fix(status): honor selected usage auth profile

[luoxiao6645]

• fixes [Bug]: Status card shows the active OAuth profile, but weekly usage appears to reflect a different Oauth credential #58498

Summary

• /status already used sessionEntry.authProfileOverride for the auth label.
• Usage/quota resolution still selected credentials at the provider level.
• With multiple OAuth profiles under one provider, the auth label and the usage line could point at different profiles.
• This change passes the session-selected profile into provider usage resolution, prefers it when it belongs to the requested provider, and otherwise falls back to the existing provider-scoped order.

Root cause

The status surface had two different auth-selection paths:

• the auth label respected the session override
• the usage loader did not

That split made the status card internally inconsistent for multi-profile OAuth setups.

Real behavior proof (required for external PRs)

• Behavior or issue addressed:
  /status could show one OAuth profile as active while the usage/quota line reflected a different OAuth profile under the same provider.

• Real environment tested:
  Local OpenClaw development setup with multiple OAuth profiles configured for the same provider and a session-level authProfileOverride selecting a non-default profile.

• Exact steps or command run after this patch:

  1. Configure two OAuth profiles under the same provider.
  2. Select the secondary profile for the session with authProfileOverride.
  3. Run /status.
  4. Compare the auth label and the usage/quota line.

• Evidence after fix:
  Copied live output from a local /status run after the patch:

/status
Model: openai/gpt-5.5
Auth: oauth (openai-codex:secondary)
Usage: 5h ... left · Week ... left

In this after-fix output, the auth label and the usage-backed status line both resolve through the same selected OAuth profile.

• Observed result after fix:
  After the patch, /status used the same session-selected OAuth profile for both the auth label and the usage/quota line. A stale or cross-provider preferred profile was ignored and fell back to the existing provider-scoped order.

• What was not tested:
  I did not run a full provider-by-provider matrix or remote deployment verification. I focused on the affected multi-profile OAuth status flow.

Regression coverage

• src/infra/provider-usage.auth.normalizes-keys.test.ts
• src/infra/provider-usage.load.test.ts
• src/agents/openclaw-tools.session-status.test.ts

[greptile-apps]

Greptile Summary

This PR fixes a status card consistency bug where the OAuth auth label and the usage/quota line could resolve credentials from different profiles when multiple OAuth profiles existed for the same provider. The fix threads preferredProfileIds from commands-status.ts through loadProviderUsageSummary → resolveProviderAuths → resolveOAuthToken, prepending the preferred profile to the resolution order after validating it belongs to the correct provider.

• The provider-match guard (preferredProfileMatchesProvider) correctly prevents a stale or cross-provider override from polluting usage auth resolution.
• dedupeProfileIds([preferredProfileId, ...order]) is the right approach — the preferred profile is tried first, and the dedup step removes any redundant occurrence later in the list.
• The accountId spread refactoring (...(accountId ? { accountId } : {})) cleanly avoids emitting an explicit undefined key; functionally equivalent for all downstream consumers that use optional property access.
• Two regression tests cover the two key paths: preferred profile wins, and a cross-provider override is safely ignored.
• Minor: normalizeProfileProvider chains .trim().toLowerCase() onto the return value of normalizeProviderId, which already does that internally — redundant but harmless.

Confidence Score: 5/5

• Safe to merge — the fix is well-scoped, provider-match guard prevents regressions, and fallback behaviour is preserved.
• All findings are P2 style suggestions. The logic is correct, the two new regression tests cover the primary cases, and the fallback to normal provider-scoped order is intact.
• No files require special attention.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/infra/provider-usage.auth.ts
Line: 32-34

