openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/cli/index.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/cli/index.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/gateway/secrets.md‎
Lines changed: 3 additions & 0 deletions b/‎docs/gateway/secrets.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/web/control-ui.md‎
Lines changed: 4 additions & 1 deletion b/‎docs/web/control-ui.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎extensions/discord/src/config-ui-hints.ts‎
Lines changed: 1 addition & 0 deletions b/‎extensions/discord/src/config-ui-hints.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/config/redact-snapshot.restore.test.ts‎
Lines changed: 104 additions & 6 deletions b/‎src/config/redact-snapshot.restore.test.ts‎
Lines changed: 104 additions & 6 deletions
diff --git a/‎src/config/redact-snapshot.test.ts‎
Lines changed: 20 additions & 13 deletions b/‎src/config/redact-snapshot.test.ts‎
Lines changed: 20 additions & 13 deletions
@@ -128,6 +128,7 @@ Docs: https://docs.openclaw.ai
 - Matrix/direct rooms: recover fresh auto-joined 1:1 DMs without eagerly persisting invite-only `m.direct` mappings, while keeping named, aliased, and explicitly configured rooms on the room path. (#58024) Thanks @gumadeiras.
 - TTS: Restore 3.28 schema compatibility and fallback observability. (#57953) Thanks @joshavant.
 - Telegram/forum topics: restore reply routing to the active topic and keep ACP `sessions_spawn(..., thread=true, mode="session")` bound to that same topic instead of falling back to root chat or losing follow-up routing. (#56060) Thanks @one27001.
+- Config/SecretRef + Control UI: harden SecretRef redaction round-trip restore, block unsafe raw fallback (force Form mode when raw is unavailable), and preflight submitted-config SecretRefs before config write RPC persistence. (#58044) Thanks @joshavant.
 
 ## 2026.3.28
 
 
@@ -905,12 +905,14 @@ Subcommands:
 
 Common RPCs:
 
+- `config.set` (validate + write full config; use `baseHash` for optimistic concurrency)
 - `config.apply` (validate + write config + restart + wake)
 - `config.patch` (merge a partial update + restart + wake)
 - `update.run` (run update + restart + wake)
 
 Tip: when calling `config.set`/`config.apply`/`config.patch` directly, pass `baseHash` from
 `config.get` if a config already exists.
+Tip: these config write RPCs preflight active SecretRef resolution for refs in the submitted config payload and reject writes when an effectively active submitted ref is unresolved.
 
 ## Models
 
 
@@ -364,6 +364,7 @@ Runtime-minted or rotating credentials and OAuth refresh material are intentiona
 - Field without a ref: unchanged.
 - Field with a ref: required on active surfaces during activation.
 - If both plaintext and ref are present, ref takes precedence on supported precedence paths.
+- The redaction sentinel `__OPENCLAW_REDACTED__` is reserved for internal config redaction/restore and is rejected as literal submitted config data.
 
 Warning and audit signals:
 
@@ -383,12 +384,14 @@ Secret activation runs on:
 - Config reload hot-apply path
 - Config reload restart-check path
 - Manual reload via `secrets.reload`
+- Gateway config write RPC preflight (`config.set` / `config.apply` / `config.patch`) for active-surface SecretRef resolvability within the submitted config payload before persisting edits
 
 Activation contract:
 
 - Success swaps the snapshot atomically.
 - Startup failure aborts gateway startup.
 - Runtime reload failure keeps the last-known-good snapshot.
+- Write-RPC preflight failure rejects the submitted config and keeps both disk config and active runtime snapshot unchanged.
 - Providing an explicit per-call channel token to an outbound helper/tool call does not trigger SecretRef activation; activation points remain startup, reload, and explicit `secrets.reload`.
 
