Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: `/models` and Web chat model dropdown show full catalog (900+ models) instead of only configured providers [6 pull requests, 3 comments, 4 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#74423Fetched 2026-04-30 06:24:03
View on GitHub
Comments
3
Participants
4
Timeline
12
Reactions
2
Author
guarismoguarismo
Participants
clawsweeper[bot]clawsweeper[bot]feliramifeliramiguarismoguarismohclsyshclsys
Timeline (top)
cross-referenced ×6commented ×3closed ×1labeled ×1

When using the /models command or the model dropdown in the Web chat, the UI displays the entire model catalog (900+ entries) rather than filtering to only the providers and models the user has configured authentication for.

Root Cause

In `src/flows/model-picker.ts`, `addModelSelectOption` adds unauthenticated provider models to the list instead of skipping them:
Root Cause (code pointer):

Fix Action

Fix / Workaround

Annoying Workarounds:

PR fix notes

PR #74473: fix(model-picker): hide models from providers without auth configured

Description (problem / solution / changelog)

Problem

/models command and the web chat model dropdown display the full model catalog (~900+ models), including models from providers that have no authentication configured. These entries show an "auth missing" hint but are not actionable, creating noise and poor UX.

Root Cause

In src/flows/model-picker.ts, addModelSelectOption would push an "auth missing" hint string when !params.hasAuth(params.entry.provider) but still add the model to the options list.

Fix

Early-return from addModelSelectOption when the provider lacks auth, so unconfigured-provider models are excluded from the picker entirely. Both /models and the web chat dropdown benefit since they share this code path.

Fixes #74423

Changed files

  • src/flows/model-picker.ts (modified, +1/-1)

PR #74477: fix(models): hide unauthenticated catalog entries

Description (problem / solution / changelog)

(No description)

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • docs/concepts/models.md (modified, +2/-2)
  • docs/tools/slash-commands.md (modified, +1/-1)
  • docs/web/control-ui.md (modified, +1/-1)
  • src/agents/model-catalog-visibility.ts (added, +65/-0)
  • src/agents/model-provider-auth.ts (added, +60/-0)
  • src/auto-reply/reply/commands-models.test.ts (modified, +28/-0)
  • src/auto-reply/reply/commands-models.ts (modified, +7/-4)
  • src/auto-reply/reply/directive-handling.model.test.ts (modified, +4/-0)
  • src/commands/model-picker.test.ts (modified, +33/-1)
  • src/flows/model-picker.ts (modified, +13/-50)
  • src/gateway/server-methods/models.ts (modified, +3/-19)
  • src/gateway/server.models-voicewake-misc.test.ts (modified, +57/-9)

PR #74525: fix: Found one regression in the /models chat command path for agent

Description (problem / solution / changelog)

Summary

Found one regression in the /models chat command path for agent-scoped auth profiles.

What ClawSweeper Is Fixing

  • Medium: /models ignores the target agent auth store when filtering visible providers (regression)
    • File: src/auto-reply/reply/commands-models.ts:342
    • Evidence: handleModelsCommand resolves the session target agent and modelsAgentDir, then passes agentDir into resolveModelsCommandReply at src/auto-reply/reply/commands-models.ts:519. But resolveModelsCommandReply calls buildModelsProviderData with only cfg, agentId, and view options at src/auto-reply/reply/commands-models.ts:342; buildModelsProviderData then calls resolveVisibleModelCatalog without agentDir at src/auto-reply/reply/commands-models.ts:74. The new visibility helper only checks agent-scoped auth when agentDir reaches createProviderAuthChecker (src/agents/model-catalog-visibility.ts:56, src/agents/model-provider-auth.ts:40).
    • Impact: In a session bound to a non-main agent whose credentials live in that agent’s auth-profiles.json, /models can hide that agent’s authenticated provider and report it as unavailable. The same provider appears when the correct agentDir is supplied, so this is a false negative from the new filtering policy.
    • Suggested fix: Thread agentDir and env through buildModelsProviderData options and pass them from resolveModelsCommandReply into resolveVisibleModelCatalog. Add a regression test where the target session agent has an auth profile not present in the default/main auth store.
    • Confidence: high

Expected Repair Surface

  • src/auto-reply/reply/commands-models.ts

Source And Review Context

Expected validation

  • pnpm check:changed

ClawSweeper already ran:

  • pnpm install was required because node_modules was missing.
  • pnpm test src/auto-reply/reply/commands-models.test.ts src/commands/model-picker.test.ts src/gateway/server.models-voicewake-misc.test.ts passed.
  • git diff --check 2bb16f771bb192a150bb7ca2e9a82db461b07ac6..8a06db084d8a334bbac9089feecb52ff14d7e219 passed.
  • Focused live check with a temp worker auth store showed resolveVisibleModelCatalog returns [] without agentDir and returns the OpenAI row with the worker agentDir.