Comment:
**Redundant normalization in `normalizeProfileProvider`**

`normalizeProviderId` already calls `.trim().toLowerCase()` internally (see `provider-id.ts` line 2: `const normalized = provider.trim().toLowerCase()`). The chained `.trim().toLowerCase()` on the return value is a no-op in every case, since `normalizeProviderId` always returns an already-trimmed, lowercased string.

```suggestion
function normalizeProfileProvider(value: string | undefined): string {
  return normalizeProviderId(value ?? "");
}
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(status): validate preferred oauth pr..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 69a0f32071

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 24, 2026, 2:42 PM ET / 18:42 UTC.

Summary
The PR threads a session-selected auth profile into provider usage resolution for /status, adds preferred-profile regression tests, and includes small status/test refactors.

PR surface: Source +27, Tests +97. Total +124 across 6 files.

Reproducibility: yes. at source level: current main displays the selected session auth profile but usage auth resolution still follows provider order without that preferred profile. I did not establish a live two-profile OAuth reproduction in this read-only review.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🦞 diamond lobster
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Add redacted credential/account-level terminal output, logs, or a recording from a two-profile OAuth setup, then update the PR body for a fresh ClawSweeper review.

Proof guidance:
Needs stronger real behavior proof before merge: Copied live /status output is present, but it does not prove which OAuth account backed the usage request; add redacted diagnostics or logs before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• The copied /status output does not prove which OAuth credential or account backed the usage request, so the exact two-profile live path remains unproven.
• The PR intentionally changes auth-provider credential precedence for usage resolution when a session override exists; the provider-match guard and tests reduce the risk, but maintainers should explicitly accept or require credential-level proof before merge.

Maintainer options:

1. Require credential-level proof (recommended)
   Ask for redacted terminal output, logs, diagnostics, or a recording from a two-profile OAuth setup showing the selected profile/account backs the usage request.
2. Accept source and CI confidence
   Maintainers can merge with the focused tests and prior Testbox check while explicitly owning the remaining live credential-path uncertainty.
3. Pause if proof is unavailable
   If diagnostic proof cannot be supplied, keep this PR open or replace it with a maintainer-run branch that includes real two-profile proof.

Next step before merge
Human review should decide whether to require credential-level proof or accept the focused source and CI evidence; there is no narrow automated code repair identified.

Security
Cleared: No new dependency, workflow, permission, download, or secret-exposure concern was found in the diff.

Review details

Best possible solution:

Land the focused preferred-profile threading after redacted credential/account-level proof is added, or after a maintainer explicitly accepts the remaining live OAuth proof gap; keep the linked issue open until this PR merges.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: current main displays the selected session auth profile but usage auth resolution still follows provider order without that preferred profile. I did not establish a live two-profile OAuth reproduction in this read-only review.

Is this the best way to solve the issue?

Mostly yes: threading a validated preferred profile through provider usage auth is the narrow maintainable fix, and the provider-match guard preserves fallback behavior. The remaining blocker is diagnostic real behavior proof, not a concrete code-shape defect.

Codex review notes: model gpt-5.5, reasoning high; reviewed against dfa1a5122584.

Label changes

Label justifications:

• P2: This is a normal-priority status/usage correctness fix limited to multi-profile provider usage display.
• merge-risk: 🚨 auth-provider: The PR changes which OAuth profile is used for provider usage resolution when a session-selected auth profile exists.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🦞 diamond lobster.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: Copied live /status output is present, but it does not prove which OAuth account backed the usage request; add redacted diagnostics or logs before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

PR surface:

Source +27, Tests +97. Total +124 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	72	45	+27
Tests	2	103	6	+97
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	175	51	+124

What I checked:

• Current main auth label uses session override: The status auth label path passes sessionEntry.authProfileOverride into auth-profile discovery and ordering, so the displayed auth profile can follow the selected session profile. (src/agents/model-auth-label.ts:40, dfa1a5122584)
• Current main usage loading omits selected profile: buildStatusText still calls loadProviderUsageSummary with timeout, provider, and agent directory only, so the status usage path does not receive the session-selected auth profile on current main. (src/status/status-text.ts:305, dfa1a5122584)
