Greptile Summary

Properly fixes the security issue where plaintext API keys could be persisted to ~/.openclaw/agents/*/agent/models.json when runtime secrets are active. The fix prefers the runtime source snapshot (containing SecretRef) over the resolved config (containing plaintext values) when writing provider configurations to disk.

Key Changes

• Added getRuntimeConfigSourceSnapshot() export to access pre-resolution config
• Updated ensureOpenClawModelsJson() to use source snapshot when available, falling back to resolved config only when source snapshot is unavailable
• Added regression test validating that SecretRef is preserved and plaintext is not persisted

Technical Details

The solution correctly uses a fallback chain: sourceCfg?.models?.providers ?? cfg.models?.providers ?? {}, ensuring backwards compatibility when no runtime source snapshot exists. The test properly validates the fix using setRuntimeConfigSnapshot() with both resolved and source configs.

Note on Merge Mode

When mode is "merge" and an existing models.json contains string-based API keys, those will be preserved per the existing merge logic (lines 169-174 in models-config.ts). This is documented as intentional behavior to preserve user customizations.

Confidence Score: 4/5

• This PR is safe to merge with minimal risk - it addresses a security issue without breaking existing functionality
• The fix is well-implemented with proper fallback logic and test coverage. Score of 4 reflects high confidence with one documented limitation: merge mode preserves existing plaintext keys from disk, which is intentional per the PR description stating "Existing merge/normalize flows remain unchanged"
• No files require special attention - all changes are straightforward and well-tested

_{Last reviewed commit: 3c7a7ec}

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

Thanks for the work on this PR and for contributing to this fix path.

Closing this as superseded by #38955 (merged), which integrated the relevant fixes from this thread and completed the broader hardening scope for the secrets/models persistence cluster.

The merged work now covers source-snapshot persistence, marker/provenance auth handling, audit/apply expansion (including models.json/header residues), and write-mode hardening/tests/docs in one end-to-end fix.

Appreciate the contribution here. If there’s a remaining unique change from this PR that should still land, please call it out in a follow-up issue and reference #38955.