EPERM on auth-profiles.json causes full gateway failure cascade (Windows)

[Hag-Fish]

Bug Report: EPERM on auth-profiles.json causes full gateway failure cascade

Summary

auth-profiles.json can acquire a Windows ReadOnly attribute during concurrent config writes, causing every LLM request to fail with EPERM: operation not permitted. The error is treated as fatal rather than non-fatal, which cascades through the fallback chain and makes the gateway completely unresponsive.

Environment

• OpenClaw: 2026.4.5 (3e72c03)
• OS: Windows 11 (10.0.26200, x64)
• Node: v24.14.1
• Providers: Anthropic (claude-opus-4-6), Ollama (glm-4.7-flash, gemma4:26b)

Steps to Reproduce

1. Have a running gateway with Anthropic as primary model and Ollama as fallback (or vice versa)
2. Add a new Ollama model to the config while the gateway is running (e.g., adding gemma4:26b to openclaw.json models list)
3. The gateway hot-reloads the config and updates models.json and auth-profiles.json
4. Under certain timing conditions, auth-profiles.json acquires the Windows ReadOnly file attribute
5. All subsequent LLM requests fail

Observed Behavior

Once ReadOnly is set on auth-profiles.json:

1. Every LLM request attempts to write to auth-profiles.json (via markAuthProfileGood)
2. The atomic write (copyFileSync from .tmp to target) fails with EPERM
3. This error is treated as a request-level failure, not just a profile-save failure
4. The fallback system activates: primary model (e.g., ollama/glm-4.7-flash) → fallback model (e.g., anthropic/claude-opus-4-6)
5. The fallback model hits the same EPERM on the same file → also fails
6. Result: "All models failed" — complete gateway unresponsiveness
7. Gateway restarts do NOT fix it (the ReadOnly attribute persists on disk)
8. Each retry cycle inflates the session context with error metadata, rapidly consuming the context window

Stack Trace

Error: EPERM: operation not permitted, copyfile 
  'C:\Users\OpenClaw\.openclaw\agents\main\agent\auth-profiles.json.<uuid>.tmp' 
  -> 'C:\Users\OpenClaw\.openclaw\agents\main\agent\auth-profiles.json'
    at Object.copyFileSync (node:fs:3104:11)
    at renameJsonFileWithFallback (json-file-1PGlTqjr.js:63:7)
    at saveJsonFile (json-file-1PGlTqjr.js:98:3)
    at saveAuthProfileStore (store-HF_Z-jKz.js:427:2)
    at markAuthProfileGood (profiles-DKQdaSwr.js:76:2)
    at pi-embedded-DWASRjxE.js:36473:7

Expected Behavior

1. Profile write failure should be non-fatal. Failing to save "this API key worked" should not abort the entire LLM request. The response was already received — the profile write is bookkeeping.
2. Atomic file writes should handle ReadOnly gracefully. renameJsonFileWithFallback should detect the ReadOnly attribute and either clear it or log a warning rather than throwing a fatal error.
3. Error-loop inflation should be bounded. Failed retries should not dump error metadata into the session context, as this accelerates context exhaustion.

Workaround

attrib -R "C:\Users\OpenClaw\.openclaw\agents\main\agent\auth-profiles.json"

Then restart the gateway.

Impact

• Gateway becomes completely unresponsive (no LLM requests succeed)
• Gateway restarts do not fix it (file attribute persists)
• Fallback chain burns paid API tokens on requests that will fail anyway
• Session context inflates rapidly from error metadata (~84% of 200k context window in minutes)
• User must manually identify and fix the file attribute — no error message points to the actual cause

Probable Root Cause

Race condition in the atomic JSON file write logic (renameJsonFileWithFallback) when multiple config files are being updated concurrently during hot-reload. On Windows, a failed rename falling back to copyFileSync may leave the target file with a ReadOnly attribute under certain timing conditions, or Windows itself may set ReadOnly as a protective measure during concurrent file access.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main still has the request-visible cascade path: successful embedded runs await auth-profile bookkeeping, lock-protected persistence failures return null, and the direct fallback saves in the bookkeeping mark paths can still throw the reported EPERM. The linked #67077 remains the focused open closing PR, so this issue should stay open until that PR or an equivalent fix lands.

