Greptile Summary

This PR fixes a crash in openclaw doctor that occurred when agents.defaults.memorySearch.remote.apiKey was configured as a SecretRef object instead of a plain string. The original code called .trim() directly on the apiKey value, which throws on non-string types.

Changes:

• doctor-memory-search.ts: Replaces Boolean(resolved?.remote?.apiKey?.trim()) with hasConfiguredSecretInput(resolved?.remote?.apiKey), an existing utility that safely handles both plain strings and SecretRef objects.
• doctor-memory-search.test.ts: Adds a regression test verifying that a SecretRef-shaped apiKey (e.g. { source: "env", provider: "default", id: "OPENAI_API_KEY" }) neither triggers a warning note nor unnecessarily invokes resolveApiKeyForProvider.

Confidence Score: 5/5

• This PR is safe to merge — it fixes a targeted crash with minimal scope and includes a regression test.
• The change is a single-line fix replacing a type-unsafe string method call with a well-established utility that already handles both string and SecretRef union types. No new logic is introduced. The fix is symmetric across both the explicit provider path and the auto provider loop (both consume the same hasRemoteApiKey variable). The regression test uses the real hasConfiguredSecretInput implementation, giving genuine coverage. No side effects or behavioral changes beyond the crash fix.
• No files require special attention.

_{Last reviewed commit: e32d37e}

Thanks for the contribution here, and for helping narrow down the SecretRef doctor crash.

We merged #36835, which supersedes this PR and fixes the broader doctor/memory SecretRef surface in one place, including the related runtime embedding paths.

I’m closing this as superseded by #36835, but I appreciate the fix and the investigation that went into it.