fix(gateway): clear auto-fallback model override on session reset#63155
Merged
frankekn merged 5 commits intoopenclaw:mainfrom Apr 8, 2026
Merged
Conversation
Contributor
Greptile SummaryThis PR fixes a regression introduced in cb0a752 where Confidence Score: 5/5Safe to merge — targeted one-line conditional guard with no unintended side effects and existing integration test coverage for the preserved path. The fix is minimal and correct. The authProfileOverrideSource type is a closed 'auto' | 'user' union, so the condition exhaustively handles every case. Existing tests in server.sessions.gateway-server-sessions-a.test.ts already cover the 'user' path. No P0 or P1 findings. No files require special attention.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2a054e197a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+547
to
+549
| ...(currentEntry?.authProfileOverrideSource === "user" | ||
| ? { | ||
| providerOverride: currentEntry?.providerOverride, |
There was a problem hiding this comment.
Preserve explicit model overrides without auth profile source
The new guard only carries providerOverride/modelOverride when authProfileOverrideSource === "user", but explicit user model picks often do not set that field. applyModelOverrideToSessionEntry() clears authProfileOverrideSource whenever no profile override is provided, while still persisting providerOverride and modelOverride (for example from /model or sessions.patch paths), so those user-selected overrides now get dropped on /reset//new and the session incorrectly reverts to defaults.
Useful? React with 👍 / 👎.
Member
Author
|
@codex review |
1 similar comment
Member
Author
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fd2e06b257
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+131
to
+135
| const explicitSelection = fallbackPinnedSelection ?? currentSelection; | ||
| if (explicitSelection && !sameProviderModelRef(explicitSelection, defaultRef)) { | ||
| preserved.providerOverride = explicitSelection.provider; | ||
| preserved.modelOverride = explicitSelection.model; | ||
| } |
There was a problem hiding this comment.
Avoid preserving stale fallback-selected model on reset
This logic can still pin a stale model after config changes: when currentSelection matches fallbackNoticeActiveModel, it rewrites to fallbackNoticeSelectedModel and preserves it if it differs from the current default. In the common sequence “default A falls back to B, user changes config default to C, then /reset”, this keeps an override to old A instead of returning to C, so reset still ignores updated agent config.
Useful? React with 👍 / 👎.
Member
Author
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 25cfe71aec
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| } | ||
|
|
||
| const preserved: Partial<ResetPreservedSelectionState> = {}; | ||
| if (entry.modelOverrideSource === "user" && entry.modelOverride) { |
There was a problem hiding this comment.
Preserve legacy user model overrides during reset
resolveResetPreservedSelection now keeps model overrides only when modelOverrideSource === "user", but this new field did not exist in previously persisted sessions, so existing user-selected overrides (modelOverride/providerOverride with no source) are treated like auto fallback and dropped on /reset//new. This creates an upgrade regression for users who had explicit model selections before this commit, because their next reset silently reverts to config defaults; please treat missing source as legacy-user (or backfill source before reset) when modelOverride is present.
Useful? React with 👍 / 👎.
Member
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. Swish! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
e0c278b to
7560566
Compare
When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in cb0a752 ("fix: preserve reset session behavior config")
7560566 to
69610fa
Compare
🔒 Aisle Security AnalysisWe found 1 potential security issue(s) in this PR:
1. 🟠 Policy bypass: legacy sessions without modelOverrideSource are treated as user model overrides during sessions.reset
Description
This is dangerous because older versions could persist
Impact depends on deployment, but in environments where model selection is restricted (allowlist, provider restrictions, cost controls), this can become a model/provider policy bypass. Vulnerable code: const preserveLegacyUserModelOverride =
entry.modelOverrideSource === "user" ||
(entry.modelOverrideSource === undefined && Boolean(entry.modelOverride));
if (preserveLegacyUserModelOverride && entry.modelOverride) {
preserved.providerOverride = entry.providerOverride;
preserved.modelOverride = entry.modelOverride;
preserved.modelOverrideSource = "user";
}RecommendationDo not assume Safer options:
const preserveUserModelOverride = entry.modelOverrideSource === "user";
const looksLikeAutoFallback = Boolean(
entry.fallbackNoticeActiveModel ||
entry.fallbackNoticeSelectedModel ||
entry.fallbackNoticeReason
);
const preserveLegacy = entry.modelOverrideSource === undefined && entry.modelOverride && !looksLikeAutoFallback;
if ((entry.modelOverrideSource === "user" || preserveLegacy) && entry.modelOverride) {
preserved.providerOverride = entry.providerOverride;
preserved.modelOverride = entry.modelOverride;
preserved.modelOverrideSource = "user";
}
Analyzed PR: #63155 at commit Last updated on: 2026-04-08T16:38:00Z |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 69610faf2f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| preserved.modelOverrideSource = "user"; | ||
| } | ||
|
|
||
| if (entry.authProfileOverrideSource === "user" && entry.authProfileOverride) { |
There was a problem hiding this comment.
