review: Codex 5.4 findings — delegate-pending drain, band reset#6
Closed
karmafeast wants to merge 1 commit intofeature/context-pressure-squashedfrom
Closed
review: Codex 5.4 findings — delegate-pending drain, band reset#6karmafeast wants to merge 1 commit intofeature/context-pressure-squashedfrom
karmafeast wants to merge 1 commit intofeature/context-pressure-squashedfrom
Conversation
Author
|
Duplicate of #5 — Silas posted first. |
cael-dandelion-cult
pushed a commit
that referenced
this pull request
Apr 2, 2026
* feat: add QQ Bot channel extension * fix(qqbot): add setupWizard to runtime plugin for onboard re-entry * fix: fix review * fix: fix review * chore: sync lockfile and config-docs baseline for qqbot extension * refactor: 移除图床服务器相关代码 * fix * docs: 新增 QQ Bot 插件文档并修正链接路径 * refactor: remove credential backup functionality and update setup logic - Deleted the credential backup module to streamline the codebase. - Updated the setup surface to handle client secrets more robustly, allowing for configured secret inputs. - Simplified slash commands by removing unused hot upgrade compatibility checks and related functions. - Adjusted types to use SecretInput for client secrets in QQBot configuration. - Modified bundled plugin metadata to allow additional properties in the config schema. * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: 添加本地媒体路径解析功能,修正 QQBot 媒体路径处理 * feat: remove qqbot-media and qqbot-remind skills, add tests for config and setup - Deleted the qqbot-media and qqbot-remind skills documentation files. - Added unit tests for qqbot configuration and setup processes, ensuring proper handling of SecretRef-backed credentials and account configurations. - Implemented tests for local media path remapping, verifying correct resolution of media file paths. - Removed obsolete channel and remind tools, streamlining the codebase. * feat: 更新 QQBot 配置模式,添加音频格式和账户定义 * feat: 添加 QQBot 频道管理和定时提醒技能,更新媒体路径解析功能 * fix * feat: 添加 /bot-upgrade 指令以查看 QQBot 插件升级指引 * feat: update reminder and qq channel skills * feat: 更新remind工具投递目标地址格式 * feat: Refactor QQBot payload handling and improve code documentation - Simplified and clarified the structure of payload interfaces for Cron reminders and media messages. - Enhanced the parsing function to provide clearer error messages and improved validation. - Updated platform utility functions for better cross-platform compatibility and clearer documentation. - Improved text parsing utilities for better readability and consistency in emoji representation. - Optimized upload cache management with clearer comments and reduced redundancy. - Integrated QQBot plugin into the bundled channel plugins and updated metadata for installation. * OK apps/macos/Sources/OpenClaw/HostEnvSecurityPolicy.generated.swift > openclaw@2026.3.26 check:bundled-channel-config-metadata /Users/yuehuali/code/PR/openclaw > node --import tsx scripts/generate-bundled-channel-config-metadata.ts --check [bundled-channel-config-metadata] stale generated output at src/config/bundled-channel-config-metadata.generated.ts ELIFECYCLE Command failed with exit code 1. ELIFECYCLE Command failed with exit code 1. * feat: 添加 QQBot 渠道配置及相关账户设置 * fix(qqbot): resolve 14 high-priority bugs from PR openclaw#52986 review DM routing (7 fixes): - #1: DM slash-command replies use sendDmMessage(guildId) instead of sendC2CMessage(senderId) - #2: DM qualifiedTarget uses qqbot:dm:${guildId} instead of qqbot:c2c:${senderId} - #3: sendTextChunks adds DM branch - #4: sendMarkdownReply adds DM branch for text and Base64 images - #5: parseAndSendMediaTags maps DM to targetType:dm + guildId - #6: sendTextToTarget DM branch uses sendDmMessage; MessageTarget adds guildId field - #7: handleImage/Audio/Video/FilePayload add DM branches Other high-priority fixes: - #8: Fix sendC2CVoiceMessage/sendGroupVoiceMessage parameter misalignment - #9: broadcastMessage uses groupOpenid instead of member_openid for group users - #10: Unify KnownUser storage - proactive.ts delegates to known-users.ts - #11: Remove invalid recordKnownUser calls for guild/DM users - #12: sendGroupMessage uses sendAndNotify to trigger onMessageSent hook - #13: sendPhoto channel unsupported returns error field - #14: sendTextAfterMedia adds channel and dm branches Type fixes: - DeliverEventContext adds guildId field - MediaTargetContext.targetType adds dm variant - sendPlainTextReply imgMediaTarget adds DM branch * fix(qqbot): resolve 2 blockers + 7 medium-priority bugs from PR openclaw#52986 review Blocker-1: Remove unused dmPolicy config knob - dmPolicy was declared in schema/types/plugin.json but never consumed at runtime - Removed from config-schema.ts, types.ts, and openclaw.plugin.json - allowFrom remains active (already wired into framework command-auth) Blocker-2: Gate sensitive slash commands with allowFrom authorization - SlashCommand interface adds requireAuth?: boolean - SlashCommandContext adds commandAuthorized: boolean - /bot-logs set to requireAuth: true (reads local log files) - matchSlashCommand rejects unauthorized senders for requireAuth commands - trySlashCommandOrEnqueue computes commandAuthorized from allowFrom config Medium-priority fixes: - #15: Strip non-HTTP/non-local markdown image tags to prevent path leakage - #16: applyQQBotAccountConfig clears clientSecret when setting clientSecretFile and vice versa - #17: getAdminMarkerFile sanitizes accountId to prevent path traversal - #18: URGENT_COMMANDS uses exact match instead of startsWith prefix match - #19: isCronExpression validates each token starts with a cron-valid character - #20: --token format validation rejects malformed input without colon separator - #21: resolveDefaultQQBotAccountId checks QQBOT_APP_ID environment variable * test(qqbot): add focused tests for slash command authorization path - Unauthorized sender rejected for /bot-logs (requireAuth: true) - Authorized sender allowed for /bot-logs - Non-requireAuth commands (/bot-ping, /bot-help, /bot-version) work for all senders - Unknown slash commands return null (passthrough) - Non-slash messages return null - Usage query (/bot-logs ?) also gated by auth check * fix(qqbot): align global TTS fallback with framework config resolution - Extract isGlobalTTSAvailable to utils/audio-convert.ts, mirroring core resolveTtsConfig logic: check auto !== 'off', fall back to legacy enabled boolean, default to off when neither is set. - Add pre-check in reply-dispatcher before calling globalTextToSpeech to avoid unnecessary TTS calls and noisy error logs when TTS is not configured. - Remove inline as any casts; use OpenClawConfig type throughout. - Refactor handleAudioPayload into flat early-return structure with unified send path (plugin TTS → global fallback → send). * fix(qqbot): break ESM circular dependency causing multi-account startup crash The bundled gateway chunk had a circular static import on the channel chunk (gateway -> outbound-deliver -> channel, while channel dynamically imports gateway). When two accounts start concurrently via Promise.all, the first dynamic import triggers module graph evaluation; the circular reference causes api exports (including runDiagnostics) to resolve as undefined before the module finishes evaluating. Fix: extract chunkText and TEXT_CHUNK_LIMIT from channel.ts into a new text-utils.ts leaf module. outbound-deliver.ts now imports from text-utils.ts, breaking the cycle. channel.ts re-exports for backward compatibility. * fix(qqbot): serialize gateway module import to prevent multi-account startup race When multiple accounts start concurrently via Promise.all, each calls await import('./gateway.js') independently. Due to ESM circular dependencies in the bundled output, the first import can resolve transitive exports as undefined before module evaluation completes. Fix: cache the dynamic import promise in a module-level variable so all concurrent startAccount calls