context1m beta header stripped for OAuth token auth — breaks Max plan users

[dagny-holland]

Bug Description

OpenClaw strips the anthropic-beta: max-model-output-200k-2025-02-19 (context1m) header when the Anthropic auth profile uses OAuth token mode (mode: token). The log emits:

ignoring context1m for OAuth token auth on anthropic/claude-opus-4-6; Anthropic rejects context-1m beta with OAuth auth

This fires on every single request, regardless of model or context size.

Impact

• Users on the Anthropic Max plan who authenticate via OAuth tokens cannot use extended context (>200K), even though their plan supports it.
• Under Anthropic API stress/enforcement periods, these requests may be rate-limited or rejected more aggressively because they lack the proper beta header.
• The warning fires continuously in logs (every few seconds during active sessions), creating log noise.
• Sessions that build up context over time hit 429 rate limits and become unresponsive, requiring manual session store deletion to recover.

Environment

• OpenClaw version: 2026.3.13 (61d171a) — also confirmed present in 2026.3.28
• OS: macOS (Darwin arm64)
• Node: v22.22.0
• Auth config:

{
  "auth": {
    "profiles": {
      "anthropic:manual": {
        "provider": "anthropic",
        "mode": "token"
      }
    }
  }
}

• Model: anthropic/claude-opus-4-6 (also fires for claude-sonnet-4-6)
• Plan: Anthropic Max (supports extended context)

Expected Behavior

The context1m beta header should be sent for OAuth token auth users, or at minimum there should be a config override (e.g., forceContext1m: true or anthropicBeta: ["max-model-output-200k-2025-02-19"]) that allows Max plan users to opt in.

Actual Behavior

The header is unconditionally stripped for all OAuth token auth profiles. No config override exists.

Reproduction

1. Configure Anthropic provider with mode: token (OAuth)
2. Start a session and send any message
3. Observe the warning in logs: ignoring context1m for OAuth token auth
4. As the session grows in context, requests begin hitting 429 rate limits
5. Eventually the session becomes unresponsive — only recoverable by deleting sessions.json and restarting

Suggested Fix

Either:

1. Pass the context1m header through for OAuth token auth (Anthropic's API may now accept it for Max plan tokens)
2. Add a provider-level config option to force the beta header regardless of auth mode
3. Add an auth profile flag like context1m: true that overrides the stripping behavior

Workaround

Delete ~/.openclaw/agents/main/sessions/sessions.json and restart the gateway when sessions become unresponsive. This is not sustainable for production use.

[steipete]

Closing this as not reproducible on current main after Codex review.

Current main treats mode: token / sk-ant-oat-* Anthropic auth as ineligible for the 1M context beta by design. The code, docs, troubleshooting guide, and shipped changelog all align on stripping context-1m-* for OAuth/subscription tokens and falling back to the standard context window, so this March 2026 bug report is obsolete against today's supported Anthropic paths.

What I checked:

• Current runtime behavior: The Anthropic stream wrapper still detects OAuth-style sk-ant-oat-* auth, removes the context-1m-* beta, and logs that OpenClaw is falling back because Anthropic rejects that combination. (extensions/anthropic/stream-wrappers.ts:115, c65aa1d2a6e5)
• Provider docs now define this as unsupported for legacy token auth: The Anthropic provider docs say the 1M context beta requires a credential with long-context access and explicitly warn that legacy token auth (sk-ant-oat-*) is rejected for 1M context requests, so OpenClaw falls back to the standard context window. Public docs: docs/providers/anthropic.md. (docs/providers/anthropic.md:244, c65aa1d2a6e5)
• Troubleshooting and token docs point users to supported credentials instead: Current docs say long-context failures should be handled by disabling context1m, switching to a credential eligible for long-context requests, or using an Anthropic API key; the token-use reference also says OpenClaw skips context-1m-* for OAuth/subscription tokens because Anthropic rejects that combination with HTTP 401. Public docs: docs/reference/token-use.md. (docs/reference/token-use.md:199, c65aa1d2a6e5)
• Shipped changelog matches the intentional behavior: The changelog records a shipped Anthropic fix to skip context-1m-* beta injection for OAuth/subscription tokens specifically to avoid Anthropic 401 failures when params.context1m is enabled. (CHANGELOG.md:4465, c65aa1d2a6e5)
• Related PR discussion was later withdrawn as no longer needed: The linked PR [AI-assisted] fix(anthropic): restore OAuth beta header injection after extension refactor #59445 was closed unmerged, and its final issue comment says: "Created before Anthropics policies on using subscriptions with OpenClaw were updated. Not needed anymore." That directly addresses the issue timeline's linked follow-up.

Review notes: reviewed against c65aa1d2a6e5.