2026.5.12: WhatsApp runtime silently rebinds, agent loses all tools

[danielcrick]

Bug: OpenClaw 2026.5.12 silently rebinds WhatsApp sessions to a trimmed runtime; agent loses all tools, gateway returns misleading "billing error"

Filed against: openclaw/openclaw
Affected version: 2026.5.12 (regression vs 2026.5.3-1, which is known-good)
Severity: high — full loss of agent functionality on the WhatsApp channel; misleading user-facing error masks the root cause
Discovered: 2026-05-18 ~00:49 BST after upgrading from 2026.5.3-1 to 2026.5.12

---

TL;DR

After upgrading to 2026.5.12, all WhatsApp messages to my running OpenClaw agent ("Paige") fail with one of two misleading errors:

⚠️ API provider returned a billing error — your API key has run out of credits or has an insufficient balance.

⚠️ Missing API key for provider "anthropic". Configure the gateway auth for that provider, then try again.

The real root cause is the WhatsApp channel session is silently bound to a different runtime ("OpenClaw Pi Default") with a different auth surface and a heavily-trimmed toolset, even when agents.defaults.agentRuntime.id is explicitly set to claude-cli. OAuth via Claude Max is healthy throughout. No migration note alerts the user; nothing in the gateway warnings flags the runtime swap; no telemetry surfaces the toolset reduction.

---

Three distinct sub-bugs

1. Silent runtime rebinding for the WhatsApp channel

Before upgrade — WhatsApp sessions inherit from agents.defaults and bind to claude-cli runtime → use my Claude Max OAuth → free, fully-toolled assistant.

After upgrade — WhatsApp sessions bind to a runtime labelled OpenClaw Pi Default, visible via session_status inside the WhatsApp thread:

🪡 Session: agent:main:whatsapp:direct:+447736454506 · updated just now
⚙ Execution: direct · Runtime: OpenClaw Pi Default · Think: off · Reasoning: on

openclaw.json is unchanged across the upgrade — agents.defaults.agentRuntime.id = "claude-cli" was set both before and after. No config edit was made. No CLI command was run that would have changed the runtime. The rebinding is invisible to the user.

Expected: the WhatsApp channel keeps using the configured agentRuntime (claude-cli).
Actual: silently swapped to OpenClaw Pi Default with no log, no warning, no migration note.

2. Trimmed runtime ("Pi Default") strips the agent of every workspace tool

The new "Pi Default" runtime exposes only session-inspection tools:

• sessions_list
• sessions_history
• sessions_send
• session_status

It is missing — relative to the claude-cli runtime — every workspace tool the agent normally has, including:

• file Read / Edit / Write
• exec / Bash
• browser
• peekaboo
• nodes (camera/screen)
• cron
• skill execution
• gateway tool actions (config.get / config.patch / restart)
• the OpenClaw message tool
• ... and the dozens of provider tools (gmail, github, browser-automation, etc.)

For an agent whose entire identity, memory, and operating context live in ~/.openclaw/workspace/ — this is the practical equivalent of full amnesia and paralysis mid-incident. The agent cannot read its own memory, cannot run a diagnostic, cannot write to its journal, cannot inspect its own config. The only thing it can do is reply with plain text via the existing message stream, which is itself blocked by sub-bug #3.

The trimmed runtime should at minimum:

• (a) refuse to run when the configured agentRuntime.id is not pi-default, OR
• (b) surface a visible warning ("⚠️ Running on degraded runtime — N of M tools available") on every reply, OR
• (c) be opt-in, not opt-out, on upgrade.

It should never be the silent fallback.

3. Misleading user-facing error for what is actually a runtime-binding/auth issue

Because Pi Default attempts the direct anthropic API path (rather than OAuth via Claude CLI), and the user account has no anthropic API key configured (because the whole point of Claude Max + claude-cli is that you don't need one), the user sees:

⚠️ API provider returned a billing error — your API key has run out of credits or has an insufficient balance. Check your provider's billing dashboard and top up or switch to a different API key.

This caused me to (a) panic, (b) top up Anthropic API credits I did not need (those credits now sit dormant), and (c) chase a billing problem for ~90 minutes before correctly diagnosing the runtime binding as the actual fault.

The same flow also produces:

⚠️ Missing API key for provider "anthropic". Configure the gateway auth for that provider, then try again.

Both messages are technically true at the API layer but misleading at the user layer — the gateway has perfectly good OAuth credentials, it just isn't using them because the runtime has been silently swapped.

