[Bug]: SecretRef migration silently drops OAuth profiles from auth-profiles.json

[aclee555]

Summary

On OpenClaw 2026.5.22, a SecretRef/static-secret migration path silently removed OAuth profiles from auth-profiles.json.

This is related to existing OAuth/runtime snapshot issues, but the observed failure mode here is different: the OAuth profiles were not merely unavailable in an in-memory runtime snapshot; the profile entries disappeared from auth-profiles.json and had to be recreated by re-running OAuth login.

Environment

• OpenClaw: 2026.5.22 (stable)
• OS: macOS 26.5 arm64
• Install/update path: npm/pnpm global OpenClaw install, gateway running via LaunchAgent
• Agent runtime: OpenAI Codex OAuth
• Affected profiles observed:
  • openai-codex:
  • anthropic:claude-cli

Observed behavior

After migrating static tokens to local-file SecretRefs, static-token auth was correctly externalized and openclaw secrets audit reported clean static SecretRefs.

Separately, OAuth profiles were silently dropped from auth-profiles.json. The affected setup lost at least:

• an OpenAI Codex OAuth profile
• an Anthropic Claude CLI OAuth profile

There was no clear warning and no config-audit trail for the auth-profiles.json write. The gateway itself stayed up and local CLI commands still worked, but agent runs failed once they needed the missing OAuth profile.

The user-visible failure in a cron run was:

FailoverError: No API key found for provider "openai-codex".
Auth store: /Users/.../.openclaw/agents/main/auth-profiles.json (agentDir: /Users/.../.openclaw/agents/main).
Configure auth for this agent (openclaw agents add <id>) or copy only portable static auth profiles from the main agentDir.

Re-authenticating restored the profile:

openclaw models auth login --provider openai-codex

After reauth:

openai-codex:<redacted account> [openai-codex/oauth]

Expected behavior

SecretRef/static-token migration should preserve OAuth profiles, especially profiles represented by oauthRef/credential-sidecar entries.

If a migration intentionally cannot handle OAuth profiles, it should:

• leave them untouched, or
• fail loudly before modifying auth-profiles.json, or
• write a backup and print an explicit warning naming the skipped/dropped profile ids.

Suspected root cause

The doctor/auth OAuth-sidecar migration path appears to handle static-token profiles but not OAuth profiles whose auth data is represented by oauthRef / credential sidecar references.

For type=oauth profiles with oauthRef.id pointing into a credential sidecar, the migration appears to remove the profile entry instead of preserving it or warning.

Also, config-audit.jsonl tracks openclaw.json writes, but not auth-profiles.json writes, so there is no obvious audit trail for this destructive auth-profile change.

Impact

This breaks Codex/Claude OAuth-based agent runtimes after an otherwise successful static SecretRef migration.

The failure is easy to recover from once recognized, but it is silent and confusing:

• gateway health can still look OK
• static SecretRef audit can be clean
• Telegram/cron/agent runs can fail later with a misleading "No API key found" error
• the fix requires a real terminal OAuth login

Workaround

Run this after SecretRef migration / doctor --fix / configure / plugin work:

openclaw models auth list

If the OAuth profile is missing:

openclaw models auth login --provider openai-codex

Related issues

This may be related to OAuth auth-profile snapshot issues such as #85521, but #85521 describes a runtime snapshot clobber where the on-disk auth profile survives. This report is specifically about the profile being removed from auth-profiles.json during migration/config write behavior.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 26, 2026, 12:46 AM ET / 04:46 UTC.

Summary
Keep open: current main has related safeguards for SecretRef scrubbing, external CLI OAuth, and legacy oauthRef sidecars, but I did not find source or history proof that the reported on-disk OAuth profile deletion mode is fixed or superseded. The report is distinct from the related runtime-snapshot issue because it says profiles disappeared from auth-profiles.json.

Reproducibility: no. This read-only review found the relevant source surfaces and related tests, but did not establish a high-confidence current-main reproduction of the destructive auth-profiles.json write.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Include redacted logs or terminal output.

Next step
The item is important and likely bounded, but the exact destructive write path is not yet isolated enough for a safe autonomous repair lane on auth-provider persistence.

