[codex] Support OpenClaw gateway password auth fallback

[BunsDev]

Summary

• retry OpenClaw shared-secret connections with auth.password when the gateway rejects token-style auth
• recognize password-mode gateway auth failures in connection-test hints and provider health
• clarify OpenClaw settings copy and add regression coverage for password-auth gateways

Root Cause

OK Code only forwarded the saved OpenClaw shared secret as auth.token during the connect handshake. Password-mode gateways require auth.password, so connection tests and health probes failed with AUTH_PASSWORD_MISSING even when the shared secret was configured.

Testing

• bun run --cwd apps/server test -- src/openclawGatewayTest.test.ts src/openclaw/GatewayClient.test.ts src/provider/Layers/ProviderHealth.test.ts
• bun run --cwd apps/web test -- src/components/sme/smeConversationConfig.test.ts src/lib/settingsProviderMetadata.test.ts
• bun fmt
• bun lint
• bun typecheck

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
okcode-marketing	Ready	Preview	Apr 25, 2026 6:06am
v0-compute-the-platform-to-build	Ready	Preview, Open in v0	Apr 25, 2026 6:06am

[Copilot]

Pull request overview

Improves OpenClaw gateway interoperability by adding password-mode authentication fallback, expanding unauthenticated health/diagnostic detection, and aligning UI/settings copy and tests with the updated auth behavior.

Changes:

• Add retry logic to fall back from token-style shared-secret auth to auth.password when the gateway indicates password-mode failures.
• Expand health/test diagnostics to treat password-missing/password-mismatch detail codes as unauthenticated and to surface better hints.
• Update settings/SME/provider metadata copy and add/adjust Vitest coverage for the new auth behavior.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
apps/web/src/routes/_chat.settings.index.tsx	Updates OpenClaw settings UI copy to reflect shared-secret auth fallback behavior.
apps/web/src/lib/settingsProviderMetadata.tsx	Aligns OpenClaw provider auth guidance copy with shared-secret + password/token fallback.
apps/web/src/lib/settingsProviderMetadata.test.ts	Updates expectations for OpenClaw provider auth guide text.
apps/web/src/components/sme/smeConversationConfig.ts	Updates OpenClaw auth option labels to match new terminology.
apps/web/src/components/sme/smeConversationConfig.test.ts	Updates SME auth option label expectations.
apps/server/src/provider/Layers/ProviderHealth.ts	Adds helper to classify additional OpenClaw unauthenticated detail codes; uses it in health check.
apps/server/src/provider/Layers/ProviderHealth.test.ts	Adds unit coverage for the new unauthenticated detail-code helper.
apps/server/src/provider/Layers/OpenClawGatewayClient.ts	Implements shared-secret token→password fallback and refactors auth selection logic.
apps/server/src/openclawGatewayTest.ts	Extends gateway test hinting to include password missing/mismatch codes.
apps/server/src/openclawGatewayTest.test.ts	Adds coverage for password-style retry and password-missing hinting.
apps/server/src/openclaw/GatewayClient.ts	Adds password-mode fallback in the OpenclawGatewayClient connect handshake.
apps/server/src/openclaw/GatewayClient.test.ts	New test validating retry to auth.password when token-style is rejected.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.