Preserve legacy auth profile overrides on reset
The new reset guard only keeps authProfileOverride when authProfileOverrideSource === "user", but older persisted sessions can have an explicit user profile override without the source field. In that upgrade scenario, /reset//new now drops the auth profile while still keeping the model override, which can silently switch credentials/account selection after reset. Please treat a missing source as legacy-user when authProfileOverride is present (or backfill it before reset), similar to how legacy modelOverrideSource is handled.
Useful? React with 👍 / 👎.
eleqtrizit
pushed a commit
that referenced
this pull request
Apr 8, 2026
…3155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in cb0a752 ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
greidron
added a commit
to greidron/openclaw
that referenced
this pull request
Apr 10, 2026
* release: mirror bundled channel deps at root (openclaw#63065) Merged via squash. Prepared head SHA: ac26799 Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Reviewed-by: @scoootscooob * fix(test): keep warn log capture under openclaw temp dir * revert: undo background alive review findings fix * feat: add qa character vibes eval * test: stabilize plugin boundary invariants * test: isolate agent gateway cli command mocks * test: skip duplicate package boundary wrapper in ci * test: fix postpublish verifier sidecar handling * test: keep status tests off live usage probes * auto-reply: type status auth overrides * plugins: read contract inventory from manifests * test: inline cli metadata channel fixture * ci: skip duplicate full extension shard * test: isolate discord directory live token env * test: keep followup runner memory mock complete * ci: split parallel full suite into leaf shards * test: guard loader fixtures against broad sdk imports * test: keep bundled channel entry smokes descriptor-only * ci: reduce full suite test parallelism * test: avoid bundled test api smokes in matrix and telegram * test: keep discord and irc entry smokes descriptor-only * test: keep web provider artifact coverage manifest-only * test: keep provider policy artifact coverage narrow * test: keep web provider artifact test in boundary * test: keep status message tests off auth auto-detection * status: avoid plugin lookup for direct channel model overrides * channels: fast-path direct model override matches * test: restore manifest-only web provider coverage * fix: allow blank TLS manual port default (openclaw#63134) (thanks @Tyler-RNG) * make port optional for TLS manual connections * fix: restrict manual blank-port fallback to tls * fix: allow blank TLS manual port default (openclaw#63134) (thanks @Tyler-RNG) --------- Co-authored-by: Ayaan Zaidi <hi@obviy.us> * test: fix full suite CI test isolation * fix: align LLM idle timeout policy * test: exercise models json file mode without provider discovery * test: keep shared dm policy contract off channel facades * test: keep web provider artifact test in boundary * test: keep kilocode provider tests on plugin-owned helpers * ci: restore sequential full suite tests * test: keep public artifact coverage on cheap boundaries * test: keep openclaw tools registration tests on a fast shell * test: keep bundled metadata sidecar scan inventory-only * docs(inferrs): fix Gemma model id from gg-hf-gg to google (openclaw#62586) * fix: harden bundled plugin dependency release checks * ci: isolate full suite leaf shards * test: keep openclaw tools registration policy pure * fix: support Codex CLI QA auth * feat: add QA character eval reports * docs: document QA character eval workflow * refactor: dedupe media generation tool helpers * refactor: dedupe internal helper glue * refactor: dedupe shared helper branches * refactor: dedupe browser navigation guard tests * refactor: dedupe config and subagent tests * refactor: dedupe test helpers and script warning filter * refactor: dedupe plugin test harnesses * refactor: dedupe media runtime test mocks * refactor: dedupe plugin metadata test helpers * refactor: dedupe firecrawl and directive helpers * refactor: dedupe exec defaults tests * refactor: dedupe approval runtime tests * refactor: dedupe matrix exec approval tests * refactor: dedupe telegram exec approval tests * refactor: dedupe doctor codex oauth tests * refactor: dedupe agent command test fixtures * refactor: dedupe embedding provider test fixtures * refactor: share html entity tool call decoding * fix: keep minimax provider mocks package-local * test: keep pdf and update-plan registration tests pure * test: keep model reasoning override coverage on merge helpers * fix: default OpenAI reasoning effort to high * test: keep kimi implicit provider tests on provider catalog * fix(build): prune stale bundled plugin node_modules * fix(build): address bundled