKeyAuthMethod`, `ensureApiKeyFromOptionEnvOrPrompt`, `upsertAuthProfile`, `upsertApiKeyProfile`, `writeOAuthCredentials`, deprecated `resolveOpenClawAgentDir` compatibility export |
     | `plugin-sdk/provider-model-shared` | `ProviderReplayFamily`, `buildProviderReplayFamilyHooks`, `normalizeModelCompat`, shared replay-policy builders, provider-endpoint helpers, and model-id normalization helpers such as `normalizeNativeXaiModelId` |
     | `plugin-sdk/provider-catalog-runtime` | Provider catalog augmentation runtime hook and plugin-provider registry seams for contract tests |
     | `plugin-sdk/provider-catalog-shared` | `findCatalogTemplate`, `buildSingleProviderApiKeyCatalog`, `buildManifestModelProviderConfig`, `supportsNativeStreamingUsageCompat`, `applyProviderNativeStreamingUsageCompat` |
@@ -253,7 +253,7 @@ For the plugin authoring guide, see [Plugin SDK overview](/plugins/sdk-overview)
     | `plugin-sdk/string-coerce-runtime` | Narrow primitive record/string coercion and normalization helpers without markdown/logging imports |
     | `plugin-sdk/host-runtime` | Hostname and SCP host normalization helpers |
     | `plugin-sdk/retry-runtime` | Retry config and retry runner helpers |
-    | `plugin-sdk/agent-runtime` | Agent dir/identity/workspace helpers |
+    | `plugin-sdk/agent-runtime` | Agent dir/identity/workspace helpers, including `resolveAgentDir`, `resolveDefaultAgentDir`, and deprecated `resolveOpenClawAgentDir` compatibility export |
     | `plugin-sdk/directory-runtime` | Config-backed directory query/dedup |
     | `plugin-sdk/keyed-async-queue` | `KeyedAsyncQueue` |
   </Accordion>
 
@@ -6,7 +6,7 @@ import {
   resolveAuthProfileOrder,
   resolveProviderIdForAuth,
   resolveApiKeyForProfile,
-  resolveOpenClawAgentDir,
+  resolveDefaultAgentDir,
   resolvePersistedAuthProfileOwnerAgentDir,
   saveAuthProfileStore,
   type AuthProfileCredential,
@@ -82,7 +82,7 @@ export function resolveCodexAppServerAuthProfileIdForAgent(params: {
   agentDir?: string;
   config?: AuthProfileOrderConfig;
 }): string | undefined {
-  const agentDir = params.agentDir?.trim() || resolveOpenClawAgentDir();
+  const agentDir = params.agentDir?.trim() || resolveDefaultAgentDir(params.config ?? {});
   const store = ensureAuthProfileStore(agentDir, { allowKeychainPrompt: false });
   return resolveCodexAppServerAuthProfileId({
     authProfileId: params.authProfileId,
 
@@ -27,8 +27,8 @@ vi.mock("./managed-binary.js", () => ({
   resolveManagedCodexAppServerStartOptions: mocks.managedBinary.startOptions,
 }));
 
-vi.mock("openclaw/plugin-sdk/provider-auth", () => ({
-  resolveOpenClawAgentDir: mocks.providerAuth.agentDir,
+vi.mock("openclaw/plugin-sdk/agent-runtime", () => ({
+  resolveDefaultAgentDir: mocks.providerAuth.agentDir,
 }));
 
 let listCodexAppServerModels: typeof import("./models.js").listCodexAppServerModels;
 
@@ -16,9 +16,9 @@ import {
   isSubagentSessionKey,
   normalizeAgentRuntimeTools,
   resolveAttemptSpawnWorkspaceDir,
+  resolveAgentDir,
   resolveAgentHarnessBeforePromptBuildResult,
   resolveModelAuthMode,
-  resolveOpenClawAgentDir,
   resolveSandboxContext,
   resolveSessionAgentIds,
   resolveUserPath,
@@ -385,7 +385,7 @@ export async function runCodexAppServerAttempt(
     config: params.config,
     agentId: params.agentId,
   });
-  const agentDir = params.agentDir ?? resolveOpenClawAgentDir();
+  const agentDir = params.agentDir ?? resolveAgentDir(params.config ?? {}, sessionAgentId);
   const startupBinding = await readCodexAppServerBinding(params.sessionFile);
   const startupAuthProfileCandidate =
     params.runtimePlan?.auth.forwardedAuthProfileId ??
@@ -1477,7 +1477,7 @@ async function buildDynamicTools(input: DynamicToolBuildParams) {
     return [];
   }
   const modelHasVision = params.model.input?.includes("image") ?? false;
-  const agentDir = params.agentDir ?? resolveOpenClawAgentDir();
+  const agentDir = params.agentDir ?? resolveAgentDir(params.config ?? {}, input.sessionAgentId);
   const { createOpenClawCodingTools } = await import("openclaw/plugin-sdk/agent-harness");
   const allTools = createOpenClawCodingTools({
     agentId: input.sessionAgentId,
 
@@ -2,7 +2,7 @@ import fs from "node:fs/promises";
 import { embeddedAgentLog } from "openclaw/plugin-sdk/agent-harness-runtime";
 import {
   ensureAuthProfileStore,
-  resolveOpenClawAgentDir,
+  resolveDefaultAgentDir,
   resolveProviderIdForAuth,
   type AuthProfileStore,
 } from "openclaw/plugin-sdk/agent-runtime";
@@ -194,12 +194,16 @@ function resolveCodexAppServerAuthProfileCredential(
   if (!authProfileId) {
     return undefined;
   }
-  const store = lookup.authProfileStore ?? loadCodexAppServerAuthProfileStore(lookup.agentDir);
+  const store =
+    lookup.authProfileStore ?? loadCodexAppServerAuthProfileStore(lookup.agentDir, lookup.config);
   return store.profiles[authProfileId];
 }
 
