diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index fe0e23301..5e03eebe2 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "a60f15c6118fef698313b270b99ff198e7ec254f", - "syncedAt": "2026-04-27T08:27:51.929Z" + "sha": "b09afa2993cecc6bbe474c41a44b3d7d95483fa6", + "syncedAt": "2026-04-27T08:28:17.532Z" } diff --git a/docs/concepts/model-failover.md b/docs/concepts/model-failover.md index 66eadf6bd..8c9984ca2 100644 --- a/docs/concepts/model-failover.md +++ b/docs/concepts/model-failover.md @@ -21,7 +21,7 @@ For a normal text run, OpenClaw evaluates candidates in this order: - Resolve the active session model and auth-profile preference. A session override with `modelOverrideSource: "auto"` came from an earlier fallback, so the next run clears it first and retries the configured primary; user-selected overrides stay sticky. + Resolve the active session model and auth-profile preference. Build the model candidate chain from the currently selected session model, then `agents.defaults.model.fallbacks` in order, ending with the configured primary when the run started from an override. @@ -47,6 +47,7 @@ This is intentionally narrower than "save and restore the whole session". The re - `providerOverride` - `modelOverride` +- `modelOverrideSource` - `authProfileOverride` - `authProfileOverrideSource` - `authProfileOverrideCompactionCount` @@ -264,8 +265,8 @@ That means fallback retries have to coordinate with live model switching: - Only explicit user-driven model changes mark a pending live switch. That includes `/model`, `session_status(model=...)`, and `sessions.patch`. - System-driven model changes such as fallback rotation, heartbeat overrides, or compaction never mark a pending live switch on their own. - Before a fallback retry starts, the reply runner persists the selected fallback override fields to the session entry. -- On the next run, auto fallback overrides are cleared before model selection so the configured primary is retried. If it is still unhealthy, the fallback loop records a fresh auto override for that new attempt. -- User model overrides (`modelOverrideSource: "user"`) and legacy overrides without a source field remain persistent across turns. +- Auto fallback overrides remain selected on subsequent turns so OpenClaw does not probe a known-bad primary on every message. `/new`, `/reset`, and `sessions.reset` clear auto-sourced overrides and return the session to the configured default. +- `/status` shows the selected model and, when fallback state differs, the active fallback model and reason. - Live-session reconciliation prefers persisted session overrides over stale runtime model fields. - If a live-switch error points at a later candidate in the active fallback chain, OpenClaw jumps directly to that selected model instead of walking unrelated candidates first. - If the fallback attempt fails, the runner rolls back only the override fields it wrote, and only if they still match that failed candidate.