feat(nvidia): add NVIDIA provider with onboarding flow

[eleqtrizit]

Summary

Add NVIDIA as a bundled provider with onboarding, docs, and catalog wiring.

Problem

When NVIDIA is the model maker, the code base is collapsing nvidia/nvidia / into nvidia/, mistakenly assuming we have double providers listed. This makes our model picker selection inconsistent with the rest of the nvidia provider models when offering our own models.

Changes

• Add the extensions/nvidia provider plugin, onboarding flow, catalog, and contract coverage
• Add preserveLiteralProviderPrefix flag on ProviderPlugin — NVIDIA sets it so picker labels show nvidia/nvidia/nemotron-... (literal vendor namespace) while config storage stays canonical (nvidia/nemotron-...)
• CLI-arg redaction regex generalized to --<prefix>-api-key in diagnostic support redaction, covering --nvidia-api-key and future provider-scoped flags

Notes

• Branch: feat/nvidia-provider
• Base: main
• Label-only display approach: addModelSelectOption computes a label from preserveLiteralProviderPrefix; option value and persisted config remain canonical. No dual-key system, no migration helpers.

[greptile-apps]

Greptile Summary

This PR adds the NVIDIA provider plugin — onboarding flow, catalog entries, plugin JSON manifest, and the new preserveLiteralProviderPrefix flag on ProviderPlugin — so that vendor-namespaced model IDs like nvidia/nemotron-... are displayed with the full nvidia/nvidia/... label in the picker while config storage remains canonical. The configure.gateway-auth.ts change correctly passes workspaceDir and env through to promptModelAllowlist, closing the picker asymmetry flagged in a prior review.

Confidence Score: 5/5

Safe to merge; only a minor P2 UX regression with no functional impact.

All findings are P2. The sole issue is the unconditional removal of the 'resolves to' hint on the 'Keep current' option, which is a cosmetic UX regression for non-literal-prefix providers using aliases. No logic errors, security issues, or data integrity problems.

src/flows/model-picker.ts — review the hint removal around line 540.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/flows/model-picker.ts
Line: 540-545

Comment:
**"resolves to" hint unconditionally removed**

The old "Keep current" option showed a secondary hint (`resolves to {resolvedKey}`) whenever `configuredRaw !== resolvedKey` — i.e., when the user had stored an alias or shortened ref that maps to a different canonical key. That hint has been dropped entirely by this change, not just for literal-prefix providers. Non-literal-prefix providers where a user stored an alias (e.g. `anthropic/claude`) are now silently missing the disambiguation that previously told them what the ref resolves to.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (3): Last reviewed commit: "fix(nvidia): drop redundant hint from Ke..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

openclaw/extensions/nvidia/onboard.ts

Line 7 in 6c6a5c3

export const NVIDIA_DEFAULT_MODEL_REF = `nvidia/${NVIDIA_DEFAULT_MODEL_ID}`;

Use canonical NVIDIA default model ref

NVIDIA_DEFAULT_MODEL_ID already includes the nvidia/ prefix, so composing NVIDIA_DEFAULT_MODEL_REF as nvidia/${NVIDIA_DEFAULT_MODEL_ID} stores nvidia/nvidia/... in onboarding defaults/aliases. Catalog and picker values are keyed canonically via modelKey as nvidia/..., so configure/model-allowlist flows can surface a duplicate “configured (not in catalog)” entry for the same model and persist inconsistent keys. Keep the default ref canonical (e.g. use NVIDIA_DEFAULT_MODEL_ID directly or modelKey("nvidia", NVIDIA_DEFAULT_MODEL_ID)).

---

https://github.com/openclaw/openclaw/blob/6c6a5c3cf62dca19cb5242bfc6c3c2abf5a98c91/docs/.generated/config-baseline.json#L1
Drop local-only generated baseline JSON artifacts

This commit adds full baseline JSON artifacts under docs/.generated, but these files are documented as local-only inspection outputs while only *.sha256 drift markers are meant to be tracked. Checking them in adds large generated churn and recurring merge/conflict noise without runtime value; remove these JSON baselines from the commit and keep only the hash files.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[eleqtrizit]

Fixed in 4890410 — promptModelAllowlist now accepts workspaceDir and env and threads them through to resolveLiteralPrefixProviderIds. Caller in configure.gateway-auth.ts updated to pass both.

