Fix stale session routes for removed providers

[TurboTheTurtle]

Summary

What problem does this PR solve?

• Prevents stale persisted session model/provider state from routing through a provider that is no longer visible to the current gateway model catalog/config.
• Applies the guard in resolveSessionModelRef, and wires chat.send to pass catalog visibility when provider rows, replace mode, or a non-default persisted session route can make stale providers risky.
• Covers explicit providerOverride/modelOverride and stale runtime modelProvider/model fields.

Why does this matter now?

• Issue [Bug]: Deleted provider session overrides persist in sessions.json — silent financial damage risk #90471 reports sessions continuing to use a deleted provider after config changes, creating silent billing/quota risk.

What is the intended outcome?

• Persisted session routes are preserved when they match the configured default, an explicit configured provider row, or a loaded catalog model.
• Persisted session routes fall back to the current configured default when catalog-aware gateway routing cannot find the stored provider/model anymore, including when the deleted provider was the last custom provider row.

What is intentionally out of scope?

• Adding a new user-facing session reset command.
• Changing provider catalog discovery or model picker behavior.
• Migrating or deleting sessions.json entries on disk.

What does success look like?

• Runtime chat routing no longer honors deleted-provider session state once the current catalog/config says the provider is gone.
• Valid merge-mode provider/plugin catalog routes outside models.providers continue to work.

What should reviewers focus on?

• Whether the catalog-aware resolver guard now matches OpenClaw merge/replace model visibility semantics.
• Whether chat.send loads catalog visibility at the right point for persisted session route validation.

Linked context

Which issue does this close?

Closes #90471

Which issues, PRs, or discussions are related?

Related #90462

Was this requested by a maintainer or owner?

• Not maintainer-requested; this addresses the open bug report and ClawSweeper's source-repro note on [Bug]: Deleted provider session overrides persist in sessions.json — silent financial damage risk #90471.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: Deleted provider session override/runtime state no longer wins over the current configured default route when the current model catalog cannot see the stored provider/model.
• Real environment tested: Local OpenClaw source checkout on macOS, Node v24.15.0, with the gateway session resolver imported through tsx after this patch.
• Exact steps or command run after this patch:

node --import tsx - <<'EOF'
import { resolveSessionModelRef } from './src/gateway/session-utils.ts';
const cfg = {
  agents: { defaults: { model: { primary: 'custom-api-deepseek-com/deepseek-v4-pro' } } },
  models: { providers: { 'custom-api-deepseek-com': { api: 'openai-completions', models: [{ id: 'deepseek-v4-pro' }] } } },
};
const staleSession = {
  sessionId: 'webchat-main',
  updatedAt: Date.now(),
  providerOverride: 'ollama-cloud',
  modelOverride: 'deepseek-v4-pro:cloud',
  modelProvider: 'ollama-cloud',
  model: 'deepseek-v4-pro:cloud',
};
console.log(JSON.stringify(resolveSessionModelRef(cfg, staleSession, undefined, { modelCatalog: [] }), null, 2));
EOF

• Evidence after fix:

{
  "provider": "custom-api-deepseek-com",
  "model": "deepseek-v4-pro"
}

• Additional last-custom-provider deletion proof run after the ClawSweeper review finding:

node --import tsx - <<'EOF'
import { resolveSessionModelRef, shouldLoadModelCatalogForSessionModelResolution } from './src/gateway/session-utils.ts';
const cfg = { agents: { defaults: { model: { primary: 'openai/gpt-5.4' } } } };
const staleSession = {
  sessionId: 'webchat-main',
  updatedAt: Date.now(),
  providerOverride: 'custom-api-deepseek-com',
  modelOverride: 'deepseek-v4-pro',
  modelProvider: 'custom-api-deepseek-com',
  model: 'deepseek-v4-pro',
};
console.log(JSON.stringify({
  shouldLoadCatalog: shouldLoadModelCatalogForSessionModelResolution(cfg, staleSession),
  resolved: resolveSessionModelRef(cfg, staleSession, undefined, { modelCatalog: [] }),
}, null, 2));
EOF

• Additional last-custom-provider output:

{
  "shouldLoadCatalog": true,
  "resolved": {
    "provider": "openai",
    "model": "gpt-5.4"
  }
}