share the same import, ensuring the gateway module is fully evaluated before any account uses it. * refactor(qqbot): remove startup greeting logic Remove getStartupGreetingPlan and related startup greeting delivery: - Delete startup-greeting.ts (greeting plan, marker persistence) - Delete admin-resolver.ts (admin resolution, greeting dispatch) - Remove startup greeting calls from gateway READY/RESUMED handlers - Remove isFirstReadyGlobal flag and adminCtx * fix(qqbot): skip octal escape decoding for Windows local paths Windows paths like C:\Users\1\file.txt contain backslash-digit sequences that were incorrectly matched as octal escape sequences and decoded, corrupting the file path. Detect Windows local paths (drive letter or UNC prefix) and skip the octal decoding step for them. * fix bot issue * feat: 支持 TTS 自动开关并清理配置中的 clientSecretFile * docs: 添加 QQBot 配置和消息处理的设计说明 * rebase * fix(qqbot): align slash-command auth with shared command-auth model Route requireAuth:true slash commands (e.g. /bot-logs) through the framework's api.registerCommand() so resolveCommandAuthorization() applies commands.allowFrom.qqbot precedence and qqbot: prefix normalization before any handler runs. - slash-commands.ts: registerCommand() now auto-routes by requireAuth into two maps (commands / frameworkCommands); getFrameworkCommands() exports the auth-required set for framework registration; bot-help lists both maps - index.ts: registerFull() iterates getFrameworkCommands() and calls api.registerCommand() for each; handler derives msgType from ctx.from, sends file attachments via sendDocument, supports multi-account via ctx.accountId - gateway.ts (inbound): replace raw allowFrom string comparison with qqbotPlugin.config.formatAllowFrom() to strip qqbot: prefix and uppercase before matching event.senderId - gateway.ts (pre-dispatch): remove stale auth computation; commandAuthorized is true (requireAuth:true commands never reach matchSlashCommand) - command-auth.test.ts: add regression tests for qqbot: prefix normalization in the inbound commandAuthorized computation - slash-commands.test.ts: update /bot-logs tests to expect null (command routed to framework, not in local registry) * rebase and solve conflict * fix(qqbot): preserve mixed env setup credentials --------- Co-authored-by: yuehuali <yuehuali@tencent.com> Co-authored-by: walli <walli@tencent.com> Co-authored-by: WideLee <limkuan24@gmail.com> Co-authored-by: Frank Yang <frank.ekn@gmail.com>
karmafeast
pushed a commit
that referenced
this pull request
Apr 14, 2026
* feat(skills): add secret-scanning-maintainer skill Add a maintainer-only skill for handling GitHub Secret Scanning alerts. Covers issue_comment, issue_body, pull_request_body, and commit leak types with redaction, history purge (delete+recreate for comments), author notification, and alert resolution workflows. * fix(skills): harden secret-scanning-maintainer based on security review - Remove all secret value fragments from redaction markers (type-only) - Remove alert URLs and partial secret previews from public comments - Use temp files with heredoc for all gh api body content (shell injection) - Add rule: never print raw API responses containing secrets to stdout - Notification comments now only reference secret type, no value hints Addresses 4 of 6 security findings from PR review: 1. Over-permissive redaction → type-only markers 3. Public partial preview + alert URL → removed from comments 4. Shell quoting risk → heredoc + temp file pattern 5. Stdout secret exposure → jq-only extraction rule Findings #2 (revoked without rotation) and #6 (public playbook) are accepted as-is with documented rationale. * fix(skills): address all bot review findings on secret-scanning skill Addresses findings from Codex, Greptile, and Aisle bot reviews: - Add pull_request_comment and pull_request_review_comment to location type routing table (was being skipped as unsupported) [Codex P1] - Use