[aisle-research-bot]

🔒 Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

#	Severity	Title
1	🔵 Low	Terminal escape/control-sequence injection via untrusted model IDs in interactive picker labels and notes

1. 🔵 Terminal escape/control-sequence injection via untrusted model IDs in interactive picker labels and notes

Property	Value
Severity	Low
CWE	CWE-150
Location	src/flows/model-picker.ts:300-307

Description

Model/provider identifiers coming from provider catalogs (potentially network-sourced) are interpolated directly into terminal UI strings without neutralizing ANSI/control characters.

Impacted behaviors introduced/expanded in this change:

• src/flows/model-picker.ts may set select option label to the literal ${entry.provider}/${entry.id} for providers with preserveLiteralProviderPrefix.
• src/plugins/provider-auth-choice.ts displays selectedModelDisplay (which may preserve literal prefixes via formatLiteralProviderPrefixedModelRef) inside prompter.note() messages.

Because WizardPrompter (Clack) prints these strings to a terminal, a malicious model id containing ANSI escape sequences or control characters (e.g. \x1b[2J, \r, \n) could:

• Manipulate terminal output (erase screen, move cursor, spoof content)
• Mislead the operator during model selection/onboarding (security UX issue)

Vulnerable code (example):

const label = params.literalPrefixProviders.has(normalizeProviderId(params.entry.provider))
  ? `${params.entry.provider}/${params.entry.id}`
  : key;

params.options.push({ value: key, label });

Recommendation

Sanitize any model/provider IDs before rendering them in terminal UI labels/notes.

• Use the existing sanitizeTerminalText() (or sanitizeForLog()) to strip ANSI escape sequences and control characters.
• Keep the value used for selection/storage canonical, but render a sanitized label.

Example fix:

import { sanitizeTerminalText } from "../terminal/safe-text.js";

const rawLabel = literalPrefixProviders.has(normalizeProviderId(entry.provider))
  ? `${entry.provider}/${entry.id}`
  : key;

const label = sanitizeTerminalText(rawLabel);
options.push({ value: key, label, hint });

Similarly, sanitize selectedModelDisplay (and any other interpolated model refs) before passing them to prompter.note().

---

Analyzed PR: #71204 at commit 5d9280b

_{Last updated on: 2026-04-29T16:21:13Z}

[eleqtrizit]

All findings addressed in new commits:

• P1 (canonical default model ref): NVIDIA_DEFAULT_MODEL_REF now equals NVIDIA_DEFAULT_MODEL_ID directly, storing canonical nvidia/nemotron-3-super-120b-a12b in config. Test updated to match.
• P2 (generated JSON artifacts): Already removed in 907f2e7 — only .sha256 drift markers remain tracked.

[eleqtrizit]

@codex review
@greptile review

[chatgpt-codex-connector]

To use Codex here, create a Codex account and connect to github.

[eleqtrizit]

Following up on the aisle-research-bot report: we are not addressing these as part of this PR.

Reason, point by point:

1. Terminal escape/control sequence injection via model/provider labels

   • This PR did not introduce terminal rendering of untrusted provider/model strings in prompts.
   • The picker already rendered provider/model-derived labels before this change; this PR only changes the display form for providers that opt into literal prefix preservation.
   • If we want broader terminal-output sanitization, that should be handled as a repo-wide hardening pass, not as PR-local fallout.

2. NVIDIA API key accepted via CLI flag may leak through process list and shell history

   • This is an existing repo-wide pattern across many provider manifests, not a new NVIDIA-only behavior introduced here.
   • Treating this as a blocker for this PR would be inconsistent unless we first decide to change the policy for all provider auth CLI surfaces.

3. Terminal escape/control sequence injection via model refs in setup notes

   • This PR did not introduce the note path itself; the setup flow was already emitting model refs in notes.
   • The change here is limited to formatting the displayed ref for literal-prefix providers so the note matches the picker label.
   • As with item 1, any terminal sanitization fix belongs in a centralized repo-wide hardening change.

4. Plugin code execution during model-picker label formatting via resolvePluginProviders()

   • This is not a valid new security attack path in an available execution path.
   • The relevant flows already resolve provider plugins as part of setup/model-picker behavior, and this call explicitly excludes untrusted workspace plugins.
   • At most, this is an architecture/laziness concern about using provider resolution for a display-only flag; it is not a new attacker-controlled execution primitive.