plugin prune review * fix(build): honor postinstall disable flag * test: keep chutes implicit provider tests on provider catalog * fix(plugin-sdk): export channel plugin base * docs: reorder changelog entries * test: keep bundled web-search owner checks on public artifacts * fix(build): keep tsdown prune best-effort * test: trust gateway exec fixture node path * fix: keep runtime task test harness behind task seams * test: explain gateway exec fixture trust * Reply: surface OAuth reauth failures (openclaw#63217) Merged via squash. Prepared head SHA: 68b7ffd Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * test: make character eval scenario natural * feat: add character eval model options * test: keep pi fs workspace tests on fs tool factories * test: keep media runtime tests on same-directory provider mocks * fix(android): auto-resume pairing approval * fix(android): prefer bootstrap auth on qr pairing * fix(android): reset auth on new setup codes * fix(android): tighten pairing retry behavior * fix(android): prefer stored device auth after pairing * fix: restore android qr pairing flow (openclaw#63199) * fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak (openclaw#63068) * fix(auto-reply): strip leading NO_REPLY tokens to prevent silent-reply leak * fix(auto-reply): preserve substantive NO_REPLY leading text * fix(agents): preserve ACP silent-prefix cumulative deltas * fix(auto-reply): harden silent-token streaming paths * fix(auto-reply): normalize glued silent tokens consistently --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> * fix(gateway): clear auto-fallback model override on session reset (openclaw#63155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in cb0a752 ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> * test: stabilize ci test isolation * test: isolate volcengine byteplus auth resolver imports * fix: patch hono security advisories * fix: pass system prompt to codex cli * fix(plugins): prevent untrusted workspace plugins from hijacking bundled provider auth choices [AI] (openclaw#62368) * fix: address issue * fix: address review feedback * docs(changelog): add onboarding auth-choice guard entry * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: isolate provider runtime test mocks * feat(plugins): support provider auth aliases * feat(memory): add grounded REM backfill lane (openclaw#63273) Merged via squash. Prepared head SHA: 4450f25 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * feat(memory): harden grounded REM extraction (openclaw#63297) Merged via squash. Prepared head SHA: e188b7e Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * feat(ui): add dreaming diary controls and navigation (openclaw#63298) Merged via squash. Prepared head SHA: 0a2ae66 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * chore(ui): refresh zh-TW control ui locale * chore(ui): refresh zh-CN control ui locale * chore(ui): refresh pt-BR control ui locale * chore(ui): refresh de control ui locale * chore(ui): refresh es control ui locale * chore(ui): refresh ko control ui locale * chore(ui): refresh ja-JP control ui locale * chore(ui): refresh fr control ui locale * docs(matrix): tighten setup and config guidance * chore(ui): refresh tr control ui locale * chore(ui): refresh uk control ui locale * chore(ui): refresh pl control ui locale * chore(ui): refresh id control ui locale * test: stabilize full-suite execution * fix(matrix): contain sync outage failures (openclaw#62779) Merged via squash. Prepared head SHA: 901bb76 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * Align remote node exec event system messages with untrusted handling (openclaw#62659) * fix(nodes): downgrade remote exec system events * docs(changelog): add remote node exec event entry --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: reuse image generate tool imports * test: reuse followup runner imports * docs(config): tighten wording in reference * test: harden provider mock isolation * fix(memory): accept embedded dreaming heartbeat tokens * test: harden Parallels macOS smoke fallback * build: narrow plugin SDK declaration build * fix(dotenv): block workspace runtime env vars (openclaw#62660) * fix(dotenv): block workspace runtime env vars Co-authored-by: zsx <git@zsxsoft.com> * docs(changelog): add workspace dotenv runtime-control entry * fix(dotenv): block workspace gateway port override --------- Co-authored-by: zsx <git@zsxsoft.com> Co-authored-by: Devin Robison <drobison@nvidia.com> * build: stage nostr runtime dependencies * fix: load QA live provider overrides * feat: parallelize character eval runs * auth: avoid external cli sync on profile upsert * test(doctor): mock memory-core runtime seam * auth: persist explicit profile upserts directly * Matrix: report startup failures as errors * fix(browser): harden browser control