Runtime LLM allowlist diagnostics can double-prefix provider-qualified model refs

[100yenadmin]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

OpenClaw runtime LLM policy reports a denied plugin model override as openrouter/openrouter/gpt-5.4-mini when Lossless passes an OpenRouter-shaped model ref. The canonical provider-precedence bug that caused Lossless to select OpenRouter in this incident is tracked upstream in Lossless: Martian-Engineering/lossless-claw#738

Steps to reproduce

1. Have a plugin call api.runtime.llm.complete with a model selection that resolves to provider openrouter and model id openrouter/gpt-5.4-mini.
2. Configure the plugin runtime LLM allowlist with the expected short ref, e.g. openrouter/gpt-5.4-mini.
3. Trigger the runtime LLM policy check.
4. Observe the host policy error use a double-prefixed ref.

Expected behavior

OpenClaw should normalize provider/model refs consistently for runtime LLM policy checks and diagnostics. It should not report openrouter/openrouter/... when the actionable model ref is openrouter/....

Actual behavior

Local 2026.5.19 logs showed:

[lcm] runtime.llm.complete error: Plugin LLM completion model override "openrouter/openrouter/gpt-5.4-mini" is not allowlisted for plugin "lossless-claw".

Lossless had requested/reported:

Requested model: openrouter/gpt-5.4-mini

The doubled provider in the host error made the remediation confusing.

OpenClaw version

2026.5.19

Operating system

macOS 26 / Darwin arm64

Install method

Global OpenClaw gateway managed by launchd (ai.openclaw.gateway)

Model

Observed host-normalized ref: openrouter/openrouter/gpt-5.4-mini

Actionable/plugin-facing ref: openrouter/gpt-5.4-mini

Provider / routing chain

Plugin runtime LLM call -> OpenClaw api.runtime.llm.complete -> runtime model override policy

Additional provider/model setup details

This issue is intentionally narrowed to OpenClaw host normalization/diagnostics.

The broader incident was not intended to use OpenRouter. Lossless was configured for openai-codex/gpt-5.4-mini, but a bare LCM_SUMMARY_MODEL=gpt-5.4-mini env override caused Lossless to lose the configured provider and resolve through the active runtime/fallback context. That is tracked in Lossless upstream:

• Bare LCM_SUMMARY_MODEL can ignore configured summaryProvider Martian-Engineering/lossless-claw#738

Logs, screenshots, and evidence

Source paths on upstream/main:
- src/plugins/runtime/runtime-llm.runtime.ts:220 normalizeAllowedModelRef(raw)
- src/plugins/runtime/runtime-llm.runtime.ts:237-238 returns `${normalized.provider}/${normalized.model}`
- src/plugins/runtime/runtime-llm.runtime.ts:401-406 builds resolvedModelRef from normalizeModelRef(selection.provider, selection.modelId)
- src/plugins/runtime/runtime-llm.runtime.ts:407-412 checks the allowlist
- extensions/openrouter/openclaw.plugin.json:8-12 sets openrouter prefixWhenBare=openrouter

flowchart TD
  A[Plugin request model openrouter/gpt-5.4-mini] --> B[OpenClaw runtime.llm.complete]
  B --> C[selection provider=openrouter]
  C --> D[selection modelId=openrouter/gpt-5.4-mini]
  D --> E[host resolvedModelRef]
  E --> F[openrouter/openrouter/gpt-5.4-mini]
  F --> G[policy denial / confusing diagnostic]

  classDef bad fill:#ffd6d6,stroke:#cc3333,color:#111;
  class F,G bad;

Loading

Impact and severity

Affected: plugin authors/users debugging runtime LLM allowlist failures for provider/model refs that already include a provider segment.
Severity: Medium as a host issue by itself; it becomes high-severity only when combined with the Lossless provider-precedence bug in #738.
Frequency: Reproduced in local logs during a 99% context incident.
Consequence: diagnostics point to a malformed model ref and can lead users to add the wrong allowlist entries.

Additional information

Suggested OpenClaw fix shape: normalize runtime LLM model refs with a helper that strips only duplicated provider prefixes after normalizeModelRef(), and add a regression where provider="openrouter", modelId="openrouter/gpt-5.4-mini", and allowedModels=["openrouter/gpt-5.4-mini"] does not produce openrouter/openrouter/... in the check/error path.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: current main and the latest shipped tag still build runtime LLM allowlist refs with raw provider/model interpolation, so an OpenRouter-shaped model id can surface as openrouter/openrouter/.... The reporter also narrowed the provider-precedence root cause to the Lossless issue, leaving this OpenClaw item as a focused host diagnostics bug.

Reproducibility: yes. for a source-level reproduction: a provider openrouter selection with model id openrouter/gpt-5.4-mini flows into string interpolation that can produce openrouter/openrouter/gpt-5.4-mini. I did not execute a live gateway run in this read-only review.

Next step
This is a narrow source-proven diagnostics bug in the runtime LLM policy path with clear implementation and regression-test targets.

