Feature: `openclaw doctor --config-diff` for upgrade-safe config migration

[shawny011717]

Problem

After upgrading OpenClaw across minor versions, community-recommended config patterns silently become invalid — they don't crash the gateway, but they don't work either. The user has no way to know which config keys from a previous version are still supported, which are renamed, and which are removed.

Real-world example

I upgraded from 2026.2.25 → 2026.3.2. Based on GitHub issues and community discussions, I applied these "recommended" optimizations:

"compaction": { "mode": "aggressive", "threshold": 0.70, "targetTokens": 30000 },
"session": { "reset": { "idleMinutes": 120 }, "maintenance": { "mode": "enforce", "maxEntries": 800 } }

Result:

• compaction.mode only accepts default or safeguard in 2026.3.2 — aggressive was silently ignored
• compaction.threshold and targetTokens are not recognized fields — silently ignored
• The entire agents.defaults.session block is not in the schema — silently ignored
• heartbeat.every: "0m" — flagged as invalid duration at runtime but accepted in the JSON file

The config file was valid JSON, openclaw config validate passed (it only checks JSON syntax + known keys), but the intended optimizations were never applied. The system ran with default compaction while I believed it was running aggressive compaction — leading to continued context bloat that I spent hours debugging.

Why config validate isn't enough

config validate confirms the file is parseable and known keys have valid types. It does not:

• Warn about keys that exist in the file but aren't in the current schema
• Show what changed between the version that last touched the config and the current version
• Suggest migration paths for deprecated or renamed keys

Proposal

Add a --config-diff flag to openclaw doctor:

openclaw doctor --config-diff

Output:

Config Schema Diff: 2026.2.25 → 2026.3.2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚠️  Unrecognized keys (3 found):
  agents.defaults.compaction.threshold    — not in 2026.3.2 schema
  agents.defaults.compaction.targetTokens — not in 2026.3.2 schema
  agents.defaults.session                 — not in 2026.3.2 schema (entire block)

⚠️  Invalid enum values (1 found):
  agents.defaults.compaction.mode = "aggressive"
    Valid values: "default", "safeguard"

ℹ️  New keys available in 2026.3.2 (not in your config):
  agents.defaults.bootstrapMaxChars       — limits per-file workspace injection (recommended)
  agents.defaults.bootstrapTotalMaxChars  — limits total workspace injection

💡 Migration suggestions:
  • compaction.mode "aggressive" → use "safeguard" (aggressive not yet implemented, see #7477)
  • session management → use cron-based session reset instead (see docs)

Run `openclaw doctor --config-diff --fix` to auto-apply safe migrations.

Why this matters for the community:

1. Config advice drifts faster than docs. GitHub issues, Reddit posts, and Discord tips reference config keys from specific versions. Users copy-paste these without knowing they may not apply to their version. This is the fix: add @lid format support and allowFrom wildcard handling #1 source of "my optimization didn't work" confusion.

2. Upgrades are silent. Unlike npm (which shows breaking changes) or Docker (which warns about deprecated flags), OpenClaw upgrades don't surface config incompatibilities. The gateway starts fine, the config looks fine, but the behavior isn't what the user intended.

3. Complements Feature Request: Configuration Validation on Startup #32906. Issue Feature Request: Configuration Validation on Startup #32906 proposes startup validation. This proposal goes further by providing actionable migration guidance — not just "this key is bad" but "here's what to use instead and why."

4. Reduces support burden. A significant portion of "my agent is slow / expensive / broken after upgrade" reports likely stem from stale config. A self-service migration tool would prevent these.

Implementation sketch

• Store schema snapshots per version in schemas/ (already partially exists for config validate)
• doctor --config-diff compares meta.lastTouchedVersion schema against current version schema
• Diff output categorized: removed keys, renamed keys, new keys, changed enum values
• --fix flag applies safe auto-migrations (enum corrections, key renames) with backup

Environment

• OpenClaw 2026.3.2, macOS
• Upgraded from 2026.2.25 (config last valid at that version)

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 12, 2026, 3:40 PM ET / 19:40 UTC.

