[Bug]: agents.defaults.models allowlist changes not applied on hot-reload

[rcaferraz]

Bug type

Behavior bug (incorrect output/state without crash)

Summary

When agents.defaults.models is modified in openclaw.json (e.g. removing a model from the allowlist), the gateway detects the config change but does not apply it at runtime. The stale model list keeps being served to clients (e.g. /models on Telegram).

Steps to reproduce

1. Have a model (e.g. openrouter/minimax/minimax-m2.5) in agents.defaults.models
2. Remove it from the config file
3. Observe the gateway log:

   config change detected; evaluating reload (agents.defaults.models.openrouter/minimax/minimax-m2.5 ...)
   config hot reload applied (agents.defaults.heartbeat)
   

4. Send /models on Telegram — the removed model still appears
5. Send /reset on Telegram — the session may pick up the removed model as active

Expected behavior

• Removing a model from agents.defaults.models should take effect immediately (or at least on gateway restart)
• /reset should never select a model that is no longer in the allowlist

Actual behavior

• Hot-reload detects the change but only applies heartbeat and a few other fields — agents.defaults.models is silently skipped
• Even after a full gateway restart, a model stored in sessions.json (from a previous /model selection) can be restored by /reset, bypassing the allowlist entirely

OpenClaw version

2026.3.2

Operating system

Ubuntu 22.04 LTS

Install method

npm global

Logs, screenshots, and evidence

Impact and severity

• Affected: Any user who removes a model from agents.defaults.models via config edit; particularly visible on Telegram (and likely any channel with /models and /reset commands)
• Severity: Annoying to workflow-blocking — the unwanted model keeps being selected even after explicit removal, requiring manual intervention in internal JSON files to fix
• Frequency: Always reproducible — every /reset after removing a model from the allowlist will restore the stale model until sessions.json is manually patched
• Consequence: User is silently served a model they explicitly don't want, with no error or warning. The only indication is noticing degraded response quality or checking /model. Recovery requires knowing to manually edit sessions.json, which is not documented anywhere.

Additional information

Workaround

1. Remove model from agents.defaults.models in config
2. Manually clear model, modelOverride, and modelProvider from all affected session entries in ~/.openclaw/agents/main/sessions/sessions.json
3. Restart gateway

Suggestion

• Make agents.defaults.models hot-reloadable, OR clearly document it requires a restart
• On /reset, validate the stored session model against the current allowlist before using it

[Dingding-leo]

This is a persistent config bug - model allowlist changes don't take effect.

Root cause:

1. Hot-reload detects changes but doesn't apply agents.defaults.models
2. /reset restores stale session model without validating against current allowlist

Fix:

1. Make models hot-reloadable:

// In config hot-reload:
if (changedPaths.some(p => p.startsWith("agents.defaults.models"))) {
  reloadModelsList();
}

2. Validate on /reset:

// Before using session model:
const allowlist = config.agents.defaults.models ?? [];
if (!allowlist.includes(session.model)) {
  session.model = config.agents.defaults.model.primary;  // Reset to default
}

Impact: Users explicitly removing models still get them served - confusing and workflow-blocking.

Workaround noted in issue is correct: Manually clear session JSON.

[hclsys]

Fix submitted in #33606.

Root cause: reload plan has a rule for agents.defaults.model (singular) but not agents.defaults.models (plural). The prefix-match check requires path.startsWith(prefix + "."), so agents.defaults.models does NOT match agents.defaults.model. — the next char is s, not .. Falls through to the catch-all agents tail rule (kind=none → silently ignored).

@steipete