Review details

Best possible solution:

Add a shared or local canonical model-ref formatter for runtime policy checks, use it in runtime.llm diagnostics, and cover the OpenRouter provider-qualified case with a regression test.

Do we have a high-confidence way to reproduce the issue?

Yes for a source-level reproduction: a provider openrouter selection with model id openrouter/gpt-5.4-mini flows into string interpolation that can produce openrouter/openrouter/gpt-5.4-mini. I did not execute a live gateway run in this read-only review.

Is this the best way to solve the issue?

Yes, a narrow normalization/formatting fix in the runtime LLM policy path is the best fit. The Lossless provider-precedence problem is separately tracked upstream and should not be solved in OpenClaw core here.

Label changes:

• add P2: The issue is a valid runtime diagnostics bug with limited scope and a clear policy-check surface.
• add impact:auth-provider: The report concerns provider/model override policy and model-choice diagnostics for plugin runtime LLM calls.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P2: The issue is a valid runtime diagnostics bug with limited scope and a clear policy-check surface.
• impact:auth-provider: The report concerns provider/model override policy and model-choice diagnostics for plugin runtime LLM calls.

Acceptance criteria:

• node scripts/run-vitest.mjs src/plugins/runtime/runtime-llm.runtime.test.ts
• git diff --check

What I checked:

• Issue discussion narrowed scope: The reporter clarified that the Lossless provider-precedence problem belongs upstream and this OpenClaw issue is only about the host-side double-prefix runtime LLM diagnostic.
• Current runtime LLM allowlist formatting: normalizeAllowedModelRef normalizes provider/model pairs and then returns ${normalized.provider}/${normalized.model}, which can duplicate a provider already present in the normalized model id. (src/plugins/runtime/runtime-llm.runtime.ts:220, e3b77d6d2c89)
• Current runtime LLM diagnostic formatting: The model override policy path formats resolvedModelRef with ${normalizedSelection.provider}/${normalizedSelection.model} before the allowlist check and error message. (src/plugins/runtime/runtime-llm.runtime.ts:401, e3b77d6d2c89)
• OpenRouter manifest normalization: The OpenRouter manifest sets prefixWhenBare: "openrouter", while manifest normalization preserves model ids that already contain a provider segment. (extensions/openrouter/openclaw.plugin.json:8, e3b77d6d2c89)
• Existing canonical formatter: modelKey already avoids adding the provider when the model id starts with the same provider prefix, which is the behavior the runtime LLM path should reuse or mirror. (src/agents/model-ref-shared.ts:17, 384451343191)
• Latest release contains same behavior: v2026.5.19 contains the same runtime LLM interpolation at the allowlist normalization and resolved override diagnostic points, matching the reported shipped version. (src/plugins/runtime/runtime-llm.runtime.ts:220, a185ca283a74)

Likely related people:

• Peter Steinberger: Blame and show output tie the runtime LLM policy path, its tests, and the shared model-ref helper to commits 384451343191f9f6f205aa4bfdc2386168482e45 and a185ca283a74092d3840d0c81c53cf02e25024e8. (role: introduced behavior and recent area contributor; confidence: high; commits: 384451343191, a185ca283a74; files: src/plugins/runtime/runtime-llm.runtime.ts, src/plugins/runtime/runtime-llm.runtime.test.ts, src/agents/model-ref-shared.ts)
• Vincent Koc: Git history shows d13869aab94dd7b3417d0c1601fb31ad2e41159d focused on OpenRouter compat aliases and allowlist/runtime resolver alignment, which is adjacent to this model-ref normalization bug. (role: adjacent OpenRouter model-selection contributor; confidence: medium; commits: d13869aab94d; files: src/agents/model-selection-shared.ts, src/agents/model-selection.test.ts)

Remaining risk / open question:

• The adjacent plugin subagent fallback policy in src/gateway/server-plugins.ts uses the same provider/model interpolation pattern, so the repair should consciously decide whether to share one helper or keep the fix scoped to runtime.llm.
• I did not run a live gateway/plugin reproduction in this read-only sweep; the bug is source-reproducible and should be locked down with a focused Vitest regression.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e3b77d6d2c89.

[100yenadmin]

Correction after re-checking the local config: the intended setup here is OpenAI/OpenAI-Codex, not OpenRouter. I updated the title/body accordingly.

The important local facts are:

{
  "summaryProvider": "openai-codex",
  "summaryModel": "gpt-5.4-mini"
}

and the service env also had a bare override:

LCM_SUMMARY_MODEL='gpt-5.4-mini'

So the bug is provider precedence/diagnostics for a bare env summary model during overflow recovery. The OpenRouter ref in the logs is a mis-resolution symptom from the active fallback context; the double-prefix error is secondary, not the intended route.

[100yenadmin]

Canonical Lossless issue filed: Martian-Engineering/lossless-claw#738

I narrowed this OpenClaw issue to the host-side double-prefix diagnostic only. The provider-precedence problem (LCM_SUMMARY_MODEL without LCM_SUMMARY_PROVIDER bypassing configured summaryProvider) is Lossless-owned and should be fixed there.