[Bug]: models.providers.<id>.timeoutSeconds documented in schema as standalone-valid, rejected by startup validator on built-in providers

[randallrusher-ai]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

The schema (openclaw config schema) declares models.providers..timeoutSeconds as a standalone integer key with a description that explicitly recommends using it instead of changing global agent timeouts. The startup validator, however, refuses to load any config containing a models.providers. block unless baseUrl (string) and models (array) are also present — which only makes sense for custom provider declarations, not for tuning a built-in provider's request timeout.

This makes the schema-documented escape from the 120s clampImplicitTimeoutMs ceiling unreachable for built-in providers (OpenAI, Anthropic, Google) without also doing a full custom-provider registration that defeats the schema description's stated use case ("instead of changing global agent timeouts") and risks shadowing eventual upstream fixes for related bugs.

Steps to reproduce

Patch ~/.openclaw/openclaw.json to add the documented per-provider timeout:
{
"models": {
"providers": {
"openai": {
"timeoutSeconds": 600
}
}
}
}
Run:

openclaw gateway restart

Observed:
Gateway aborted: config is invalid.
models.providers.openai.baseUrl: Invalid input: expected string, received undefined
models.providers.openai.models: Invalid input: expected array, received undefined
Fix the config and retry, or run "openclaw doctor" to repair.

Expected behavior

(Source paths from ~/.npm-global/lib/node_modules/openclaw/dist/, build 2eae30e.)

The timeoutSeconds value would, if accepted, flow through:

model-CYlos1Q6.js:272 — resolveProviderRequestTimeoutMs(timeoutSeconds) converts seconds → ms, lands on model.requestTimeoutMs.
selection-DL4MPaGt.js:7456 — passed as modelRequestTimeoutMs into resolveLlmIdleTimeoutMs.
selection-DL4MPaGt.js:6086 — uses clampTimeoutMs (no DEFAULT_LLM_IDLE_TIMEOUT_MS cap).

So the code would honor the key for built-in providers. The validator is the only thing preventing it.

Actual behavior

Gateway aborted: config is invalid.
models.providers.openai.baseUrl: Invalid input: expected string, received undefined
models.providers.openai.models: Invalid input: expected array, received undefined
Fix the config and retry, or run "openclaw doctor" to repair.

OpenClaw version

2026.5.3-1 (2eae30e)

Operating system

Ubuntu 24.04 (HWE kernel 6.17.0-29-generic)

Install method

npm -g

Model

openai/gpt-5.4 and openai/gpt-5.5

Provider / routing chain

Built-in OpenAI provider via OpenClaw 2026.5.3-1 → OpenAI Responses API (api.openai.com/v1). No reverse proxy, no router, no custom provider registered. Standard systemd-gateway install (npm -g), API key in ~/.openclaw/gateway.systemd.env. The bug is in OpenClaw's config validator at gateway-startup time — it fails before any provider request actually goes out.

Additional provider/model setup details

No response

Logs, screenshots, and evidence

openclaw config schema returns this for models.providers.<id>.timeoutSeconds (read via additionalProperties.properties):

{
  "type": "integer",
  "exclusiveMinimum": 0,
  "maximum": 9007199254740991,
  "title": "Model Provider Request Timeout",
  "description": "Optional per-provider model request timeout in seconds. Applies to provider HTTP fetches, including connect, headers, body, and total request abort handling. Use this for slow local or self-hosted model servers instead of changing global agent timeouts."
}

No required: ["baseUrl", "models"] declared at the models.providers.<id> level (only additionalProperties with the keys: baseUrl, apiKey, auth, api, contextWindow, contextTokens, maxTokens, timeoutSeconds, injectNumCtxForOpenAICompat, params, headers, authHeader, request, models).

The description directly recommends this key for the exact use case the validator blocks.

Impact and severity

There's a known stack of related issues affecting GPT-5.x cron/sub-agent reliability:

#63369 (open) — reasoning_effort not forwarded to OpenAI Responses API for GPT-5.x models in isolated/cron sessions
#59946 — sub-agent extended-thinking streaming connection silently severed by provider idle timeout
#65576 — cron runs without explicit idleTimeoutSeconds disable the watchdog, hung provider consumes full cron timeout

The documented models.providers..timeoutSeconds escape would let operators work around the 120s clampImplicitTimeoutMs ceiling in DEFAULT_LLM_IDLE_TIMEOUT_MS while waiting for those upstream fixes to ship. This validator mismatch makes that escape unusable for built-in providers, which is most users' situation.