Review details

Best possible solution:

Add a focused regression around the actual SecretRef/static-token migration path and then preserve unrelated OAuth, external CLI, and oauthRef profiles or fail before writing auth-profiles.json.

Do we have a high-confidence way to reproduce the issue?

No. This read-only review found the relevant source surfaces and related tests, but did not establish a high-confidence current-main reproduction of the destructive auth-profiles.json write.

Is this the best way to solve the issue?

Yes in direction, unclear in exact patch shape. Preserving OAuth profiles or failing loudly before modifying the file is the right fix, but the implementation should start by reproducing the specific migration/write path from the report.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The exact destructive trigger is still unproven from source inspection alone; it may be in secrets apply, doctor/config write sequencing, auth-profile save filtering, or an interaction with external CLI/OAuth sidecar state.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7db4b3db412d.

Label changes

Label changes:

• add P1: The report describes stable-release auth loss that can break real unattended agent runs while the gateway still appears healthy.
• add impact:data-loss: The core failure is persisted OAuth profile entries disappearing from auth-profiles.json.
• add impact:auth-provider: The dropped OpenAI Codex and Anthropic OAuth profiles cause provider credential resolution failures.
• add issue-rating: 🦐 gold shrimp: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.
• add clawsweeper:no-new-fix-pr: Current issue advisory state selects this label.
• add clawsweeper:needs-maintainer-review: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes stable-release auth loss that can break real unattended agent runs while the gateway still appears healthy.
• impact:data-loss: The core failure is persisted OAuth profile entries disappearing from auth-profiles.json.
• impact:auth-provider: The dropped OpenAI Codex and Anthropic OAuth profiles cause provider credential resolution failures.

Evidence reviewed

Acceptance criteria:

• Reproduce with a fixture containing static SecretRef migration targets plus unrelated type: oauth profiles for OpenAI Codex oauthRef and Anthropic Claude CLI.
• Run the focused repo-approved Vitest wrapper for any touched auth-profile, secrets apply, or doctor tests.

What I checked:

• Static SecretRef scrub path leaves OAuth out of the mutation path: The provider scrub logic mutates api_key and token entries, while OAuth entries only produce a warning when inline tokens are present; this is relevant current behavior but not enough to prove the reporter's deletion path is fixed. (src/secrets/apply.ts:375, 7db4b3db412d)
• Auth-profile target mutation writes raw auth-profile stores: secrets apply can write projected auth-profiles.json content directly, so the migration/write path needs specific regression coverage for preserving unrelated OAuth entries and sidecar metadata. (src/secrets/apply.ts:544, 7db4b3db412d)
• Save path filters OAuth profiles before persisting: saveAuthProfileStore builds a filtered local store and writes that payload to auth-profiles.json; this is a plausible adjacent destructive-write surface for OAuth profile loss. (src/agents/auth-profiles/store.ts:757, 7db4b3db412d)
• Legacy oauthRef preservation exists but is narrow: Current tests preserve legacy oauthRef metadata during ordinary saves, but they do not establish the reported full SecretRef/static-token migration path with OpenAI Codex plus Anthropic CLI profiles. (src/agents/auth-profiles.store.save.test.ts:143, 7db4b3db412d)
• Related issue is not a duplicate closure: The provided related issue tracks an in-memory runtime snapshot clobber where the on-disk auth profile survives, while this report is specifically about deletion from auth-profiles.json.
• Current-main/release comparison did not prove a fix after v2026.5.22: Diffing the latest release tag against main showed auth-profile changes, but not a clear fix for silent on-disk OAuth profile deletion during SecretRef/static migration. (src/agents/auth-profiles/store.ts, 7db4b3db412d)

Likely related people:

• Peter Steinberger: Blame and the available local history tie the central auth-profile store, persistence, external CLI, and SecretRef apply paths to recent auth-cache and persistence work in commit ee51169. (role: recent area contributor; confidence: high; commits: ee51169b2063; files: src/agents/auth-profiles/store.ts, src/agents/auth-profiles/persisted.ts, src/agents/auth-profiles/external-cli-sync.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[cobenrogers]

Same failure mode on 2026.5.20 (Linux) — auth-profile runtime snapshot built empty at boot, dropping the OAuth profile

Reproduced independently on a different setup; adding evidence since #86756 explicitly lists anthropic:claude-cli as an affected profile.