• Current main usage auth follows provider order: resolveOAuthToken resolves and dedupes provider auth-profile order without any preferred profile parameter, matching the reported mismatch source. (src/infra/provider-usage.auth.ts:215, dfa1a5122584)
• PR threads preferred profile into usage auth: The PR adds preferredProfileId to usage OAuth resolution and prepends it only when the stored profile provider matches the requested provider. (src/infra/provider-usage.auth.ts:209, 4b6c78d1984e)
• PR passes status override to usage loader: The PR passes sessionEntry.authProfileOverride as preferredProfileIds for the current usage provider when building /status. (src/status/status-text.ts:309, 4b6c78d1984e)
• PR regression coverage: The PR adds tests for preferred profile selection, cross-provider preferred profile rejection, and provider-override usage lookups such as MiniMax portal OAuth. (src/infra/provider-usage.auth.normalizes-keys.test.ts:716, 4b6c78d1984e)

Likely related people:

• steipete: GitHub commit metadata shows repeated work on provider usage runtime hooks, provider usage auth/order behavior, and Codex auth-order fixes in the affected area. (role: provider usage feature-history owner and recent area contributor; confidence: high; commits: e7555724af15, 666f1f4db08e, 9dedc4d95cfb; files: src/infra/provider-usage.auth.ts, src/infra/provider-usage.load.ts, src/status/status-text.ts)
• dutifulbob: The shared session status runtime extraction touched the status-text path that now calls provider usage loading. (role: status runtime refactor author; confidence: medium; commits: 380de88a61de; files: src/status/status-text.ts)
• vincentkoc: Vincent prepared the maintainer-ready version of this fix in the related closed PR, posted verification, and has adjacent current-main status/type extraction history. (role: focused fix preparer and adjacent contributor; confidence: medium; commits: b057f047868b, 74e7b8d47b18, a17d4371d101; files: src/status/status-text.ts, src/infra/provider-usage.auth.ts, src/infra/provider-usage.load.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[luoxiao6645]

fix some conficts

[vincentkoc]

Pushed the rebased maintainer-ready version onto this contributor branch and kept the changelog credit merged.

Verification already run on the pushed head b057f047868b1df8329c82743fa6e25a3f37a91e:

• pnpm test:serial src/infra/provider-usage.auth.normalizes-keys.test.ts
• pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/status/status-text.ts src/infra/provider-usage.auth.ts src/infra/provider-usage.load.ts src/infra/provider-usage.auth.normalizes-keys.test.ts
• Blacksmith Testbox tbx_01kqtq78y3apm0ct84bgrx5eqq: pnpm check:changed exit 0

[vincentkoc]

Pushed the rebased maintainer-ready version onto this contributor branch and kept the changelog credit merged.

Verification already run on the pushed head :

openclaw@2026.5.4 test:serial /Users/vincentkoc/GIT/_Perso/openclaw
OPENCLAW_TEST_PROJECTS_SERIAL=1 OPENCLAW_VITEST_MAX_WORKERS=1 node scripts/test-projects.mjs src/infra/provider-usage.auth.normalizes-keys.test.ts

RUN v4.1.5 /Users/vincentkoc/GIT/_Perso/openclaw

Test Files 1 passed (1)
Tests 20 passed (20)
Start at 17:17:08
Duration 33.72s (transform 3.87s, setup 844ms, import 1.00s, tests 31.73s, environment 0ms)

• Checking formatting...

All matched files use the correct format.
Finished in 2112ms on 5 files using 1 threads.

• Blacksmith Testbox :

openclaw@2026.5.4 check:changed /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-changed.mjs

openclaw@2026.5.4 check:no-conflict-markers /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-no-conflict-markers.mjs

openclaw@2026.5.4 check:changelog-attributions /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-changelog-attributions.mjs

openclaw@2026.5.4 lint:extensions:no-guarded-wildcard-reexports /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-extension-wildcard-reexports.mjs

No guarded extension wildcard re-exports found.

openclaw@2026.5.4 lint:extensions:no-plugin-sdk-wildcard-reexports /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-plugin-sdk-wildcard-reexports.mjs

No plugin-sdk wildcard re-exports found in extension API barrels.

openclaw@2026.5.4 dup:check:coverage /Users/vincentkoc/GIT/_Perso/openclaw
node scripts/check-duplicates.mjs --coverage

[dup:check] target coverage ok exit 0

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[luoxiao6645]

@vincentkoc Thanks for rebasing and verifying the pushed head.

From my side this looks ready now. Could a maintainer confirm whether any additional real-behavior proof is still needed, or if this can move to final review/merge?

Posting an update to keep this from going stale.

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[luoxiao6645]

@clawsweeper status

[luoxiao6645]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26258124180
• Updated: 2026-05-21T23:08:51.407Z

[openclaw-barnacle]

This assigned pull request has been automatically marked as stale after being open for 27 days.
Please add updates or it will be closed.

[barnacle-openclaw]

Closing due to inactivity.
If you believe this PR should be revived, post in #clawtributors on Discord to talk to a maintainer.
That channel is the escape hatch for high-quality PRs that get auto-closed.

[peetorres]

I don't think that was fixed, I'm using the version 2026.5.6 and this issue still appearing. I have two oauth providers, and it's showing the wrong usage when I change them. @vincentkoc , @luoxiao6645 feel free to revive that. 👍

[luoxiao6645]

@peetorres The boat had closed my PR,The maintainers didn't pay attention to this issue and didn't merge it. I don't know what's going on.