test: isolate session status from provider runtime leak

docs/concepts/model-failover.md

@@ -248,6 +248,10 @@ parts of the same session entry.
 
 That means fallback retries have to coordinate with live model switching:
 
+- Only explicit user-driven model changes mark a pending live switch. That
+  includes `/model`, `session_status(model=...)`, and `sessions.patch`.
+- System-driven model changes such as fallback rotation, heartbeat overrides,
+  or compaction never mark a pending live switch on their own.
 - Before a fallback retry starts, the reply runner persists the selected
   fallback override fields to the session entry.
 - Live-session reconciliation prefers persisted session overrides over stale

src/agents/openclaw-tools.session-status.test.ts

@@ -175,6 +175,15 @@ vi.mock("../gateway/call.js", createGatewayCallModuleMock);
 vi.mock("../gateway/session-utils.js", createGatewaySessionUtilsModuleMock);
 vi.mock("../config/config.js", createConfigModuleMock);
 vi.mock("../agents/model-catalog.js", createModelCatalogModuleMock);
+vi.mock("../agents/provider-model-normalization.runtime.js", () => ({
+  normalizeProviderModelIdWithRuntime: () => undefined,
+}));
+// Keep provider-runtime/plugin activation out of this focused tool test. The
+// session_status surface only needs model selection semantics here, not real
+// bundled provider registration.
+vi.mock("../plugins/providers.runtime.js", () => ({
+  resolvePluginProviders: () => [],
+}));
 vi.mock("../agents/auth-profiles.js", createAuthProfilesModuleMock);
 vi.mock("../agents/model-auth.js", createModelAuthModuleMock);
 vi.mock("../infra/provider-usage.js", createProviderUsageModuleMock);