[Bug]: 2026.4.24 schema validator rejects `agents.defaults.agentRuntime` from prior 4.x configs; gates ALL CLI commands including `doctor --fix`

[1fanwang]

Bug type

Regression (worked before, now fails) — config schema rejects a key the prior release wrote.

Summary

After upgrading from an earlier 2026.4.x release to 2026.4.24 via npm, every openclaw <subcmd> invocation fails with a config-validation error before the subcommand runs. The validator rejects agents.defaults.agentRuntime, a key whose shape didn't change but apparently isn't in the 2026.4.24 schema. There's no auto-migration; openclaw doctor --fix is also blocked because the validator gates it.

This is the same class as #70407 (dreaming.storage) and #60334 (agents.list[*].allowedModels / tools.exec.allowlist) — different field, same shape: schema diff between minor releases without a migration path on a hot path that gates all CLI commands.

Steps to reproduce

1. Have a working OpenClaw 2026.4.x install (this Mac was working on 2026.4.20 → 2026.4.23 over the past month) with agents.defaults.agentRuntime written to openclaw.json. The block looks like:

   "agents": {
     "defaults": {
       "model": "anthropic/claude-opus-4-7",
       "models": { /* ... */ },
       "compaction": { "mode": "safeguard" },
       "maxConcurrent": 4,
       "subagents": { "maxConcurrent": 8 },
       "agentRuntime": { "id": "claude-cli" }
     }
   }

2. npm install -g openclaw@latest (lands on 2026.4.24).

3. Run any CLI subcommand:

   $ openclaw plugins list
   Config invalid
   File: ~/.openclaw/openclaw.json
   Problem:
     - agents.defaults: Unrecognized key: "agentRuntime"
   
   Run: openclaw doctor --fix
   

4. Run the suggested repair:

   $ openclaw doctor --fix
   Config invalid
   File: ~/.openclaw/openclaw.json
   Problem:
     - agents.defaults: Unrecognized key: "agentRuntime"
   
   Run: openclaw doctor --fix
   

   doctor --fix itself goes through the validator gate, so the suggested workaround is unreachable.

Actual behavior

• openclaw plugins list / install / inspect, openclaw gateway status / restart, openclaw config get / set, openclaw doctor --fix — all exit with code 1 before doing anything.
• The gateway daemon (already running, started under launchd before the upgrade) keeps serving — only the operator-facing CLI is broken.
• Any plugin's diagnostic that shells out to openclaw <subcmd> (doctor scripts, install-local.sh, package install hooks) returns false negatives.

Expected behavior

• Either auto-migrate / soft-strip unknown keys with a deprecation warning, OR
• Surface a clear hint in the error: "agents.defaults.agentRuntime was renamed to in 2026.4.24; run openclaw doctor --fix to migrate" — and have doctor --fix exempt itself from the validator gate so it can actually do the migration, OR
• Fail soft on legacy keys at validation time (warn-and-continue) and only hard-fail on keys that affect runtime semantics this release.

The "validator runs before every CLI subcommand, including the repair tool" path is the load-bearing problem — it makes a tiny schema diff into a total CLI outage.

Workaround

Manually edit ~/.openclaw/openclaw.json and remove the agentRuntime block from agents.defaults. After that, the CLI works again — but the operator has to know to do this, the error message doesn't say which key to remove vs. which key to migrate, and the recovery requires a JSON editor rather than the tool the error message points at.

Environment

• OS: macOS 25.3 (Darwin 25.3.0)
• Node.js: v22 (via /opt/homebrew/opt/node@22)
• OpenClaw: v2026.4.24 (installed via npm install -g openclaw@latest)
• Channel: none (this install runs gateway + a plugin, no channel adapters)

Suggested fix

Two interlocking changes:

1. Make the unknown-key gate soft. When the validator hits a legacy key in agents.defaults, emit a warning and continue — don't reject the entire config. Hard-rejecting legacy values (wrong types, invalid enums) makes sense; rejecting unknown keys on a frequently-extended namespace converts every minor schema diff into a CLI outage.
2. Lift the validator off doctor --fix. The repair tool needs to be reachable when the config is already broken. Same applies to a future openclaw config strip-unknown style command.

Related

• Breaking config change in v2026.4.21: dreaming.storage schema migration breaks CLI on upgrade #70407 — same pattern in v2026.4.21, field dreaming.storage
• [Bug]: 2026.4.2 update rejects legacy config keys and cron jobs.json may require manual backup restore #60334 — same pattern in v2026.4.2, fields agents.list[*].allowedModels / tools.exec.allowlist
• Feature: openclaw doctor --config-diff for upgrade-safe config migration #38249 — feature request for openclaw doctor --config-diff for upgrade-safe migration

Offer

Happy to send a PR if a maintainer can point at where the schema-validation gate lives. My read is loader-NucjcOgv.js is one entry-point, but a diff of the validator-call sites is what'd actually scope the fix. Won't open a PR without an ack on the direction since this touches a hot-path config invariant.

[1fanwang]

Adding follow-up evidence from a workaround chain I've been building over the last few iterations on v2026.4.26 (build cffefc1) — the same regression class is still active, and the doctor migration path interacts with #71982's CLI dispatch fix in ways worth flagging.

