fix(auth): document stdin paste-token setup and surface validTypes

[liaoandi]

Summary

Fixes #63042 by keeping non-interactive paste-token setup on the existing stdin path and improving auth-profile load diagnostics.

Changes

• Documents the existing automation-safe paste-token stdin path instead of adding an argv secret option.
• Keeps paste-token token validation on the shared readPastedSecret path.
• Includes accepted validTypes in invalid auth-profile warning logs.
• Adds test coverage for the validTypes warning payload.
• Leaves CHANGELOG.md unchanged because this is a small PR repair on top of current main.

Security note

This version does not accept provider tokens through --token <value>. Automation should pipe token material on stdin so credentials do not appear in shell history, process listings, command echoing, or CI logs.

Real behavior proof

Behavior addressed: openclaw models auth paste-token still supports non-interactive token setup through stdin, the removed --token argv secret path is rejected by the real CLI, and invalid auth-profile load warnings now include accepted validTypes.

Real environment tested: local macOS checkout of current PR head f82a7a24e412da9f6557a93f25fc50f86dcddef1 on 2026-05-26, using an isolated OPENCLAW_HOME and OPENCLAW_STATE_DIR.

Exact steps or command run after this patch:

$ proof_home=$(mktemp -d /private/tmp/openclaw-pr63050-proof-XXXXXX)
$ printf "proof-token-redacted\n" | \
  OPENCLAW_HOME="$proof_home" \
  OPENCLAW_STATE_DIR="$proof_home" \
  OPENCLAW_DISABLE_BUNDLED_PLUGINS=1 \
  node --import tsx src/entry.ts models auth paste-token \
    --provider openai \
    --profile-id openai:proof
$ node -e 'const fs=require("fs"); const file=process.argv[1]; const data=JSON.parse(fs.readFileSync(file,"utf8")); const p=data.profiles?.["openai:proof"]; if(!p) throw new Error("missing openai:proof"); if(p.token!=="proof-token-redacted") throw new Error("token was not stored from stdin"); console.log(JSON.stringify({id:"openai:proof",type:p.type,provider:p.provider,tokenRedacted:"<redacted>"}, null, 2));' "$proof_home/agents/main/agent/auth-profiles.json"
$ OPENCLAW_HOME="$proof_home" \
  OPENCLAW_STATE_DIR="$proof_home" \
  OPENCLAW_DISABLE_BUNDLED_PLUGINS=1 \
  node --import tsx src/entry.ts models auth paste-token \
    --provider openai \
    --token proof-token-redacted
$ invalid_home=$(mktemp -d /private/tmp/openclaw-pr63050-invalid-proof-XXXXXX)
$ mkdir -p "$invalid_home/agents/main/agent"
$ cat > "$invalid_home/openclaw.json" <<'JSON'
{
  "logging": {
    "consoleLevel": "warn",
    "consoleStyle": "json"
  }
}
JSON
$ cat > "$invalid_home/agents/main/agent/auth-profiles.json" <<'JSON'
{
  "version": 1,
  "profiles": {
    "anthropic:missing-type": {
      "provider": "anthropic"
    },
    "openai:missing-provider": {
      "type": "api_key",
      "key": "sk-openai-redacted"
    },
    "qwen:not-object": "broken"
  }
}
JSON
$ OPENCLAW_HOME="$invalid_home" \
  OPENCLAW_STATE_DIR="$invalid_home" \
  OPENCLAW_DISABLE_BUNDLED_PLUGINS=1 \
  node --import tsx src/entry.ts models auth list --json 2>&1

Evidence after fix:

Updated config: $OPENCLAW_HOME/openclaw.json
Auth profile: openai:proof (openai/token)
--- auth profile ---
{
  "id": "openai:proof",
  "type": "token",
  "provider": "openai",
  "tokenRedacted": "<redacted>"
}
--- argv rejection ---
OpenClaw does not recognize option "--token".
Try: openclaw models auth --help
argv rejection exit status: 1
{"time":"2026-05-26T17:39:08.901+08:00","level":"warn","subsystem":"agents/auth-profiles","message":"ignored invalid auth profile entries during store load","source":"auth-profiles.json","dropped":3,"reasons":{"invalid_type":1,"missing_provider":1,"non_object":1},"validTypes":["api_key","oauth","token"],"keys":["anthropic:missing-type","openai:missing-provider","qwen:not-object"]}
{
  "agentId": "main",
  "agentDir": "$OPENCLAW_HOME/agents/main/agent",
  "authStatePath": "$OPENCLAW_HOME/agents/main/agent/auth-state.json",
  "provider": null,
  "profiles": []
}

Observed result after fix: stdin token setup succeeded and persisted the redacted openai:proof token profile; the removed argv token path failed before accepting a provider credential; loading an invalid auth-profile store emitted a real warning with validTypes: ["api_key","oauth","token"].

