docs/cli/models.md

---
summary: "CLI reference for `openclaw models` (status/list/set/scan, aliases, fallbacks, auth)"
read_when:
  - You want to change default models or view provider auth status
  - You want to scan available models/providers and debug auth profiles
title: "models"
---

# `openclaw models`

Model discovery, scanning, and configuration (default model, fallbacks, auth profiles).

Related:

- Providers + models: [Models](/providers/models)
- Provider auth setup: [Getting started](/start/getting-started)

## Common commands

```bash
openclaw models status
openclaw models list
openclaw models set <model-or-alias>
openclaw models scan
```

`openclaw models status` shows the resolved default/fallbacks plus an auth overview.
When provider usage snapshots are available, the OAuth/API-key status section includes
provider usage windows and quota snapshots.
Current usage-window providers: Anthropic, GitHub Copilot, Gemini CLI, OpenAI
Codex, MiniMax, Xiaomi, and z.ai. Usage auth comes from provider-specific hooks
when available; otherwise OpenClaw falls back to matching OAuth/API-key
credentials from auth profiles, env, or config.
In `--json` output, `auth.providers` is the env/config/store-aware provider
overview, while `auth.oauth` is auth-store profile health only.
Add `--probe` to run live auth probes against each configured provider profile.
Probes are real requests (may consume tokens and trigger rate limits).
Use `--agent <id>` to inspect a configured agent’s model/auth state. When omitted,
the command uses `OPENCLAW_AGENT_DIR`/`PI_CODING_AGENT_DIR` if set, otherwise the
configured default agent.
Probe rows can come from auth profiles, env credentials, or `models.json`.

Notes:

- `models set <model-or-alias>` accepts `provider/model` or an alias.
- Model refs are parsed by splitting on the **first** `/`. If the model ID includes `/` (OpenRouter-style), include the provider prefix (example: `openrouter/moonshotai/kimi-k2`).
- If you omit the provider, OpenClaw resolves the input as an alias first, then
  as a unique configured-provider match for that exact model id, and only then
  falls back to the configured default provider with a deprecation warning.
  If that provider no longer exposes the configured default model, OpenClaw
  falls back to the first configured provider/model instead of surfacing a
  stale removed-provider default.
- `models status` may show `marker(<value>)` in auth output for non-secret placeholders (for example `OPENAI_API_KEY`, `secretref-managed`, `minimax-oauth`, `oauth:chutes`, `ollama-local`) instead of masking them as secrets.

### `models status`

Options:

- `--json`
- `--plain`
- `--check` (exit 1=expired/missing, 2=expiring)
- `--probe` (live probe of configured auth profiles)
- `--probe-provider <name>` (probe one provider)
- `--probe-profile <id>` (repeat or comma-separated profile ids)
- `--probe-timeout <ms>`
- `--probe-concurrency <n>`
- `--probe-max-tokens <n>`
- `--agent <id>` (configured agent id; overrides `OPENCLAW_AGENT_DIR`/`PI_CODING_AGENT_DIR`)

Probe status buckets:

- `ok`
- `auth`
- `rate_limit`
- `billing`
- `timeout`
- `format`
- `unknown`
- `no_model`

Probe detail/reason-code cases to expect:

- `excluded_by_auth_order`: a stored profile exists, but explicit
  `auth.order.<provider>` omitted it, so probe reports the exclusion instead of
  trying it.
- `missing_credential`, `invalid_expires`, `expired`, `unresolved_ref`:
  profile is present but not eligible/resolvable.
- `no_model`: provider auth exists, but OpenClaw could not resolve a probeable
  model candidate for that provider.

## Aliases + fallbacks

```bash
openclaw models aliases list
openclaw models fallbacks list
```

## Auth profiles

```bash
openclaw models auth add
openclaw models auth login --provider <id>
openclaw models auth setup-token --provider <id>
openclaw models auth paste-token
```

`models auth add` is the interactive auth helper. It can launch a provider auth
flow (OAuth/API key) or guide you into manual token paste, depending on the
provider you choose.

`models auth login` runs a provider plugin’s auth flow (OAuth/API key). Use
`openclaw plugins list` to see which providers are installed.

Examples:

```bash
openclaw models auth login --provider openai-codex --set-default
```

Notes:

- `setup-token` and `paste-token` remain generic token commands for providers
  that expose token auth methods.
- `setup-token` requires an interactive TTY and runs the provider's token-auth
  method (defaulting to that provider's `setup-token` method when it exposes
  one).
- `paste-token` accepts a token string generated elsewhere or from automation.
- `paste-token` requires `--provider`, prompts for the token value, and writes
  it to the default profile id `<provider>:manual` unless you pass
  `--profile-id`.
- `paste-token --expires-in <duration>` stores an absolute token expiry from a
  relative duration such as `365d` or `12h`.
- Anthropic note: Anthropic staff told us OpenClaw-style Claude CLI usage is allowed again, so OpenClaw treats Claude CLI reuse and `claude -p` usage as sanctioned for this integration unless Anthropic publishes a new policy.
- Anthropic `setup-token` / `paste-token` remain available as a supported OpenClaw token path, but OpenClaw now prefers Claude CLI reuse and `claude -p` when available.
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								---
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								summary: "CLI reference for `openclaw models` (status/list/set/scan, aliases, fallbacks, auth)"
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								read_when:
 								  - You want to change default models or view provider auth status
 								  - You want to scan available models/providers and debug auth profiles
-											Docs: add nav titles across docs (#5689)
										
