Skip to content

Commit 1b9a3c6

Browse files
robinsonCopilot
andcommitted
Fix OpenClaw reconnect auth drift
Document the required /v1 base URL and per-agent registry refresh behavior for OpenClaw. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 260370e commit 1b9a3c6

6 files changed

Lines changed: 331 additions & 10 deletions

File tree

CHANGELOG.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
## [2026.3.8] - 2026-03-27
11+
12+
### Changed
13+
- **OpenClaw docs and connector guidance**: the README and docs-site now make the required `http://localhost:8080/v1` base URL explicit and document the recommended `openclaw models status --agent main --probe` verification path.
14+
15+
### Fixed
16+
- **OpenClaw reconnect auth drift**: `isartor connect openclaw` now refreshes the `main` / default agent model override and clears stale per-agent `models.json` registries so changing the gateway API key does not leave OpenClaw stuck on old provider auth.
17+
1018
## [2026.3.7] - 2026-03-27
1119

1220
### Changed
@@ -395,7 +403,8 @@ Isartor's first CalVer release — marking go-live readiness.
395403
### Fixed
396404
- Build musl targets with runner-based zigbuild (no Docker container)
397405

398-
[Unreleased]: https://github.com/isartor-ai/Isartor/compare/v2026.3.7...HEAD
406+
[Unreleased]: https://github.com/isartor-ai/Isartor/compare/v2026.3.8...HEAD
407+
[2026.3.8]: https://github.com/isartor-ai/Isartor/compare/v2026.3.7...v2026.3.8
399408
[2026.3.7]: https://github.com/isartor-ai/Isartor/compare/v2026.3.6...v2026.3.7
400409
[2026.3.6]: https://github.com/isartor-ai/Isartor/compare/v2026.3.5...v2026.3.6
401410
[2026.3.5]: https://github.com/isartor-ai/Isartor/compare/v2026.3.4...v2026.3.5

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "isartor"
3-
version = "2026.3.7"
3+
version = "2026.3.8"
44
edition = "2024"
55
license = "Apache-2.0"
66
description = "Open-source Prompt Firewall — a local LLM gateway with caching, semantic deduplication, and content filtering"

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,8 @@ One command connects your favourite tool. No proxy, no MITM, no CA certificates.
180180

181181
[Full integration guides →](https://isartor-ai.github.io/Isartor/integrations/overview.html)
182182

183+
OpenClaw note: use Isartor's OpenAI-compatible `/v1` base path, not the root `:8080` URL. If you change Isartor's gateway API key later, rerun `isartor connect openclaw` so OpenClaw's per-agent model registry refreshes too.
184+
183185
---
184186

185187
## How Isartor Compares

docs-site/src/integrations/openclaw.md

Lines changed: 43 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@ openclaw onboard --install-daemon
2525
# 4. Register Isartor as an OpenClaw provider
2626
isartor connect openclaw
2727

28-
# 5. Verify OpenClaw sees the provider/model
29-
openclaw models status
28+
# 5. Verify OpenClaw sees the provider/model and auth
29+
openclaw models status --agent main --probe
3030

3131
# 6. Smoke test a prompt
3232
openclaw agent --agent main -m "Hello from OpenClaw through Isartor"
@@ -39,6 +39,8 @@ It writes or updates your OpenClaw config (default: `~/.openclaw/openclaw.json`)
3939
1. `models.providers.isartor`
4040
2. a single managed model entry matching Isartor's current upstream model
4141
3. `agents.defaults.model.primary = "isartor/<your-model>"`
42+
4. the `main` / default agent model override when one is present
43+
5. a refresh of stale per-agent `models.json` registries so OpenClaw regenerates them with the latest `baseUrl` and `apiKey`
4244