Summary
The central capability remains absent: doctor can lint current config and apply explicit migrations, but it cannot compare the config's last-touched version with historical schemas or provide release-to-release migration guidance. The request aligns with doctor-owned upgrade safety, yet the proposed schema-snapshot design needs a maintainer product decision because it could duplicate the canonical migration contracts.

Reproducibility: not applicable. as a feature request. Source inspection does provide high-confidence confirmation that current main lacks the requested historical config-diff mode.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Include redacted logs or terminal output.

Next step
Maintainers need to choose the canonical upgrade-report contract and decide whether historical schemas have a supported release lifecycle before implementation.

Review details

Best possible solution:

Make explicit core and plugin doctor migration rules the canonical source, then expose a read-only upgrade report and previewable safe rewrites from those rules and current validation; add historical schema artifacts only if maintainers define their release lifecycle and non-semantic scope.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature request. Source inspection does provide high-confidence confirmation that current main lacks the requested historical config-diff mode.

Is this the best way to solve the issue?

No, not exactly as proposed. A doctor report derived from explicit migration contracts is narrower and safer than inferring actionable migrations from archived schema differences alone.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• Maintaining full schemas for every release could become a second compatibility source of truth that drifts from explicit core and plugin doctor migrations.
• A raw schema diff cannot reliably infer semantic replacements, safe enum substitutions, or whether a newly available key is recommended for a particular user.

Codex review notes: model internal, reasoning high; reviewed against e3a6da0f5181.

Label changes

Label changes:

• remove clawsweeper:fix-shape-clear: Current issue advisory state no longer selects this label.

Label justifications:

• P3: This is a useful but non-urgent upgrade-safety and CLI ergonomics feature that still needs product design.
• impact:session-state: Stale compaction or session configuration can make context and session behavior differ from the operator's intended settings.

Evidence reviewed

What I checked:

• Current CLI lacks config diff mode: The registered doctor options include repair, lint, and post-upgrade probes, but no config-diff or historical-schema comparison flag. (src/cli/program/register.maintenance.ts:18, e3a6da0f5181)
• Current docs define adjacent modes only: Doctor is documented with inspect, repair, lint, and post-upgrade behavior; none provides release-to-release config schema comparison or lists newly available keys. Public docs: docs/cli/doctor.md. (docs/cli/doctor.md:25, e3a6da0f5181)
• Explicit migrations are the current contract: Core doctor normalizes legacy config and plugin doctor contracts expose legacyConfigRules and normalizeCompatibilityConfig, so actionable upgrades currently come from owned migrations rather than inferred schema history. (src/plugins/doctor-contract-registry.ts:30, e3a6da0f5181)
• Config version metadata exists: Config writes retain meta.lastTouchedVersion, providing a possible version anchor, but source inspection found no historical schema store or comparison consumer. (src/config/io.ts, e3a6da0f5181)
• Related dry-run work is narrower: The open issue and PR at [Feature] Doctor dry-run / diff mode #79166 and feat(doctor): add --dry-run flag to preview config changes without applying #79734 preview mutations proposed by doctor --fix; they do not own historical schema comparison or new-key recommendations.
• Vision supports the problem boundary: VISION.md requires doctor migrations when config changes invalidate existing files and keeps runtime on the current canonical schema, supporting upgrade diagnostics while discouraging parallel compatibility paths. (VISION.md:32, e3a6da0f5181)

Likely related people:

• giodl73-repo: Authored the merged doctor health-check and lint contract that established the closest current detection/repair foundation. (role: feature introducer; confidence: high; commits: 9a5f2f61e76f; files: src/flows/doctor-lint-flow.ts, src/flows/doctor-repair-flow.ts, docs/cli/doctor.md)
• smonett: Owns the open doctor dry-run issue and proposed mutation-preview PR, which overlaps the preview portion but not historical schema guidance. (role: adjacent feature contributor; confidence: medium; commits: 8b01527c16cf; files: src/commands/doctor/finalize-config-flow.ts, src/commands/doctor-config-flow.ts, docs/cli/doctor.md)
• Shakker: The available shallow checkout attributes the latest doctor documentation surface to this contributor, although deeper local provenance is unavailable. (role: recent area contributor; confidence: low; commits: 0fc2faa0f48a; files: docs/cli/doctor.md)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.