Model failover
Clawdbot handles failures in two stages:- Auth profile rotation within the current provider.
- Model fallback to the next model in
agents.defaults.model.fallbacks.
Auth storage (keys + OAuth)
Clawdbot uses auth profiles for both API keys and OAuth tokens.- Secrets live in
~/.clawdbot/agents/<agentId>/agent/auth-profiles.json(legacy:~/.clawdbot/agent/auth-profiles.json). - Config
auth.profiles/auth.orderare metadata + routing only (no secrets). - Legacy import-only OAuth file:
~/.clawdbot/credentials/oauth.json(imported intoauth-profiles.jsonon first use).
type: "api_key"→{ provider, key }type: "oauth"→{ provider, access, refresh, expires, email? }(+projectId/enterpriseUrlfor some providers)
Profile IDs
OAuth logins create distinct profiles so multiple accounts can coexist.- Default:
provider:defaultwhen no email is available. - OAuth with email:
provider:<email>(for examplegoogle-antigravity:[email protected]).
~/.clawdbot/agents/<agentId>/agent/auth-profiles.json under profiles.
Rotation order
When a provider has multiple profiles, Clawdbot chooses an order like this:- Explicit config:
auth.order[provider](if set). - Configured profiles:
auth.profilesfiltered by provider. - Stored profiles: entries in
auth-profiles.jsonfor the provider.
- Primary key: profile type (OAuth before API keys).
- Secondary key:
usageStats.lastUsed(oldest first, within each type). - Cooldown/disabled profiles are moved to the end, ordered by soonest expiry.
Why OAuth can “look lost”
If you have both an OAuth profile and an API key profile for the same provider, round‑robin can switch between them across messages unless pinned. To force a single profile:- Pin with
auth.order[provider] = ["provider:profileId"], or - Use a per-session override via
/model …with a profile override (when supported by your UI/chat surface).
Cooldowns
When a profile fails due to auth/rate‑limit errors (or a timeout that looks like rate limiting), Clawdbot marks it in cooldown and moves to the next profile. Format/invalid‑request errors (for example Cloud Code Assist tool call ID validation failures) are treated as failover‑worthy and use the same cooldowns. Cooldowns use exponential backoff:- 1 minute
- 5 minutes
- 25 minutes
- 1 hour (cap)
auth-profiles.json under usageStats:
Billing disables
Billing/credit failures (for example “insufficient credits” / “credit balance too low”) are treated as failover‑worthy, but they’re usually not transient. Instead of a short cooldown, Clawdbot marks the profile as disabled (with a longer backoff) and rotates to the next profile/provider. State is stored inauth-profiles.json:
- Billing backoff starts at 5 hours, doubles per billing failure, and caps at 24 hours.
- Backoff counters reset if the profile hasn’t failed for 24 hours (configurable).
Model fallback
If all profiles for a provider fail, Clawdbot moves to the next model inagents.defaults.model.fallbacks. This applies to auth failures, rate limits, and
timeouts that exhausted profile rotation (other errors do not advance fallback).
When a run starts with a model override (hooks or CLI), fallbacks still end at
agents.defaults.model.primary after trying any configured fallbacks.
Related config
See Gateway configuration for:auth.profiles/auth.orderauth.cooldowns.billingBackoffHours/auth.cooldowns.billingBackoffHoursByProviderauth.cooldowns.billingMaxHours/auth.cooldowns.failureWindowHoursagents.defaults.model.primary/agents.defaults.model.fallbacksagents.defaults.imageModelrouting