From 97e9e05f8c2e890cffd66eba4e421f379905bf00 Mon Sep 17 00:00:00 2001 From: Ayaan Zaidi Date: Thu, 23 Apr 2026 08:47:38 +0530 Subject: [PATCH] docs(cli): clarify oauth session continuity --- CHANGELOG.md | 1 + docs/gateway/cli-backends.md | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37b84e6319c..1c1df54f7b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -87,6 +87,7 @@ Docs: https://docs.openclaw.ai - Slack/files: resolve `downloadFile` bot tokens from the runtime config when callers provide `cfg` without an explicit token or prebuilt client, preserving cfg-only file downloads outside the action runtime path. (#70160) Thanks @martingarramon. - Slack/HTTP: dispatch registered Request URL webhooks through the same handler registry used by Slack monitor setup, so HTTP-mode Slack events no longer 404 after successful route registration. (#70275) Thanks @FroeMic. - Slack/runtime bindings: route focused Slack thread replies through their bound ACP session instead of preparing replies against the default agent shell. Fixes #67739. Thanks @Frankla20. +- CLI/Claude: keep stored Claude CLI sessions through OAuth refresh-token rotation by keying auth epochs on stable account identity instead of mutable OAuth token material. - CLI/Claude: verify stored Claude CLI session ids have a readable project transcript before resuming, clearing phantom bindings with `reason=transcript-missing` instead of silently starting fresh under `--resume`. Fixes #70177. - CLI sessions: persist CLI session clearing through the atomic session-store merge path, so expired Claude/Codex CLI bindings are actually removed before retrying without the stale session id. (#70298) Thanks @HFConsultant. - ACP/sessions_spawn: honor explicit `model` overrides for ACP child sessions instead of silently falling back to the target agent default model. (#70210) Thanks @felix-miao. diff --git a/docs/gateway/cli-backends.md b/docs/gateway/cli-backends.md index d2cc0bc66e8..e9159524216 100644 --- a/docs/gateway/cli-backends.md +++ b/docs/gateway/cli-backends.md @@ -193,7 +193,11 @@ Serialization notes: - `serialize: true` keeps same-lane runs ordered. - Most CLIs serialize on one provider lane. -- OpenClaw drops stored CLI session reuse when the backend auth state changes, including relogin, token rotation, or a changed auth profile credential. +- OpenClaw drops stored CLI session reuse when the selected auth identity changes, + including a changed auth profile id, static API key, static token, or OAuth + account identity when the CLI exposes one. OAuth access and refresh token + rotation does not cut the stored CLI session. If a CLI does not expose a + stable OAuth account id, OpenClaw lets that CLI enforce resume permissions. ## Images (pass-through)