hide_secret=true on alert fetch to prevent plaintext in terminal [Codex P1] - Add jq filtering on all fetch commands to avoid printing .body or .secret to stdout [Codex P1, Aisle Medium] - Skip PATCH before DELETE for comments — PATCH creates an unnecessary edit history revision exposing plaintext [Greptile P1] - Use mktemp for all temp files instead of fixed /tmp paths [Aisle Medium] - Branch notification template by location type: comment says "removed and replaced", body says "redacted in place", commit says "committed" [Greptile P1] - Bump userContentEdits(first: 10) to first: 50 to reduce truncation risk [Greptile P2] - Fix batch listing jq query to use .html_url instead of .first_location_detected.html_url [Codex P2] - Use heredoc + temp file for comment recreation (was inline -f) [Codex P1] - Remove alert URLs from public notification templates [Codex P1] * feat(skills): extract secret-scanning operations into reusable script Add scripts/secret-scanning.mjs with subcommands: fetch-alert, fetch-content, redact-body, delete-comment, recreate-comment, notify, resolve, list-open, summary. Security enforcements now live in the script (not agent memory): - hide_secret=true on all alert fetches - mktemp with random UUIDs for all temp files - -F body=@file for all body uploads - .secret and .body never printed to stdout - notification templates branched by location type SKILL.md simplified from ~370 lines to ~170 lines — now a decision guide that references script commands instead of inline gh api calls. * fix(skills): enforce script summary output as final summary Agent was rewriting the summary table without URLs. Make SKILL.md explicit: the script output IS the final summary, do not reformat it. * fix(skills): add summary output markers for verbatim rendering Script summary now outputs ---BEGIN SUMMARY--- / ---END SUMMARY--- markers. SKILL.md instructs agent to output the content between markers verbatim, preventing reformatting that drops URLs. * fix(skills): address latest bot review findings on script - Restrict temp file permissions to 0600 (owner-only) [Codex P1] - Add --slurp to list-open and fetch-alert locations for correct multi-page JSON parsing [Codex P1, Codex P2] - Use commit_url/blob_url fallback for commit location URLs [Codex P2] - Add --paginate to locations fetch [Codex P2]
This was referenced Apr 24, 2026
karmafeast
pushed a commit
that referenced
this pull request
Apr 24, 2026
Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean.
cael-dandelion-cult
added a commit
that referenced
this pull request
Apr 25, 2026
…2026.4.22 (#306) * feat(continuation): core implementation — context-pressure, request-compaction, post-compaction relay Cherry-picked from 1888edb onto v2026.4.22 with conflict resolution: - Fixed @sinclair/typebox → typebox imports (3 new tool files) - Merged upstream createReplyMediaContext rename with continuation additions - Preserved both upstream failedTerminalOutcome guard and continuation skipAnnounceDelivery - Kept upstream resolveNonNegativeNumber + retireRolledCronSessionMcpRuntime - Kept both upstream cleanupBundleMcpOnRunEnd and continuation fields in gateway schema/methods * docs(continuation): RFC continue-work-signal-v2 Add docs/design/continue-work-signal-v2.md — full RFC for the continuation surface (continue_work, continue_delegate, request_compaction), including trigger taxonomy (§4.1), context-pressure semantics (§4.2), compaction lifecycle (§4.3), post-compaction relay & rehydration (§4.4), and lifecycle hooks + platform settings (§4.5). Attribution-split commit per PR-PRESENTATION-RUNBOOK §4. Co-authored-by: Cael (cael-dandelion-cult) <cael.dandelion.cult@hotmail.com> Co-authored-by: dandelion cult - cael 🩸 <cael@dandelion.cult> Co-authored-by: dandelion cult - ronan 🌊 <karmafeast@gmail.com> * test(continuation): coverage for context-pressure, post-compaction, taskflow durability Test surface for the continuation feature: agent-runner