Known review limits:

  • Full pnpm check:changed was not run; this was a focused commit review with targeted tests.

ClawSweeper Guardrails

  • Re-check the finding against latest main before changing code.
  • Keep the patch to the narrowest behavior change and matching regression coverage.
  • Do not merge automatically; this PR stays for maintainer review.

ClawSweeper 🐠 replacement reef notes:

  • Cluster: clawsweeper-commit-openclaw-openclaw-8a06db084d8a
  • Source PRs: none
  • Credit: Detected by ClawSweeper commit review for 8a06db084d8a334bbac9089feecb52ff14d7e219.; Original commit author: Peter Steinberger.
  • Validation: pnpm check:changed

fish notes: model gpt-5.5, reasoning medium; reviewed against f903668a6890.

Changed files

  • CHANGELOG.md (modified, +1/-1)
  • src/auto-reply/reply/commands-models.test.ts (modified, +38/-2)
  • src/auto-reply/reply/commands-models.ts (modified, +9/-2)

PR #74530: fix: The one-line picker change hides unauthenticated catalog rows in

Description (problem / solution / changelog)

Summary

The one-line picker change hides unauthenticated catalog rows in promptDefaultModel / promptModelAllowlist, but it leaves the issue’s named /models and Web chat dropdown paths on the existing full-catalog behavior. It also makes the picker auth predicate stricter than runtime auth, hiding valid keyless/AWS-SDK providers.

What ClawSweeper Is Fixing

  • Medium: Web chat and /models still use the full catalog path (bug)
    • File: src/gateway/server-methods/models.ts:52
    • Evidence: The issue fixed by this commit names /models and the Web chat dropdown. Web chat requests models.list with { view: "configured" } in ui/src/ui/controllers/models.ts:13, then renders every returned catalog entry in ui/src/ui/chat-model-select-state.ts:71. The Gateway handler still falls back to allowed.allowedCatalog or catalog, and buildAllowedModelSetWithFallbacks returns the full catalog when agents.defaults.models is empty at src/agents/model-selection-shared.ts:586. Text /models separately loads the full catalog in src/auto-reply/reply/commands-models.ts:72 and adds every allowed.allowedCatalog row.
    • Impact: The user-reported 900+ unauthenticated model list remains for the primary reported surfaces unless the user also has explicit configured provider models or an allowlist. The commit can close #74423 without fixing the bug it claims to fix.
    • Suggested fix: Move the “default-visible models” policy into a shared helper used by Gateway models.list, Web chat, text /models, and the interactive picker. Keep a separate explicit all path for full-catalog discovery.
    • Confidence: high
  • Medium: Picker now hides runtime-valid auth modes (regression)
    • File: src/flows/model-picker.ts:297
    • Evidence: The new early return depends on hasAuthForProvider, which only checks auth profiles, env API keys, and usable custom API keys at src/flows/model-picker.ts:76. Runtime’s broader auth availability helper accepts additional valid cases: auth: "aws-sdk", synthetic local provider auth, and implicit amazon-bedrock AWS SDK auth at src/agents/model-auth.ts:717. Bedrock docs explicitly say no apiKey is required when configured with auth: "aws-sdk".
    • Impact: Valid Bedrock and local keyless providers can disappear from model selection and allowlist prompts even though runtime can call them. That is a direct behavior regression from changing “auth missing” from a hint into a hard filter.
    • Suggested fix: Reuse or align with hasAvailableAuthForProvider, including AWS SDK and synthetic local auth semantics, and add targeted tests for amazon-bedrock and local no-key custom providers.
    • Confidence: high
  • Medium: Focused model-picker test suite is red (reliability)
    • File: src/commands/model-picker.test.ts:162
    • Evidence: After installing missing dependencies, pnpm test src/commands/model-picker.test.ts fails 15 of 41 tests. Failures show catalog options becoming empty or missing after the new early return, including default model picker, allowlist, static manifest rows, configured provider rows, and router filtering cases.
    • Impact: The commit leaves the focused test gate failing on the touched surface, so CI or changed-lane validation should reject it.
    • Suggested fix: Update the implementation and tests together: mock configured auth where tests expect selectable providers, add explicit unauthenticated-hidden coverage, and keep valid runtime-auth providers visible.
    • Confidence: high

