PR #69649: fix(doctor): preserve unknown config keys during --fix to prevent silent data loss

• Repository: openclaw/openclaw
• Author: Bartok9
• State: closed | merged: False
• Link: https://github.com/openclaw/openclaw/pull/69649

Description (problem / solution / changelog)

Problem

openclaw doctor --fix silently strips all keys not recognized by the Zod schema. This includes custom integrations, plugin data, and user-defined JSON objects that users intentionally placed in their config. The deletion happens without confirmation, even in interactive mode — the only indication is a "Doctor changes" note that lists the removed paths after the fact.

The automatic doctor --non-interactive --fix pass during openclaw update also triggers this behavior, meaning users can lose custom config data simply by upgrading.

Closes #69631

Solution

Make unknown key removal opt-in instead of automatic:

The --force flag already exists on the doctor command for other destructive operations. This change makes unknown key removal consistent with that pattern.

Changes

• config-flow-steps.ts: applyUnknownConfigKeyStep now accepts shouldForce and only applies the stripped config when both shouldRepair and shouldForce are true
• doctor-config-flow.ts: Passes shouldForce through, updated note messaging to distinguish "kept" vs "removed"
• update-runner.ts: Updated comment to reflect new behavior (unknown keys preserved during upgrades)
• Tests: Updated existing assertions, added new test cases for --fix alone and --fix --force behaviors

Test Results

All 55 tests pass across 8 test files:

• config-flow-steps.test.ts — 5 tests (3 new)
• doctor-config-flow.test.ts — 28 tests (1 updated)
• doctor-config-analysis.test.ts — 3 tests
• Plus 4 additional test files (safe-bins, missing-accounts, include-warning, integration)

Changed files

• src/commands/doctor-config-flow.test.ts (modified, +6/-1)
• src/commands/doctor-config-flow.ts (modified, +10/-1)
• src/commands/doctor/shared/config-flow-steps.test.ts (modified, +51/-4)
• src/commands/doctor/shared/config-flow-steps.ts (modified, +24/-4)
• src/infra/update-runner.ts (modified, +3/-2)

PR #69659: fix(doctor): merge raw JSON to prevent pruning unrecognized keys during repair #69631

• Repository: openclaw/openclaw
• Author: PratikRai0101
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/69659

Description (problem / solution / changelog)

Summary

• Problem: openclaw doctor --fix removes unrecognized/custom keys from openclaw.json
• Why it matters: Causes silent data loss for valid user-defined integrations and config extensions
• What changed: Repair flow now merges the original parsed config with the repaired config before writing
• What did NOT change (scope boundary): No changes to schema validation, parsing, or config structure

Change Type (select all)

• Bug fix

Scope (select all touched areas)

• Gateway / orchestration
• Memory / storage

Linked Issue/PR

• Closes #69631
• Related #
• This PR fixes a bug or regression

Root Cause (if applicable)

• Root cause: Strict schema validation strips unknown keys, and the repaired config was written directly to disk
• Missing detection / guardrail: No preservation of original config before write-back
• Contributing context: Validation is strict by design, but unsafe when used as the persistence source

Regression Test Plan (if applicable)

• Coverage level that should have caught this:

  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient

• Target test or file: doctor-config-flow tests

• Scenario the test should lock in: config contains unknown/custom keys → run doctor --fix → keys remain intact

• Why this is the smallest reliable guardrail: issue occurs across read → validate → write boundary

• Existing test that already covers this (if any): "preserves invalid config for doctor repairs"

• If no new test is added, why not: existing tests already validate preservation behavior

User-visible / Behavior Changes

Custom/unrecognized keys are no longer removed during doctor --fix

Diagram (if applicable)

Before:
doctor --fix → validate → write stripped config → data loss

After:
doctor --fix → validate → merge(source + repaired) → write → data preserved

## Security Impact (required)

- New permissions/capabilities? No
- Secrets/tokens handling changed? No
- New/changed network calls? No
- Command/tool execution surface changed? No
- Data access scope changed? No

---

## Repro + Verification

### Environment

- OS: Arch Linux x86_64 
- Kernel: 6.19.11-arch1-1
- Runtime/container: Node v22 .22.2
- Model/provider: N/A
- Integration/channel (if any): N/A
- Relevant config (redacted): custom keys added to `~/.openclaw/openclaw.json`

### Steps

1. Add custom key to config  
2. Run `openclaw doctor --fix`  
3. Inspect config file  

### Expected

- Custom keys remain intact

### Actual

- Custom keys were removed (before fix)

---

## Evidence

- [x] Failing behavior reproduced before fix  
- [x] Verified preservation after fix  

---

## Human Verification (required)

- Verified scenarios:
  - top-level unknown keys preserved  
  - nested keys within top-level unknown objects preserved
  - known fields still repaired correctly  

- Edge cases checked:
  - partial/invalid configs  
  - mixed known + unknown fields  

- What you did **not** verify:
  - very large configs  
  - concurrent writes  

---

## Review Conversations

- [x] I replied to or resolved every bot review conversation I addressed in this PR.  
- [x] I left unresolved only the conversations that still need reviewer or maintainer judgment.  

---

## Compatibility / Migration

- Backward compatible? Yes  
- Config/env changes? No  
- Migration needed? No  

---

## Risks and Mitigations

- Risk:
  - shallow merge may not preserve custom keys injected deeply inside known core objects (e.g., custom flags inside the core models block).  

- Mitigation:
  - behavior aligns with expected use (users typically add top-level custom objects for their integrations). We can easily iterate to a deep-merge utility if maintainers prefer broader coverage in the future.

## Changed files

- `src/commands/doctor-config-flow.ts` (modified, +5/-0)
- `src/config/io.ts` (modified, +24/-12)
- `src/flows/doctor-health-contributions.ts` (modified, +120/-1)