fix: repair runtime seams after rebase

src/agents/model-auth.ts

@@ -6,6 +6,8 @@ import type { ModelProviderAuthMode, ModelProviderConfig } from "../config/types
 import { coerceSecretRef } from "../config/types.secrets.js";
 import { getShellEnvAppliedKeys } from "../infra/shell-env.js";
 import { createSubsystemLogger } from "../logging/subsystem.js";
+import { buildProviderMissingAuthMessageWithPlugin } from "../plugins/provider-runtime.runtime.js";
+import { resolveOwningPluginIdsForProvider } from "../plugins/providers.js";
 import {
   normalizeOptionalSecretInput,
   normalizeSecretInput,
@@ -35,15 +37,6 @@ const AWS_BEARER_ENV = "AWS_BEARER_TOKEN_BEDROCK";
 const AWS_ACCESS_KEY_ENV = "AWS_ACCESS_KEY_ID";
 const AWS_SECRET_KEY_ENV = "AWS_SECRET_ACCESS_KEY";
 const AWS_PROFILE_ENV = "AWS_PROFILE";
-let providerRuntimePromise:
-  | Promise<typeof import("../plugins/provider-runtime.runtime.js")>
-  | undefined;
-
-function loadProviderRuntime() {
-  providerRuntimePromise ??= import("../plugins/provider-runtime.runtime.js");
-  return providerRuntimePromise;
-}
-
 function resolveProviderConfig(
   cfg: OpenClawConfig | undefined,
   provider: string,
@@ -366,20 +359,30 @@ export async function resolveApiKeyForProvider(params: {
     return resolveAwsSdkAuthInfo();
   }
 
-  const { buildProviderMissingAuthMessageWithPlugin } = await loadProviderRuntime();
-  const pluginMissingAuthMessage = buildProviderMissingAuthMessageWithPlugin({
-    provider,
-    config: cfg,
-    context: {
-      config: cfg,
-      agentDir: params.agentDir,
-      env: process.env,
+  const providerConfig = resolveProviderConfig(cfg, provider);
+  const hasInlineConfiguredModels =
+    Array.isArray(providerConfig?.models) && providerConfig.models.length > 0;
+  const owningPluginIds = !hasInlineConfiguredModels
+    ? resolveOwningPluginIdsForProvider({
+        provider,
+        config: cfg,
+      })
+    : undefined;
+  if (owningPluginIds?.length) {
+    const pluginMissingAuthMessage = buildProviderMissingAuthMessageWithPlugin({
       provider,
-      listProfileIds: (providerId) => listProfilesForProvider(store, providerId),
-    },
-  });
-  if (pluginMissingAuthMessage) {
-    throw new Error(pluginMissingAuthMessage);
+      config: cfg,
+      context: {
+        config: cfg,
+        agentDir: params.agentDir,
+        env: process.env,
+        provider,
+        listProfileIds: (providerId) => listProfilesForProvider(store, providerId),
+      },
+    });
+    if (pluginMissingAuthMessage) {
+      throw new Error(pluginMissingAuthMessage);
+    }
   }
 
   const authStorePath = resolveAuthStorePathForDisplay(params.agentDir);

src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.e2e.test.ts

@@ -11,6 +11,7 @@ import type { EmbeddedRunAttemptResult } from "./pi-embedded-runner/run/types.js
 
 const runEmbeddedAttemptMock = vi.fn<(params: unknown) => Promise<EmbeddedRunAttemptResult>>();
 const resolveCopilotApiTokenMock = vi.fn();
+const COPILOT_TOKEN_URL = "https://api.github.com/copilot_internal/v2/token";
 const { computeBackoffMock, sleepWithAbortMock } = vi.hoisted(() => ({
   computeBackoffMock: vi.fn(
     (
@@ -38,30 +39,6 @@ vi.mock("../../extensions/github-copilot/token.js", () => ({
   resolveCopilotApiToken: (...args: unknown[]) => resolveCopilotApiTokenMock(...args),
 }));
 
