openclaw infer model auth logout reports success but doesn't write to disk for non-default agents

Target repo: openclaw/openclaw Filer: islandpreneur007 Draft status: ready for review + file Date drafted: 2026-05-21 Reproduction evidence captured: 2026-05-20T15:18Z, agents/gap5-canary-agent and agents/trent

Summary

When scoping openclaw infer model auth logout --provider <p> to a non-default agent via OPENCLAW_AGENT_DIR=..., the command returns {"removedProfiles": ["<profile-id>"]} (claiming success) but does not write to that agent's auth-profiles.json. The profile remains intact.

The same command works correctly for the default agent.

Reproduction

Setup:

• Two agents with local xAI OAuth profiles: agents/trent/agent/auth-profiles.json (default agent) and agents/gap5-canary-agent/agent/auth-profiles.json (secondary).
• Verify both profiles present before logout.

Default-agent path (works):

openclaw infer model auth logout --provider xai
# Returns: {"removedProfiles":["xai:[email protected]"]}
# Verify: jq '.profiles' agents/trent/agent/auth-profiles.json
# Result: xai profile gone. Other profiles intact.

Non-default-agent path (no-op):

OPENCLAW_AGENT_DIR=/home/openclawops/.openclaw/agents/gap5-canary-agent/agent openclaw infer model auth logout --provider xai
# Returns: {"removedProfiles":["xai:[email protected]"]}  # Claims success
# Verify: jq '.profiles' agents/gap5-canary-agent/agent/auth-profiles.json
# Result: xai profile STILL PRESENT. No write detected.
# find /home/openclawops/.openclaw/agents/gap5-canary-agent/agent/auth-profiles.json -mmin -5
# Result: (empty — file unchanged)

Verified twice on the gap5-canary-agent path. Identical behavior.

Expected behavior

openclaw infer model auth logout --provider <p> scoped via OPENCLAW_AGENT_DIR=... should write the modified auth-profiles.json to the scoped agent's directory, OR return a non-zero exit + error message indicating the scoping path is unsupported.

Observed behavior

Command returns success JSON but does not write the file. This is a silent failure mode — the operator believes the profile was removed when it was not.

Operational impact

We hit this trying to clean a stale OAuth shadow from a secondary agent's local auth-profiles.json after an OAuth refresh consolidation. The stale shadow was inert (access token expired) but the hygiene cleanup was blocked by this command's no-op behavior. We worked around it by using openclaw agents delete <agent> --force --json to remove the entire agent (whose stale shadow then went with it). That worked for our case because the agent was a one-off OAuth tunnel experiment, but it's not a general workaround for cleaning a specific provider profile from an active secondary agent.

Environment

• OpenClaw version: 2026.5.19 (a185ca2)
• Host: Ubuntu 24.04, ~/.npm-global install
• Affected provider: xai (OAuth profile)
• Reproduced via OPENCLAW_AGENT_DIR scoping pattern documented in CLI ref

Suggested fix direction

Either:

1. Write the modified auth-profiles.json to the scoped agent's directory (preferred — matches the documented scoping pattern), OR
2. Fail-fast with explicit error message + non-zero exit when OPENCLAW_AGENT_DIR is set and the logout subcommand can't honor the scope.

Related issues

• None identified.

Files / state

• Pre-attempt snapshot preserved at /tmp/auth-profiles.json.bak.gap5-canary-agent.20260521T151227Z on the production VPS.
• Post-attempt mtime confirmed unchanged via find -mmin -5.