[Bug]: saveAuthProfileStore overwrites runtime auth-profile snapshot with external-CLI-filtered view, dropping OAuth credentials from in-process state

[cobenrogers]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Any call to saveAuthProfileStore (in src/agents/auth-profiles/store.ts) clobbers the runtime auth-profile snapshot with an external-CLI-filtered view, silently dropping the anthropic:claude-cli OAuth credential from in-process state while leaving the on-disk file intact — every subsequent embedded-agent run then fails with FailoverError: No credentials found for profile "anthropic:claude-cli" until the openclaw models ... CLI bootstrap re-runs.

Steps to reproduce

1. Start OpenClaw with an anthropic:claude-cli OAuth profile active and the embedded agent responding normally.
2. Trigger any call to saveAuthProfileStore — confirmed triggers include:
   • A channel-secrets reload after mutating openclaw.json (e.g., SecretRef migration of channels.discord.token)
   • Any openclaw update that rewrites config on boot
3. Observe gateway logs: config change detected → channel reload → Secrets reloaded.
4. Submit any embedded-agent request: FailoverError: No credentials found for profile "anthropic:claude-cli".
5. Confirm ~/.openclaw/agents/main/agent/auth-profiles.json is still present on disk with valid credentials.
6. Run openclaw models status (forces auth-profiles bootstrap); restart gateway: agent recovers.

Reproduced twice on v2026.5.18 (2026-05-19 and 2026-05-20) on Pop!_OS 24.04.

Expected behavior

Any saveAuthProfileStore call that writes auth-profiles.json should either preserve or immediately re-attach external-CLI OAuth profiles in the runtime snapshot. The overlayExternalAuthProfiles bootstrap path that openclaw models ... triggers should also run on the gateway's own write path.

Actual behavior

After saveAuthProfileStore writes, the runtime credential reference for anthropic:claude-cli is empty. Subsequent calls to ensureAuthProfileStore → resolveRuntimeAuthProfileStore return the stripped snapshot (external profiles absent) without re-reading disk. overlayExternalAuthProfiles is bypassed on the runtime fast-path. Result: every embedded-agent run fails with No credentials found for profile "anthropic:claude-cli" until the CLI bootstrap re-runs.

Root cause (traced to source)

In src/agents/auth-profiles/store.ts, saveAuthProfileStore ends with:

const localStore = buildLocalAuthProfileStoreForSave({ store, agentDir, options });
saveJsonFile(authPath, buildPersistedAuthProfileSecretsStore(localStore, ...));
savePersistedAuthProfileState(localStore, agentDir);
writeCachedAuthProfileStore({ authPath, ..., store: localStore });
if (hasRuntimeAuthProfileStoreSnapshot(agentDir))
  setRuntimeAuthProfileStoreSnapshot(localStore, agentDir);  // ← bug

buildLocalAuthProfileStoreForSave intentionally filters out external-CLI profiles for disk persistence (correct — those credentials are owned by the external CLI). But the same filtered localStore is then written to the runtime snapshot via setRuntimeAuthProfileStoreSnapshot. Subsequent credential lookups go through ensureAuthProfileStore → resolveRuntimeAuthProfileStore, which short-circuits on the cached snapshot without re-reading disk. The overlayExternalAuthProfiles re-attachment is bypassed at runtime (suspected: runtime-fast-path-BLTCPu20.js bundle path — not yet fully traced).

Fix direction: setRuntimeAuthProfileStoreSnapshot should receive the full store (with external profiles preserved) rather than the disk-filtered localStore. Alternatively, resolveRuntimeAuthProfileStore should always call overlayExternalAuthProfiles before returning.

OpenClaw version

2026.5.18

Operating system

Pop!_OS 24.04 (Linux 6.18.7-76061807-generic x64)

Install method

npm global

Model

anthropic/claude-sonnet-4-6

Provider / routing chain

openclaw → anthropic:claude-cli (OAuth, external-CLI profile)

Additional provider/model setup details

anthropic:claude-cli is the OAuth profile managed by the Claude CLI at ~/.claude/.credentials.json. OpenClaw uses it as an external-CLI profile overlay. On-disk: ~/.openclaw/agents/main/agent/auth-profiles.json. The openclaw security audit flags this profile as [LEGACY_RESIDUE] after the bug fires — the disk file survives but the in-memory reference is gone.