Expected: if a runtime upgrade rebinds a channel to an auth path that isn't configured, the error should say so:

Channel whatsapp was rebound to runtime pi-default during upgrade. That runtime requires an anthropic API key, but none is configured. Either configure a key, or set agentRuntime.id: claude-cli on this channel/agent.

---

Compounding issue: Claude CLI first-run state blocks OAuth fallback

Even after re-running openclaw models auth login --provider anthropic --set-default, the WhatsApp channel still didn't resolve OAuth. Investigation found Claude CLI v2.1.126 was installed but never completed first-run on the user account — it was sitting on the welcome screen / theme picker.

It would be useful for openclaw models auth login --provider anthropic (claude-cli option) to detect this state and either:

• complete first-run non-interactively where possible, or
• surface a clear message: "Claude CLI v2.1.126 is installed but has not completed first-run setup. Open a terminal and run claude once to dismiss the welcome screen, then re-run this command."

Right now it silently succeeds and the user has no way to know the auth flow is incomplete.

---

What actually fixed it (workaround)

A pre-built local rollback script (~/Desktop/PAIGE-ROLLBACK-TO-OAUTH.command) restored the pre-2026.5.12 gateway wrapper. That immediately unblocked WhatsApp messages — agent responsive again, full toolset restored.

The user-built rollback should not be the only viable recovery path. Recommend adding either:

• a documented openclaw downgrade <version> command, or
• a documented snapshot/rollback flow that doesn't depend on user-authored shell wrappers.

---

Downgrade path was also broken

Tonight I attempted a manual downgrade from 2026.5.12 back to 2026.5.3-1. The downgrade process hung partway through — Paige unresponsive again, terminal stuck. Recovery required a hard shutdown of the Mac. On reboot, the downgrade had completed (npm/state had progressed past the hung step) and the agent came back fully online on 2026.5.3-1 with OAuth + full toolset.

Two issues there:

• Downgrade should not hang.
• If it does, there should be a documented recovery path that doesn't involve a forced power-off.

---

Reproduction

1. Configure OpenClaw with:
   • agents.defaults.agentRuntime.id = "claude-cli"
   • Claude Max OAuth authenticated and working
   • WhatsApp channel paired and a recent test message exchange working on 2026.5.3-1
2. Upgrade to OpenClaw 2026.5.12.
3. Send a WhatsApp message to the agent.
4. Observe: reply is ⚠️ API provider returned a billing error... or ⚠️ Missing API key for provider "anthropic"...
5. From the WhatsApp thread, invoke session_status — note Runtime: OpenClaw Pi Default (NOT claude-cli).
6. Inspect ~/.openclaw/openclaw.json — confirm agentRuntime.id = "claude-cli" is still set.
7. Attempt to read any file via the agent — note that file tools are not available in the session.

---

Environment

• macOS 24.6.0 (arm64)
• Node v22.22.2
• OpenClaw 2026.5.12 (regression); confirmed working on 2026.5.3-1
• Channel: WhatsApp (via OpenClaw native WhatsApp adapter)
• Model: anthropic/claude-opus-4-7 via Claude Max OAuth (claude-cli runtime)
• Owner allowlist: commands.ownerAllowFrom = ["+447736454506"]

---

Attached evidence

• Screen recording of the broken WhatsApp thread (00:49–03:48 BST 2026-05-18) — 7 keyframes available on request.
• Pre-edit config: ~/.openclaw/openclaw.json.before-owner-edit
• Pre-rollback config: ~/.openclaw/openclaw.json.bak
• Local rollback script that fixed it: ~/Desktop/PAIGE-ROLLBACK-TO-OAUTH.command (not shared publicly — workspace-specific paths)

---

Suggested triage priorities

1. P0: Stop silently rebinding channel sessions to Pi Default on upgrade.
2. P0: Replace the "API provider returned a billing error" message when the real cause is a runtime/auth misconfiguration. Misleading users into spending money on unnecessary API top-ups is a serious product correctness issue.
3. P1: Document the Pi Default toolset boundary and surface a visible "degraded runtime" indicator when it is in use.
4. P1: Document or provide a first-class downgrade path that doesn't require a hard reboot.
5. P2: Fix the Claude CLI first-run-not-completed detection in models auth login --provider anthropic.

---

Filed by: Daniel Crick (info@hiddenhome.tech, +447736454506) on behalf of Paige, the OpenClaw-resident assistant who was unable to file this herself last night because she had no file or exec tools.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: source inspection supports the central report that legacy whole-agent runtime pins are ignored and can leave an Anthropic/Claude CLI deployment on PI, while the WhatsApp path uses the shared inbound reply runner that would surface the resulting auth failure back to the channel.

