[Bug]: Config Migration Order Causes Service Failure on Schema Changes

[Tam3000]

🐛 Bug: Config Migration Order Causes Service Failure on Schema Changes

📋 Summary

OpenClaw's configuration validation fails before legacy migrations can run, causing service crashes when configuration schema changes between versions. The service attempted to restart 39,231 times over 42 hours before manual intervention.

🚨 Impact

• Service downtime: 42 hours (17/04/2026 00:00 - 18/04/2026 18:07)
• Failed restarts: 39,231 attempts
• CPU waste: ~3.5 seconds per failed attempt
• User impact: Complete service unavailability

🔍 Root Cause Analysis

The Problem:
When OpenClaw's configuration schema changes (e.g., removing deprecated keys from memorySearch), the current flow is:

// CURRENT (BROKEN) FLOW:
1. Validate config → ❌ ERROR: "Unrecognized keys: chunkSize, chunkOverlap, maxResults"
2. Apply migrations → 🚫 NEVER EXECUTES (validation fails first)
3. Service crashes → 🔄 Restart loop begins

The Code:
OpenClaw DOES have a migration system (applyLegacyMigrations in io-CHHRUM9X.js), but it's called AFTER validation in config-guard-BVU7K-aq.js.

Specific Migration That Should Have Run:
There's a migration for memorySearch in io-CHHRUM9X.js, but it doesn't remove obsolete keys (chunkSize, chunkOverlap, maxResults) from the legacy object before validation.

📊 Evidence from Production

Error Logs:

Config invalid
File: ~/.openclaw/openclaw.json
Problem:
  - agents.defaults.memorySearch: Unrecognized keys: "chunkSize", "chunkOverlap", "maxResults"
Run: openclaw doctor --fix

Configuration Before/After:

// Before (obsolete):
"memorySearch": {
  "enabled": true,
  "chunkSize": 800,        // ❌ No longer recognized
  "chunkOverlap": 100,     // ❌ No longer recognized  
  "maxResults": 5          // ❌ No longer recognized
}

// After (`openclaw doctor --fix`):
"memorySearch": {
  "enabled": true          // ✅ Only valid key remains
}

🛠️ Proposed Solution

1. Fix the Order (Primary Solution):
Change the validation flow to apply migrations BEFORE validation in config-guard-BVU7K-aq.js.

2. Enhance Migration Logic (Secondary):
Update the memorySearch migration to also remove obsolete keys.

3. Automatic Migration on Update:
Add migration execution to the openclaw update command.

🚀 Implementation Steps

1. Priority: High - Fix validation order in config-guard-BVU7K-aq.js
2. Priority: Medium - Add cleanup migrations for common obsolete keys
3. Priority: Low - Add migration logging for debugging
4. Priority: Low - Integrate doctor --fix into update process

🔧 Workaround for Users

Until fixed, users must manually run after updates:

openclaw doctor --fix
systemctl --user restart openclaw-gateway

🎯 Related Files

• /usr/lib/node_modules/openclaw/dist/config-guard-BVU7K-aq.js - Validation logic
• /usr/lib/node_modules/openclaw/dist/io-CHHRUM9X.js - Migration logic
• /usr/lib/node_modules/openclaw/dist/legacy.shared-i8CHhuVb.js - Migration utilities

📈 Severity Assessment

• Impact: Critical (service completely unavailable)
• Frequency: High (affects all users with config changes)
• Fix complexity: Low (simple order change)
• Risk of fix: Low (migrations already exist, just order change)

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still has the reported stale-key gap for agents.defaults.memorySearch, and the focused closing PR #68685 remains open and unmerged.

Reproducibility: yes. Source inspection shows a config with agents.defaults.memorySearch.chunkSize, chunkOverlap, or root-level maxResults reaches a strict schema, while current main has no migration that strips those nested keys before validation.

Next step
Not queued because this issue is already paired with open PR #68685; maintainer next action is normal review, landing, replacement, or closure of that PR.

Review details

Best possible solution:

Land or replace #68685 with a focused legacy migration that strips only the obsolete agents.defaults.memorySearch keys and adds regression coverage for already-migrated configs.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows a config with agents.defaults.memorySearch.chunkSize, chunkOverlap, or root-level maxResults reaches a strict schema, while current main has no migration that strips those nested keys before validation.

Is this the best way to solve the issue?

Yes for the narrow stale-key cleanup and regression test path; changing the global validation order or adding update-command automation would be broader than the confirmed bug.

What I checked:

• Current main checked: Local HEAD and origin/main are both d122a3492d17103c6585621c50a1f69967984b28. (d122a3492d17)
• Strict memorySearch schema: MemorySearchSchema is a strict object; stale root keys under this object are rejected unless a migration removes or rewrites them first. (src/config/zod-schema.agent-runtime.ts:628, d122a3492d17)
• Current valid replacement paths: The schema now accepts chunking.tokens, chunking.overlap, and query.maxResults, which confirms chunkSize, chunkOverlap, and root-level maxResults are obsolete at agents.defaults.memorySearch. (src/config/zod-schema.agent-runtime.ts:719, d122a3492d17)
• Existing migration only moves top-level memorySearch: The runtime agent legacy migration moves raw.memorySearch into agents.defaults.memorySearch and deletes the top-level key, but it does not inspect an already-migrated agents.defaults.memorySearch object for obsolete subkeys. (src/commands/doctor/shared/legacy-config-migrations.runtime.agents.ts:268, d122a3492d17)
• No current obsolete-key handler found: Searches for chunkSize, chunkOverlap, memorySearch-obsolete, and related terms found no current migration or regression coverage for stripping the stale nested keys. (d122a3492d17)
• Doctor workaround remains documented: The CLI docs say doctor --fix writes a backup and drops unknown config keys, matching the reported manual recovery path rather than proving startup self-heals this shape. Public docs: docs/cli/doctor.md. (docs/cli/doctor.md:43, d122a3492d17)

Likely related people:

• vincentkoc: Local blame on the central MemorySearchSchema, memorySearch legacy migration, and unknown-key doctor step attributes the current lines to Vincent Koc at the graft boundary commit; this is useful routing evidence even though the checkout history is compacted. (role: current schema and migration surface owner; confidence: medium; commits: 52cd76a9e2d0; files: src/config/zod-schema.agent-runtime.ts, src/commands/doctor/shared/legacy-config-migrations.runtime.agents.ts, src/commands/doctor/shared/config-flow-steps.ts)
• Peter Steinberger: Recent local history includes Peter's config migration and recovery refactors, including shared legacy config migration pipeline and config observe recovery helper commits adjacent to this startup/doctor path. (role: adjacent config migration and recovery maintainer; confidence: medium; commits: 984ecd98ca19, 83801c49f7a3, f8f98c116e7b; files: src/commands/doctor/shared, src/config/io.ts, src/gateway/server-startup-config.ts)
• Tmalone1250: The provided GitHub context shows Tmalone1250 opened fix(config): strip obsolete memorySearch keys before schema validation (#68664) #68685 for this exact obsolete-key migration gap with head a112bfff2ce9 and closing syntax for this issue. (role: linked fix proposer; confidence: high; commits: a112bfff2ce9; files: src/commands/doctor/shared/legacy-config-migrations.runtime.agents.ts, src/commands/doctor/shared/legacy-config-migrate.test.ts)

Remaining risk / open question:

• The issue also asks about update-command automation, which is broader than the confirmed stale-key migration bug and may need separate maintainer tracking if still desired.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d122a3492d17.