fix(config): allow bundled provider timeout overlays

[giodl73-repo]

Fixes #83201.

Summary

• Allow bundled model provider config entries to act as overlays, so models.providers.openai.timeoutSeconds is valid without redeclaring baseUrl and models.
• Preserve strict custom-provider validation: unknown provider IDs still require both baseUrl and models.
• Guard configured-provider fallback against overlay entries without models, and prove the timeout overlay is applied during model resolution.

Real behavior proof

Fresh deterministic proof artifacts:

• Summary: https://raw.githubusercontent.com/giodl73-repo/openclaw/proof-artifacts/pr-83267-fresh/pr-83267/summary.txt
• Before/source proof log: https://raw.githubusercontent.com/giodl73-repo/openclaw/proof-artifacts/pr-83267-fresh/pr-83267/before-source-proof.log
• After/PR proof log: https://raw.githubusercontent.com/giodl73-repo/openclaw/proof-artifacts/pr-83267-fresh/pr-83267/after-pr-83267.log

Behavior or issue addressed: A documented config such as models.providers.openai.timeoutSeconds = 600 was rejected at startup because the validator required models.providers.openai.baseUrl and models.providers.openai.models, even though the entry is only tuning a bundled provider.

Real environment tested: Local OpenClaw checkout on Ubuntu 24.04 under WSL, running production config validation and model resolution against real config objects.

Exact steps or command run after this patch: Ran a source-level before/after probe against origin/main and this PR head, then ran focused validation and changed-file checks:

node --import tsx <provider-timeout-overlay-proof>
CI=1 node scripts/run-vitest.mjs src/config/config-misc.test.ts src/config/schema.test.ts src/config/schema.help.quality.test.ts src/agents/pi-embedded-runner/model.test.ts src/agents/models-config.providers.google-antigravity.test.ts src/agents/models-config.providers.implicit.discovery-scope.test.ts src/agents/models-config.providers.normalize-keys.test.ts
pnpm check:changed

Evidence after fix: The before/after probe shows the bundled openai overlay now validates, while an unknown custom provider with only timeoutSeconds still fails:

before_status=10
{
  "overlay": {
    "ok": false,
    "issues": [
      "models.providers.openai.baseUrl: Invalid input: expected string, received undefined",
      "models.providers.openai.models: Invalid input: expected array, received undefined"
    ]
  },
  "custom": {
    "ok": false,
    "issues": [
      "models.providers.custom.baseUrl: Invalid input: expected string, received undefined",
      "models.providers.custom.models: Invalid input: expected array, received undefined"
    ]
  }
}
---
after_status=0
{
  "overlay": {
    "ok": true,
    "issues": []
  },
  "custom": {
    "ok": false,
    "issues": [
      "models.providers.custom.baseUrl: custom model providers must declare baseUrl; provider overlays without baseUrl are only supported for bundled providers",
      "models.providers.custom.models: custom model providers must declare models; provider overlays without models are only supported for bundled providers"
    ]
  }
}

Focused tests passed:

src/config/schema.help.quality.test.ts: 22 tests passed
src/config/schema.test.ts: 39 tests passed
src/config/config-misc.test.ts: 81 tests passed
src/agents/pi-embedded-runner/model.test.ts: 84 tests passed in both agents-core and agents-pi-embedded shards
pnpm check:changed: passed

Observed result after fix: models.providers.openai.timeoutSeconds can be used as a standalone bundled provider overlay and the resolver applies it as requestTimeoutMs=600000; a custom models.providers.custom.timeoutSeconds entry still fails validation until it declares baseUrl and models.

What was not tested: No live OpenAI request was sent; this validates startup config behavior and the model-resolution metadata path without contacting provider APIs.

Follow-up: overlay-only fallback guard

ClawSweeper found that materialized bundled-provider overlays (baseUrl: "", models: []) could still authorize fallback model synthesis. This follow-up keeps timeout overlays valid as configuration, but only lets fallback model synthesis proceed when there is an explicit configured model, a real baseUrl-backed provider surface, or the existing mock model path.

Additional verification after this follow-up:

node scripts/run-vitest.mjs \
  src/agents/pi-embedded-runner/model.test.ts \
  src/config/config-misc.test.ts \
  extensions/microsoft-foundry/index.test.ts

pnpm exec oxfmt --check --threads=1 \
  src/agents/pi-embedded-runner/model.ts \
  src/agents/pi-embedded-runner/model.test.ts

git diff --check

Observed result:

4 test files passed / 281 tests passed
All matched files use the correct format.
git diff --check passed

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch relaxes model-provider config validation for bundled provider overlays, materializes accepted overlays, guards fallback/model-resolution paths, and adds config/model/Foundry regression tests.