• Additional compatibility proof run after the first ClawSweeper review finding:

node --import tsx - <<'EOF'
import { resolveSessionModelRef } from './src/gateway/session-utils.ts';
const cfg = {
  agents: { defaults: { model: { primary: 'custom-api-deepseek-com/deepseek-v4-pro' } } },
  models: { providers: { 'custom-api-deepseek-com': { api: 'openai-completions', models: [{ id: 'deepseek-v4-pro' }] } } },
};
const validSession = {
  sessionId: 'webchat-main',
  updatedAt: Date.now(),
  providerOverride: 'plugin-provider',
  modelOverride: 'plugin-model',
};
console.log(JSON.stringify(resolveSessionModelRef(cfg, validSession, undefined, { modelCatalog: [{ provider: 'plugin-provider', id: 'plugin-model', name: 'Plugin Model' }] }), null, 2));
EOF

• Additional compatibility output:

{
  "provider": "plugin-provider",
  "model": "plugin-model"
}

• Additional /stop command regression proof run after the latest ClawSweeper review finding:

node scripts/run-vitest.mjs src/gateway/server.chat.gateway-server-chat-b.test.ts

• Additional /stop regression output:

Test Files  2 passed (2)
Tests  68 passed (68)

• The added chat.send regression stores a stale custom-provider session route, calls /stop, and asserts loadGatewayModelCatalog is not called before the stop response returns.

• Additional fresh/default custom-provider no-catalog proof run after the latest ClawSweeper review finding:

node scripts/run-vitest.mjs src/gateway/server.chat.gateway-server-chat-b.test.ts
node scripts/run-vitest.mjs src/gateway/session-utils.test.ts

• Additional no-catalog regression output:

server.chat.gateway-server-chat-b.test.ts: 2 files / 70 tests passed
session-utils.test.ts: 4 files / 456 tests passed

• The added regressions prove fresh custom-provider sessions, default persisted custom-provider sessions, and explicitly configured provider overrides do not call for catalog validation; the direct chat.send test asserts loadGatewayModelCatalog is not called before starting a fresh custom-provider send.

• Observed result after fix: stale persisted override/runtime fields are ignored when absent from current catalog/config, including when there are no remaining custom provider rows, while a valid catalog-backed provider outside models.providers remains selected in default merge mode. Stop commands and fresh/default custom-provider sends now return before session model catalog validation is loaded.

• What was not tested: a live Windows gateway sending real paid-provider traffic; no paid provider credentials were used.

• Proof limitations or environment constraints: this proof exercises the actual gateway session resolver and catalog-load predicate used by chat send, but does not perform an external model API call.

• Before evidence (optional but encouraged): the added regression tests encode the prior failure shape; before this patch, resolveSessionModelRef returned persisted override/runtime state before checking current provider visibility.

Tests and validation

Which commands did you run?

pnpm install --frozen-lockfile
node scripts/run-vitest.mjs src/gateway/session-utils.test.ts
node scripts/run-vitest.mjs src/gateway/server.chat.gateway-server-chat-b.test.ts
node scripts/run-oxlint.mjs src/gateway/session-utils.ts src/gateway/session-utils.test.ts src/gateway/server-methods/chat.ts src/gateway/server.chat.gateway-server-chat-b.test.ts scripts/check-no-raw-channel-fetch.mjs
pnpm run lint:tmp:no-raw-channel-fetch
git diff --check
pnpm tsgo:core:test
node scripts/run-additional-boundary-checks.mjs --shard=2/4,3/4,4/4

Results:

• pnpm install --frozen-lockfile: passed.
• node scripts/run-vitest.mjs src/gateway/session-utils.test.ts: passed, 4 files / 456 tests on the final run.
• node scripts/run-vitest.mjs src/gateway/server.chat.gateway-server-chat-b.test.ts: passed, 2 files / 70 tests on the final run.
• node scripts/run-oxlint.mjs src/gateway/session-utils.ts src/gateway/session-utils.test.ts src/gateway/server-methods/chat.ts src/gateway/server.chat.gateway-server-chat-b.test.ts scripts/check-no-raw-channel-fetch.mjs: passed.
• pnpm run lint:tmp:no-raw-channel-fetch: passed.
• git diff --check: passed.
• pnpm tsgo:core:test: passed.
• node scripts/run-additional-boundary-checks.mjs --shard=2/4,3/4,4/4: passed after updating the qa-lab raw-fetch allowlist line numbers to match current main.
• Direct stale-provider proof command: returned custom-api-deepseek-com/deepseek-v4-pro.
• Direct last-custom-provider proof command: returned shouldLoadCatalog: true and openai/gpt-5.4.
• Direct merge-mode compatibility proof command: returned plugin-provider/plugin-model.
• Fresh/default custom-provider no-catalog proof: chat.send started successfully without calling loadGatewayModelCatalog; helper tests returned false for fresh, default persisted, and explicitly configured provider-row sessions.

