session: clear auto-sourced model/auth overrides on /new and /reset

[sk7n4k3d]

Fixes #69301.

Summary

/new and /reset in channel-bound auto-reply sessions (Telegram DM, group chats, etc.) currently carry over every persisted override — including auto-created ones from runtime fallbacks (rate-limit auth rotation, auto model pin). That left sessions stuck on e.g. openai-codex / gpt-5.4 even after the user reset and the default was something else entirely.

The Gateway performGatewaySessionReset path already had the right logic — it only preserves overrides sourced as "user" (plus legacy entries where the source field predates tracking). The auto-reply reset path in src/auto-reply/reply/session.ts was doing a blind copy and never wired that logic through.

This PR:

• Extracts resolveResetPreservedSelection into src/config/sessions/reset-preserved-selection.ts so both reset paths share one source of truth.
• Updates the auto-reply reset branch to use that helper; auto-sourced overrides now clear on /new / /reset, user-set overrides still carry across.
• Threads modelOverrideSource through the persisted* locals so the field actually round-trips (it was being dropped silently before, which was part of the same class of bug).
• Adds a regression test seeded with the exact shape from the issue (providerOverride: openai-codex, modelOverride: gpt-5.4, modelOverrideSource: auto, authProfileOverrideSource: auto) and asserts all four clear after /new and /reset, while unrelated behavior overrides (verboseLevel) still carry.

Test plan

• pnpm test src/auto-reply/reply/session.test.ts — 68 passed (including new regression case).
• pnpm check:changed — typecheck / lint / import-cycles clean; only pre-existing failures remain (missing Chrome in CI env, locale-dependent formatNextRun).
• Existing "preserves selected auth profile overrides" test (authProfileOverrideSource: "user") still passes — user-set overrides are correctly preserved via the shared helper's legacy backfill.

Developed with AI (Claude Code) assistance; reviewed and validated end-to-end against the issue's evidence (~/.openclaw/agents/main/sessions/sessions.json sample).

[greptile-apps]

Greptile Summary

This PR fixes a bug (#69301) where /new and /reset in auto-reply sessions carried over auto-sourced model and auth overrides (e.g. runtime rate-limit fallbacks, auto model pins), leaving users stuck on the wrong model/auth after a reset. The fix extracts resolveResetPreservedSelection into a shared helper and wires it into the auto-reply reset path, mirroring the existing gateway path behavior. It also correctly threads modelOverrideSource through the persisted* locals in session.ts (it was silently dropped before), and adds a regression test for the exact issue scenario.

Confidence Score: 5/5

Safe to merge — the fix is well-scoped, mirrors existing gateway behavior, and the regression test is seeded with the exact issue scenario.

All findings are P2 or informational. The core logic in resolveResetPreservedSelection is correct: it preserves user-sourced overrides and legacy undefined-source model overrides while clearing auto-sourced ones, which exactly matches the gateway path that was already in production. The new modelOverrideSource threading is additive and tested.

No files require special attention — the asymmetry between model and auth legacy-source handling is intentional and matches the pre-existing gateway path.

_{Reviews (1): Last reviewed commit: "session: clear auto-sourced model/auth o..." | Re-trigger Greptile}

[elarocca-io]

Carrying auto-created model/auth overrides across /reset is the kind of thing that makes sessions hard to reason about — you think you're getting a clean slate but the auto-sourced config is still active. The distinction between user-set and auto-sourced overrides is the right level to track. One edge case to verify: if a user manually sets an override that happens to match what auto-source would set, does /reset clear it or preserve it?

[steipete]

Landed via rebase. Thanks @sk7n4k3d.

Validation:

• pnpm test src/auto-reply/reply/session.test.ts src/auto-reply/reply/session-reset-model.test.ts src/auto-reply/reply/agent-runner-session-reset.test.ts (3 files, 72 tests)
• pnpm check:changed (lint/typecheck/guards + gateway/runtime-config/auto-reply changed tests: 339 files, 3713 tests)
• CI green after push, including check/check-additional/build/checks-node/checks-fast/parity gate
• Direct OpenAI live smoke using .profile OPENAI_API_KEY: gpt-5.4-nano Responses API returned OK

Source head before merge: 00b8a2f7d9b37a372f6656a15275d4d383359f9d
Landed on main: 5bc9d9cc5c1c863f25dc59ca494dfb155dc0c866