-vi.mock("../plugins/provider-runtime.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../plugins/provider-runtime.js")>();
-  return {
-    ...actual,
-    prepareProviderRuntimeAuth: async (params: {
-      provider: string;
-      context: { apiKey: string; env: NodeJS.ProcessEnv };
-    }) => {
-      if (params.provider !== "github-copilot") {
-        return undefined;
-      }
-      const token = await resolveCopilotApiTokenMock({
-        githubToken: params.context.apiKey,
-        env: params.context.env,
-      });
-      return {
-        apiKey: token.token,
-        baseUrl: token.baseUrl,
-        expiresAt: token.expiresAt,
-      };
-    },
-  };
-});
-
 vi.mock("./pi-embedded-runner/compact.js", () => ({
   compactEmbeddedPiSessionDirect: vi.fn(async () => {
     throw new Error("compact should not run in auth profile rotation tests");
@@ -78,6 +55,7 @@ vi.mock("./models-config.js", async (importOriginal) => {
 
 let runEmbeddedPiAgent: typeof import("./pi-embedded-runner/run.js").runEmbeddedPiAgent;
 let unregisterLogTransport: (() => void) | undefined;
+const originalFetch = globalThis.fetch;
 
 beforeAll(async () => {
   ({ runEmbeddedPiAgent } = await import("./pi-embedded-runner/run.js"));
@@ -87,11 +65,27 @@ beforeEach(() => {
   vi.useRealTimers();
   runEmbeddedAttemptMock.mockClear();
   resolveCopilotApiTokenMock.mockReset();
+  globalThis.fetch = vi.fn(async (input: string | URL | Request) => {
+    const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    if (url !== COPILOT_TOKEN_URL) {
+      throw new Error(`Unexpected fetch in test: ${url}`);
+    }
+    const token = await resolveCopilotApiTokenMock();
+    return {
+      ok: true,
+      status: 200,
+      json: async () => ({
+        token: token.token,
+        expires_at: Math.floor(token.expiresAt / 1000),
+      }),
+    } as Response;
+  }) as typeof fetch;
   computeBackoffMock.mockClear();
   sleepWithAbortMock.mockClear();
 });
 
 afterEach(() => {
+  globalThis.fetch = originalFetch;
   unregisterLogTransport?.();
   unregisterLogTransport = undefined;
   setLoggerOverride(null);
@@ -517,11 +511,9 @@ describe("runEmbeddedPiAgent auth profile rotation", () => {
   it("refreshes copilot token after auth error and retries once", async () => {
     const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
     const workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-workspace-"));
-    vi.useFakeTimers();
     try {
       await writeCopilotAuthStore(agentDir);
       const now = Date.now();
-      vi.setSystemTime(now);
 
       resolveCopilotApiTokenMock
         .mockResolvedValueOnce({
@@ -575,7 +567,6 @@ describe("runEmbeddedPiAgent auth profile rotation", () => {
       expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(2);
       expect(resolveCopilotApiTokenMock).toHaveBeenCalledTimes(2);
     } finally {
-      vi.useRealTimers();
       await fs.rm(agentDir, { recursive: true, force: true });
       await fs.rm(workspaceDir, { recursive: true, force: true });
     }
@@ -584,11 +575,9 @@ describe("runEmbeddedPiAgent auth profile rotation", () => {
   it("allows another auth refresh after a successful retry", async () => {
     const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
     const workspaceDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-workspace-"));
-    vi.useFakeTimers();
     try {
       await writeCopilotAuthStore(agentDir);
       const now = Date.now();
-      vi.setSystemTime(now);
 
       resolveCopilotApiTokenMock
         .mockResolvedValueOnce({
@@ -662,7 +651,6 @@ describe("runEmbeddedPiAgent auth profile rotation", () => {
       expect(runEmbeddedAttemptMock).toHaveBeenCalledTimes(4);
       expect(resolveCopilotApiTokenMock).toHaveBeenCalledTimes(3);
     } finally {
-      vi.useRealTimers();
       await fs.rm(agentDir, { recursive: true, force: true });
       await fs.rm(workspaceDir, { recursive: true, force: true });
     }

src/agents/pi-embedded-runner/compact.ts

@@ -25,7 +25,7 @@ import {
   resolveTelegramReactionLevel,
 } from "../../plugin-sdk/telegram.js";
 import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
-import { prepareProviderRuntimeAuth } from "../../plugins/provider-runtime.js";
+import { prepareProviderRuntimeAuth } from "../../plugins/provider-runtime.runtime.js";
 import { type enqueueCommand, enqueueCommandInLane } from "../../process/command-queue.js";
 import { isCronSessionKey, isSubagentSessionKey } from "../../routing/session-key.js";
 import { emitSessionTranscriptUpdate } from "../../sessions/transcript-events.js";

