fix(sessions): preserve compatible auth overrides

[clawsweeper]

Makes #81886 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-openclaw-81886
• Source PRs: fix(sessions): preserve compatible auth overrides #81886
• Credit: Source PR: fix(sessions): preserve compatible auth overrides #81886
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @Takhoffman

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Inherited issue-closing references from the source PR:
Fixes #81837

Co-author credit kept:

• @TurboTheTurtle: Co-authored-by: Andy Ye 35905412+TurboTheTurtle@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 64a0739.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
This replacement branch preserves compatible session auth profile overrides during sessions.patch model changes, adds alias/unprefixed/cross-provider regression coverage, and updates related doctor/Mantis test assertions plus the changelog.

Reproducibility: yes. by source inspection: current main’s sessions.patch model branch calls applyModelOverrideToSessionEntry without profile or preserve data, and the shared helper clears auth fields unless preservation is requested. I did not run tests in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Good focused replacement PR with real server-side proof and targeted regressions; final confidence depends on exact-head checks and maintainer auth-provider acceptance.

Rank-up moves:

• Let required exact-head checks finish green before merge.
• Add a redacted live Dashboard model-switch smoke only if maintainers want UI-to-gateway proof.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (terminal): Sufficient terminal proof is inherited from the source PR body: it shows after-fix output from a local harness using the real applySessionsPatchToStore path for same-provider preservation and provider-change cleanup.

Risk before merge

• This intentionally changes when a persisted authProfileOverride survives a model patch; maintainers should accept that auth-provider compatibility rule because a bad match would affect credential routing.
• The supplied proof exercises the real server-side RPC helper, but it does not show a live Dashboard-to-gateway model switch end to end.
• Some exact-head GitHub check runs were still in progress during this read-only review, so merge should wait for required checks to finish green.

Maintainer options:

1. Merge After Auth-Provider Acceptance And Green Checks (recommended)
   Maintainers can let the armed automerge lane proceed once required checks finish because the patch uses the canonical alias resolver and covers preserve/clear cases.
2. Request A Live Dashboard Smoke
   If UI-to-gateway proof is required, ask for a short redacted Dashboard model switch showing the selected provider keeps the intended auth profile.

Next step before merge
No repair lane is needed because review found no actionable patch defect; keep this in the armed automerge/maintainer auth-provider gate while exact-head checks complete.

Security
Cleared: Cleared: the diff is scoped to session auth compatibility, tests, and changelog, with no dependency, workflow, install, package, or secret-handling change.

Review details

Best possible solution:

Land the alias-aware server-side preservation path after required checks complete and maintainers accept the auth-provider routing risk; request a live Dashboard smoke only if UI-level assurance is required.

Do we have a high-confidence way to reproduce the issue?

Yes by source inspection: current main’s sessions.patch model branch calls applyModelOverrideToSessionEntry without profile or preserve data, and the shared helper clears auth fields unless preservation is requested. I did not run tests in this read-only review.

Is this the best way to solve the issue?

Yes. The branch uses the existing model override preservation hook plus the canonical provider-auth alias resolver, with focused preserve/clear regression tests rather than a broader API or config change.

Label justifications:

• P1: The PR fixes a real Dashboard/session model-switch auth failure that can break selected provider/profile routing for users.
• merge-risk: 🚨 auth-provider: The diff changes when persisted auth profile overrides are retained or cleared during model switching, directly affecting credential/provider routing.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🐚 platinum hermit, patch quality is 🐚 platinum hermit, and Good focused replacement PR with real server-side proof and targeted regressions; final confidence depends on exact-head checks and maintainer auth-provider acceptance.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): Sufficient terminal proof is inherited from the source PR body: it shows after-fix output from a local harness using the real applySessionsPatchToStore path for same-provider preservation and provider-change cleanup.
• proof: sufficient: Contributor real behavior proof is sufficient. Sufficient terminal proof is inherited from the source PR body: it shows after-fix output from a local harness using the real applySessionsPatchToStore path for same-provider preservation and provider-change cleanup.

