Gitpulse
Merged
Size
M
Change Breakdown
Bug Fix75%
Feature15%
Docs10%
#63155fix(gateway): clear auto-fallback model override on session reset

Fallback model overrides now clear on session reset

FR
frankekn
·Apr 8, 2026

Session resets no longer carry over temporary fallback provider selections, so users see their configured defaults instead of stale fallbacks. Explicit model selections via /model remain preserved.

When a primary AI provider fails, the system automatically falls back to a secondary provider to keep conversations running. Once that fallback is used, the override was incorrectly persisting even after users ran /reset or /new. The problem: if an admin later updated the agent's configured primary provider, those changes were being ignored because the session kept the stale fallback override.

Session resets now distinguish between temporary runtime fallbacks and explicit user selections. Automatic fallback overrides are dropped on reset, letting the session pick up the current config default. User-driven selections via /model continue to be preserved as expected. Legacy sessions without override source tracking are handled gracefully — any existing model override is treated as a user selection and preserved.

This fix lives in the gateway session reset logic, with supporting changes to track override sources during fallback rotation.

View Original GitHub Description

Summary

  • Fix sticky fallback model override surviving /reset and /new commands
  • Only preserve providerOverride/modelOverride/authProfileOverride across session reset when authProfileOverrideSource === "user" (explicit /model command)
  • System-driven overrides (authProfileOverrideSource: "auto", from fallback rotation) are now dropped on reset so the session picks up the current config default

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • This PR fixes a bug or regression

Root Cause (if applicable)

  • Root cause: commit cb0a752156 ("fix: preserve reset session behavior config", v2026.3.28) added providerOverride, modelOverride, authProfileOverride, authProfileOverrideSource, and authProfileOverrideCompactionCount to the fields unconditionally copied during session reset in performGatewaySessionReset(). This was correct for user-driven /model selections (authProfileOverrideSource: "user"), but it also preserved fallback-driven overrides (authProfileOverrideSource: "auto") written by persistFallbackCandidateSelection().
  • Precedence issue: the session store override takes precedence over the agent config default provider. When a fallback override survives reset, the new session uses the fallback provider instead of the configured primary, even if the user has since changed the agent config.
  • Repro sequence: (1) primary provider fails, fallback to secondary succeeds, (2) persistFallbackCandidateSelection() writes providerOverride with authProfileOverrideSource: "auto", (3) user updates agent config to a different primary provider, (4) /reset or /new copies the stale fallback override to the new session, (5) new session ignores the config change and keeps using the fallback provider.
  • Fix: make the override copy conditional on authProfileOverrideSource === "user" so only explicit user selections survive reset.

Regression Test Plan (if applicable)

  • Coverage level that should have caught this:
    • Unit test
    • Seam / integration test
    • End-to-end test
    • Existing coverage already sufficient
  • Scenario the test should lock in: session reset with authProfileOverrideSource: "auto" should not carry forward override fields; session reset with authProfileOverrideSource: "user" should preserve them.
  • If no new test is added, why not: the fix is a minimal conditional guard on existing field copying; adding a test would require extensive mocking of the session store and config infrastructure. The behavior is straightforward to verify by inspection.

User-visible / Behavior Changes

After a fallback rotation, /reset or /new now returns the session to the configured default model/provider instead of keeping the fallback override. Explicit /model selections continue to be preserved across reset as before.

Security Impact (required)

  • New permissions/capabilities? No
  • Secrets/tokens handling changed? No
  • New/changed network calls? No
  • Command/tool execution surface changed? No
  • Data access scope changed? No
© 2026 · via Gitpulse