Given the above, we are keeping this PR scoped to the NVIDIA provider work and not patching pre-existing repo-wide patterns or non-actionable security framing that was not introduced by this change.

[eleqtrizit]

@codex review
@greptile review

[chatgpt-codex-connector]

To use Codex here, create a Codex account and connect to github.

[clawsweeper]

Codex review: needs maintainer review before merge.

What this changes:

The PR branch proposes adding NVIDIA provider onboarding/catalog support plus model-picker/provider-prefix behavior, but its current diff also includes broad CI, Docker, docs, skills, doctor, plugin-registry, and test changes.

Maintainer follow-up before merge:

Not a safe automated repair candidate: the PR has a protected maintainer label, is very broad, includes security-sensitive workflow/Docker surfaces, and needs maintainer judgment rather than a single focused fix PR.

Review details

Best possible solution:

Keep the PR in maintainer review. The clean path is to either reduce it to a narrow, current-main NVIDIA/model-picker change with focused tests, or have a maintainer close/replace it manually if the already-shipped NVIDIA provider work fully supersedes the intended contribution. Workflow, Docker, release, and security-sensitive changes should be split into separate reviewed PRs.

What I checked:

• Protected label: The provided GitHub context lists the maintainer label on this open PR, which this workflow treats as requiring explicit maintainer handling rather than automated closure. (c6b269154a39)
• Current NVIDIA provider exists on main: Current main registers a bundled NVIDIA provider with NVIDIA_API_KEY, --nvidia-api-key, wizard metadata, docs path, and catalog builder wiring. (extensions/nvidia/index.ts:6, c6b269154a39)
• Current NVIDIA manifest catalog exists on main: The NVIDIA manifest declares provider id nvidia, manifest model-id normalization, a static OpenAI-compatible catalog at https://integrate.api.nvidia.com/v1, and provider auth choices for setup metadata. (extensions/nvidia/openclaw.plugin.json:2, c6b269154a39)
• Current NVIDIA docs exist on main: The provider doc covers API-key setup, NVIDIA_API_KEY, the NVIDIA model ref, config example, built-in catalog, and auto-enable behavior. Public docs: docs/providers/nvidia.md. (docs/providers/nvidia.md:13, c6b269154a39)
• Model-id normalization coverage exists: Current tests cover NVIDIA bare-id prefix normalization and avoiding double-prefix normalization for already-prefixed NVIDIA model ids. (src/agents/model-ref-shared.test.ts:5, c6b269154a39)
• PR scope and security-sensitive surfaces: The provided PR metadata reports 4,272 changed files, 281,622 additions, 58,434 deletions, and mergeable: false; the file list includes workflow and Docker changes such as .github/workflows/auto-response.yml, .github/workflows/ci.yml, .github/workflows/full-release-validation.yml, and Dockerfile, so the PR needs normal maintainer/security review instead of cleanup automation. (.github/workflows/auto-response.yml, 53a57ef5af97)

Likely related people:

• steipete: Current main head is authored by Peter Steinberger, local blame on the NVIDIA provider, manifest, model-picker, and model-ref files resolves to the available current-main snapshot, and recent local history shows Peter maintaining adjacent provider, plugin, CI, and release surfaces. (role: recent maintainer and current-main route owner; confidence: medium; commits: c6b269154a39, d1b2d81752b8, be8c24633aaa; files: extensions/nvidia/index.ts, extensions/nvidia/openclaw.plugin.json, src/flows/model-picker.ts)
• shakkernerd: Current changelog credits shakkernerd for manifest-backed provider catalog and model-list work that explicitly included NVIDIA, which is central to the current-main implementation path this PR overlaps. (role: adjacent provider-manifest/catalog owner; confidence: low; commits: be8c24633aaa; files: CHANGELOG.md, extensions/nvidia/openclaw.plugin.json, src/plugins/manifest-model-id-normalization.ts)

Remaining risk / open question:

• The branch mixes the NVIDIA provider topic with broad workflow, Docker, release, doctor, skill, and plugin-registry changes, so a reviewer needs to determine which parts are intentional and which should be split or dropped.
• Current main already covers the core NVIDIA provider request, but the PR may still contain narrower model-picker or provider-prefix changes that should be evaluated by a maintainer rather than auto-closed under a protected label.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c6b269154a39.