Reproducibility: yes. for the cascade path: inject or trigger an EPERM from saveAuthProfileStore after updateAuthProfileStoreWithLock returns null, and the awaited mark functions can still propagate it. The underlying Windows ReadOnly race itself was not live-reproduced in this read-only review.

Next step
No new repair lane because #67077 is already an open, focused closing PR for the same issue; maintainers should review, land, or close that PR first.

Review details

Best possible solution:

Land #67077 or an equivalent focused patch that catch-and-warn logs persistence failures inside post-success mark bookkeeping paths while preserving fatal behavior for credential/OAuth writes and adding EPERM regression coverage.

Do we have a high-confidence way to reproduce the issue?

Yes for the cascade path: inject or trigger an EPERM from saveAuthProfileStore after updateAuthProfileStoreWithLock returns null, and the awaited mark functions can still propagate it. The underlying Windows ReadOnly race itself was not live-reproduced in this read-only review.

Is this the best way to solve the issue?

Yes for the linked repair direction: the narrow maintainable fix is to catch and warn-log persistence failures in the post-success bookkeeping mark* paths, not to weaken saveAuthProfileStore globally.

What I checked:

• Current main checked: Reviewed current main at 8f20d03; read-only inspection left git status --short clean. (8f20d03373f8)
• Successful runs await bookkeeping: After an embedded run succeeds, the runner awaits markAuthProfileGood and markAuthProfileUsed, so persistence exceptions remain visible to the request path. (src/agents/pi-embedded-runner/run.ts:2575, 8f20d03373f8)
• Lock path feeds fallback save: updateAuthProfileStoreWithLock catches lock/load/save failures and returns null, which sends callers to their direct fallback save paths. (src/agents/auth-profiles/store.ts:319, 8f20d03373f8)
• Last-good save can still throw: When the lock update returns null, markAuthProfileGood mutates the in-memory store and calls saveAuthProfileStore without a local catch. (src/agents/auth-profiles/profiles.ts:153, 8f20d03373f8)
• Usage and failure saves can still throw: markAuthProfileUsed and markAuthProfileFailure both have uncaught direct fallback saves; markAuthProfileCooldown delegates through the failure path. (src/agents/auth-profiles/usage.ts:360, 8f20d03373f8)
• Reported EPERM write path still exists: saveAuthProfileStore calls saveJsonFile; the JSON replace helper still falls back from rename EPERM/EEXIST to copyFileSync, matching the reported stack. (src/infra/json-file.ts:80, 8f20d03373f8)

Likely related people:

• ademczuk: Authored the open focused PR fix(auth-profiles): make post-success bookkeeping saves non-fatal #67077 that explicitly closes this issue and targets the exact post-success bookkeeping persistence boundary with regression coverage. (role: likely follow-up owner; confidence: high; commits: 110d430f055e; files: src/agents/auth-profiles/profiles.ts, src/agents/auth-profiles/usage.ts, src/agents/auth-profiles/usage.persist-nonfatal.test.ts)
• vincentkoc: Recent merged auth-store work changed the central persistence/locking area involved in stale-state and external OAuth behavior. (role: recent auth-store maintainer; confidence: medium; commits: a001b5343ff0, 03231c063387; files: src/agents/auth-profiles/store.ts)
• steipete: Recent merged auth failover policy work touched the usage/cooldown behavior adjacent to the mark failure path. (role: recent auth-failover maintainer; confidence: medium; commits: 6739c28718ec; files: src/agents/auth-profiles/usage.ts)
• gumadeiras: Introduced the synchronous JSON atomic replace helper whose Windows EPERM copy fallback appears in the reported stack; this is adjacent to, but not necessarily the preferred fix boundary. (role: adjacent atomic-write owner; confidence: medium; commits: 300fb36879c2; files: src/infra/json-file.ts)
• Alex Knight: Current blame on the central auth-profile and JSON helper files points to a recent broad commit that reintroduced/touched those files on main. (role: recent current-main maintainer; confidence: low; commits: 8142e67d633d; files: src/agents/auth-profiles/profiles.ts, src/agents/auth-profiles/usage.ts, src/agents/auth-profiles/store.ts)

