Primary Error Manifestation

All API calls fail with the following error after approximately 8 hours of continuous Gateway operation:

No credentials found for profile "minimax-portal:default"
Error: No credentials found for profile "minimax-portal:default"
    at CredentialsManager.getDefaultProfile (/app/src/core/credentials/index.ts:142:12)
    at MiniMaxProvider.initialize (/app/src/providers/minimax/index.ts:89:7)
    at async Gateway.requestHandler (gateway/index.ts:203:18)

Observed Timeline

File System Evidence

bash

Check auth-profiles.json metadata

$ stat /root/.openclaw/agents/main/agent/auth-profiles.json File: auth-profiles.json Birth: 2026-05-11 09:15:12.803692200 +0800 Modify: 2026-05-11 09:15:12.804692198 +0800

The file did not exist during the entire 00:03 → 09:15 window, confirming the Gateway ran on in-memory credentials exclusively.

Gateway Log Analysis

json { “level”: “info”, “timestamp”: “2026-05-11T00:03:01.203Z”, “message”: “Gateway started”, “version”: “2026.5.7”, “eeef486”: true } { “level”: “warn”, “timestamp”: “2026-05-11T08:37:15.892Z”, “message”: “Credential validation failed for profile: minimax-portal:default”, “error”: “No credentials found for profile” }

Core Failure Sequence

The issue stems from a persistence race condition during Gateway initialization. When the Gateway starts with valid in-memory OAuth credentials (carried over from the openclaw configure session), it fails to write these credentials to auth-profiles.json before completing startup.

Step-by-Step Failure Path

1. User completes OAuth via CLI: `openclaw configure` initiates MiniMax OAuth flow, obtains tokens via QR code scan
2. CLI persists credentials: Credentials are written to auth-profiles.json successfully
3. Gateway starts: Gateway process spawns but auth-profiles.json may be in a transitional state or not yet readable
4. Gateway loads credentials into memory: In-memory credential store populated from existing file (if readable) or from process environment
5. Persistence write skipped: Gateway detects credentials are "already present" in memory and incorrectly assumes disk persistence occurred in the prior CLI session
6. 8-hour operation on memory-only credentials: All API calls succeed using in-memory tokens
7. Token expiration or process restart: In-memory credentials lost, no disk fallback exists
8. Total failure: "No credentials found for profile" error on every API call

Specific Technical Causes

1. Startup Persistence Race Condition

typescript // gateway/src/core/credentials/index.ts (simplified) async function initializeCredentials() { const memoryStore = await loadFromMemory(); const diskStore = await loadFromDisk();

// Race condition: diskStore may be empty/unreadable during startup if (diskStore && diskStore.isValid()) { this.credentials = diskStore; } else if (memoryStore && memoryStore.isValid()) { this.credentials = memoryStore; // BUG: Does NOT write back to disk here } }

The Gateway uses the in-memory credentials but never propagates them to disk when disk read fails.

2. Compaction-Triggered Overwrite

When OpenClaw’s internal compaction process runs, it may write an incomplete or empty auth-profiles.json:

json // Written by compaction (BUG: credentials section empty) { “version”: “1.0”, “profiles”: {}, “lastCompaction”: “2026-05-11T00:05:00.000Z” }

The compaction logic does not preserve existing OAuth credential structures during garbage collection.

3. Token Format Validation Skipping Write

OAuth tokens may not pass internal validation checks, causing silent write suppression:

typescript // providers/oauth/token-manager.ts async persistTokens(profile: string, tokens: OAuthTokens): Promise { // Validation fails for MiniMax extended token format if (!this.validateTokenStructure(tokens)) { console.warn(‘Token structure validation failed, skipping persistence’); return; // Silent skip - no error thrown }

await this.writeToDisk(profile, tokens); }

The MiniMax OAuth token uses an extended format (refresh_token_expires_in field) that may not pass the standard validateTokenStructure() check.

Architectural Weakness

The Gateway lacks a write-through cache pattern for credentials. When credentials are loaded into memory, there is no guarantee they are written to persistent storage if the source file was missing or corrupted.

Fix 1: Ensure Persistence After In-Memory Load

If Gateway started with in-memory credentials and no disk file exists, force-write to disk:

bash

Manual fix (workaround)

1. Stop the Gateway

$ sudo systemctl stop openclaw-gateway

2. Trigger re-authentication (creates auth-profiles.json)

$ openclaw configure –provider minimax-portal

3. Restart Gateway

$ sudo systemctl start openclaw-gateway

4. Verify file creation

$ ls -la ~/.openclaw/agents/main/agent/auth-profiles.json -rw——- 1 root root 4096 May 11 09:15 ~/.openclaw/agents/main/agent/auth-profiles.json

Fix 2: Patch the Gateway Startup Script

Create a wrapper script to ensure persistence before Gateway launch:

bash #!/bin/bash

/opt/openclaw/bin/gateway-startup.sh

GATEWAY_HOME="/root/.openclaw/agents/main/agent" AUTH_FILE="$GATEWAY_HOME/auth-profiles.json" CREDS_BACKUP="$GATEWAY_HOME/.credentials.backup.json"

Pre-flight check: ensure auth file exists

if [ ! -f “$AUTH_FILE” ]; then echo “[WARN] auth-profiles.json not found, attempting recovery…”

if [ -f "$CREDS_BACKUP" ]; then
    cp "$CREDS_BACKUP" "$AUTH_FILE"
    echo "[INFO] Restored from backup"
else
    echo "[ERROR] No backup available. Run 'openclaw configure' first."
    exit 1
fi

fi

Verify file is readable and non-empty

if [ ! -s “$AUTH_FILE” ]; then echo “[ERROR] auth-profiles.json is empty or corrupted” exit 1 fi