What regression coverage was added or updated?

• Added resolver tests for ignoring removed-provider explicit overrides.
• Added resolver tests for ignoring removed-provider runtime model fields.
• Added regressions for deleting the last custom provider row and falling back to a built-in/default provider.
• Added a preservation test for overrides whose provider still exists in explicit config.
• Added merge-mode preservation tests for built-in and catalog-backed providers outside models.providers.
• Added chat server coverage through the existing chat.send test shard after wiring catalog-aware session route resolution.
• Added a chat.send /stop regression proving stop commands bypass session model catalog validation.
• Added helper and chat.send regressions proving fresh/default custom-provider sends skip unnecessary catalog validation.

What failed before this fix, if known?

• Source-level behavior: persisted override/runtime session model state was returned before validating whether the provider/model was still visible in current config/catalog, so deleted provider state could remain the effective route.

If no test was added, why not?

• Regression tests were added.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes.

Did config, environment, or migration behavior change? (Yes/No)

No config shape, environment, or migration behavior changed. Runtime route resolution now treats catalog-missing persisted session providers as invalid when chat routing has catalog visibility.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

Yes, provider/auth routing behavior changes for stale persisted session state.

What is the highest-risk area?

• Existing sessions with persisted routes to providers that are no longer configured or present in the loaded catalog will now fall back to the configured default instead of continuing to use that stale provider.

How is that risk mitigated?

• The guard preserves the configured default provider.
• The guard preserves providers still present in explicit config.
• Default merge mode remains permissive when no catalog is available and no non-default persisted route needs validation.
• Catalog-backed provider/plugin routes outside models.providers are preserved when catalog visibility is available.
• Focused tests cover removed-provider override/runtime paths, last-custom-provider deletion, and merge-mode provider preservation.

Current review state

What is the next action?

• Waiting for CI and ClawSweeper review on the updated head.

What is still waiting on author, maintainer, CI, or external proof?

• CI and ClawSweeper need to complete after the fresh/default custom-provider no-catalog repair on head d7f2aa2e13c9808920e37dcfd6b33e0bd7531db4.
• Maintainers may decide whether this runtime fallback policy is the desired deleted-provider behavior.

Which bot or reviewer comments were addressed?

• Addresses ClawSweeper's P1 finding to preserve valid merge-mode providers outside models.providers by validating persisted routes against catalog visibility instead of treating provider rows as exhaustive.
• Addresses ClawSweeper's P1 finding to load catalog validation when a stale persisted provider remains after deleting the last custom provider row.
• Addresses ClawSweeper's P2 finding by returning /stop before loading session model catalog validation.
• Addresses ClawSweeper's P2 finding by narrowing catalog validation to actual non-default persisted refs and skipping catalog loads for fresh/default custom-provider sends.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 9, 2026, 4:50 AM ET / 08:50 UTC.

Summary
The PR adds catalog/config-aware validation to gateway session model resolution and wires chat.send to ignore stale persisted provider/model routes when current visibility no longer allows them.

PR surface: Source +154, Tests +488. Total +642 across 4 files.

Reproducibility: yes. source inspection shows current main returns persisted provider/model state before visibility checks and chat.send uses that provider for live routing.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] Existing sessions with persisted providers absent from current config/catalog will now fall back to the configured default instead of continuing on the old route; that is intended but upgrade-visible.
• [P1] When catalog visibility is unavailable in default merge mode, the resolver preserves the old route for compatibility, so stale-provider protection still depends on catalog availability for some provider refs.
• [P1] The PR does not migrate or delete sessions.json entries; doctor, reset-command, or persistent-state repair remains separate follow-up scope if maintainers want it.

Maintainer options:

1. Accept fallback-to-default semantics (recommended)
   Merge once maintainers agree that stale persisted routes absent from config/catalog should be ignored at runtime and fall back to the configured default.
2. Require stricter stale-route handling
   Ask for explicit diagnostic or fail-closed behavior when catalog loading fails, if preserving unknown merge-mode routes is too permissive.
3. Pause for persistent cleanup scope
   Hold or split the PR if maintainers want doctor warnings, session migration, or reset commands to ship with the runtime guard.

Next step before merge

• [P2] No narrow automation repair remains; maintainers need to accept or reject the compatibility/auth-provider routing policy.

Security
Cleared: The diff changes only gateway/session source and tests, with no dependency, workflow, secret, or package execution changes; provider data-routing sensitivity is captured as merge risk.