[clawsweeper]

Codex review: needs maintainer review before merge.

What this changes:

The PR branch adds a bundled NVIDIA provider with onboarding/catalog/docs, model-reference display behavior for NVIDIA namespaced IDs, diagnostic redaction updates, and many additional CI, Docker, docs, skill, doctor, plugin-registry, and test changes.

Maintainer follow-up before merge:

Protected maintainer label plus broad security-sensitive workflow/Docker scope make this a maintainer decision, not a safe automated repair or replacement PR candidate.

Review details

Best possible solution:

Keep this PR in maintainer review. The clean path is to reduce it to a narrow NVIDIA/model-picker change against current main with focused tests, or have a maintainer close and replace it manually if the already-shipped NVIDIA provider work fully supersedes the intended contribution. Workflow, Docker, release, and broad registry/doctor changes should be split into separately reviewed PRs.

What I checked:

• Protected label: The provided GitHub context lists the protected maintainer label on this open PR, so this workflow must not auto-close it even if parts overlap current main. (e420ee3e7000)
• Current NVIDIA provider exists: Current main registers a bundled NVIDIA provider with docs path, NVIDIA_API_KEY, --nvidia-api-key, and provider auth metadata. (extensions/nvidia/index.ts:6, 240362bf6d0e)
• Current NVIDIA manifest catalog exists: The NVIDIA manifest declares provider id nvidia, model-id normalization, a static catalog at https://integrate.api.nvidia.com/v1, and setup auth choice metadata. (extensions/nvidia/openclaw.plugin.json:2, 240362bf6d0e)
• Current NVIDIA docs exist: The provider docs cover API-key setup, NVIDIA_API_KEY, the nvidia/nvidia/... model ref examples, built-in catalog, and auto-enable behavior. Public docs: docs/providers/nvidia.md. (docs/providers/nvidia.md:13, 240362bf6d0e)
• Model normalization coverage: Current tests cover NVIDIA bare-id prefix normalization and avoiding double-prefix normalization for already-prefixed NVIDIA model ids. (src/agents/model-ref-shared.test.ts:5, 240362bf6d0e)
• Remaining proposed behavior is not clearly on main: Current main has no preserveLiteralProviderPrefix, nativeIdsIncludeProviderPrefix, or formatLiteralProviderPrefixedModelRef symbol, and the current picker labels options with the canonical key. (src/flows/model-picker.ts:264, 240362bf6d0e)

Likely related people:

• steipete: Local blame on the NVIDIA provider, manifest, model-ref, and related current-main snapshot resolves to Peter Steinberger, and current HEAD is also authored by Peter; this makes him the clearest maintainer route for deciding whether to keep, split, or replace the broad PR. (role: recent maintainer and current-main route owner; confidence: medium; commits: 240362bf6d0e, 3a875e754928, be8c24633aaa; files: extensions/nvidia/index.ts, extensions/nvidia/openclaw.plugin.json, src/agents/model-ref-shared.ts)
• shakkernerd: Current changelog credits @shakkernerd for manifest-backed provider catalog and model-list work that explicitly included NVIDIA, plus setup/model-picker cold-path work adjacent to the PR's provider and picker changes. (role: adjacent provider-manifest/catalog owner; confidence: medium; commits: 979b267eb35e, 5aaf26665975; files: CHANGELOG.md, extensions/nvidia/openclaw.plugin.json, src/plugins/manifest-model-id-normalization.ts)

Remaining risk / open question:

• The PR mixes the NVIDIA provider topic with workflow, Docker, release, doctor, skill, and plugin-registry changes, so a reviewer must decide which parts are intentional and which should be split or dropped.
• Current main already covers the basic NVIDIA provider request, but the PR may still contain narrower model-picker/provider-prefix behavior that needs product judgment rather than automated closure.
• The branch touches security-sensitive CI and Docker execution surfaces that are not explained by the NVIDIA provider feature alone.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 240362bf6d0e.

[clawsweeper]

Codex review: found issues before merge.

What this changes:

The PR updates the bundled NVIDIA provider docs, onboarding/config helpers and tests, and adds provider-prefix display behavior for NVIDIA model refs in model-picker and provider-auth flows.

Maintainer follow-up before merge:

Protected maintainer label plus plugin/runtime control-plane implications make this a maintainer review item, not a safe automated repair or replacement PR candidate.

