Setup wizard persists Symbol(clack:cancel) as token when user cancels manual token entry

[chrisfonte]

Bug Report

Summary

When the setup wizard prompts for a manual API token and the user cancels the prompt (Ctrl+C / Escape), the clack library's cancel symbol (Symbol(clack:cancel)) is coerced to the string "Symbol(clack:cancel)" and written to auth-profiles.json as the token value. The profile entry persists with this bogus string rather than being discarded.

Behavior

In auth-profiles.json, the resulting entry looks like:

"openai:manual": {
  "type": "token",
  "provider": "openai",
  "token": "Symbol(clack:cancel)"
}

Impact

If openclaw ever selects this profile as a fallback (e.g., when a primary auth provider is temporarily unavailable), it sends Symbol(clack:cancel) as the Bearer token and receives a 401:

openai embeddings failed: 401 {
  "error": {
    "message": "Incorrect API key provided: Symbol(c********cel).",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}

In our case: BWS (Bitwarden Secrets) was temporarily degraded → Gemini embedding auth failed → openclaw fell back to openai:manual → 401 from OpenAI embeddings API.

Expected Behavior

When the user cancels token entry during the wizard, the profile should either:

1. Not be written to auth-profiles.json at all, or
2. Be written with token: null and skipped when selected (no 401 attempt)

Steps to Reproduce

1. Run openclaw configure (or equivalent wizard)
2. When prompted to enter a manual API token for any provider, press Ctrl+C or Escape
3. Check ~/.openclaw/agents/<agent>/agent/auth-profiles.json
4. The profile entry will have "token": "Symbol(clack:cancel)"

Environment

• OpenClaw version: 2026.3.2
• macOS Darwin 24.3.0 arm64

Workaround

Manually null out the token in all affected auth-profiles.json files:

import json, glob
for f in glob.glob('/path/to/.openclaw/agents/*/agent/auth-profiles.json'):
    with open(f) as fh: data = json.load(fh)
    for profile in data.get('profiles', {}).values():
        if profile.get('token') == 'Symbol(clack:cancel)':
            profile['token'] = None
    with open(f, 'w') as fh: json.dump(data, fh, indent=2)

[BlueBirdBack]

Nice catch. I hit this too.

Temporary cleanup for all agents:

find ~/.openclaw/agents -path "*/agent/auth-profiles.json" -print0 | \
while IFS= read -r -d "" f; do
  cp "$f" "$f.bak"
  python3 - "$f" <<"PY"
import json,sys
p=sys.argv[1]
d=json.load(open(p))
changed=False
for prof in (d.get("profiles") or {}).values():
    if prof.get("token") == "Symbol(clack:cancel)":
        prof["token"] = None
        changed=True
if changed:
    json.dump(d, open(p,"w"), indent=2)
    open(p,"a").write("\n")
    print("fixed", p)
PY
done

Then restart gateway.

+1 on your expected behavior: cancel should not create a usable token value at all.

[newcodebook]

Nice repro. The immediate cleanup path is to null out every poisoned manual-token entry, then restart the gateway.

1. Fix all token: "Symbol(clack:cancel)" entries under auth-profiles.json and keep backups:

find ~/.openclaw/agents -path '*/agent/auth-profiles.json' -print0 | while IFS= read -r -d '' f; do
  cp "$f" "$f.bak"
  python3 - "$f" <<'PY'
import json, sys
p = sys.argv[1]
with open(p) as fh:
    data = json.load(fh)
changed = False
for prof in (data.get('profiles') or {}).values():
    if prof.get('token') == 'Symbol(clack:cancel)':
        prof['token'] = None
        changed = True
if changed:
    with open(p, 'w') as fh:
        json.dump(data, fh, indent=2)
        fh.write('\n')
    print('fixed', p)
PY
done

2. Restart the gateway:

openclaw gateway restart

Why this helps: fallback auth can select that poisoned profile later and send Symbol(clack:cancel) as a real bearer token, which turns a temporary auth hiccup into a persistent 401.

If it still picks the wrong profile afterward, the next useful detail is the sanitized auth-profiles.json for the affected agent.

Related:

• Onboarding skips Model/Auth setup (agent unresponsive after install)
• OpenClaw Not Responding: Fix 'no output', Incorrect API, Rate Limits, and Silent Failures

[steipete]

Resolved on main via 2ada1b71b (landed from #38951).

What shipped:

• cancelled token prompts are guarded so cancel symbols are not persisted as auth tokens
• regression test added for cancelled models auth paste-token flow

Closing as fixed.