Additional information

Two-option fix

Either fix is small and self-contained:

(A) Make the validator accept standalone timeoutSeconds for built-in providers. Preserves the schema description as accurate. baseUrl + models[] remain required only when no built-in provider exists with that name. This matches the user-mental-model of "I'm overriding one knob on a built-in provider."
(B) Make the schema description honest about requiring baseUrl + models[]. Update the description to say something like "Only valid when registering a custom provider with baseUrl and models[]. Built-in providers use the global agents.defaults.timeoutSeconds instead." Tells operators where to actually look.

(A) preserves more capability and is the better fix if there's a way to do it cleanly. (B) is faster to ship and at least removes the contradiction.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by maintainer comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors can comment @clawsweeper re-review or @clawsweeper re-run on their own open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Current main still has the reported schema/validator mismatch: the startup validation schema requires baseUrl and models for every models.providers.* entry, while the help/docs expose timeoutSeconds as a provider-level request-timeout knob and the runtime resolver already knows how to consume it.

Reproducibility: yes. by source inspection: a models.providers.openai object with only timeoutSeconds hits ModelProviderSchema, which currently requires baseUrl and models. I did not run a gateway restart in this read-only review.

Next step
The bug is narrow, source-reproducible, and has clear config-schema/runtime files plus focused regression-test targets.

Review details

Best possible solution:

Make the validator and generated schema agree by either accepting narrow built-in provider timeout overlays or explicitly documenting that timeoutSeconds only works inside full custom-provider declarations.

Do we have a high-confidence way to reproduce the issue?

Yes by source inspection: a models.providers.openai object with only timeoutSeconds hits ModelProviderSchema, which currently requires baseUrl and models. I did not run a gateway restart in this read-only review.

Is this the best way to solve the issue?

Yes: the narrow maintainable fix is to align the validator, generated schema, and docs without weakening custom-provider validation. Accepting timeout-only overlays for known built-in providers is the better direction if it can stay bounded.

Acceptance criteria:

• node scripts/run-vitest.mjs src/config/config-misc.test.ts src/config/schema.test.ts src/config/schema.help.quality.test.ts src/agents/pi-embedded-runner/model.test.ts

What I checked:

• Validator requires full provider declarations: ModelProviderSchema makes baseUrl and models required while timeoutSeconds is optional, so a timeout-only provider block cannot pass config validation. (src/config/zod-schema.core.ts:377, 7c416950c615)
• Startup validation applies the strict schema first: Raw config validation calls OpenClawSchema.safeParse before runtime defaults, matching the reported startup-time failure path. (src/config/validation.ts:675, 7c416950c615)
• Runtime can honor provider timeout once accepted: The embedded model resolver converts providerConfig.timeoutSeconds into requestTimeoutMs, so the runtime side already supports the knob after validation succeeds. (src/agents/pi-embedded-runner/model.ts:355, 7c416950c615)
• User-facing help documents the timeout knob: models.providers.*.timeoutSeconds is described as an optional per-provider model request timeout for HTTP fetches. (src/config/schema.help.ts:948, 7c416950c615)
• Docs list the field without a full-provider requirement note: The config tools docs list timeoutSeconds among provider connection/auth fields and list baseUrl and models separately. Public docs: docs/gateway/config-tools.md. (docs/gateway/config-tools.md:478, 7c416950c615)
• Provider transport history: Provider request transport and config/runner surfaces were changed together in this area, making the config schema and model resolver the right ownership boundary for a fix. (src/config/zod-schema.core.ts, 61f13173c29a)

Likely related people:

• @vincentkoc: Authored adjacent provider request transport/config changes that touched src/config/zod-schema.core.ts, src/config/schema.help.ts, and src/agents/pi-embedded-runner/model.ts. (role: provider transport feature-history owner; confidence: high; commits: 61f13173c29a, 8f5f78bbe89d; files: src/config/zod-schema.core.ts, src/config/schema.help.ts, src/agents/pi-embedded-runner/model.ts)
• @steipete: Carried major config schema and embedded-runner refactors in the same files, including the split that moved model-provider schema into zod-schema.core.ts. (role: recent config/schema refactor contributor; confidence: medium; commits: bcbfb357bec7, 34ea33f0574f, c9504a6f203e; files: src/config/zod-schema.core.ts, src/config/zod-schema.ts, src/agents/pi-embedded-runner/model.ts)
• @Takhoffman: Authored schema help/labels coverage work that is adjacent to the generated config-schema contract at issue here. (role: adjacent config UI/schema help contributor; confidence: medium; commits: f8171ffcdc63; files: src/config/schema.help.ts, src/config/schema.labels.ts)

Remaining risk / open question:

• The implementation must avoid making arbitrary custom provider entries valid without baseUrl and models; the relaxed path should be limited to known built-in provider overlays or the docs/schema should be made explicit instead.
• No live gateway restart or Vitest proof was run because this was a read-only review; reproduction is source-backed.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7c416950c615.