Review findings:

• [P2] Keep prefix label metadata on manifest-only paths — src/flows/model-picker.ts:230-237

Review details

Best possible solution:

Keep this PR in maintainer review. The desired end state is a narrow NVIDIA/model-picker change that either stores the literal-prefix display flag in manifest/metadata or otherwise keeps label decisions on a manifest-only/lightweight path, with focused default-model and allowlist picker coverage against current main.

Full review comments:

• [P2] Keep prefix label metadata on manifest-only paths — src/flows/model-picker.ts:230-237
resolveLiteralPrefixProviderIds runs from the model picker only to format labels, but it calls resolvePluginProviders without loadModules:false or a manifest-only mode. The current loader defaults unspecified loadModules to loading plugin modules, so opening the picker can import enabled provider plugin runtime code just to decide display text. Move this flag to manifest/public metadata or use a manifest-only snapshot for the label calculation.
  Confidence: 0.86

Overall correctness: patch is incorrect
Overall confidence: 0.82

What I checked:

• protected_label: The provided GitHub context lists the protected maintainer label on this open PR, so this workflow must not auto-close it. (48d45b243cc7)
• current_main_has_nvidia_provider: Current main already registers a bundled NVIDIA provider with NVIDIA_API_KEY, --nvidia-api-key, auth choice metadata, docs path, and static catalog wiring. (extensions/nvidia/index.ts:6, c99d6807141e)
• current_main_has_nvidia_docs_and_catalog: The current NVIDIA docs describe setup and the built-in nvidia/nvidia/... model refs; the manifest catalog stores native model ids such as nvidia/nemotron-3-super-120b-a12b. Public docs: docs/providers/nvidia.md. (docs/providers/nvidia.md:13, c99d6807141e)
• remaining_pr_behavior_absent_on_main: Current main has no preserveLiteralProviderPrefix, nativeIdsIncludeProviderPrefix, or formatLiteralProviderPrefixedModelRef symbols, so the PR's literal-prefix display behavior is not already implemented on main. (c99d6807141e)
• pr_runtime_label_lookup: The PR adds resolveLiteralPrefixProviderIds, which calls runtime resolvePluginProviders from the model picker only to decide display labels. (src/flows/model-picker.ts:224, 48d45b243cc7)
• loader_contract: The current loader treats unspecified loadModules as load-modules, and the plugin boundary says metadata/setup paths should stay manifest-first and avoid quiet runtime imports when metadata is sufficient. (src/plugins/loader.ts:1099, c99d6807141e)

Likely related people:

• steipete: The current-main history available locally shows Peter Steinberger authoring the release/consolidation commit that added the current NVIDIA provider/docs/model-picker snapshot, and current HEAD is also authored by Peter. (role: recent maintainer and current-main route owner; confidence: medium; commits: be8c24633aaa, c99d6807141e; files: extensions/nvidia/index.ts, extensions/nvidia/openclaw.plugin.json, docs/providers/nvidia.md)
• shakkernerd: The changelog credits @shakkernerd for manifest-backed provider catalog/model-list work that explicitly includes NVIDIA and for setup/model-picker cold-path work directly adjacent to this PR's prefix-display implementation. (role: adjacent provider-manifest and model-catalog owner; confidence: medium; commits: be8c24633aaa; files: CHANGELOG.md, extensions/nvidia/openclaw.plugin.json, src/flows/model-picker.ts)

Remaining risk / open question:

• The PR still needs maintainer judgment because it changes plugin/provider control-plane behavior, not only NVIDIA docs or catalog data.
• The current branch no longer appears to contain the earlier broad workflow/Docker churn from prior ClawSweeper comments, but it still introduces a runtime-loading label path that has security and startup-laziness implications.
• No tests were run because this was a read-only sweep; the review finding is based on static source and diff inspection.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c99d6807141e.

[clawsweeper]

Codex review: found issues before merge.

What this changes:

The PR updates NVIDIA provider onboarding, docs, catalog tests, and API exports, and adds a preserveLiteralProviderPrefix provider flag used by model-picker and auth-choice display paths.

Maintainer follow-up before merge:

Protected maintainer label plus plugin control-plane/runtime-loading implications make this a maintainer review item, not a safe automated repair or replacement PR lane.