Review details

Best possible solution:

Land the focused runtime guard if maintainers accept fallback-to-default semantics, and track doctor/reset-session cleanup separately.

Do we have a high-confidence way to reproduce the issue?

Yes, source inspection shows current main returns persisted provider/model state before visibility checks and chat.send uses that provider for live routing.

Is this the best way to solve the issue?

Yes, if maintainers accept the policy tradeoff; resolver-level validation plus conditional chat.send catalog visibility is the narrow runtime fix, while doctor/reset cleanup is separate scope.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 257b251e2690.

Label changes

Label justifications:

• P1: The PR addresses a real provider/auth routing regression where stale session state can send live chat traffic through a removed provider.
• merge-risk: 🚨 compatibility: The patch changes upgrade-visible behavior for existing sessions whose persisted provider/model no longer appears in current config/catalog.
• merge-risk: 🚨 auth-provider: Provider fallback changes can route requests through a different auth provider than the previously persisted session route.
• merge-risk: 🚨 security-boundary: Model-provider routing determines where user prompts and credentials-backed traffic are sent, so fallback semantics need maintainer acceptance.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal output from direct resolver probes plus focused run-vitest outputs for resolver and chat.send behavior.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from direct resolver probes plus focused run-vitest outputs for resolver and chat.send behavior.

Evidence reviewed

PR surface:

Source +154, Tests +488. Total +642 across 4 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	190	36	+154
Tests	2	488	0	+488
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	4	678	36	+642

What I checked:

• Repository policy applied: Root policy treats provider routing, auth/session state, persisted preferences, config loading, and fallback behavior as compatibility/upgrade-sensitive merge risk. (AGENTS.md:24, 257b251e2690)
• Scoped gateway policy checked: Gateway scoped policy emphasizes hot-path catalog/runtime loading discipline, which is relevant to the conditional catalog load added by this PR. (src/gateway/AGENTS.md:1, 257b251e2690)
• Current main stale route behavior: Current resolveSessionModelRef returns persisted override and runtime provider/model fields before validating whether that provider is still visible in current config or catalog. (src/gateway/session-utils.ts:1613, 257b251e2690)
• Current main live routing consumes stale provider: Current chat.send resolves the session model and immediately derives the auth provider from it, so stale session provider state can affect live routing. (src/gateway/server-methods/chat.ts:3105, 257b251e2690)
• PR resolver guard: The PR keeps persisted refs only when they match the default provider, an explicit configured provider row, or a loaded catalog model, and rejects missing refs when catalog visibility exists. (src/gateway/session-utils.ts:1628, 7f9161c72d89)
• PR chat.send wiring: The PR moves /stop before catalog validation, conditionally loads the model catalog only when stale persisted refs need validation, and passes that catalog into resolveSessionModelRef. (src/gateway/server-methods/chat.ts:2996, 7f9161c72d89)

Likely related people:

• vincentkoc: Recent GitHub history for src/gateway/server-methods/chat.ts shows multiple gateway/control-ui commits near this path, including chat and catalog timing work. (role: recent area contributor; confidence: medium; commits: c9050c982d95, 79c6136a9e17, 2c6bdc8b2831; files: src/gateway/server-methods/chat.ts)
• steipete: Recent GitHub history for src/gateway/session-utils.ts and doctor session-provider cleanup shows documentation and refactor work around the session metadata and cleanup boundary. (role: adjacent session-state and doctor contributor; confidence: medium; commits: fba99cddc1ac, 2682c027746b, c0b3c8cdb9dc; files: src/gateway/session-utils.ts, src/commands/doctor-session-state-providers.ts, docs/gateway/doctor.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26990010374
• Updated: 2026-06-05T01:41:53.307Z

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26990905667
• Updated: 2026-06-05T02:08:34.898Z

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26990637122
• Updated: 2026-06-05T02:03:21.196Z

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[TurboTheTurtle]

@clawsweeper re-review

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26995170125
• Updated: 2026-06-05T04:28:44.047Z

[TurboTheTurtle]

Rebased on current upstream/main to clear the merge conflict. Current head: 7f9161c72d890286ca11d19c204c7cbf49298364.

Verification on this head:

node scripts/run-vitest.mjs src/gateway/session-utils.test.ts src/gateway/server.chat.gateway-server-chat-b.test.ts
# 6 files / 528 tests passed

GitHub checks are currently green on the updated head.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27194451824
• Updated: 2026-06-09T08:51:37.146Z

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27167148537
• Updated: 2026-06-08T21:18:08.096Z