										
											2026-01-31 16:04:03 -05:00
+								title: "models"
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								---
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								# `openclaw models`
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
 								Model discovery, scanning, and configuration (default model, fallbacks, auth profiles).
 								Related:
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								- Providers + models: [Models](/providers/models)
 								- Provider auth setup: [Getting started](/start/getting-started)
 								## Common commands
 								```bash
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								openclaw models status
 								openclaw models list
 								openclaw models set <model-or-alias>
 								openclaw models scan
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								```
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								`openclaw models status` shows the resolved default/fallbacks plus an auth overview.
-											docs: clarify minimax usage window semantics
										
										
											2026-04-04 11:25:39 +01:00
+								When provider usage snapshots are available, the OAuth/API-key status section includes
-											test: add live cache provider probes
										
										
											2026-04-04 12:46:00 +09:00
+								provider usage windows and quota snapshots.
-											docs: refresh provider usage auth refs
										
										
											2026-04-04 12:40:55 +01:00
+								Current usage-window providers: Anthropic, GitHub Copilot, Gemini CLI, OpenAI
 								Codex, MiniMax, Xiaomi, and z.ai. Usage auth comes from provider-specific hooks
 								when available; otherwise OpenClaw falls back to matching OAuth/API-key
 								credentials from auth profiles, env, or config.
-											fix: align models status provider auth reporting
										
										
											2026-04-05 22:44:40 +01:00
+								In `--json` output, `auth.providers` is the env/config/store-aware provider
 								overview, while `auth.oauth` is auth-store profile health only.
-											feat: add models status auth probes
										
										
											2026-01-23 19:25:58 +00:00
+								Add `--probe` to run live auth probes against each configured provider profile.
 								Probes are real requests (may consume tokens and trigger rate limits).
-											fix: local updates for PR #4780
										
										
											2026-01-30 15:39:05 -05:00
+								Use `--agent <id>` to inspect a configured agent’s model/auth state. When omitted,
 								the command uses `OPENCLAW_AGENT_DIR`/`PI_CODING_AGENT_DIR` if set, otherwise the
 								configured default agent.
-											docs: refresh auth probe reason-code refs
										
										
											2026-04-04 20:51:43 +01:00
+								Probe rows can come from auth profiles, env credentials, or `models.json`.
-											feat: sticky auth profile rotation + usage headers
										
										
											2026-01-16 00:24:31 +00:00
-											docs: clarify model refs and runtime notes
										
										
											2026-01-17 17:16:20 +00:00
+								Notes:
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											docs: clarify model refs and runtime notes
										
										
											2026-01-17 17:16:20 +00:00
+								- `models set <model-or-alias>` accepts `provider/model` or an alias.
 								- Model refs are parsed by splitting on the **first** `/`. If the model ID includes `/` (OpenRouter-style), include the provider prefix (example: `openrouter/moonshotai/kimi-k2`).
-											docs: refresh model selection fallback refs
										
										
											2026-04-04 14:55:44 +01:00
+								- If you omit the provider, OpenClaw resolves the input as an alias first, then
 								  as a unique configured-provider match for that exact model id, and only then
 								  falls back to the configured default provider with a deprecation warning.
-											docs: refresh configured provider fallback refs
										
										
											2026-04-04 19:48:46 +01:00
+								  If that provider no longer exposes the configured default model, OpenClaw
 								  falls back to the first configured provider/model instead of surfacing a
 								  stale removed-provider default.
-											Remove Qwen OAuth integration (qwen-portal-auth) (#52709)
										
										
											2026-03-26 16:32:34 +08:00
+								- `models status` may show `marker(<value>)` in auth output for non-secret placeholders (for example `OPENAI_API_KEY`, `secretref-managed`, `minimax-oauth`, `oauth:chutes`, `ollama-local`) instead of masking them as secrets.
-											docs: clarify model refs and runtime notes
										
										
											2026-01-17 17:16:20 +00:00
-											feat: add models status auth probes
										
										
											2026-01-23 19:25:58 +00:00
+								### `models status`
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											feat: add models status auth probes
										
										
											2026-01-23 19:25:58 +00:00
+								Options:
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											feat: add models status auth probes
										