Environment

• OpenClaw 2026.5.20 (e510042), Linux (Pop!_OS), npm global, gateway via systemd --user
• Agent runtime: Anthropic via claude-cli OAuth (Claude Max subscription), profile anthropic:claude-cli (provider: claude-cli, mode: oauth)
• No Anthropic API key configured (subscription-only)

Symptom

• Interactive turns work (cli-session reads ~/.claude/.credentials.json directly).
• Embedded/queued agent runs (pi harness) fail:

  FailoverError: No API key found for provider "anthropic".
  Auth store: .../agents/main/agent/auth-profiles.json
  

  Stack: resolveApiKeyForProvider → getApiKeyForModel → resolveApiKeyForCandidate → applyApiKeyInfo → initializeAuthProfile (pi-embedded) → runQueueEntryTask

Root cause pinned via runtime instrumentation

1. At boot, the auth-profile runtime snapshot is set empty for the agent:

   replaceRuntimeAuthProfileStoreSnapshots([{ agentDir: .../agents/main/agent, store: { profiles: {} } }])
     ← activateSecretsRuntimeSnapshotState (runtime-state)
     ← activateSecretsRuntimeSnapshot (runtime)
     ← finishPreparedSnapshot (server-startup-config)
   

   This is the only snapshot write of the session.
2. openclaw models auth list reports: ignored invalid auth profile entries during store load → Profiles: (none). The config-declared anthropic:claude-cli OAuth profile (a bare {provider, mode} with no inline credential — the token is external in ~/.claude) is treated as invalid and silently dropped during store load, so the snapshot is empty.
3. Embedded pi runs read that empty snapshot as their authStore (options.authProfileStore) → no candidate → No API key found.
4. ensureAuthProfileStoreWithoutExternalProfiles then short-circuits on the empty snapshot (if (runtimeStore) return runtimeStore;) — it returns the empty snapshot before loadAuthProfileStoreForAgent or the external-CLI overlay can repopulate it.

Distinct from #85521 (closed): saveAuthProfileStore is never called in this repro (verified by instrumentation) — so the external-CLI-filtered-save mechanism is not the trigger here. The trigger is the boot-time secrets/snapshot activation dropping the OAuth profile as "invalid."

Recovery that works: openclaw models auth login --provider anthropic --method cli rewrites a valid profile.

Suggested fixes

• The store loader should not silently drop a config-declared OAuth profile as "invalid" — at minimum log which entry and why.
• ensureAuthProfileStoreWithoutExternalProfiles should not trust an empty runtime snapshot; fall through to load config + apply the external-CLI overlay (if (runtimeStore && Object.keys(runtimeStore.profiles).length) return runtimeStore;).
• The boot snapshot activation should include/overlay external-CLI OAuth profiles, not just secret-backed ones.

[joshavant]

Thanks for the detailed report, @aclee555.

We tracked this through the SecretRef/auth-profile paths and the related Claude CLI OAuth evidence added later in the thread. The root issue was that SecretRef startup/reload snapshots are intentionally static-only, but PI embedded runs and /btw could then rely on a no-external auth-profile view and miss runtime-only Claude CLI OAuth profiles such as anthropic:claude-cli. That made OAuth-backed agent runs fail even though the OAuth credential itself still existed outside the static SecretRef snapshot.

The fix landed in #87167. It keeps SecretRef semantics unchanged: SecretRefs remain static, are resolved atomically at startup/reload, and do not capture runtime OAuth material. The runtime paths now load a narrowly scoped Claude CLI OAuth overlay only when auth selection can actually choose it. Stale auto-selected static Anthropic profiles no longer suppress selected Claude CLI OAuth, while user-locked static profiles stay pinned.

Validation included focused regression coverage for SecretRef/static auth preservation, runtime-only external auth snapshots, PI auth selection, and /btw; plus live Claude OAuth probes using isolated local state. The clean PI and /btw Claude CLI OAuth happy paths also passed after the fix.

Closing this as fixed by #87167 / cc704ca.