Expected Repair Surface

  • src/gateway/server-methods/models.ts
  • src/flows/model-picker.ts
  • src/commands/model-picker.test.ts

Source And Review Context

Expected validation

  • pnpm check:changed

ClawSweeper already ran:

  • pnpm docs:list succeeded.
  • pnpm test src/commands/model-picker.test.ts failed initially because node_modules was missing.
  • pnpm install succeeded.
  • pnpm test src/commands/model-picker.test.ts failed: 15 failed, 26 passed.
  • pnpm test src/gateway/server.models-voicewake-misc.test.ts src/auto-reply/reply/commands-models.test.ts ui/src/ui/controllers/models.test.ts ui/src/ui/chat-model-select-state.test.ts passed, but those tests still encode the unfixed Gateway/UI/chat-command behavior.
  • git diff --check e3af6fb3c884336d5cd4a15aec4e0dfe3e267b5c..2bb16f771bb192a150bb7ca2e9a82db461b07ac6 passed.

Known review limits:

  • I did not run the full changed gate. The focused model-picker suite already fails, and the other focused surface tests passed with existing behavior.

ClawSweeper Guardrails

  • Re-check the finding against latest main before changing code.
  • Keep the patch to the narrowest behavior change and matching regression coverage.
  • Do not merge automatically; this PR stays for maintainer review.

ClawSweeper 🐠 replacement reef notes:

  • Cluster: clawsweeper-commit-openclaw-openclaw-2bb16f771bb1
  • Source PRs: none
  • Credit: Detected by ClawSweeper commit review for 2bb16f771bb192a150bb7ca2e9a82db461b07ac6.; Original commit author: jindongfu.
  • Validation: pnpm check:changed

fish notes: model gpt-5.5, reasoning medium; reviewed against 23fa6187afd5.

Changed files

  • src/agents/model-auth.ts (modified, +25/-0)
  • src/agents/model-provider-auth.test.ts (added, +80/-0)
  • src/agents/model-provider-auth.ts (modified, +10/-7)
  • src/commands/model-picker.test.ts (modified, +105/-5)

PR #74564: fix: use agent auth scope in /models provider data

Description (problem / solution / changelog)

Summary

This replaces and credits #74525 with the same narrow fix path: /models should use the target agent auth scope when building visible provider data for agent-scoped sessions.

What changed

  • Derive or pass the target agent auth directory at the shared provider-data boundary for existing agentId callers.
  • Preserve explicit agentDir overrides when callers already provide one.
  • Keep focused regression coverage for a worker-agent auth store so the authenticated provider remains visible in /models.

Credit

This carries forward the ClawSweeper finding and source PR https://github.com/openclaw/openclaw/pull/74525. ClawSweeper could not safely update that branch directly because the hydrated PR state reported maintainer_can_modify: false, so this replacement keeps the patch narrow while preserving attribution.

Validation

  • pnpm check:changed

ClawSweeper 🐠 replacement reef notes:

  • Cluster: automerge-openclaw-openclaw-74525
  • Source PRs: https://github.com/openclaw/openclaw/pull/74525
  • Credit: Replacement is based on the ClawSweeper-authored source PR https://github.com/openclaw/openclaw/pull/74525 and should credit that source PR in the body.; Carry forward the original finding: /models ignored the target agent auth store when filtering visible providers for agent-scoped auth profiles.; Mention that the replacement exists because ClawSweeper could not safely update the #74525 branch directly (maintainer_can_modify: false).
  • Validation: pnpm check:changed

fish notes: model gpt-5.5, reasoning medium; reviewed against ae050e64de94.

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • src/auto-reply/reply/commands-models.test.ts (modified, +93/-4)
  • src/auto-reply/reply/commands-models.ts (modified, +7/-2)

PR #59693: feat(gateway,control-ui): server-side model selector filtering with auth-gated visibility

Description (problem / solution / changelog)

Summary

Problem: The Control UI model selector dropdown shows all 600+ models from every known provider, regardless of whether the user has credentials configured. This creates an unusable UX and security concerns (auth probing, rate limit exhaustion).

Why it matters: OpenClaw users with 2-3 configured providers must scroll through hundreds of irrelevant models. Selecting an unauthenticated model can trigger failed auth attempts against providers.

What changed: Added a gateway.controlUi.modelSelector.filter config with three server-side filter modes, a credential pre-flight check on model selection, and a UI affordance showing filter status.