Reproducibility: Partially yes: source inspection and existing tests show that whole-agent runtime pins are ignored and Anthropic can run on PI when no provider/model runtime policy exists. The exact 2026.5.3-1 to 2026.5.12 WhatsApp upgrade path still needs live or packaged reproduction.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
The source-backed regression is real enough to keep open, but the remedy requires maintainer judgment about legacy runtime migration versus explicit failure/warning semantics.

Review details

Best possible solution:

Decide the upgrade contract for legacy whole-agent Claude CLI runtime pins, then either preserve recoverable intent as provider/model-scoped runtime policy or fail visibly with runtime/auth guidance before WhatsApp replies attempt PI.

Do we have a high-confidence way to reproduce the issue?

Partially yes: source inspection and existing tests show that whole-agent runtime pins are ignored and Anthropic can run on PI when no provider/model runtime policy exists. The exact 2026.5.3-1 to 2026.5.12 WhatsApp upgrade path still needs live or packaged reproduction.

Is this the best way to solve the issue?

Unclear: honoring agents.defaults.agentRuntime directly would conflict with current docs, so the maintainable fix is likely an explicit migration, doctor/update repair, or fail-visible runtime/auth diagnostic rather than silently accepting the stale key.

Label justifications:

• P1: A current release regression report says a real WhatsApp channel became unusable after upgrade and misrouted model auth at runtime.
• impact:message-loss: The reported WhatsApp replies fail with error text instead of producing agent responses.
• impact:auth-provider: The failure centers on Claude CLI OAuth intent being replaced by Anthropic API-key behavior.
• impact:session-state: The report says existing channel sessions/runtime binding changed across upgrade while config stayed unchanged.

Acceptance criteria:

• Add a focused runtime-policy regression test covering canonical Anthropic model plus legacy agents.defaults.agentRuntime.id=claude-cli on a WhatsApp-style inbound session.
• Add or update auto-reply error tests so missing API-key/billing messages include runtime-selection context when a stale runtime pin or recoverable CLI intent exists.
• For any implementation PR, run the narrow node Vitest wrapper for the touched runtime-policy, doctor/config, and auto-reply test files; use live WhatsApp/package-upgrade proof before landing if upgrade behavior changes.

What I checked:

• Issue report: The report describes a release regression from 2026.5.3-1 to 2026.5.12 where WhatsApp messages fail after the session status shows OpenClaw Pi Default despite a legacy agents.defaults.agentRuntime.id=claude-cli config.
• WhatsApp uses shared inbound reply dispatch: WhatsApp inbound processing calls runInboundReplyTurn with channel=whatsapp and dispatches through dispatchWhatsAppBufferedReply, so the generic agent runtime selection and error formatting paths apply to WhatsApp replies. (extensions/whatsapp/src/auto-reply/monitor/process-message.ts:508, 3b5d30b5fdfd)
• WhatsApp context is bound as WhatsApp before reply resolution: The dispatch context sets Provider, Surface, and OriginatingChannel to whatsapp, then passes replyResolver into dispatchReplyWithBufferedBlockDispatcher. (extensions/whatsapp/src/auto-reply/monitor/inbound-dispatch.ts:301, 3b5d30b5fdfd)
• Runtime policy ignores whole-agent config: resolveModelRuntimePolicy only checks per-agent/default model entries, provider model entries, provider wildcard entries, and provider-level runtime policy; it does not read agents.defaults.agentRuntime. (src/agents/model-runtime-policy.ts:176, 3b5d30b5fdfd)
• Existing regression-style test proves PI fallback for legacy agentRuntime: The current harness selection test explicitly asserts that a config with agents.defaults.agentRuntime.id=codex still selects PI for an Anthropic run. (src/agents/harness/selection.test.ts:535, 3b5d30b5fdfd)
• Current docs document provider/model scoped runtime policy: The configuration docs say runtime policy belongs on providers or models and that agents.defaults.agentRuntime, agents.list[].agentRuntime, session runtime pins, and OPENCLAW_AGENT_RUNTIME are ignored. Public docs: docs/gateway/config-agents.md. (docs/gateway/config-agents.md:444, 3b5d30b5fdfd)

Likely related people:

• vincentkoc: Current-main blame attributes the runtime policy, WhatsApp inbound dispatch, and missing-key error formatting lines used by this report to commit 939712f. (role: current runtime and WhatsApp reply-path contributor; confidence: medium; commits: 939712fbbf5b; files: src/agents/harness/policy.ts, src/agents/model-runtime-policy.ts, src/auto-reply/reply/agent-runner-execution.ts)
• steipete: Recent commit e96428b touched the legacy runtime/config migration area adjacent to the ignored-agent-runtime cleanup behavior. (role: recent config migration contributor; confidence: medium; commits: e96428b008a9; files: src/commands/doctor/shared/legacy-config-migrations.runtime.agents.ts, src/config/zod-schema.agent-runtime.ts, src/config/types.agents-shared.ts)