What was not tested: real provider-side authentication was not tested with a live provider token. The changed behavior under test is CLI token ingestion through stdin, local profile persistence, rejection of argv-carried provider credentials, and runtime warning payload shape for invalid auth-profile entries.

Test plan

• node scripts/run-vitest.mjs src/commands/models/auth.test.ts src/cli/models-cli.test.ts src/agents/auth-profiles.ensureauthprofilestore.test.ts

RUN  v4.1.6 /Users/antonio/projects/openclaw_worktrees/pr63050_clean

Test Files  4 passed (4)
     Tests  101 passed (101)
  Start at  16:58:47
  Duration  3.25s (transform 582ms, setup 312ms, import 852ms, tests 1.77s, environment 0ms)

• ./node_modules/.bin/oxfmt --check --threads=1 docs/cli/models.md src/agents/auth-profiles.ensureauthprofilestore.test.ts src/agents/auth-profiles/persisted.ts src/cli/models-cli.ts src/commands/models/auth.test.ts src/commands/models/auth.ts

Checking formatting...

All matched files use the correct format.
Finished in 174ms on 6 files using 1 threads.

• git diff --check upstream/main...HEAD

# no output

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR makes three targeted fixes: adds a --token <value> flag to models auth paste-token for non-interactive use, short-circuits the interactive prompt when the flag is supplied, and enriches the warnRejectedCredentialEntries log with validTypes for easier debugging of invalid_type rejections. All changes are minimal and well-scoped.

Confidence Score: 5/5

Safe to merge; only finding is a P2 suggestion to add Anthropic token format validation in the non-interactive path.

All three changes are narrow and correct. The normalizeOptionalString behavior (trims + nullifies empty) is confirmed from source, so whitespace-only --token values correctly fall back to the interactive prompt. The only gap (Anthropic format validation bypass) is a quality suggestion, not a defect that blocks merge.

No files require special attention.

Vulnerabilities

No security concerns identified. The --token value is normalized through normalizeOptionalString (trims, nullifies empty input) before use and is written only to the local auth-profiles store, consistent with existing token persistence paths. No new network surfaces or privilege escalations are introduced.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/commands/models/auth.ts
Line: 388-403

Comment:
**Anthropic token validation bypassed for `--token` flag**

When `rawToken` is non-null (i.e. `--token` was passed), the interactive `text({ validate })` branch is skipped entirely, so `validateAnthropicSetupToken` is never invoked. A malformed token passed non-interactively is stored without any format check and will only surface as an API-level error on first use. Consider calling `validateAnthropicSetupToken` on `rawToken` directly before reaching `upsertAuthProfile`, mirroring the validation already applied in the interactive path.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(auth): surface validTypes in invalid..." | Re-trigger Greptile}

[greptile-apps]

Anthropic token validation bypassed for --token flag

When rawToken is non-null (i.e. --token was passed), the interactive text({ validate }) branch is skipped entirely, so validateAnthropicSetupToken is never invoked. A malformed token passed non-interactively is stored without any format check and will only surface as an API-level error on first use. Consider calling validateAnthropicSetupToken on rawToken directly before reaching upsertAuthProfile, mirroring the validation already applied in the interactive path.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/commands/models/auth.ts
Line: 388-403

Comment:
**Anthropic token validation bypassed for `--token` flag**

When `rawToken` is non-null (i.e. `--token` was passed), the interactive `text({ validate })` branch is skipped entirely, so `validateAnthropicSetupToken` is never invoked. A malformed token passed non-interactively is stored without any format check and will only surface as an API-level error on first use. Consider calling `validateAnthropicSetupToken` on `rawToken` directly before reaching `upsertAuthProfile`, mirroring the validation already applied in the interactive path.

