#23301: Gateway: prevent dev reset from touching default profile state

## Summary AI-assisted: Yes (Codex). Testing: fully tested (automated + manual repro). - Problem: `OPENCLAW_PROFILE=dev` alone did not consistently derive profile-isolated state/config paths early enough, so `gateway --dev --reset` could target default profile paths. - Why it matters: destructive reset could move default-profile config/credentials/sessions to Trash. - What changed: env-sourced profile derivation was made first-class in entry/profile handling; parser hardening now accepts `--profile` after subcommands; gateway reset now has a hard safety interlock for non-dev-isolated targets; reset target paths now resolve at runtime from active env. - What did NOT change (scope boundary): no new CLI flags, no behavior changes for non-reset flows beyond safer profile/env validation and parsing consistency. ## Change Type (select all) - [x] Bug fix - [ ] Feature - [ ] Refactor - [ ] Docs - [ ] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [x] Gateway / orchestration - [ ] Skills / tool execution - [ ] Auth / tokens - [x] Memory / storage - [ ] Integrations - [ ] API / contracts - [x] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Closes #17833 - Related #21459 - Related #11159 - Related #23085 - Related #12368 - Related #9866 - Related #8793 ## User-visible / Behavior Changes - `OPENCLAW_PROFILE` now participates in profile isolation derivation equivalent to profile intent before gateway reset logic executes. - `--profile` / `--profile=<name>` are accepted after subcommand position. - `gateway --dev --reset` now hard-fails with resolved-path diagnostics when targets are not dev-isolated. - Reset path targeting now resolves from current runtime env (config, credentials, sessions) instead of import-time constants. ## Security Impact (required) - New permissions/capabilities? (`Yes/No`) No - Secrets/tokens handling changed? (`Yes/No`) No - New/changed network calls? (`Yes/No`) No - Command/tool execution surface changed? (`Yes/No`) Yes - Data access scope changed? (`Yes/No`) Yes - If any `Yes`, explain risk + mitigation: - `--profile` parsing now applies post-subcommand and reset path handling is stricter; risk is parser behavior drift. - Mitigated with targeted parser + gateway option-collision tests and manual end-to-end repro checks. ## Repro + Verification ### Environment - OS: macOS (Apple Silicon) - Runtime/container: Node 22 + pnpm - Model/provider: N/A - Integration/channel (if any): N/A - Relevant config (redacted): temp isolated HOME directories for manual repro; also custom `OPENCLAW_STATE_DIR`/`OPENCLAW_CONFIG_PATH` cases. ### Steps 1. Seed default and dev profile state under an isolated temp `HOME`. 2. Run `OPENCLAW_PROFILE=dev pnpm openclaw gateway --dev --reset --allow-unconfigured`. 3. Verify only `~/.openclaw-dev/*` reset targets are trashed and `~/.openclaw/*` remains intact. 4. Run unsafe case with `OPENCLAW_PROFILE=dev OPENCLAW_STATE_DIR=~/.openclaw ... --reset`. 5. Verify hard-stop with actionable diagnostics and no destructive writes to default profile paths. ### Expected - Dev reset only affects dev-isolated targets, and unsafe target mismatches are blocked. ### Actual - Matches expected in all verified scenarios. ## Evidence Attach at least one: - [x] Failing test/log before + passing after - [x] Trace/log snippets - [ ] Screenshot/recording - [ ] Perf numbers (if relevant) ## Human Verification (required) What you personally verified (not just CI), and how: - Verified scenarios: - Full gates: `pnpm build && pnpm check && pnpm test` passed. - Touched suites: parser + gateway collision + onboard reset target tests passed. - Manual exact command repro in isolated `HOME` confirmed only `~/.openclaw-dev` reset targets were moved to Trash. - Manual unsafe-target repro confirmed hard-stop with resolved path diagnostics and no default-state mutation. - Manual invalid `OPENCLAW_PROFILE` env repro confirmed fail-safe error. - Edge cases checked: - Explicit custom non-default state/config target remains allowed. - `--dev` + `--profile` conflict semantics preserved. - `--profile` after subcommand supported. - What you did **not** verify: - Cross-platform manual repro on Linux/Windows (covered by unit/integration tests only). ## Compatibility / Migration - Backward compatible? (`Yes/No`) Yes - Config/env changes? (`Yes/No`) No (behavioral hardening only) - Migration needed? (`Yes/No`) No - If yes, exact upgrade steps: ## Failure Recovery (if this breaks) - How to disable/revert this change quickly: - Revert commit `a35bbfe78`. - Files/config to restore: - Restore affected profile state from Trash/backup if needed (`~/.openclaw-dev/*` in expected dev-reset flows). - Known bad symptoms reviewers should watch for: - `--profile` unexpectedly consumed for unrelated subcommand options. - False-positive reset interlock on valid explicit custom targets. ## Risks and Mitigations - Risk: Post-subcommand profile interception could conflict with future command-local `--profile` flags. - Mitigation: parser tests cover current CLI patterns; collisions are localized and tested. - Risk: Dev reset interlock could block legitimate workflows if path intent is ambiguous. - Mitigation: explicit custom non-default target bypass is supported; error includes resolved paths and safe rerun commands. <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR adds crucial safety guardrails to prevent `gateway --dev --reset` from accidentally trashing default profile state. Key changes: - `OPENCLAW_PROFILE` env var now participates in profile isolation derivation at entry point (`src/entry.ts:104-111`) - Parser accepts `--profile` after subcommand position (`src/cli/profile.ts:47`) - Hard safety interlock blocks `--dev --reset` when targets aren't dev-isolated (`src/cli/gateway-cli/run.ts:145-173`) - Reset paths resolve at runtime from active env instead of import-time constants (`src/commands/onboard-helpers.ts:325-341`) - Profile env application now clears inherited service-scoped vars for isolation (`src/cli/profile.ts:140-143`) The implementation is defensive and well-tested with specific coverage for the interlock logic, profile parsing edge cases, and runtime path resolution. <h3>Confidence Score: 4/5</h3> - Safe to merge with thorough testing and defensive safeguards in place - The PR addresses a critical data loss bug with a well-architected solution. The safety interlock logic is defensive and includes actionable error messages. Comprehensive test coverage validates the interlock (3 test cases), profile parsing edge cases (4 new tests), and runtime path resolution (2 new tests). The author verified manual repro scenarios including the exact failure case. Minor confidence reduction due to complexity of path resolution logic and potential edge cases with custom `OPENCLAW_STATE_DIR`/`OPENCLAW_CONFIG_PATH` combinations. - Pay close attention to `src/cli/gateway-cli/run.ts` (reset interlock logic) and `src/entry.ts` (profile resolution flow) _{Last reviewed commit: a35bbfe} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->