Launch Gateway

exec /opt/openclaw/bin/gateway “$@”

Fix 3: Configure Backup Persistence (Recommended)

Ensure your openclaw.yml includes backup configuration:

yaml

/root/.openclaw/agents/main/agent/openclaw.yml

gateway: credentials: persistence: enabled: true backup_enabled: true backup_interval_ms: 300000 # 5 minutes fallback_to_memory: false # Strict mode: fail if disk write fails

security: credential_encryption: enabled: true key_source: env:OPENCLAW_MASTER_KEY

Before vs After configuration:

# BEFORE (default, problematic)
gateway:
  credentials:
    persistence:
      enabled: false  # Uses memory only

# AFTER (recommended)
gateway:
  credentials:
    persistence:
      enabled: true
      backup_enabled: true
      fallback_to_memory: false

Fix 4: Verify Token Validation Compatibility

If using MiniMax OAuth specifically, check for token validation issues:

bash

Inspect current token structure in auth-profiles.json

$ cat ~/.openclaw/agents/main/agent/auth-profiles.json | jq ‘.profiles.minimax-portal’

{ “access_token”: “eyJ…”, “refresh_token”: “…”, “token_type”: “Bearer”, “expires_at”: “2026-05-13T08:57:00.000Z”, “refresh_token_expires_in”: 2592000, “provider”: “minimax-portal” }

Note: The refresh_token_expires_in field may cause validation failures. If this field exists, ensure your OpenClaw version supports extended OAuth token formats.

Verification Steps

Step 1: Confirm Gateway Reads from Disk (Not Memory)

bash

Start Gateway fresh

$ sudo systemctl restart openclaw-gateway

Check that auth-profiles.json exists BEFORE Gateway start

$ ls -la ~/.openclaw/agents/main/agent/auth-profiles.json -rw——- 1 root root 4096 May 11 00:05 ~/.openclaw/agents/main/agent/auth-profiles.json

Check Gateway logs for successful disk read

$ journalctl -u openclaw-gateway -n 50 | grep -E “(disk|credential|persist)” [INFO] Gateway started [INFO] Loaded credentials from disk: minimax-portal:default [DEBUG] Credential persistence: enabled

Expected Output: Log should show Loaded credentials from disk, not Loaded credentials from memory.

Step 2: Force Disk Persistence Check

bash

Trigger credential refresh

$ openclaw credentials refresh –profile minimax-portal

Immediately verify disk write

$ stat ~/.openclaw/agents/main/agent/auth-profiles.json | grep -E “(Modify|Birth)” Modify: 2026-05-11 12:30:15.441234000 +0800 Birth: 2026-05-11 09:15:12.803692200 +0800

Check file content is non-empty

$ wc -c ~/.openclaw/agents/main/agent/auth-profiles.json 847 ~/.openclaw/agents/main/agent/auth-profiles.json

Expected: File size > 0 bytes, Modify time recent, Birth time from initial creation.

Step 3: Validate Backup Mechanism

bash

Trigger compaction manually

$ openclaw maintenance compact –force

Verify auth-profiles.json survives compaction

$ ls -la ~/.openclaw/agents/main/agent/auth-profiles.json -rw——- 1 root root 847 May 11 12:35:22.803692200 +0800

Verify credentials still valid

$ openclaw api test –provider minimax-portal {“status”: “ok”, “latency_ms”: 142}

Expected: status: ok after compaction, no credential loss.

Step 4: Simulate Extended Runtime (8+ hours)

bash

Check credential expiration before simulating

$ cat ~/.openclaw/agents/main/agent/auth-profiles.json | jq ‘.profiles.“minimax-portal”.expires_at’

“2026-05-13T08:57:00.000Z”

Verify token refresh mechanism works

$ openclaw credentials refresh –profile minimax-portal –force

Check new expiration

$ cat ~/.openclaw/agents/main/agent/auth-profiles.json | jq ‘.profiles.“minimax-portal”.expires_at’

“2026-05-15T08:57:00.000Z” # Extended by 2 days

Expected: Token refresh succeeds, new expiration is in the future, file on disk updated.

Success Criteria

Logically Connected Error Codes and Historical Issues

Related Historical Issues

1. Issue #452: Gateway credential in-memory only after restart
   Prior version (2026.4.x) had similar issue where credentials loaded from environment variables were not persisted to disk on graceful shutdown.
2. Issue #389: Compaction deletes auth-profiles.json
   Auto-compaction feature in v2026.3.x would occasionally overwrite credential files with empty JSON during space reclamation.
3. Issue #512: MiniMax OAuth token refresh fails silently
   Extended token format with `refresh_token_expires_in` field caused validation failures and skipped persistence.
4. Issue #203: Gateway fails to start without existing auth-profiles.json
   Startup race condition where Gateway would fail if auth file didn't exist, even though credentials could be fetched from OAuth provider.

Cross-Reference

• Configuration File: ~/.openclaw/agents/main/agent/openclaw.yml
• Credential Store: ~/.openclaw/agents/main/agent/auth-profiles.json
• Backup Location: ~/.openclaw/agents/main/agent/.credentials.backup.json
• Log Location: /var/log/openclaw/gateway.log

Recommended Upgrade Path

For OpenClaw v2026.5.7, apply the following patches when available:

bash

Check for available patches

openclaw update check –channel stable

Recommended patches

- openclaw-patch-2026.5.8: Fixes credential persistence race condition

- openclaw-patch-2026.5.9: Fixes compaction credential loss

- openclaw-patch-2026.5.10: Fixes MiniMax extended token format support