-function loadCodexAppServerAuthProfileStore(agentDir: string | undefined): AuthProfileStore {
-  return ensureAuthProfileStore(agentDir?.trim() || resolveOpenClawAgentDir(), {
+function loadCodexAppServerAuthProfileStore(
+  agentDir: string | undefined,
+  config?: ProviderAuthAliasConfig,
+): AuthProfileStore {
+  return ensureAuthProfileStore(agentDir?.trim() || resolveDefaultAgentDir(config ?? {}), {
     allowKeychainPrompt: false,
   });
 }
 
@@ -11,7 +11,7 @@ const mocks = vi.hoisted(() => ({
   ),
   resolveManagedCodexAppServerStartOptions: vi.fn(async (startOptions) => startOptions),
   embeddedAgentLog: { debug: vi.fn(), warn: vi.fn() },
-  resolveOpenClawAgentDir: vi.fn(() => "/tmp/openclaw-agent"),
+  resolveDefaultAgentDir: vi.fn(() => "/tmp/openclaw-agent"),
 }));
 
 vi.mock("./auth-bridge.js", () => ({
@@ -29,8 +29,8 @@ vi.mock("openclaw/plugin-sdk/agent-harness-runtime", () => ({
   OPENCLAW_VERSION: "test",
 }));
 
-vi.mock("openclaw/plugin-sdk/provider-auth", () => ({
-  resolveOpenClawAgentDir: mocks.resolveOpenClawAgentDir,
+vi.mock("openclaw/plugin-sdk/agent-runtime", () => ({
+  resolveDefaultAgentDir: mocks.resolveDefaultAgentDir,
 }));
 
 let listCodexAppServerModels: typeof import("./models.js").listCodexAppServerModels;
@@ -81,7 +81,7 @@ describe("shared Codex app-server client", () => {
     );
     mocks.embeddedAgentLog.debug.mockClear();
     mocks.embeddedAgentLog.warn.mockClear();
-    mocks.resolveOpenClawAgentDir.mockClear();
+    mocks.resolveDefaultAgentDir.mockClear();
   });
 
   it("closes the shared app-server when the version gate fails", async () => {
 
@@ -1,4 +1,4 @@
-import { resolveOpenClawAgentDir } from "openclaw/plugin-sdk/provider-auth";
+import { resolveDefaultAgentDir } from "openclaw/plugin-sdk/agent-runtime";
 import {
   applyCodexAppServerAuthProfile,
   bridgeCodexAppServerStartOptions,
@@ -37,7 +37,7 @@ export async function getSharedCodexAppServerClient(options?: {
   config?: Parameters<typeof resolveCodexAppServerAuthProfileIdForAgent>[0]["config"];
 }): Promise<CodexAppServerClient> {
   const state = getSharedCodexAppServerClientState();
-  const agentDir = options?.agentDir ?? resolveOpenClawAgentDir();
+  const agentDir = options?.agentDir ?? resolveDefaultAgentDir(options?.config ?? {});
   const authProfileId = resolveCodexAppServerAuthProfileIdForAgent({
     authProfileId: options?.authProfileId,
     agentDir,
@@ -104,7 +104,7 @@ export async function createIsolatedCodexAppServerClient(options?: {
   agentDir?: string;
   config?: Parameters<typeof resolveCodexAppServerAuthProfileIdForAgent>[0]["config"];
 }): Promise<CodexAppServerClient> {
-  const agentDir = options?.agentDir ?? resolveOpenClawAgentDir();
+  const agentDir = options?.agentDir ?? resolveDefaultAgentDir(options?.config ?? {});
   const authProfileId = resolveCodexAppServerAuthProfileIdForAgent({
     authProfileId: options?.authProfileId,
     agentDir,
 
@@ -12,7 +12,7 @@ const agentRuntimeMocks = vi.hoisted(() => ({
   loadAuthProfileStoreForSecretsRuntime: vi.fn(),
   resolveApiKeyForProfile: vi.fn(),
   resolveAuthProfileOrder: vi.fn(),
-  resolveOpenClawAgentDir: vi.fn(() => "/agent"),
+  resolveDefaultAgentDir: vi.fn(() => "/agent"),
   resolvePersistedAuthProfileOwnerAgentDir: vi.fn(),
   resolveProviderIdForAuth: vi.fn((provider: string) => provider),
   saveAuthProfileStore: vi.fn(),
@@ -40,7 +40,7 @@ describe("codex conversation binding", () => {
     agentRuntimeMocks.loadAuthProfileStoreForSecretsRuntime.mockReset();
     agentRuntimeMocks.resolveApiKeyForProfile.mockReset();
     agentRuntimeMocks.resolveAuthProfileOrder.mockReset();
-    agentRuntimeMocks.resolveOpenClawAgentDir.mockClear();
+    agentRuntimeMocks.resolveDefaultAgentDir.mockClear();
     agentRuntimeMocks.resolvePersistedAuthProfileOwnerAgentDir.mockReset();
     agentRuntimeMocks.resolveProviderIdForAuth.mockClear();
     agentRuntimeMocks.saveAuthProfileStore.mockReset();
@@ -53,7 +53,7 @@ describe("codex conversation binding", () => {
       profiles: {},
     });
     agentRuntimeMocks.resolveAuthProfileOrder.mockReturnValue([]);
-    agentRuntimeMocks.resolveOpenClawAgentDir.mockReturnValue("/agent");
+    agentRuntimeMocks.resolveDefaultAgentDir.mockReturnValue("/agent");
     agentRuntimeMocks.resolveProviderIdForAuth.mockImplementation((provider: string) => provider);
   });