What I checked:

• Current main model patch omits auth preservation: On current main, the explicit sessions.patch model path calls applyModelOverrideToSessionEntry with selection and markLiveSwitchPending only, so it does not pass a profile override or preserve flag. (src/gateway/sessions-patch.ts:497, 652712e0ad96)
• Shared helper clears auth by default: applyModelOverrideToSessionEntry deletes auth override fields when no explicit profile override is supplied and preserveAuthProfileOverride is not set. (src/sessions/model-overrides.ts:116, 652712e0ad96)
• PR adds alias-aware preservation: The PR adds shouldPreserveSessionAuthProfileOverride, compares providers through resolveProviderIdForAuth, and passes the result to both model reset and model set calls. (src/gateway/sessions-patch.ts:74, 64a07393d5d6)
• PR adds focused gateway regressions: The branch tests same-provider preservation, provider-auth alias preservation, unprefixed profile preservation, and clearing when the provider changes. (src/gateway/sessions-patch.test.ts:276, 64a07393d5d6)
• Alias contract matches the regression: Current main resolves provider auth through resolveProviderIdForAuth, and the BytePlus plugin declares byteplus-plan as an auth alias of byteplus, matching the PR's alias coverage. (extensions/byteplus/openclaw.plugin.json:12, 652712e0ad96)
• Source PR discussion resolved earlier blocker: The source PR discussion included a reviewer blocker for alias-compatible profiles; the replacement head now uses the canonical alias helper and carries the source PR proof/credit forward. (64a07393d5d6)

Likely related people:

• Peter Steinberger: Git history ties Peter to the shared model override auth handling, provider auth alias support, and the latest current-main copies of the central files. (role: introduced behavior and adjacent owner; confidence: high; commits: 1e05925e47b2, 9e4f478f866c, 3faddfb506b9; files: src/gateway/sessions-patch.ts, src/sessions/model-overrides.ts, src/agents/provider-auth-aliases.ts)
• Vincent Koc: History shows repeated recent gateway/doctor contributions in the sampled area, and the replacement branch also includes guard/prototype-safety commits under this name. (role: recent area contributor; confidence: medium; commits: 46a332385d11, f7cf3d0dad89, 43cb94a39aa1; files: src/gateway/sessions-patch.ts, src/gateway/sessions-patch.test.ts, src/commands/doctor-legacy-config.migrations.test.ts)
• stielemans: The source PR discussion called out the alias-compatible auth blocker that this replacement branch now addresses. (role: recent reviewer; confidence: medium; files: src/gateway/sessions-patch.ts, src/gateway/sessions-patch.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 652712e0ad96.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🌱 uncommon Clockwork Branchling

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🌱 uncommon.
Trait: finds missing screenshots.
Image traits: location status garden; accessory rollback rope; palette charcoal, cyan, and signal green; mood sleepy but ready; pose sitting proudly on a smooth stone; shell brushed metal shell; lighting soft underwater shimmer; background small review tokens.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Clockwork Branchling in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=64a07393d5d609ba7efabda50be1de7b91a685b1)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-21T16:17:51Z
Merge commit: b33deb41594e

What merged:

• This replacement branch preserves compatible session auth profile overrides during sessions.patch model ch ... d/cross-provider regression coverage, and updates related doctor/Mantis test assertions plus the changelog.
• Reproducibility: yes. by source inspection: current main’s sessions.patch model branch calls `applyModelOv ... d helper clears auth fields unless preservation is requested. I did not run tests in this read-only review.

Automerge notes:

• PR branch already contained follow-up commit before automerge: test(mantis): align telegram proof evidence comment
• PR branch already contained follow-up commit before automerge: fix(sessions): preserve provider auth aliases
• PR branch already contained follow-up commit before automerge: fix(sessions): guard unprefixed auth overrides
• PR branch already contained follow-up commit before automerge: fix(doctor): preserve params prototype semantics
• PR branch already contained follow-up commit before automerge: fix(sessions): preserve compatible auth overrides

The automerge loop is complete.

Automerge progress:

• 2026-05-21 16:17:31 UTC review passed 64a07393d5d6 (structured ClawSweeper verdict: pass (sha=64a07393d5d609ba7efabda50be1de7b91a68...)

• 2026-05-21 16:17:54 UTC merged 64a07393d5d6 (merged by ClawSweeper automerge)