Logs, screenshots, and evidence

# Gateway log sequence (2026-05-19 observed):
config change detected; evaluating reload (channels.discord.token)
config change requires channel reload (discord)
Secrets reloaded.
# ... 8h later, first embedded-agent request:
FailoverError: No credentials found for profile "anthropic:claude-cli"

# Recovery sequence:
$ openclaw models status
# expiring expires in 8h  ← bootstrap re-runs from ~/.claude/.credentials.json
$ systemctl --user restart openclaw-gateway
# wait ~8s
$ curl -s http://localhost:18789/health
{"ok":true,"status":"live"}
# Agent recovers; responds normally to next message

Note on related issues: Upstream #85125 is a /models perf prewarm task and is not related to this bug. Commit a483f70a clears the prepared provider-auth map on auth failure — a separate in-memory cache from the runtime auth-profile snapshot this bug clobbers; its relevance to our specific failure is unverified.

v5.17 shipped Auth: serialize provider login writes through the auth-profile lock so a live Gateway cannot overwrite freshly refreshed OAuth credentials with an expired in-memory snapshot — we're on 5.18 (includes it) yet still see this bug, indicating the dominant trigger is the saveAuthProfileStore snapshot clobber on config-write, not an OAuth-refresh race.

v5.19 ships Gateway/config: keep config writes from failing on unrelated unresolved auth-profile SecretRefs while preserving live auth-profile runtime snapshots — directly relevant to the config-write trigger. Upgrading to ≥5.20 is expected to close the most common trigger but the root-cause saveAuthProfileStore snapshot bug should still be fixed at the source.

Impact and severity

• Affected: Any OpenClaw instance using anthropic:claude-cli (or other external-CLI OAuth profile) when a config write triggers saveAuthProfileStore
• Severity: High — blocks all embedded-agent runs; gateway appears healthy (/health returns ok) while agent is silently broken
• Frequency: Triggered on every config-mutating event (channel reload, openclaw update); intermittent from user perspective because the gateway stays up
• Consequence: Agent stops responding until a manual openclaw models status + gateway restart recovery sequence is performed; silent failure is particularly dangerous in unattended setups

Additional information

Tracking issue in our fleet: cobenrogers/mission-control#7

Local workaround (documented for our fleet):

1. openclaw models status (forces auth-profiles bootstrap from ~/.claude/.credentials.json)
2. systemctl --user restart openclaw-gateway
3. Wait ~8s for HTTP rebind; verify curl -s http://localhost:18789/health returns {"ok":true,"status":"live"}

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Latest ClawSweeper review: 2026-05-23 16:16 UTC / May 23, 2026, 12:16 PM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Current main and the latest release still have the reported auth-profile snapshot bug: the save path filters runtime-only external OAuth profiles for disk persistence and then installs that same filtered store as the active runtime snapshot. The issue also has open PRs that reference it with closing syntax, so it should stay open until one fix lands or maintainers choose a different path.

Reproducibility: yes. for source-level reproduction: current main still filters runtime-only external OAuth profiles for save and then writes that filtered store into the active runtime snapshot. I did not run a live gateway reproduction in this read-only review.

Next step
Open fixing PRs already reference this issue with closing syntax, so ClawSweeper should not queue a competing repair job from the issue.

Review details

Best possible solution:

Land a narrow auth-profile store fix that preserves disk filtering for runtime-only external CLI credentials while keeping the active runtime snapshot hydrated, then close this issue through the merged fixing PR.

Do we have a high-confidence way to reproduce the issue?

Yes for source-level reproduction: current main still filters runtime-only external OAuth profiles for save and then writes that filtered store into the active runtime snapshot. I did not run a live gateway reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, the best fix belongs at the auth-profile snapshot boundary: preserve persistence filtering for disk while keeping runtime snapshots hydrated or consistently re-overlaying external profiles before snapshot-backed auth reads return.

