Bug: Studio GUI overwrites openclaw.json with __OPENCLAW_REDACTED__ placeholders, breaking gateway

Description

Opening OpenClaw Studio causes it to read ~/.openclaw/openclaw.json, redact sensitive fields for display, and then write the redacted values back to disk. This corrupts the config file and prevents the gateway from starting.

Affected fields

All sensitive fields are replaced with the string "__OPENCLAW_REDACTED__":

Impact

1. Gateway fails to start — config validation rejects maxTokens as string instead of number:

   Config validation failed:
   - models.providers.minimax.models.0.maxTokens: Invalid input: expected number, received string
   - models.providers.moonshot.models.0.maxTokens: Invalid input: expected number, received string
   

2. Telegram channel dead — getMe returns 404 because botToken is a placeholder string

3. Feishu channel dead — failed to obtain token because appSecret is a placeholder

4. All model providers broken — API keys are placeholder strings

Steps to Reproduce

1. Have a working OpenClaw CLI setup with configured API keys, bot tokens, etc.
2. Open OpenClaw Studio GUI
3. Close Studio (or just let it run)
4. Check ~/.openclaw/openclaw.json — all sensitive values are now "__OPENCLAW_REDACTED__"
5. Gateway crashes on next restart with config validation errors

Expected Behavior

Studio should redact values only in memory/UI display. When writing config back to disk, it must preserve the original values. Alternatively, Studio should not write to openclaw.json at all if it cannot preserve sensitive field values.

Additional Notes

• The redaction logic doesn't distinguish between data types — it replaces numeric maxTokens: 8192 with string "__OPENCLAW_REDACTED__", causing a type mismatch that fails schema validation.
• Workaround: restore from backup files (openclaw.json.bak.*) and avoid using Studio GUI.

Environment

• OpenClaw CLI: v2026.2.9
• OpenClaw Studio: latest (uninstalled after discovering this bug)
• OS: macOS (Apple Silicon)
• Node: v22.22.0