 ## Degraded and recovered signals
 
@@ -87,7 +87,10 @@ The Control UI can localize itself on first load based on your browser locale, a
 - Config: view/edit `~/.openclaw/openclaw.json` (`config.get`, `config.set`)
 - Config: apply + restart with validation (`config.apply`) and wake the last active session
 - Config writes include a base-hash guard to prevent clobbering concurrent edits
-- Config schema + form rendering (`config.schema`, including plugin + channel schemas); Raw JSON editor remains available
+- Config writes (`config.set`/`config.apply`/`config.patch`) also preflight active SecretRef resolution for refs in the submitted config payload; unresolved active submitted refs are rejected before write
+- Config schema + form rendering (`config.schema`, including plugin + channel schemas); Raw JSON editor is available only when the snapshot has a safe raw round-trip
+- If a snapshot cannot safely round-trip raw text, Control UI forces Form mode and disables Raw mode for that snapshot
+- Structured SecretRef object values are rendered read-only in form text inputs to prevent accidental object-to-string corruption
 - Debug: status/health/models snapshots + event log + manual RPC calls (`status`, `health`, `models.list`)
 - Logs: live tail of gateway file logs with filter/export (`logs.tail`)
 - Update: run a package/git update + restart (`update.run`) with a restart report
 
@@ -192,5 +192,6 @@ export const discordChannelConfigUiHints = {
   token: {
     label: "Discord Bot Token",
     help: "Discord bot token used for gateway and REST API authentication for this provider account. Keep this secret out of committed config and rotate immediately after any leak.",
+    sensitive: true,
   },
 } satisfies Record<string, ChannelConfigUiHint>;
@@ -121,7 +121,7 @@ describe("restoreRedactedValues", () => {
     expect(result.humanReadableMessage).toContain("channels.newChannel.token");
   });
 
-  it("keeps unmatched wildcard array entries unchanged outside extension paths", () => {
+  it("rejects sentinel literals that survive restore", () => {
     const hints: ConfigUiHints = {
       "custom.*": { sensitive: true },
     };
@@ -131,8 +131,9 @@ describe("restoreRedactedValues", () => {
     const original = {
       custom: { items: ["original-secret-value"] },
     };
-    const result = restoreRedactedValues(incoming, original, hints) as typeof incoming;
-    expect(result.custom.items[0]).toBe(REDACTED_SENTINEL);
+    const result = restoreRedactedValues_orig(incoming, original, hints);
+    expect(result.ok).toBe(false);
+    expect(result.humanReadableMessage).toContain("Reserved redaction sentinel");
   });
 
   it("round-trips config through redact → restore", () => {
@@ -183,7 +184,7 @@ describe("restoreRedactedValues", () => {
     expect(restored).toEqual(originalConfig);
   });
 
-  it("restores with uiHints respecting sensitive:false override", () => {
+  it("rejects sentinel literals even when uiHints mark the path non-sensitive", () => {
     const hints: ConfigUiHints = {
       "gateway.auth.token": { sensitive: false },
     };
@@ -193,8 +194,9 @@ describe("restoreRedactedValues", () => {
     const original = {
       gateway: { auth: { token: "real-secret" } },
     };
-    const result = restoreRedactedValues(incoming, original, hints) as typeof incoming;
-    expect(result.gateway.auth.token).toBe(REDACTED_SENTINEL);
+    const result = restoreRedactedValues_orig(incoming, original, hints);
+    expect(result.ok).toBe(false);
+    expect(result.humanReadableMessage).toContain("Reserved redaction sentinel");
   });
 
   it("restores array items using wildcard uiHints", () => {
@@ -225,4 +227,100 @@ describe("restoreRedactedValues", () => {
     expect(result.channels.slack.accounts[0].botToken).toBe("original-token-first-account");
     expect(result.channels.slack.accounts[1].botToken).toBe("user-provided-new-token-value");
   });
+
+  it("restores redacted SecretRef ids for channels token paths", () => {
+    const hints: ConfigUiHints = {
+      "channels.discord.token": { sensitive: true },
+    };
+    const incoming = {
+      channels: {
+        discord: {
+          token: {
+            source: "env",
+            provider: "default",
+            id: REDACTED_SENTINEL,
+          },
+        },
+      },
+    };
+    const original = {
+      channels: {
+        discord: {
+          token: {
+            source: "env",
+            provider: "default",
+            id: "DISCORD_BOT_TOKEN",
+          },
+        },
+      },
+    };
+    const result = restoreRedactedValues(incoming, original, hints);
+    expect(result.channels.discord.token).toEqual({
+      source: "env",
+      provider: "default",
+      id: "DISCORD_BOT_TOKEN",
+    });
+  });
+
+  it("rejects SecretRef source/provider changes when id is still redacted", () => {
+    const incoming = {
+      models: {
+        providers: {
+          default: {
+            apiKey: {
+              source: "file",
+              provider: "vault",
+              id: REDACTED_SENTINEL,
+            },
+          },
+        },
+      },
+    };
+    const original = {
+      models: {
+        providers: {
+          default: {
+            apiKey: {
+              source: "env",
+              provider: "default",
+              id: "OPENAI_API_KEY",
+            },
+          },
+        },
+      },
+    };
+    const result = restoreRedactedValues_orig(incoming, original, mainSchemaHints);
+    expect(result.ok).toBe(false);
+    expect(result.humanReadableMessage).toContain("changed source/provider");
+  });
+
+  it("reports a provider-focused error when original SecretRefs lack provider", () => {
+    const incoming = {
+      models: {
+        providers: {
+          default: {
+            apiKey: {
+              source: "env",
+              id: REDACTED_SENTINEL,
+            },
+          },
+        },
+      },
+    };
+    const original = {
+      models: {
+        providers: {
+          default: {
+            apiKey: {
+              source: "env",
+              id: "OPENAI_API_KEY",
+            },
+          },
+        },
+      },
+    };
+    const result = restoreRedactedValues_orig(incoming, original, mainSchemaHints);
+    expect(result.ok).toBe(false);
+    expect(result.humanReadableMessage).toContain("requires a provider field");
+  });
 });
@@ -317,7 +317,7 @@ describe("redactConfigSnapshot", () => {
     expect(result.raw).toContain(REDACTED_SENTINEL);
   });
 