override loading (openclaw#62663) * fix(browser): harden browser control overrides * fix(lint): prepare boundary artifacts for extension oxlint * docs(changelog): add browser override hardening entry * fix(lint): avoid duplicate boundary prep --------- Co-authored-by: Devin Robison <drobison@nvidia.com> Co-authored-by: Devin Robison <drobison00@users.noreply.github.com> * test: reuse exec directive reply imports * test: reuse verbose directive reply imports * fix(browser): re-check interaction-driven navigations (openclaw#63226) * fix(browser): guard interaction-driven navigations * fix(browser): avoid rechecking unchanged interaction urls * fix(browser): guard delayed interaction navigations * fix(browser): guard interaction-driven navigations for full action duration * fix(browser): avoid waiting on interaction grace timer * fix(browser): ignore same-document hash-only URL changes in navigation guard * fix(browser): dedupe interaction nav guards * fix(browser): guard same-URL reloads in interaction navigation listeners * docs(changelog): add interaction navigation guard entry * fix(browser): drop duplicate ssrfPolicy props * fix(browser): tighten interaction navigation guards --------- Co-authored-by: Devin Robison <drobison@nvidia.com> * test: move directive state coverage to pure tests * fix: enable thinking support for the ollama api (openclaw#62712) Merged via squash. Prepared head SHA: c0b9950 Co-authored-by: hoyyeva <63033505+hoyyeva@users.noreply.github.com> Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com> Reviewed-by: @BruceMacD * Slack: treat ACP block text as visible output (openclaw#62858) Merged via squash. Prepared head SHA: 14f202e Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * fix: fail fast on qa live auth errors * fix: fail fast across qa scenario wait paths * test: cover qa scenario wait failure replies * fix: sanitize qa missing-key replies * test: cover sanitized qa missing-key replies * fix: align qa wait cursor semantics * test: cover mixed-traffic qa wait cursors * fix: classify curated qa missing-key replies * test: cover curated qa missing-key reply classification * fix: harden qa missing-key provider messages * test: cover unsafe qa missing-key providers * docs(changelog): add qa auth fail-fast entry (openclaw#63333) (thanks @shakkernerd) * fix(matrix/doctor): migrate legacy channels.matrix.dm.policy 'trusted' (fixes openclaw#62931) (openclaw#62942) Merged via squash. Prepared head SHA: d9f553b Co-authored-by: lukeboyett <46942646+lukeboyett@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * Memory/dreaming: feed grounded backfill into short-term promotion (openclaw#63370) Merged via squash. Prepared head SHA: 5dfe246 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * docs: update unreleased changelog * fix(gateway): classify dream diary actions * fix(memory): align dreaming status payloads * Memory/dreaming: harden grounded backfill follow-ups * test: reuse inline directive reply imports * Docs/memory: explain grounded backfill flows * fix(deps): patch basic-ftp advisory * test: move inline directive collisions to pure tests * Slack: dedupe partial streaming replies (openclaw#62859) Merged via squash. Prepared head SHA: cbecb50 Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Reviewed-by: @gumadeiras * test: replace exec directive e2e with pure coverage * fix(plugins): keep test helpers out of contract barrels (openclaw#63311) Merged via squash. Prepared head SHA: 769e90c Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Reviewed-by: @altaywtf * test: move cron heartbeat delivery coverage below full turns * fix: inter-session messages must not overwrite established external lastRoute (openclaw#58013) Merged via squash. Prepared head SHA: 820ea20 Co-authored-by: duqaXxX <12242811+duqaXxX@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * fix(gateway): suppress announce/reply skip chat leakage (openclaw#51739) Merged via squash. Prepared head SHA: 2f53f3b Co-authored-by: Pinghuachiu <9033138+Pinghuachiu@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Reviewed-by: @jalehman * Slack: key turn-local dedupe by dispatch kind Scope Slack turn-local delivery dedupe by reply dispatch kind so identical tool and final payloads on the same thread do not collapse into one send. Expose the existing dispatcher kind on the public reply-runtime seam and cover the Slack tracker and preview-fallback paths with regression tests. * Dreaming: surface grounded scene lane (openclaw#63395) Merged via squash. Prepared head SHA: 0c7f586 Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Reviewed-by: @mbelinky * test: avoid runtime auth overlays in failure-state coverage * fix(ci): align ollama thinking expectations * chore(ui): refresh zh-CN control ui locale * chore(ui): refresh pt-BR control ui locale * chore(ui): refresh