openclaw - 💡(How to fix) Fix [Bug]: v4.29+ CLI local-transport stops reading ~/.env, breaks shell-based smoke tests post-upgrade

Bug type

Behavior bug or undocumented intentional change — file is to clarify which.

Summary

Since v2026.4.29, openclaw infer model run --model <provider>/<model> --prompt "PONG" invoked from a freshly opened shell (no env sourcing) fails with:

Error: Auth lookup failed for provider "opencode-go": No API key found for provider "opencode-go".
Auth store: /home/openclaw/.openclaw/agents/orchestrator/agent/auth-profiles.json

The same command worked pre-upgrade (v2026.4.27) by inheriting OPENCODE_API_KEY from the shell environment. Post-v4.29, local-transport CLI auth resolution appears to consult only the agent's auth-profiles.json and no longer falls back to env. The gateway service still resolves auth fine (systemd unit has EnvironmentFile=/home/openclaw/.env), so cron-driven workloads and any --gateway invocation are unaffected — only bare CLI inference probes from a fresh shell are.

Why this matters

• Routine PONG smoke tests during upgrades silently fail with a misleading "no API key" error, suggesting a config corruption rather than a transport-mode change.
• The release notes for 2026.4.29 don't mention the behavior change; if it's intentional hardening (env-poisoning protection makes sense in a multi-user host), a one-line note would have saved upgrade-verification time.
• If it's an unintended regression, restoring the env fallback (or showing a more directive error message) would help.

Reproduction (deterministic)

1. Pre-v4.29: with OPENCODE_API_KEY exported in shell env, openclaw infer model run --model opencode-go/<m> --prompt "PONG" → succeeds.
2. Upgrade to v4.29 or later (we observed identically on v4.29, v5.2, v5.3, v5.3-1, v5.4, v5.5, v5.6, v5.7).
3. Same command from a fresh shell → "Auth lookup failed for provider 'opencode-go'".
4. Workaround A: set -a; . /home/openclaw/.env; set +a then re-run → succeeds.
5. Workaround B: pass --gateway → succeeds.

Suggested next step

• If intentional: add a one-line note to release notes for whichever release introduced this, and ideally a more directive error message ("API key not found in agent auth-profiles; pass --gateway or source ~/.env to use shell env").
• If unintended: restore env fallback, or document the behavior explicitly.

Environment

• OpenClaw: first observed on 2026.4.29; reconfirmed on 2026.5.7 (eeef486)
• OS: Ubuntu 24.04 / Linux 6.8.0-110-generic x86_64
• Node: v22.22.2
• Install: npm global as systemd service
• Provider: opencode-go (custom provider via openclaw.json models.providers)

Related

• #43247 (CLOSED) — opencode-go missing from PROVIDER_ENV_API_KEY_CANDIDATES, fixed pre-v4.29; mentioning so this isn't confused as the same.