Scope boundary: Gateway models.list handler, sessions.patch validation, config schema, and Control UI model selector. No changes to CLI model picker, TUI, or native apps.

Change type

  • Feature

Scope

  • Gateway
  • UI/DX
  • Auth

Linked issues

Closes #48483 — Dashboard ignores models.mode="replace", shows all 600+ models Closes #50498 — Feature: Allow hiding/filtering built-in model catalog entries Refs #59811 — Feature proposal with security analysis

Implementation

Config

```json { "gateway": { "controlUi": { "modelSelector": { "filter": "authenticated" } } } } ```

Filter modes

ModeBehavior
`"all"`Show every model (default, backward-compatible)
`"authenticated"`Only models with valid credentials (auth profiles + env vars + custom API keys)
`"configured"`Only models referenced in agent configs

Architecture

``` models.list RPC handler → reads filter: params.filter ?? config ?? "all" → filterModelCatalog() applies server-side filter → response includes _meta { totalCount, filteredCount, filterMode } → UI renders pre-filtered list + status affordance

sessions.patch handler → when filter is "authenticated" or "configured" → checkProviderAuth() validates credentials exist → rejects with INVALID_REQUEST if no credentials ```

Security impact

  • Does this touch auth, credentials, tokens, or secrets? — Yes, reads credential state to filter
  • Does this change API surface or protocol? — Yes, adds optional filter param and _meta to models.list
  • Does this affect access control? — Yes, restricts model visibility by credential state
  • Does this handle user-supplied file paths?
  • Does this execute or eval dynamic strings?

Security audit (7 findings, all PASS)

#FindingSeverityStatus
1Server-side filtering onlyPASS
2Auth probing preventionHIGHPASS
3No RegExp/injectionMEDIUMPASS
4No client-side bypassHIGHPASS
5Multi-source credential checkPASS
6Backward compatibilityPASS
7Auth state handlingMEDIUMPASS (expiry deferred)

Test plan

  • 47 new tests across 4 test files
  • Config validation: 13 tests (accepts valid values, rejects invalid)
  • filterModelCatalog: 21 tests (all modes, edge cases, caching)
  • sessions-patch pre-flight: 7 tests (auth/reject scenarios)
  • models.list handler: 6 tests (param/config priority, _meta)
  • All existing tests pass (75+ across touched files)

User-visible behavior changes

  • New config option `gateway.controlUi.modelSelector.filter`
  • When set to "authenticated": model dropdown shows only models with credentials
  • When set to "configured": model dropdown shows only agent-configured models
  • Subtle status text appears below dropdown: "Showing authenticated models only"
  • Default ("all") preserves current behavior exactly

Compatibility / migration

  • Fully backward compatible — default is "all" (current behavior)
  • No breaking changes to existing configs
  • New config key is optional with graceful fallback

Generated with Claude Code

Changed files

  • src/agents/model-selection.filter.test.ts (added, +410/-0)
  • src/agents/model-selection.ts (modified, +145/-0)
  • src/config/schema.base.generated.ts (modified, +32/-0)
  • src/config/schema.help.ts (modified, +4/-0)
  • src/config/schema.labels.ts (modified, +2/-0)
  • src/config/types.gateway.ts (modified, +14/-0)
  • src/config/zod-schema.model-selector-filter.test.ts (added, +86/-0)
  • src/config/zod-schema.ts (modified, +12/-0)
  • src/gateway/protocol/schema/agents-models-skills.ts (modified, +26/-1)
  • src/gateway/server-methods/models.filter.test.ts (added, +198/-0)
  • src/gateway/server-methods/models.ts (modified, +28/-3)
  • src/gateway/sessions-patch.model-filter-preflight.test.ts (added, +180/-0)
  • src/gateway/sessions-patch.ts (modified, +16/-0)
  • ui/src/ui/app-chat.test.ts (modified, +1/-0)
  • ui/src/ui/app-chat.ts (modified, +7/-3)
  • ui/src/ui/app-render.helpers.ts (modified, +33/-1)
  • ui/src/ui/app-view-state.ts (modified, +2/-0)
  • ui/src/ui/app.ts (modified, +2/-0)
  • ui/src/ui/chat-model-select-state.test.ts (modified, +3/-0)
  • ui/src/ui/chat-model-select-state.ts (modified, +4/-2)
  • ui/src/ui/controllers/models.ts (modified, +28/-2)
  • ui/src/ui/types.ts (modified, +7/-0)
  • ui/src/ui/views/chat.test.ts (modified, +1/-0)