Remaining risk / open question:

• I did not run a live WhatsApp/package upgrade reproduction because this review is read-only; the source path strongly supports the runtime-selection part but not every user-environment detail.
• Current docs intentionally say whole-agent runtime keys are ignored, so the fix needs a maintainer decision on migration, warning, or fail-closed behavior rather than a simple local revert.
• The issue bundles runtime rebinding, error wording, Claude CLI first-run detection, and downgrade recovery; those may need to be split after the central regression is triaged.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3b5d30b5fdfd.

[danielcrick]

Follow-up — downgrade does not fully reset state; plugins built against 2026.5.12 break on 2026.5.3-1

This morning I completed the downgrade from 2026.5.12 → 2026.5.3-1 (after a hung npm install that needed a Mac hard-shutdown to finish — separate sub-issue noted in the original report).

Running a post-downgrade audit just now surfaced an additional regression worth documenting in the same thread, because it shows that rolling back the OpenClaw binary version is not sufficient to restore a working state — plugins installed under the user's ~/.openclaw/npm/ are not version-aware and continue to be loaded against paths that no longer exist on disk.

Concretely:

[plugins] codex failed to load from /Users/<user>/.openclaw/npm/node_modules/@openclaw/codex/dist/index.js:
  Error: Cannot find module '/opt/homebrew/lib/node_modules/openclaw/dist/plugin-sdk/root-alias.cjs/json-schema-runtime'

The @openclaw/codex plugin was installed/built while OpenClaw was on 2026.5.12, and its compiled output references plugin-sdk/root-alias.cjs/json-schema-runtime — a path that exists in 2026.5.12 but not in 2026.5.3-1. The downgrade rolled the binary back, but did nothing to the user's plugin installs, so the gateway now logs this error on every command.

Compounding effect on my workflow: I had configured a "cross-check via OAuth" path (ChatGPT subscription, zero marginal cost) that depended on openai-codex/* models which the codex plugin registers. With the plugin failing to load on 2026.5.3-1:

• agents.defaults.models no longer contains openai-codex/gpt-5.5, only openai/gpt-5.5.
• Gateway refuses model overrides with: "Model override 'openai-codex/gpt-5.5' is not allowed for agent 'main'".
• I have to fall back to direct OpenAI API key billing (paid) for cross-check work for the duration of the version-lock until a fix off 2026.5.12 ships.

This means the true blast radius of the original "WhatsApp runtime silently rebinds" regression is wider than the issue body captured. The full damage assessment is:

1. Original regression on upgrade to 2026.5.12: agent goes offline on WhatsApp + loses all tools.
2. Workaround (rollback to wrapper or downgrade) recovers the agent.
3. But downgrading leaves plugin state broken, because plugins are pinned to the SDK paths of whichever version they were built under, and there is no openclaw downgrade command that re-installs plugins against the target version's SDK.

Suggested additional fixes / mitigations to consider in the same triage:

• (a) Make plugin-SDK paths version-stable across releases (or expose a stable shim that survives binary version changes), OR
• (b) Provide a first-class openclaw plugins repair / openclaw downgrade <version> command that detects mismatched plugin builds and rebuilds them against the active binary, OR
• (c) At minimum, fail-loudly on plugin load mismatch with an actionable repair hint (currently the error scrolls past in normal output and the gateway just silently drops the affected models from the registry, which is how I lost openai-codex/* without realising it).

Standing on 2026.5.3-1 for the foreseeable future per my own version-lock rule. Happy to test any candidate fix when it ships.

[steipete]

Fixed by PR #83647, merged as cce0049.

Doctor now preserves recoverable legacy whole-agent Claude CLI runtime intent by moving matching Anthropic model selections to model-scoped runtime policy before removing the stale whole-agent runtime pin. Explicit per-model runtime overrides are left untouched.

Proof:

• Focused doctor migration tests passed: node scripts/run-vitest.mjs src/commands/doctor-legacy-config.migrations.test.ts src/commands/doctor/shared/legacy-config-migrate.test.ts
• Changed gate passed in Blacksmith Testbox: tbx_01krxrhxvn9s0hdgx5b8evqq52
• Autoreview was clean on the final commit

The PR body includes the detailed behavior proof block. Closing as fixed.