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ce3e364a9f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Validate --token value before persisting Anthropic auth

When --token is supplied, execution takes the rawToken ?? ... branch and bypasses the text(...validate...) callback, so validateAnthropicSetupToken is never applied to non-interactive input. In CI/scripted usage this allows malformed Anthropic setup tokens (wrong prefix/too short) to be saved into auth-profiles.json, and the command reports success even though auth will fail later. The --token path should run the same provider-specific validation before calling upsertAuthProfile.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 76cb6b0654

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Reject empty --token values before normalization

normalizeOptionalString(opts.token) turns an explicitly provided empty token (--token "" or whitespace-only) into undefined, so the subsequent if (!rawToken) guard never runs and the command falls through to the interactive text(...) prompt. In scripted/non-TTY usage this regresses the new non-interactive path by hanging/failing at prompt time instead of returning a clear validation error for an empty --token input.

Useful? React with 👍 / 👎.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 27, 2026, 5:23 AM ET / 09:23 UTC.

Summary
The PR updates CLI models docs, adds validTypes to invalid auth-profile warning logs, and adjusts focused auth tests while preserving stdin-based paste-token handling.

PR surface: Source -1, Tests +4, Docs +2. Total +5 across 6 files.

Reproducibility: yes. source inspection gives a high-confidence path: current main already reads piped stdin for paste-token, and current main's invalid auth-profile warning lacks validTypes. I did not run the CLI locally because this review is read-only.

Review metrics: 1 noteworthy metric.

• Secret-bearing CLI surfaces: 0 argv token options added; existing stdin path documented. This matters because the final diff keeps provider credentials off process arguments while still giving automation guidance.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Next step before merge
No repair lane is needed because there are no actionable review findings; the remaining action is normal maintainer CI and merge review.

Security
Cleared: No concrete security or supply-chain concern found; the final diff avoids argv token ingestion, changes no dependencies or CI, and documents stdin secret handling.

Review details

Best possible solution:

Merge the narrow docs and diagnostic change after normal maintainer CI/review, while leaving broader Copilot PAT or new non-interactive auth surfaces to separate reviewed work.

Do we have a high-confidence way to reproduce the issue?

Yes, source inspection gives a high-confidence path: current main already reads piped stdin for paste-token, and current main's invalid auth-profile warning lacks validTypes. I did not run the CLI locally because this review is read-only.

Is this the best way to solve the issue?

Yes, the final patch is the narrow maintainable solution: it documents the existing stdin path, adds an additive diagnostic field, and avoids introducing an argv secret option.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d6949d5951e3.

Label changes

Label justifications:

• P2: This is a normal-priority auth CLI documentation and diagnostic improvement with limited blast radius.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal proof from a real CLI run with isolated state showing stdin token persistence, --token rejection, and the validTypes warning payload.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal proof from a real CLI run with isolated state showing stdin token persistence, --token rejection, and the validTypes warning payload.

Evidence reviewed

PR surface:

Source -1, Tests +4, Docs +2. Total +5 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	16	17	-1
Tests	2	5	1	+4
Docs	1	4	2	+2
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	25	20	+5

What I checked:

• Repository policy read: Read the full root policy plus scoped docs and agents guides; the auth-provider secret handling, docs, and ClawSweeper proof/merge-risk guidance shaped this review. (AGENTS.md:1, d6949d5951e3)
• Current stdin behavior: Current main already routes non-TTY pasted secrets through readPipedStdin() and validates the normalized value after read, so documenting stdin matches the existing implementation. (src/commands/models/auth.ts:113, d6949d5951e3)
• Current docs gap: Current main says paste-token prompts for token input but does not mention the automation-safe stdin path. Public docs: docs/cli/models.md. (docs/cli/models.md:221, d6949d5951e3)
• PR docs update: The PR documents that automation should pipe token material on stdin rather than pass provider credentials as arguments. Public docs: docs/cli/models.md. (docs/cli/models.md:222, 3b8f5adadbd7)
• Current diagnostic gap: Current main logs rejected auth-profile counts and keys but does not include accepted credential types when invalid_type entries are dropped. (src/agents/auth-profiles/persisted.ts:252, d6949d5951e3)
• PR diagnostic update: The PR adds validTypes only when rejected entries include invalid_type, making the warning more actionable without changing credential parsing. (src/agents/auth-profiles/persisted.ts:256, 3b8f5adadbd7)

Likely related people:

• steipete: Git blame and history tie readPastedSecret, modelsAuthPasteTokenCommand, auth-profile persisted helpers, and the CLI docs to Peter Steinberger commits including the models auth command introduction and persisted auth-store extraction. (role: primary area contributor; confidence: high; commits: eced473e0515, 9afcbbec5e60, 8315c58675b1; files: src/commands/models/auth.ts, src/agents/auth-profiles/persisted.ts, docs/cli/models.md)
• vincentkoc: Recent auth-profile and external OAuth commits touched adjacent persisted auth behavior and make Vincent Koc a useful secondary routing candidate if maintainers want another auth review. (role: recent adjacent auth contributor; confidence: medium; commits: f61712437fb8, a8a701291bea, 03231c063387; files: src/commands/models/auth.ts, src/agents/auth-profiles/persisted.ts, docs/cli/models.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Pearl Merge Sprite

