fix(models): map auth_permanent probe status

2026-03-20 06:20:55 +00:00 · 2026-02-25 19:17:26 -05:00
parent 7a65262316
commit 61491ed31e
3 changed files with 29 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ Docs: https://docs.openclaw.ai

 - Agents/Subagents delivery: refactor subagent completion announce dispatch into an explicit queue/direct/fallback state machine, recover outbound channel-plugin resolution in cold/stale plugin-registry states across announce/message/gateway send paths, finalize cleanup bookkeeping when announce flow rejects, and treat Telegram sends without `message_id` as delivery failures (instead of false-success `"unknown"` IDs). (#26867, #25961, #26803, #25069, #26741) Thanks @SmithLabsLLC and @docaohieu2808.
 - Slack/Session threads: prevent oversized parent-session inheritance from silently bricking new thread sessions, surface embedded context-overflow empty-result failures to users, and add configurable `session.parentForkMaxTokens` (default `100000`, `0` disables). (#26912) Thanks @markshields-tl.
+- Models/Auth probes: map permanent auth failover reasons (`auth_permanent`, for example revoked keys) into probe auth status instead of `unknown`, so `openclaw models status --probe` reports actionable auth failures. (#25754) thanks @rrenamed.
 - Security/Signal: enforce DM/group authorization before reaction-only notification enqueue so unauthorized senders can no longer inject Signal reaction system events under `dmPolicy`/`groupPolicy`; reaction notifications now require channel access checks first. This ships in the next npm release (`2026.2.25`). Thanks @tdjackey for reporting.
 - Security/Discord + Slack reactions: enforce DM policy/allowlist authorization before reaction-event system enqueue in direct messages; Discord reaction handling now also honors DM/group-DM enablement and guild `groupPolicy` channel gating to keep reaction ingress aligned with normal message preflight. This ships in the next npm release (`2026.2.25`). Thanks @tdjackey for reporting.
 - Security/Telegram reactions: enforce `dmPolicy`/`allowFrom` and group allowlist authorization on `message_reaction` events before enqueueing reaction system events, preventing unauthorized reaction-triggered input in DMs and groups; ships in the next npm release (`2026.2.25`). Thanks @tdjackey for reporting.
--- a/src/commands/models/list.probe.test.ts
+++ b/src/commands/models/list.probe.test.ts
@@ -0,0 +1,22 @@
+import { describe, expect, it } from "vitest";
+import { mapFailoverReasonToProbeStatus } from "./list.probe.js";
+
+describe("mapFailoverReasonToProbeStatus", () => {
+  it("maps auth_permanent to auth", () => {
+    expect(mapFailoverReasonToProbeStatus("auth_permanent")).toBe("auth");
+  });
+
+  it("keeps existing failover reason mappings", () => {
+    expect(mapFailoverReasonToProbeStatus("auth")).toBe("auth");
+    expect(mapFailoverReasonToProbeStatus("rate_limit")).toBe("rate_limit");
+    expect(mapFailoverReasonToProbeStatus("billing")).toBe("billing");
+    expect(mapFailoverReasonToProbeStatus("timeout")).toBe("timeout");
+    expect(mapFailoverReasonToProbeStatus("format")).toBe("format");
+  });
+
+  it("falls back to unknown for unrecognized values", () => {
+    expect(mapFailoverReasonToProbeStatus(undefined)).toBe("unknown");
+    expect(mapFailoverReasonToProbeStatus(null)).toBe("unknown");
+    expect(mapFailoverReasonToProbeStatus("model_not_found")).toBe("unknown");
+  });
+});
--- a/src/commands/models/list.probe.ts
+++ b/src/commands/models/list.probe.ts
@@ -82,11 +82,13 @@ export type AuthProbeOptions = {
  maxTokens: number;
 };

-const toStatus = (reason?: string | null): AuthProbeStatus => {
+export function mapFailoverReasonToProbeStatus(reason?: string | null): AuthProbeStatus {
  if (!reason) {
    return "unknown";
  }
-  if (reason === "auth") {
+  if (reason === "auth" || reason === "auth_permanent") {
+    // Keep probe output backward-compatible: permanent auth failures still
+    // surface in the auth bucket instead of showing as unknown.
    return "auth";
  }
  if (reason === "rate_limit") {
@@ -102,7 +104,7 @@ const toStatus = (reason?: string | null): AuthProbeStatus => {
    return "format";
  }
  return "unknown";
-};
+}

 function buildCandidateMap(modelCandidates: string[]): Map<string, string[]> {
  const map = new Map<string, string[]>();
@@ -346,7 +348,7 @@ async function probeTarget(params: {
      label: target.label,
      source: target.source,
      mode: target.mode,
-      status: toStatus(described.reason),
+      status: mapFailoverReasonToProbeStatus(described.reason),
      error: redactSecrets(described.message),
      latencyMs: Date.now() - start,
    };