zh-TW control ui locale * chore(ui): refresh de control ui locale * test(docker): reduce e2e log noise * chore(ui): refresh es control ui locale * chore(ui): refresh fr control ui locale * chore(ui): refresh ja-JP control ui locale * chore(ui): refresh ko control ui locale * chore(ui): refresh uk control ui locale * chore(ui): refresh id control ui locale * chore(ui): refresh pl control ui locale * chore(ui): refresh tr control ui locale * fix: restore main ci * fix(ci): drop silent history before truncation * docs: reorder unreleased changelog * test(docker): quiet success-path e2e logs * style: sort session import * build: mirror bundled plugin runtime deps * plugins: load lightweight provider discovery entries * ci: narrow Windows node test lane * fix: filter provider auth aliases by plugin trust * fix: surface delayed browser navigation blocks * style: format memory and gateway touchups * Delete docs/plans directory Unused artifact * test: avoid remote ollama timeout in api-key preservation coverage * test: keep auth-choice default-model coverage on lightweight provider * test: keep undefined-token auth-choice coverage generic * fix: stabilize character eval and Qwen model routing * test: keep agent command tests off external auth overlays * fix openrouter model picker refs (openclaw#63416) * fix openrouter model picker refs Signed-off-by: sallyom <somalley@redhat.com> * test(ui): cover openrouter slash-id /model resolution --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: Vignesh Natarajan <vignesh.natarajan92@gmail.com> * ci: stabilize macOS and transcript policy tests * test: keep cli-provider agent command tests off external auth overlays * chore(lint): clear extension lint regressions and add openclaw#63416 changelog * test: update modelstudio catalog contract sentinel * test: update character eval public panel * fix: repair Windows dev-channel updater * test: move copilot models-json injection coverage to plan tests * plugin-sdk: split command status surface * plugin-sdk: keep command status compatibility path light * plugin-sdk: drop investigative weixin repro harness * tests: document config mock choice for eager warmup * fix: update command-status SDK baseline (openclaw#63174) (thanks @hxy91819) * test: cap broad live model sweeps * fix: drop raw gateway chat control replies * test: make shared-token reload deterministic * test: isolate agentic suite smoke tests * test: replace models-config matrix with narrow coverage * test: isolate onboard skills status mock * plugins: add lightweight anthropic vertex discovery * test: isolate model auth module state * test: isolate subagent registry resume imports * plugins: keep google provider policy lightweight * test: keep ollama unreachable discovery on localhost * test: mock auth profile external overlay in oauth tests * auth: avoid plugin setup scans during common auth resolution * fix(logging): break console/logger type cycle * fix(config): stop owner-display barrel cycles * fix(commands): split auth choice apply types * fix(infra): extract exec approvals allowlist types * fix(commands): split doctor prompt option types * chore: prepare 2026.4.9-beta.1 release * chore: refresh config schema version for 2026.4.9-beta.1 * chore: refresh plugin SDK API baseline * test: run local full suite project shards in parallel * wizard: add explicit skip option to plugin setup (openclaw#63436) * Wizard: allow skipping plugin setup * Agents: reset nodes tool test modules * tests: reset discord native-command seams in model picker (openclaw#63267) * ci: tolerate noisy npm pack json output * test: isolate slack thread-ts recovery * fix(msteams): isolate channel thread sessions by replyToId (openclaw#58615) (openclaw#62713) * fix(msteams): isolate thread sessions by replyToId (openclaw#58615) * fix(msteams): align thread ID extraction + fix test types * fix(msteams): route thread replies to correct thread via replyToId (openclaw#58030) (openclaw#62715) * fix(msteams): pin reply target at inbound time to prevent DM/channel leak (openclaw#54520) (openclaw#62716) * test: keep local full suite serial by default * chore: prepare 2026.4.9 stable release * Agents: guard legacy pi transport override * Agents: restore upstream pi runner sources --------- Signed-off-by: sallyom <somalley@redhat.com> Co-authored-by: scoootscooob <zhentongfan@gmail.com> Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com> Co-authored-by: Peter Steinberger <steipete@gmail.com> Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com> Co-authored-by: Tyler Warburton <Ethan.gold-Steinberg@protonmail.com> Co-authored-by: Ayaan Zaidi <hi@obviy.us> Co-authored-by: Eric Curtin <eric.curtin@docker.com> Co-authored-by: Mariano <mbelinky@gmail.com> Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com> Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net> Co-authored-by: Pavan Kumar Gondhi <pgondhi@nvidia.com> Co-authored-by: Devin Robison <drobison@nvidia.