Review findings:

• [P2] Keep prefix metadata on the manifest path — src/flows/model-picker.ts:229-237

Review details

Best possible solution:

Keep this in maintainer review and make the desired end state a narrow NVIDIA/model-picker change that keeps canonical config storage while sourcing literal-prefix display metadata from a manifest or other lightweight control-plane surface, with focused coverage for NVIDIA onboarding, default-model labels, and allowlist picker labels.

Full review comments:

• [P2] Keep prefix metadata on the manifest path — src/flows/model-picker.ts:229-237
resolveLiteralPrefixProviderIds only needs display metadata, but it calls resolvePluginProviders without mode: "setup", loadModules: false, or a manifest-only path. The loader treats unspecified loadModules as runtime module loading, so opening the picker can import enabled provider plugin code just to format labels. Move this flag to manifest/public metadata or use a manifest-only snapshot for the label calculation.
  Confidence: 0.86

Overall correctness: patch is incorrect
Overall confidence: 0.84

What I checked:

• protected_label: The provided GitHub context lists the protected maintainer label on this open PR, so it requires explicit maintainer handling rather than automated closure. (5d9280bb70be)
• current_main_nvidia_provider: Current main already registers the bundled NVIDIA provider with NVIDIA_API_KEY, --nvidia-api-key, provider docs path, API-key auth metadata, and catalog wiring. (extensions/nvidia/index.ts:6, 7471c2116f9a)
• current_main_manifest_catalog: Current main's NVIDIA manifest declares provider id nvidia, static model catalog rows including native nvidia/nemotron-3-super-120b-a12b, auth env metadata, and nvidia-api-key setup choice metadata. (extensions/nvidia/openclaw.plugin.json:15, 7471c2116f9a)
• current_main_docs: Current main documents NVIDIA setup, NVIDIA_API_KEY, and the user-facing nvidia/nvidia/nemotron-3-super-120b-a12b model ref at the public provider doc surface. Public docs: docs/providers/nvidia.md. (docs/providers/nvidia.md:19, 7471c2116f9a)
• remaining_pr_behavior_not_on_main: The PR adds preserveLiteralProviderPrefix to ProviderPlugin; current main has no preserveLiteralProviderPrefix, nativeIdsIncludeProviderPrefix, or formatLiteralProviderPrefixedModelRef symbol, so this part is not already implemented. (src/plugins/types.ts:1217, 5d9280bb70be)
• review_finding_runtime_label_lookup: The PR's resolveLiteralPrefixProviderIds calls resolvePluginProviders from the model picker only to decide display labels, without mode: "setup", loadModules: false, or a manifest-only metadata path. (src/flows/model-picker.ts:229, 5d9280bb70be)

Likely related people:

• steipete: Local blame on the current NVIDIA provider and model-picker files resolves to Peter Steinberger in the available main history, and recent main commits show him maintaining adjacent plugin, CI, and release surfaces. (role: recent maintainer and current-main route owner; confidence: medium; commits: 34d11d57579d, 7471c2116f9a, be8c24633aaa; files: extensions/nvidia/index.ts, extensions/nvidia/openclaw.plugin.json, src/flows/model-picker.ts)
• shakkernerd: Current changelog credits @shakkernerd for manifest-backed provider catalog/model-list work that explicitly included NVIDIA, plus setup/model-picker cold-path work adjacent to the PR's proposed metadata/display path. (role: adjacent provider-manifest and model-catalog owner; confidence: medium; commits: be8c24633aaa; files: CHANGELOG.md, extensions/nvidia/openclaw.plugin.json, src/flows/model-picker.ts)
• obviyus: Current changelog credits @obviyus for recent configure/provider-catalog model picker work, which overlaps the PR's configure.gateway-auth and allowlist picker changes. (role: recent adjacent configure/model-picker contributor; confidence: low; commits: 7471c2116f9a; files: CHANGELOG.md, src/commands/configure.gateway-auth.ts, src/flows/model-picker.ts)

Remaining risk / open question:

• The branch was not test-run because this was a read-only sweep; the blocking finding is based on static diff and loader-contract inspection.
• Current main has moved past the PR base with later NVIDIA/NIM compatibility work, so the branch may need rebase and drift review before normal validation.
• The remaining literal-prefix behavior is a plugin/control-plane API choice, so a maintainer should decide whether it belongs in manifest metadata, provider public artifacts, or another lightweight contract.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e46dccb35374.