src/agents/pi-embedded-runner/model.ts

@@ -194,6 +194,22 @@ function resolveExplicitModelWithRegistry(params: {
     return { kind: "suppressed" };
   }
   const providerConfig = resolveConfiguredProviderConfig(cfg, provider);
+  const inlineModels = buildInlineProviderModels(cfg?.models?.providers ?? {});
+  const normalizedProvider = normalizeProviderId(provider);
+  const inlineMatch = inlineModels.find(
+    (entry) => normalizeProviderId(entry.provider) === normalizedProvider && entry.id === modelId,
+  );
+  if (inlineMatch?.api) {
+    return {
+      kind: "resolved",
+      model: normalizeResolvedModel({
+        provider,
+        cfg,
+        agentDir,
+        model: inlineMatch as Model<Api>,
+      }),
+    };
+  }
   const model = modelRegistry.find(provider, modelId) as Model<Api> | null;
 
   if (model) {
@@ -213,19 +229,17 @@ function resolveExplicitModelWithRegistry(params: {
   }
 
   const providers = cfg?.models?.providers ?? {};
-  const inlineModels = buildInlineProviderModels(providers);
-  const normalizedProvider = normalizeProviderId(provider);
-  const inlineMatch = inlineModels.find(
+  const fallbackInlineMatch = buildInlineProviderModels(providers).find(
     (entry) => normalizeProviderId(entry.provider) === normalizedProvider && entry.id === modelId,
   );
-  if (inlineMatch?.api) {
+  if (fallbackInlineMatch?.api) {
     return {
       kind: "resolved",
       model: normalizeResolvedModel({
         provider,
         cfg,
         agentDir,
-        model: inlineMatch as Model<Api>,
+        model: fallbackInlineMatch as Model<Api>,
       }),
     };
   }

src/agents/pi-embedded-runner/run.ts

@@ -8,7 +8,7 @@ import {
 import { computeBackoff, sleepWithAbort, type BackoffPolicy } from "../../infra/backoff.js";
 import { generateSecureToken } from "../../infra/secure-random.js";
 import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
-import { prepareProviderRuntimeAuth } from "../../plugins/provider-runtime.js";
+import { prepareProviderRuntimeAuth } from "../../plugins/provider-runtime.runtime.js";
 import type { PluginHookBeforeAgentStartResult } from "../../plugins/types.js";
 import { enqueueCommandInLane } from "../../process/command-queue.js";
 import { isMarkdownCapableMessageChannel } from "../../utils/message-channel.js";

src/agents/subagent-announce.ts

@@ -47,6 +47,7 @@ import {
 import { type AnnounceQueueItem, enqueueAnnounce } from "./subagent-announce-queue.js";
 import { getSubagentDepthFromSessionStore } from "./subagent-depth.js";
 import type { SpawnSubagentMode } from "./subagent-spawn.js";
+import { readLatestAssistantReply } from "./tools/agent-step.js";
 import { sanitizeTextContent, extractAssistantText } from "./tools/sessions-helpers.js";
 import { isAnnounceSkip } from "./tools/sessions-send-helpers.js";
 
@@ -391,7 +392,12 @@ async function readSubagentOutput(
     params: { sessionKey, limit: 100 },
   });
   const messages = Array.isArray(history?.messages) ? history.messages : [];
-  return selectSubagentOutputText(summarizeSubagentOutputHistory(messages), outcome);
+  const selected = selectSubagentOutputText(summarizeSubagentOutputHistory(messages), outcome);
+  if (selected?.trim()) {
+    return selected;
+  }
+  const latestAssistant = await readLatestAssistantReply({ sessionKey, limit: 100 });
+  return latestAssistant?.trim() ? latestAssistant : undefined;
 }
 
 async function readLatestSubagentOutputWithRetry(params: {
@@ -1416,16 +1422,6 @@ export async function runSubagentAnnounceFlow(params: {
         reply = fallbackReply;
       }
 
-      if (
-        !expectsCompletionMessage &&
-        !reply?.trim() &&
-        childSessionId &&
-        isEmbeddedPiRunActive(childSessionId)
-      ) {
-        shouldDeleteChildSession = false;
-        return false;
-      }
-
       if (isAnnounceSkip(reply) || isSilentReplyText(reply, SILENT_REPLY_TOKEN)) {
         if (fallbackReply && !fallbackIsSilent) {
           reply = fallbackReply;