-  it("keeps non-sensitive raw fields intact when secret values overlap", () => {
+  it("drops raw text when overlap fallback triggers", () => {
     const config = {
       gateway: {
         mode: "local",
@@ -326,12 +326,13 @@ describe("redactConfigSnapshot", () => {
     };
     const snapshot = makeSnapshot(config, JSON.stringify(config));
     const result = redactConfigSnapshot(snapshot, mainSchemaHints);
-    const parsed: {
+    expect(result.raw).toBeNull();
+    const cfg = result.config as {
       gateway?: { mode?: string; auth?: { password?: string } };
-    } = JSON5.parse(result.raw ?? "{}");
-    expect(parsed.gateway?.mode).toBe("local");
-    expect(parsed.gateway?.auth?.password).toBe(REDACTED_SENTINEL);
-    const restored = restoreRedactedValues(parsed, snapshot.config, mainSchemaHints);
+    };
+    expect(cfg.gateway?.mode).toBe("local");
+    expect(cfg.gateway?.auth?.password).toBe(REDACTED_SENTINEL);
+    const restored = restoreRedactedValues(result.config, snapshot.config, mainSchemaHints);
     expect(restored.gateway.mode).toBe("local");
     expect(restored.gateway.auth.password).toBe("local");
   });
@@ -373,13 +374,19 @@ describe("redactConfigSnapshot", () => {
     };
     const snapshot = makeSnapshot(config, JSON.stringify(config, null, 2));
     const result = redactConfigSnapshot(snapshot, mainSchemaHints);
-    const parsed = JSON5.parse(result.raw ?? "{}");
-    expect(parsed.gateway?.mode).toBe("default");
-    expect(parsed.gateway?.auth?.password).toBe(REDACTED_SENTINEL);
-    expect(parsed.models?.providers?.default?.apiKey?.source).toBe("env");
-    expect(parsed.models?.providers?.default?.apiKey?.provider).toBe("default");
-    expect(result.raw).not.toContain("OPENAI_API_KEY");
-    const restored = restoreRedactedValues(parsed, snapshot.config, mainSchemaHints);
+    expect(result.raw).toBeNull();
+    const cfg = result.config as {
+      gateway?: { mode?: string; auth?: { password?: string } };
+      models?: {
+        providers?: { default?: { apiKey?: { source?: string; provider?: string; id?: string } } };
+      };
+    };
+    expect(cfg.gateway?.mode).toBe("default");
+    expect(cfg.gateway?.auth?.password).toBe(REDACTED_SENTINEL);
+    expect(cfg.models?.providers?.default?.apiKey?.source).toBe("env");
+    expect(cfg.models?.providers?.default?.apiKey?.provider).toBe("default");
+    expect(cfg.models?.providers?.default?.apiKey?.id).toBe(REDACTED_SENTINEL);
+    const restored = restoreRedactedValues(result.config, snapshot.config, mainSchemaHints);
     expect(restored).toEqual(snapshot.config);
   });