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: stacks clean commits.
Image traits: location workflow harbor; accessory commit compass; palette plum, gold, and soft gray; mood sleepy but ready; pose holding its accessory up for inspection; shell woven fiber shell; lighting calm overcast light; background small green status lights.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Pearl Merge Sprite in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[liaoandi]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26445103444
• Updated: 2026-05-26T09:56:07.465Z

[liaoandi]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26443863644
• Updated: 2026-05-26T09:30:35.564Z

[liaoandi]

@clawsweeper re-review

Added current-head real behavior proof for the invalid auth-profile diagnostic path: a real CLI run loads an invalid auth-profiles.json with JSON console logging and emits the warning payload including .

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26444678525
• Updated: 2026-05-26T09:42:46.233Z

[liaoandi]

@clawsweeper re-review

Added current-head real behavior proof for the invalid auth-profile diagnostic path. A real CLI models auth list --json run loads an invalid auth-profiles.json with JSON console logging and emits the warning payload including validTypes: ["api_key", "oauth", "token"].

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26444759384
• Updated: 2026-05-26T09:49:46.779Z

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26502365921
• Updated: 2026-05-27T09:24:22.917Z

[steipete]

Maintainer merge proof for #63050.

Behavior addressed: documents the existing stdin path for openclaw models auth paste-token and adds validTypes to invalid auth-profile load warnings without adding an argv token surface.

Real environment tested: GitHub CI on PR head 3b8f5adadbd704e01a70f1d9bf58ffbc21e6994f; local maintainer review from clean main checkout after git pull --ff-only.

Exact steps or command run after this patch:

• git status -sb
• git pull --ff-only
• gitcrawl threads openclaw/openclaw --numbers 63050 --include-closed --json
• gh pr view 63050 --repo openclaw/openclaw --json number,title,state,isDraft,mergeable,mergeStateStatus,headRefOid,additions,deletions,changedFiles,statusCheckRollup,closingIssuesReferences
• gh pr diff 63050 --repo openclaw/openclaw --patch
• git fetch origin pull/63050/head:refs/remotes/origin/pr-63050
• git diff --stat origin/main...origin/pr-63050
• git show origin/pr-63050:src/commands/models/auth.ts
• git show origin/pr-63050:src/agents/auth-profiles/persisted.ts
• git show origin/pr-63050:docs/cli/models.md

Evidence after fix:

• PR head: 3b8f5adadbd704e01a70f1d9bf58ffbc21e6994f
• Merge state: CLEAN
• LOC: +25/-20 across 6 files.
• Current final diff contains no --token CLI option for paste-token; automation is documented through stdin instead.
• Current final diff adds validTypes: [...AUTH_PROFILE_TYPES] only when invalid auth-profile entries include invalid_type.
• CI run 26498853020: success (CI, includes check-docs, check-lint, check-prod-types, check-test-types, command/model/auth relevant shards).
• CodeQL run 26498852996: success.
• CodeQL Critical Quality run 26498853019: success.
• OpenGrep PR Diff run 26498852994: success.
• Workflow Sanity run 26498852995: success.
• Real behavior proof run 26499181774: success.
• ClawSweeper review: no actionable findings; proof: sufficient; status: ready for maintainer look.

Observed result after fix: maintainer source review confirms the PR documents existing stdin ingestion via readPastedSecret, leaves argv token ingestion absent from the CLI surface, and makes invalid auth-profile diagnostics include accepted credential types.

What was not tested: I did not rerun local Vitest locally before merge because the PR head already has green GitHub CI and real-behavior proof for the touched surface. No live provider token authentication was tested; this change covers CLI ingestion/docs and local auth-profile warning payload shape.

Thanks @liaoandi.

[steipete]

Landed on main.

• Merge commit: 085228c96177bdca3ee66a2f06b643f6ce7c1388
• Gate: GitHub CI run 26498853020 success; CodeQL 26498852996 success; CodeQL Critical Quality 26498853019 success; OpenGrep 26498852994 success; Workflow Sanity 26498852995 success; Real behavior proof 26499181774 success.
• Local sync: git pull --ff-only; git status -sb clean on main.

Thanks @liaoandi.