Remaining risk / open question:

• The Windows ReadOnly attribute timing race was not live-reproduced here; the high-confidence proof is the current source path once auth-profile persistence throws.
• The eventual fix needs to keep credential and OAuth token persistence failures fatal while making only post-success bookkeeping persistence non-fatal.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 8f20d03373f8.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep open. Current main still has the request-visible cascade path: successful embedded runs await auth-profile bookkeeping, the lock-protected save path converts persistence failures to a null result, and the direct fallback saves in markAuthProfileGood, markAuthProfileUsed, and markAuthProfileFailure can still throw EPERM. The provided GitHub context also shows open, unmerged PR #67077 explicitly paired with this issue, so this should stay open until that PR or an equivalent fix lands.

Required change / next step:

No automated repair lane because #67077 is already an open, unmerged focused fix PR for the same issue; maintainer action is to review, land, or close that PR first.

Review details

Best possible solution:

Land #67077 or an equivalent focused patch that catches and warn-logs persistence failures inside markAuthProfileGood, markAuthProfileUsed, markAuthProfileFailure, and markAuthProfileCooldown bookkeeping while preserving fatal behavior for real credential/OAuth writes and adding EPERM regression coverage for both lock-guarded and direct fallback save paths.

What I checked:

• Current main checked: HEAD is acae48b and the checkout remained clean after read-only inspection. (acae48b790fa)
• Successful runs still await post-success auth bookkeeping: After an embedded run completes, the runner awaits markAuthProfileGood and markAuthProfileUsed before returning the successful result, so a thrown persistence error can still affect the request path. (src/agents/pi-embedded-runner/run.ts:2376, acae48b790fa)
• markAuthProfileGood direct fallback save can throw: If updateAuthProfileStoreWithLock returns null, markAuthProfileGood mutates the in-memory store and calls saveAuthProfileStore without a try/catch. (src/agents/auth-profiles/profiles.ts:153, acae48b790fa)
• markAuthProfileUsed direct fallback save can throw: If the lock update returns null, markAuthProfileUsed falls back to authProfileUsageDeps.saveAuthProfileStore without catching persistence failures. (src/agents/auth-profiles/usage.ts:360, acae48b790fa)
• Failure and cooldown bookkeeping can still throw: markAuthProfileFailure also falls back to a direct save without a catch; markAuthProfileCooldown delegates to markAuthProfileFailure. (src/agents/auth-profiles/usage.ts:751, acae48b790fa)
• Lock path feeds the throwing fallback path: updateAuthProfileStoreWithLock catches any lock-protected load/save error and returns null, which sends the mark* callers into their uncaught direct save fallbacks. (src/agents/auth-profiles/store.ts:268, acae48b790fa)

Likely related people:

• steipete: Available current-main blame/log for the central auth-profile store, usage bookkeeping, embedded runner, and JSON save helper points to Peter Steinberger, including recent auth-store work after the visible baseline commit. (role: recent maintainer; confidence: medium; commits: a972c9ec4547, 6fcddbbd9660; files: src/agents/auth-profiles/profiles.ts, src/agents/auth-profiles/usage.ts, src/agents/auth-profiles/store.ts)
• ademczuk: Authored the open, unmerged focused fix PR fix(auth-profiles): make post-success bookkeeping saves non-fatal #67077 that is explicitly paired with this issue and covers the same markAuthProfileGood/Used/Failure bookkeeping boundary. (role: likely follow-up owner; confidence: high; commits: 110d430f055e; files: src/agents/auth-profiles/profiles.ts, src/agents/auth-profiles/usage.ts, src/agents/auth-profiles/usage.persist-nonfatal.test.ts)

Remaining risk / open question:

• This read-only review did not live-reproduce the Windows ReadOnly attribute race; the keep-open decision is based on current source behavior plus the issue stack and linked PR context.
• The eventual fix needs to keep credential and OAuth token persistence failures fatal while making only post-success usage, last-good, failure, and cooldown bookkeeping persistence non-fatal.

Codex review notes: model gpt-5.5, reasoning high; reviewed against acae48b790fa.