										
											2026-01-23 19:25:58 +00:00
+								- `--json`
 								- `--plain`
 								- `--check` (exit 1=expired/missing, 2=expiring)
 								- `--probe` (live probe of configured auth profiles)
 								- `--probe-provider <name>` (probe one provider)
 								- `--probe-profile <id>` (repeat or comma-separated profile ids)
 								- `--probe-timeout <ms>`
 								- `--probe-concurrency <n>`
 								- `--probe-max-tokens <n>`
-											fix: local updates for PR #4780
										
										
											2026-01-30 15:39:05 -05:00
+								- `--agent <id>` (configured agent id; overrides `OPENCLAW_AGENT_DIR`/`PI_CODING_AGENT_DIR`)
-											feat: add models status auth probes
										
										
											2026-01-23 19:25:58 +00:00
-											docs: refresh auth probe reason-code refs
										
										
											2026-04-04 20:51:43 +01:00
+								Probe status buckets:
 								- `ok`
 								- `auth`
 								- `rate_limit`
 								- `billing`
 								- `timeout`
 								- `format`
 								- `unknown`
 								- `no_model`
 								Probe detail/reason-code cases to expect:
 								- `excluded_by_auth_order`: a stored profile exists, but explicit
 								  `auth.order.<provider>` omitted it, so probe reports the exclusion instead of
 								  trying it.
 								- `missing_credential`, `invalid_expires`, `expired`, `unresolved_ref`:
 								  profile is present but not eligible/resolvable.
 								- `no_model`: provider auth exists, but OpenClaw could not resolve a probeable
 								  model candidate for that provider.
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								## Aliases + fallbacks
 								```bash
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								openclaw models aliases list
 								openclaw models fallbacks list
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								```
 								## Auth profiles
 								```bash
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								openclaw models auth add
 								openclaw models auth login --provider <id>
-											docs(anthropic): remove setup-token setup docs
										
										
											2026-04-04 15:46:13 +09:00
+								openclaw models auth setup-token --provider <id>
-											docs: clarify anthropic extra usage billing
										
										
											2026-04-05 04:31:25 +09:00
+								openclaw models auth paste-token
-											docs(cli): add per-command CLI pages
										
										
											2026-01-15 06:12:54 +00:00
+								```
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											docs: refresh auth command references
										
										
											2026-04-04 08:10:18 +01:00
+								`models auth add` is the interactive auth helper. It can launch a provider auth
 								flow (OAuth/API key) or guide you into manual token paste, depending on the
 								provider you choose.
-											docs: document provider auth plugins
										
										
											2026-01-16 00:39:29 +00:00
+								`models auth login` runs a provider plugin’s auth flow (OAuth/API key). Use
-											refactor: rename to openclaw
										
										
											2026-01-30 03:15:10 +01:00
+								`openclaw plugins list` to see which providers are installed.
-											docs: clarify setup-token flows
										
										
											2026-01-16 02:36:29 +00:00
-											docs: explain anthropic claude cli migration
										
										
											2026-03-26 23:03:02 +00:00
+								Examples:
 								```bash
 								openclaw models auth login --provider openai-codex --set-default
 								```
-											docs: clarify setup-token flows
										
										
											2026-01-16 02:36:29 +00:00
+								Notes:
-											chore: Run pnpm format:fix.
										
										
											2026-01-31 21:13:13 +09:00
-											docs: align auth storage and token auth guidance
										
										
											2026-04-04 07:50:13 +01:00
+								- `setup-token` and `paste-token` remain generic token commands for providers
 								  that expose token auth methods.
-											docs: refresh token auth command mirrors
										
										
											2026-04-04 22:05:05 +01:00
+								- `setup-token` requires an interactive TTY and runs the provider's token-auth
 								  method (defaulting to that provider's `setup-token` method when it exposes
 								  one).
-											docs: clarify anthropic extra usage billing
										
										
											2026-04-05 04:31:25 +09:00
+								- `paste-token` accepts a token string generated elsewhere or from automation.
-											docs: refresh token auth command mirrors
										
										
											2026-04-04 22:05:05 +01:00
+								- `paste-token` requires `--provider`, prompts for the token value, and writes
 								  it to the default profile id `<provider>:manual` unless you pass
 								  `--profile-id`.
 								- `paste-token --expires-in <duration>` stores an absolute token expiry from a
 								  relative duration such as `365d` or `12h`.
-											fix: restore claude cli guidance and doctor behavior
										
										
											2026-04-06 14:20:51 +01:00
+								- Anthropic note: Anthropic staff told us OpenClaw-style Claude CLI usage is allowed again, so OpenClaw treats Claude CLI reuse and `claude -p` usage as sanctioned for this integration unless Anthropic publishes a new policy.
-											fix(anthropic): prefer claude cli over setup-token
										
										
											2026-04-06 15:30:49 +01:00
+								- Anthropic `setup-token` / `paste-token` remain available as a supported OpenClaw token path, but OpenClaw now prefers Claude CLI reuse and `claude -p` when available.