Label changes:

• remove clawsweeper:fix-shape-clear: Current issue advisory state no longer selects this label.
• remove clawsweeper:queueable-fix: Current issue advisory state no longer selects this label.

Label justifications:

• P1: The issue can break embedded-agent authentication for external-CLI OAuth users while the gateway remains otherwise healthy.
• impact:session-state: The reported failure comes from in-process runtime auth-profile snapshot state diverging from usable auth state.
• impact:auth-provider: The affected path is OAuth/external-CLI auth-profile resolution for provider credentials.

What I checked:

• Current source filters the save store: buildLocalAuthProfileStoreForSave clones the incoming store and filters profiles, order, lastGood, and usageStats through shouldKeepProfileInLocalStore; OAuth profiles are kept only when persistence policy allows them or filterExternalAuthProfiles is false. (src/agents/auth-profiles/store.ts:391, a04566da11ce)
• Current source writes the filtered store into the runtime snapshot: saveAuthProfileStore builds localStore, writes and caches that filtered store, then calls setRuntimeAuthProfileStoreSnapshot(localStore, agentDir) whenever an active snapshot exists. (src/agents/auth-profiles/store.ts:755, a04566da11ce)
• Snapshot-backed reads can bypass disk reload: ensureAuthProfileStoreWithoutExternalProfiles returns resolveRuntimeAuthProfileStore before loading persisted files, so a clobbered snapshot can be reused by runtime auth paths. (src/agents/auth-profiles/store.ts:640, a04566da11ce)
• Runtime-only external OAuth profiles are intentionally not persisted: External auth overlay code treats runtime-only external profiles as overlay material, and shouldPersistRuntimeExternalOAuthProfile returns false for equivalent runtime-only OAuth credentials. (src/agents/auth-profiles/oauth-shared.ts:184, a04566da11ce)
• Embedded-agent path can use no-external-profile auth stores: The embedded runner uses ensureAuthProfileStoreWithoutExternalProfiles for normal non-Codex bootstrap paths, matching the reported failure mode when the runtime snapshot loses an external CLI profile. (src/agents/pi-embedded-runner/run.ts:705, a04566da11ce)
• Reported error text matches provider auth failure path: resolveApiKeyForProvider throws No credentials found for profile "..." when an explicit profile cannot be resolved from the scoped auth store. (src/agents/model-auth.ts:631, a04566da11ce)

Likely related people:

• vincentkoc: History shows Vincent Koc introduced runtime-snapshots.ts in 2bc031c3571bda3cb7ec4157ef22421781632bae and made external CLI OAuth runtime-only in a001b5343ff0499ff06aef0779fc21f06b0ce2c7, the two behavior pieces that interact here. (role: introduced runtime snapshot and external-CLI runtime-only behavior; confidence: high; commits: 2bc031c3571b, a001b5343ff0, f6921fd73366; files: src/agents/auth-profiles/store.ts, src/agents/auth-profiles/runtime-snapshots.ts, src/agents/auth-profiles/external-auth.ts)
• steipete: Peter Steinberger has multiple relevant auth-profile store changes, including splitting auth state from the secrets store and mirroring CLI auth into runtime store behavior before the external-auth refactors. (role: recent auth-profile store contributor; confidence: medium; commits: 1c41987876f1, a8a49d142f4a, 9afcbbec5e60; files: src/agents/auth-profiles/store.ts, src/agents/auth-profiles.store.save.test.ts)
• Gio Della-Libera: Current git blame on the affected save path attributes the present lines to f7c05dcc9e51e6e60d16a8a205b4fa6e85f9ec0e, though the semantic history points more strongly to earlier auth-profile commits. (role: recent current-main line contributor; confidence: low; commits: f7c05dcc9e51; files: src/agents/auth-profiles/store.ts, src/agents/auth-profiles/external-auth.ts)

Remaining risk / open question:

• No live gateway reproduction was run in this read-only review; the current-main source path is still high-confidence and matches the reported failure mode.
• Two open PRs propose overlapping fixes, so maintainers should choose one reviewed implementation path and close or supersede the other to avoid competing auth-store behavior.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a04566da11ce.