Confirmation on v2026.4.26

The schema-validator gate still fires verbatim on 2026.4.26 with the original repro:

$ openclaw plugins install --link --dangerously-force-unsafe-install file:./my-plugin
Config invalid
File: ~/.openclaw/openclaw.json
Problem:
  - agents.defaults: Unrecognized key: "agentRuntime"

So this isn't just a 2026.4.24 → ?.?? upgrade window — the bad key persists across releases.

The drift loop

Once you escape the immediate gate (manual jq del of agents.defaults.agentRuntime), openclaw doctor --fix and certain config-rebuild paths revive the deprecated key automatically. Specifically the "auto-migration" rewrites agents.defaults.embeddedHarness → agents.defaults.agentRuntime, but per @dsavage404ops's analysis on #71982:

"the fix in aa27e27 actually requires embeddedHarness.runtime: "claude-cli" for the cli-backend live-session path to engage — agentRuntime.id: "claude-cli" falls back to the embedded PI harness (the original #71982 symptom). Either the doctor message should be reversed, or both fields should funnel into the same dispatch."

Net effect: doctor's auto-migration LANDS the deprecated key, the schema validator REJECTS it, and the runtime cli-backend dispatch DOES NOT recognize it as the cli-runtime hint. Three layers disagreeing on what the canonical key is.

Workaround chain (in case it helps anyone who lands here)

Iterating on a plugin author's machine, four config writes are needed to keep the chat-agent green across doctor --fix and config-rebuild events:

# 1. Strip the deprecated key (idempotent; doctor will re-add it).
jq 'del(.agents.defaults.agentRuntime)' ~/.openclaw/openclaw.json | sponge ~/.openclaw/openclaw.json

# 2. Set the working harness key.
openclaw config set agents.defaults.embeddedHarness.runtime claude-cli

# 3. Auth-profiles needs both `claude-cli` AND `anthropic` provider entries
#    (model-namespace gets normalized to anthropic at gateway startup —
#    see #71982 for the cron-dispatch side of this).
cat > ~/.openclaw/agents/main/agent/auth-profiles.json <<'JSON'
{
  "providers": {
    "claude-cli": { "auth": "claude-cli", "binary": "claude" },
    "anthropic":  { "auth": "claude-cli", "binary": "claude" }
  }
}
JSON

# 4. Restart the gateway, verify with a real ping.
launchctl kickstart -k gui/$(id -u)/ai.openclaw.gateway
sleep 5
openclaw agent --agent main --message "echo PONG only — single word reply"  # → expect "PONG"

Step 1 has to run before EVERY openclaw plugins install because the doctor auto-migration writes the bad key on its own schedule, then install fails on the schema validator.

Suggested fixes (in increasing-scope order)

1. doctor --fix should not write the bad key. The migration that produces agentRuntime: { id: "claude-cli" } is reverse-direction from where the runtime is going. Either drop the migration or invert it (agentRuntime → embeddedHarness.runtime).

2. Schema accept both keys (deprecation window). If agentRuntime is genuinely deprecated, mark it deprecated in the schema with a hint instead of rejecting outright. Lets --fix actually fix.

3. Dispatch resolver consult both keys. If both agents.defaults.agentRuntime.id and agents.defaults.embeddedHarness.runtime mean the same thing, normalize at read time so cli-backend dispatch + cron dispatch + the model-fallback layer all see the same shape. Per cli-backend dispatch regression in 2026.4.24: claude-cli/* models route through synthetic-OAuth API transport instead of spawning subprocess #71982 follow-up, the cron dispatch module appears not to consult isCliRuntimeAlias — that's the same surface area.

Happy to draft a small PR for (1) — the doctor migration looks self-contained — once a maintainer confirms the desired direction (does agentRuntime go away, or embeddedHarness go away, or both stay with one as canonical?). Holding off on filing a PR until that direction-check lands per the contribution guidelines.

[steipete]

This is fixed on current main.

Verified against the original failure mode with a temp config containing agents.defaults.agentRuntime: { "id": "claude-cli" }:

• openclaw config get agents.defaults.agentRuntime --json returns the runtime object.
• openclaw plugins list --json runs instead of failing config validation.

Also verified the repair path with a temp legacy config containing agents.defaults.embeddedHarness: { "runtime": "claude-cli", "fallback": "none" }:

• openclaw doctor --fix --non-interactive runs instead of being blocked by validation.
• it rewrites the legacy key to agents.defaults.agentRuntime.
• the rewritten config then validates via openclaw config get agents.defaults.agentRuntime --json.

Current source/schema/docs all agree that agentRuntime is canonical and embeddedHarness is legacy compatibility input. Referenced #71982 is also closed, and I did not find another open duplicate for the agentRuntime schema rejection wording.

[galiniliev]

Guardrail coverage for this regression landed in #73257.

• Runtime behavior fix already on main: 5b9be2c
• Regression-test PR: fix(config): guard legacy agentRuntime regression #73257
• Landed test commit: b30f8e5
• Pre-merge local proof: merged PR head a09d162ab0414f2ba05c60ef22bcc78f8c0471bb onto upstream/main 2afb8198c126875a5c8e912b9b7f67590f58f83d, then ran pnpm test -- src/config/zod-schema.agent-defaults.test.ts src/cli/program/config-guard.test.ts; 2 Vitest shards / 41 tests passed.

No additional open duplicates were found for agents.defaults.agentRuntime Config invalid doctor --fix during landing.