Summary

Describe the problem and fix in 2–5 bullets:

• Problem: multiple user-facing reliability regressions existed across status reporting and Teams uploads: /status ignored per-model context1m, daemon restart token drift warnings could false-positive, status --json could surface negative token counters, and Teams large-file uploads could fail on simple upload.
• Why it matters: these issues create noisy/incorrect operator signals and break automation that depends on stable status output.
• What changed: added per-model context token resolution (including params.context1m and params.contextTokens) to status/directive paths, normalized compared gateway tokens before drift checks, ignored negative usage counters during normalization, and added Graph upload-session fallback for large Teams uploads.
• What did NOT change (scope boundary): no auth model/provider selection behavior changes beyond token-drift comparison, no protocol/schema changes, and no channel routing behavior changes.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Status display shows 200k context instead of 1M when context1m is enabled #26627
• Closes False positive warning: 'Config token differs from service token' when tokens match #26624
• Closes [Bug]: openclaw status --json intermittently reports negative inputTokens #25242

User-visible / Behavior Changes

• /status now reflects per-model context overrides (including context1m) instead of always defaulting to catalog context.
• openclaw gateway restart no longer reports a token mismatch when config and service tokens only differ by wrapping quotes/whitespace.
• openclaw status --json no longer propagates negative usage counters as negative token fields.
• MS Teams upload now uses resumable Graph upload sessions for files over 4MB.

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) Yes
• New/changed network calls? (Yes/No) Yes
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation:
  Token handling change only affects normalization for equality checks (no new token exposure/storage paths). Teams upload change adds documented Graph upload-session calls for large files; existing auth scope is reused and behavior is covered by tests.

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Node 22 + pnpm
• Model/provider: Anthropic/OpenAI mixed (status coverage)
• Integration/channel (if any): MS Teams
• Relevant config (redacted): agents defaults with model params (context1m), gateway token auth

Steps

1. Run targeted tests for Teams upload, model selection/status resolution, service token drift, and usage normalization.
2. Run type checks.
3. Validate branch diff against openclaw/main stays scoped to intended files.

Expected

• Regressions are covered by tests and status/token behavior remains stable.

Actual

• Tests pass and branch is scoped to 10 files for these fixes.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  pnpm test extensions/msteams/src/graph-upload.test.ts
pnpm test src/auto-reply/reply/model-selection.test.ts
pnpm test src/daemon/service-audit.test.ts
pnpm test src/agents/usage.normalization.test.ts
pnpm tsgo
• Edge cases checked:
  quoted/trimmed gateway tokens, per-model context1m, explicit per-model contextTokens, negative usage counters.
• What you did not verify:
  live Graph API upload against a real tenant in this run.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly:
  revert this PR branch commits.
• Files/config to restore:
  restore the touched files in extensions/msteams/src/graph-upload*, src/auto-reply/reply/*, src/daemon/service-audit*, and src/agents/usage*.
• Known bad symptoms reviewers should watch for:
  Teams large uploads regressing to 4MB failures, status context reverting to catalog defaults, token drift warning reappearing with matching tokens.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk:
  Upload-session flow could behave differently for specific tenant policies.
  • Mitigation:
    Added focused tests for session creation/chunk behavior and kept simple-upload path unchanged for small files.
• Risk:
  Over-normalizing tokens could mask truly different values if formatting assumptions are wrong.
  • Mitigation:
    Normalization is minimal (trim + matching quote unwrap) and only used for drift comparison; mismatched content still reports drift.

Greptile Summary

Fixed four reliability regressions affecting status reporting and Teams file uploads:

• Added per-model context token resolution to honor context1m and contextTokens overrides in /status and directive paths, preventing incorrect context window reporting
• Normalized gateway tokens before drift checks to avoid false-positive warnings when tokens differ only by quotes or whitespace
• Filtered out negative usage counters during normalization to prevent invalid token counts in openclaw status --json output
• Implemented Graph upload session fallback for MS Teams files over 4MB with retry logic and stall detection

Changes preserve backward compatibility and scope boundaries (no auth behavior changes, no protocol changes). Test coverage validates all regression fixes with focused unit tests.

Confidence Score: 5/5

• Safe to merge with minimal risk
• All changes are scoped bug fixes with comprehensive test coverage. The Teams upload session implementation follows Microsoft Graph API patterns correctly with proper error handling and retry logic. Token normalization is minimal and only affects comparison logic. Usage counter filtering safely ignores invalid negative values. Context token resolution correctly implements the documented precedence order.
• No files require special attention

_{Last reviewed commit: 3f4b4ce}

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}