Reproducibility: yes. by source inspection: current main requires baseUrl and models in ModelProviderSchema, and the PR proof log shows the timeout-only OpenAI overlay failing before the patch. I did not run a local repro because this review was read-only and avoided artifact-generating commands.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Strong proof and focused regression coverage make this a normal good PR, with the overall rating capped by the maintainer-owned config/provider contract decision.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Pearl Patch Peep

        /\     /\            
      _/  \___/  \_          
     /  ( o   o )  \         
    |      \_/      |        
    |   /\  ===  /\ |        
     \_/  \_____/  \_/       
        _/|_| |_|\_          
       /__| | | |__\         
          ' ' ' '            
         /_/     \_\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: purrs at green checks.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Pearl Patch Peep in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (logs): The PR body and linked logs show before/after config validation and model-resolution behavior, with later comments adding focused fallback-guard verification on the updated head.

Risk before merge
Why this matters: - The validation change intentionally accepts previously invalid partial models.providers.<bundled-id> entries and materializes missing baseUrl/models as empty sentinel values; maintainers should accept that as the config contract before merge.

• Bundled overlay eligibility is a static provider-ID list normalized through provider aliases, so future bundled provider IDs must stay synchronized unless this moves to manifest/provider metadata.
• The change affects provider routing and auth-adjacent model resolution; focused tests and logs cover the config path, alias path, custom-provider rejection, Foundry guard, and fallback guard, but no live provider request was sent.

Maintainer options:

1. Accept the guarded overlay contract (recommended)
   Merge after maintainer review confirms that empty materialized overlay sentinels and a static bundled-provider classifier are acceptable for the config contract.
2. Move eligibility to provider metadata first
   If maintainers do not want a static allowlist in config schema code, require a pre-merge refactor that derives bundled overlay eligibility from provider/plugin metadata without weakening custom-provider validation.

Next step before merge
Human maintainer review is the right next action because the protected label and merge risks are about accepting the config/provider overlay contract, not an unresolved narrow code defect.

Security
Cleared: The diff changes config validation, model resolution, and tests; it does not add dependencies, scripts, workflows, secret sinks, or new external code execution paths.

Review details

Best possible solution:

Merge this shape once maintainers accept bundled provider entries as overlay-capable while keeping non-bundled custom providers strict and guarding resolver paths that expect real provider catalogs.

Do we have a high-confidence way to reproduce the issue?

Yes, by source inspection: current main requires baseUrl and models in ModelProviderSchema, and the PR proof log shows the timeout-only OpenAI overlay failing before the patch. I did not run a local repro because this review was read-only and avoided artifact-generating commands.

Is this the best way to solve the issue?

Yes, with maintainer acceptance of the config contract. The PR keeps custom providers strict, applies the documented bundled-provider timeout overlay, and adds guards where overlay-only entries would otherwise look like real provider catalogs.

Label justifications:

• P2: This fixes a real documented config/runtime mismatch with limited blast radius around model-provider config validation.
• merge-risk: 🚨 compatibility: The PR changes startup validation so partial built-in provider config that was previously rejected becomes valid and materialized into runtime config.
• merge-risk: 🚨 auth-provider: The diff touches provider config validation and model resolution paths that influence provider routing and auth-adjacent request metadata.

What I checked:

• Current main rejects the reported overlay shape: On current main, ModelProviderSchema requires both baseUrl and models, while timeoutSeconds is only an optional field inside the same object; a timeout-only models.providers.openai block therefore fails schema validation before runtime defaults can apply. (src/config/zod-schema.core.ts:379, b86435f0b597)
• Current docs/schema help present timeoutSeconds as an independent provider timeout knob: The schema help says models.providers.*.timeoutSeconds is an optional per-provider model request timeout and recommends it instead of changing global agent timeouts, which supports the linked bug’s expected behavior. (src/config/schema.help.ts:950, b86435f0b597)
• PR preserves custom-provider strictness while allowing bundled overlays: The PR patch makes provider baseUrl/models optional at the raw schema layer, adds bundled-provider overlay eligibility, rejects missing fields for non-bundled provider IDs with explicit custom-provider errors, and materializes accepted bundled overlays back to the strict exported config shape. (src/config/zod-schema.core.ts:379, aca1f3d35da3)
• PR guards overlay-only fallback model synthesis: The PR adds hasConfiguredFallbackSurface so timeout-only materialized overlays do not make unknown model IDs resolve as configured fallback models; the added test covers the typo-model rejection path. (src/agents/pi-embedded-runner/model.ts:896, 7c858127fc04)
• Real behavior proof is present: The linked proof log shows current-main/source behavior rejecting models.providers.openai.timeoutSeconds, then the PR accepting that bundled overlay while still rejecting a custom provider with only timeoutSeconds; the PR comments add focused verification for the later fallback guard. (aca1f3d35da3)
• Feature-history sample: Local blame/log history points the current schema, exported model-provider type, fallback resolver, and Foundry model-selected path to recent config/model area work, with additional recent touches to validation and model resolution. (src/config/zod-schema.core.ts:377, 17eab1ed4de8)