Code Example

In `src/flows/model-picker.ts`, `addModelSelectOption` adds unauthenticated provider models to the list instead of skipping them:
Root Cause (code pointer):

// src/flows/model-picker.ts ~line 224
if (!params.hasAuth(params.entry.provider)) {
  hints.push("auth missing");  // <-- should return early here instead
}
params.options.push({ ... });  // model is still added

---

{ agent: { models: { "anthropic/claude-sonnet-4-6": { alias: "Sonnet" } } } }

---

if (!params.hasAuth(params.entry.provider)) {
    hints.push("auth missing");
  }
  params.options.push({
    value: key,
    label: key,
    hint: hints.length > 0 ? hints.join(" · ") : undefined,
  });

---

let next = params.models.filter((entry) => isModelPickerVisibleProvider(entry.provider));
RAW_BUFFERClick to expand / collapse

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

When using the /models command or the model dropdown in the Web chat, the UI displays the entire model catalog (900+ entries) rather than filtering to only the providers and models the user has configured authentication for.

Steps to reproduce

  1. Configure authentication for one or two providers (e.g., ollama, google)
  2. Open the Web chat and click the model dropdown, or run /models in chat
  3. Observe 900+ model entries from all providers, including ones with no auth configured

Expected behavior

Only models from providers with valid authentication configured should appear in the picker by default.

Actual behavior

All models from the full catalog are shown. Unauthenticated providers are included but annotated with an "auth missing" hint rather than being hidden.

OpenClaw version

2026.4.26

Operating system

Ubuntu 24.04

Install method

npm

Model

ollama/gpt-oss

Provider / routing chain

openclaw -> ollama cloud

Additional provider/model setup details

No response

Logs, screenshots, and evidence

In `src/flows/model-picker.ts`, `addModelSelectOption` adds unauthenticated provider models to the list instead of skipping them:
Root Cause (code pointer):

// src/flows/model-picker.ts ~line 224
if (!params.hasAuth(params.entry.provider)) {
  hints.push("auth missing");  // <-- should return early here instead
}
params.options.push({ ... });  // model is still added

Impact and severity

Annoying Workarounds:

  • Use /models <provider> to filter to a specific provider
  • Configure agents.defaults.models as an allowlist in your config: 
    { agent: { models: { "anthropic/claude-sonnet-4-6": { alias: "Sonnet" } } } }

Additional information

<img width="911" height="834" alt="Image" src="https://github.com/user-attachments/assets/2410fbb0-e68a-48b8-871e-7904aff18db4" />

Suggested Fix: Add an early return when !params.hasAuth(params.entry.provider) (or make it opt-in via a flag like --all) so that unauthenticated providers are hidden by default in the interactive picker.

Citations

File: src/flows/model-picker.ts (L224-231)

  if (!params.hasAuth(params.entry.provider)) {
    hints.push("auth missing");
  }
  params.options.push({
    value: key,
    label: key,
    hint: hints.length > 0 ? hints.join(" · ") : undefined,
  });

File: src/flows/model-picker.ts (L363-363)

  let next = params.models.filter((entry) => isModelPickerVisibleProvider(entry.provider));

extent analysis

TL;DR

The most likely fix is to add an early return in the addModelSelectOption function when the provider has no authentication configured.

Guidance

  • Review the addModelSelectOption function in src/flows/model-picker.ts and add a return statement when !params.hasAuth(params.entry.provider) to skip adding unauthenticated provider models to the list.
  • Verify the fix by checking if the model dropdown only shows models from providers with valid authentication configured.
  • Consider adding an optional flag (e.g., --all) to allow users to opt-in to showing all models, including those without authentication.
  • Check the isModelPickerVisibleProvider function to ensure it correctly filters out unauthenticated providers.

Example

if (!params.hasAuth(params.entry.provider)) {
  hints.push("auth missing");
  return; // Add this line to skip adding unauthenticated provider models
}
params.options.push({
  value: key,
  label: key,
  hint: hints.length > 0 ? hints.join(" · ") : undefined,
});

Notes

The provided code snippet and suggested fix are specific to the src/flows/model-picker.ts file, and the changes should be made in that file.

Recommendation

Apply the workaround by adding an early return in the addModelSelectOption function to hide unauthenticated providers by default, as this is a more targeted fix than upgrading to a potentially non-existent fixed version.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

Only models from providers with valid authentication configured should appear in the picker by default.

#authentication setup#request error#file not found#serialization error#model compatibility

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix [Bug]: `/models` and Web chat model dropdown show full catalog (900+ models) instead of only configured providers [6 pull requests, 3 comments, 4 participants]