4345
Example generated provider block:
4446

@@ -72,6 +74,40 @@ agents: {
7274
}
7375
```
7476

77+
## Base URL and auth path
78+
79+
OpenClaw must talk to Isartor's OpenAI-compatible `/v1` surface.
80+
81+
- Correct base URL: `http://localhost:8080/v1`
82+
- Wrong base URL: `http://localhost:8080`
83+
84+
Why this matters:
85+
86+
- OpenClaw appends `/chat/completions` for OpenAI-compatible custom providers
87+
- Isartor exposes that route as `/v1/chat/completions`
88+
- using the root gateway URL can produce `404` errors such as `gateway unknown L0 via chat/completions`
89+
90+
`isartor connect openclaw` writes the `/v1` path for you, so prefer the connector over hand-editing the provider block.
91+
92+
## Reconnecting after changing the gateway API key
93+
94+
OpenClaw stores custom-provider state in two places:
95+
96+
1. `~/.openclaw/openclaw.json`
97+
2. per-agent `models.json` registries under `~/.openclaw/agents/<agentId>/agent/`
98+
99+
Those per-agent registries can keep an old `apiKey` or `baseUrl` even after `openclaw.json` changes. That is why you can still see `401` after fixing the key in the top-level config.
100+
101+
The supported fix is simply:
102+
103+
```bash
104+
isartor connect openclaw --gateway-api-key <your-key>
105+
openclaw models status --agent main --probe
106+
openclaw agent --agent main -m "Hello from OpenClaw through Isartor"
107+
```
108+
109+
The connector now refreshes `openclaw.json`, updates the `main` / default agent model override, and removes stale per-agent `models.json` files so OpenClaw regenerates them with the new auth.
110+
75111
## Why this is the best fit
76112

77113
The upstream LiteLLM/OpenClaw docs assume the gateway can expose a multi-model catalog and route among many providers behind one endpoint.
@@ -85,6 +121,7 @@ Isartor is different today:
85121
That means:
86122

87123
- if you change Isartor's provider/model later, rerun `isartor connect openclaw`
124+
- if you change Isartor's gateway API key later, rerun `isartor connect openclaw --gateway-api-key ...`
88125
- do **not** expect `isartor/openai/...` and `isartor/anthropic/...` fallbacks to behave like LiteLLM provider switching unless Isartor itself grows multi-provider routing later
89126

90127
## Options
@@ -98,6 +135,7 @@ That means:
98135
## Files written
99136

100137
- `~/.openclaw/openclaw.json` — managed OpenClaw provider config
138+
- `~/.openclaw/agents/<agentId>/agent/models.json` — regenerated by OpenClaw after Isartor clears stale custom-provider caches
101139
- `openclaw.json.isartor-backup` — backup, when a prior config existed
102140

103141
## Disconnecting
@@ -116,7 +154,7 @@ For day-to-day use:
116154
2. Validate with `isartor check`
117155
3. Keep Isartor running with `isartor up --detach`
118156
4. Let OpenClaw use `isartor/<configured-model>` as its primary model
119-
5. Use `openclaw models status` whenever you want to confirm what OpenClaw currently sees
157+
5. Use `openclaw models status --agent main --probe` whenever you want to confirm what OpenClaw currently sees
120158

121159
If you later switch Isartor from, for example, Groq to OpenAI or Azure:
122160

@@ -143,6 +181,7 @@ That refreshes OpenClaw's provider model to match the new Isartor config.
143181
| Symptom | Cause | Fix |
144182
|---------|-------|-----|
145183
| OpenClaw cannot reach the provider | Isartor not running | Run `isartor up --detach` first |
184+
| OpenClaw onboarding/custom provider returns 404 | Base URL points at `http://localhost:8080` instead of `http://localhost:8080/v1` | Use `isartor connect openclaw` or update the custom provider base URL to end with `/v1` |
146185
| OpenClaw still shows the old model | Isartor model changed after initial connect | Re-run `isartor connect openclaw` |
147-
| Auth errors (401) | Gateway auth enabled | Re-run with `--gateway-api-key` or set `ISARTOR__GATEWAY_API_KEY` |
186+
| Auth errors (401) after reconnecting | OpenClaw is still using stale per-agent provider state | Re-run `isartor connect openclaw --gateway-api-key <key>` so Isartor refreshes `openclaw.json` and clears stale per-agent `models.json` registries |
148187
| "Model is not allowed" | OpenClaw allowlist still excludes the managed model | Re-run `isartor connect openclaw` so the managed model is re-added to the allowlist |

0 commit comments

Comments
 (0)