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Gustavo Madeira Santana <gumadeiras@gmail.com> Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com> Co-authored-by: Agustin Rivera <31522568+eleqtrizit@users.noreply.github.com> Co-authored-by: zsx <git@zsxsoft.com> Co-authored-by: Devin Robison <drobison00@users.noreply.github.com> Co-authored-by: Eva H <63033505+hoyyeva@users.noreply.github.com> Co-authored-by: BruceMacD <5853428+BruceMacD@users.noreply.github.com> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: lukeboyett <46942646+lukeboyett@users.noreply.github.com> Co-authored-by: Altay <altay@uinaf.dev> Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com> Co-authored-by: Accunza <12242811+duqaXxX@users.noreply.github.com> Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com> Co-authored-by: Pinghuachiu <9033138+Pinghuachiu@users.noreply.github.com> Co-authored-by: Radek Sienkiewicz <mail@velvetshark.com> Co-authored-by: Sally O'Malley <somalley@redhat.com> Co-authored-by: Vignesh Natarajan <vignesh.natarajan92@gmail.com> Co-authored-by: Mason Huang <masonxhuang@tencent.com> Co-authored-by: Vincent Koc <vincentkoc@ieee.org> Co-authored-by: pashpashpash <nik@vault77.ai> Co-authored-by: sudie-codes <suvenkat95@gmail.com>
zhonghe0615
pushed a commit
to zhonghe0615/openclaw
that referenced
this pull request
Apr 27, 2026
…enclaw#63155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in cb0a752 ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
lovewanwan
pushed a commit
to lovewanwan/openclaw
that referenced
this pull request
Apr 28, 2026
…enclaw#63155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in d38868a ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
ogt-redknie
pushed a commit
to ogt-redknie/OPENX
that referenced
this pull request
May 2, 2026
…enclaw#63155) * fix(gateway): clear auto-fallback model override on session reset When `persistFallbackCandidateSelection()` writes a fallback provider override with `authProfileOverrideSource: "auto"`, the override was incorrectly preserved across `/reset` and `/new` commands. This caused sessions to keep using the fallback provider even after the user changed the agent config primary provider, because the session store override takes precedence over the config default. Now the override fields (`providerOverride`, `modelOverride`, `authProfileOverride`, `authProfileOverrideSource`, `authProfileOverrideCompactionCount`) are only carried forward when `authProfileOverrideSource === "user"` (i.e. explicit `/model` command). System-driven overrides are dropped on reset so the session picks up the current config default. Introduced in 2ec7272 ("fix: preserve reset session behavior config") * fix(gateway): preserve explicit reset model selection * fix(gateway): track reset model override source * fix(gateway): preserve legacy reset model overrides * docs(changelog): add session reset merge note --------- Co-authored-by: termtek <termtek@ubuntu.tail2b72cd.ts.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/resetand/newcommandsproviderOverride/modelOverride/authProfileOverrideacross session reset whenauthProfileOverrideSource === "user"(explicit/modelcommand)authProfileOverrideSource: "auto", from fallback rotation) are now dropped on reset so the session picks up the current config defaultChange Type (select all)
Scope (select all touched areas)
Linked Issue/PR
Root Cause (if applicable)
providerOverride,modelOverride,authProfileOverride,authProfileOverrideSource, andauthProfileOverrideCompactionCountto the fields unconditionally copied during session reset inperformGatewaySessionReset(). This was correct for user-driven/modelselections (authProfileOverrideSource: "user"), but it also preserved fallback-driven overrides (authProfileOverrideSource: "auto") written bypersistFallbackCandidateSelection().persistFallbackCandidateSelection()writesproviderOverridewithauthProfileOverrideSource: "auto", (3) user updates agent config to a different primary provider, (4)/resetor/newcopies the stale fallback override to the new session, (5) new session ignores the config change and keeps using the fallback provider.authProfileOverrideSource === "user"so only explicit user selections survive reset.Regression Test Plan (if applicable)
authProfileOverrideSource: "auto"should not carry forward override fields; session reset withauthProfileOverrideSource: "user"should preserve them.User-visible / Behavior Changes
After a fallback rotation,
/resetor/newnow returns the session to the configured default model/provider instead of keeping the fallback override. Explicit/modelselections continue to be preserved across reset as before.Security Impact (required)
NoNoNoNoNo