Likely related people:

• steipete: Local blame on the central config schema, exported provider type, model fallback, and Foundry provider path points to commit 17eab1e as the current-main source for those lines. (role: recent area contributor; confidence: medium; commits: 17eab1ed4de8; files: src/config/zod-schema.core.ts, src/config/types.models.ts, src/agents/pi-embedded-runner/model.ts)
• Gio Della-Libera: Recent current-main history includes config validation work in commit 19065e4, so this person is connected to the affected validation surface beyond opening this PR. (role: recent config validation contributor; confidence: medium; commits: 19065e4a2fc8; files: src/config/validation.ts)
• Eduardo Piva: Commit 6f18dec recently changed src/agents/pi-embedded-runner/model.ts, which is the resolver path the PR updates for overlay fallback behavior. (role: recent model resolver contributor; confidence: medium; commits: 6f18decb7a2c; files: src/agents/pi-embedded-runner/model.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against b86435f0b597.

[giodl73-repo]

Reviewed and fixed the two concrete ClawSweeper blockers in 5a021ca6ec1858fc23f7d33157756d103011dcb3.

Changes:

• Added google-antigravity to the bundled provider overlay allowlist so provider-alias timeout overlays validate.
• Updated ModelProviderConfig so accepted overlay-only entries can omit baseUrl and models in the exported config type.
• Added a regression for models.providers.google-antigravity.timeoutSeconds without custom-provider fields.

Verification:

• git diff --check
• node node_modules/vitest/vitest.mjs run src/config/config-misc.test.ts --reporter verbose -> 82 tests passed

Note: WSL codex review --uncommitted timed out without output; the patch is the narrow requested fix plus focused regression coverage.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26044553190
• Updated: 2026-05-18T16:01:08.205Z

[giodl73-repo]

Addressed the Foundry overlay P2.

What changed:

• extensions/microsoft-foundry/provider.ts now treats missing providerConfig.models as an empty configured catalog before .find() / .map().
• Added regression coverage for selecting a microsoft-foundry/... model when config only contains a timeout overlay.

Verification:

pnpm install
CI=1 OPENCLAW_VITEST_MAX_WORKERS=1 node scripts/run-vitest.mjs extensions/microsoft-foundry/index.test.ts src/config/config-misc.test.ts
blocked locally: spawn EPERM before Vitest started

CI=1 OPENCLAW_VITEST_MAX_WORKERS=1 node node_modules/vitest/vitest.mjs run extensions/microsoft-foundry/index.test.ts src/config/config-misc.test.ts --maxWorkers=1 --reporter=dot
Test Files  2 passed (2)
Tests  111 passed (111)

git diff --check
passed

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26051367782
• Updated: 2026-05-18T18:16:39.477Z

[giodl73-repo]

I pushed a cleanup for the CI failures from the previous revision.

Verification on the updated branch:

• node node_modules\\@typescript\\native-preview\\bin\\tsgo.js --noEmit --pretty false -p tsconfig.json - passes
• node node_modules\\oxlint\\dist\\cli.js extensions/microsoft-foundry/provider.ts extensions/microsoft-foundry/index.test.ts src/config/zod-schema.core.ts src/config/types.models.ts src/config/config-misc.test.ts - passes
• $env:CI='1'; $env:OPENCLAW_VITEST_MAX_WORKERS='1'; node node_modules/vitest/vitest.mjs run extensions/microsoft-foundry/index.test.ts src/config/config-misc.test.ts --maxWorkers=1 --reporter=dot - 2 files, 111 tests passed
• git diff --check - passes

The shared model provider type stays strict; the schema accepts bundled-provider overlay input, and the Foundry selection path guards the overlay shape when applying the selected model.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26052793330
• Updated: 2026-05-18T18:42:15.146Z

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26063722137
• Updated: 2026-05-18T22:26:14.862Z

[giodl73-repo]

@clawsweeper re-review

Fixed the P2 around timeout-only provider overlays leaking into fallback model synthesis. The model resolver now only synthesizes fallback models for an explicit configured model, a real baseUrl-backed provider surface, or the existing mock model path; timeout-only bundled overlays no longer turn unknown model ids into resolved models.

Verification in WSL:

• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/model.test.ts src/config/config-misc.test.ts extensions/microsoft-foundry/index.test.ts — 4 test files / 281 tests passed
• pnpm exec oxfmt --check --threads=1 src/agents/pi-embedded-runner/model.ts src/agents/pi-embedded-runner/model.test.ts — passed
• git diff --check — passed

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26068458257
• Updated: 2026-05-19T00:33:09.390Z