integration tests, context-pressure unit tests, post-compaction lifecycle event tests, TaskFlow delegate persistence tests, zod-schema continuation tests, gateway protocol agent-schema tests, and subagent-registry lifecycle tests. Attribution-split commit per PR-PRESENTATION-RUNBOOK §4. Co-authored-by: Cael (cael-dandelion-cult) <cael.dandelion.cult@hotmail.com> Co-authored-by: dandelion cult - cael 🩸 <cael@dandelion.cult> Co-authored-by: dandelion cult - ronan 🌊 <karmafeast@gmail.com> * chore(continuation): generated baselines, i18n, build config, swift protocol, gitignore Integration/codegen surface for the continuation feature: - docs/.generated/{config-baseline,plugin-sdk-api-baseline}.sha256 — regenerated baselines - src/config/schema.base.generated.ts — regenerated base config schema (auto-generated) - docs/.i18n/glossary.zh-CN.json — i18n glossary additions for continuation terms - apps/macos + apps/shared OpenClawProtocol/GatewayModels.swift — Swift mirror of new gateway protocol fields - apps/shared/OpenClawKit/Sources/OpenClawKit/Resources/tool-display.json — tool-display metadata for continuation tools - tsdown.config.ts — build config for new continuation surface - .gitignore — coverage/artifact exclusions Attribution-split commit per PR-PRESENTATION-RUNBOOK §4. Co-authored-by: Cael (cael-dandelion-cult) <cael.dandelion.cult@hotmail.com> Co-authored-by: dandelion cult - cael 🩸 <cael@dandelion.cult> Co-authored-by: dandelion cult - ronan 🌊 <karmafeast@gmail.com> Co-authored-by: ronan-dandelion-cult <ronan@solidor.io> * chore: remove spurious note.txt from cherry-pick * chore: regenerate config + plugin-sdk baselines after continuation merge Reflects new agents.defaults.continuation.* config keys added by the context-pressure / request-compaction / post-compaction-relay surface. * fix(continuation): purge generation-guard per RFC 2026-04-15 (#299) Surgical removal of the continuationGuardLog logger, generation-drift check in timer callbacks, generationGuardTolerance config param, and session-entry continuation-state cleanup that the continue-work-signal-v2 RFC retired on 2026-04-15 (PR #299). The attribution-split/v2026.4.21-feature-only basis used for silas/rebase/v2026.4.22-feature was cut BEFORE #299 landed, so the guard survived the rebase. This commit lands the equivalent removal on top of the rebased branch via hand-edit (the canary b6c6f3b cannot be cherry-picked cleanly due to lich-protocol surface drift). Caught by Cael 🩸 at 09:23 PDT 2026-04-23 during second-angle compare- notes pass — exact failure mode figs warned about: "lose entire chunks of feature" via wrong tag→branch basis. Verification gates after this commit: - grep -rn 'continuationGuardLog' src/ → 0 - grep -rn 'continuation/guard' src/ → 0 - grep -rn 'generationGuardTolerance' src/ → 0 - pnpm tsgo + pnpm build clean - continuation test suite green Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(continuation): absorb Trigger F into RFC §4.1 taxonomy Trigger F is the in-turn pressure-fire emission anchor that the existing overflow (A) and timeout-recovery (B) paths emit from src/agents/pi-embedded-runner/run.ts. Code + 2 regression-guard tests (run.overflow-compaction.loop.test.ts:96, run.timeout-triggered-compaction.test.ts:105) already cite 'trigger F, per RFC §4.1' but the taxonomy table only defined A–E. Adds row F as a convergent emission of A+B (not a new decision path), with code anchors and rationale (single grep across [context-pressure:fire] surfaces both pre-run D and in-turn F). Per Cael 🩸's review-fleet finding (silas/swim-36/C1) + Silas 🌫️ recommendation: absorb into RFC, don't strip from code. Real working surface, just unnamed. * fix(continuation): pre-merge minors from 2026-04-23 review fleet Two findings cross-confirmed by claude-opus + codex + copilot reviewers plus prince syntheses (cael/silas/ronan) on staging tip 8b9444a: 1. request_compaction tool description still claimed 'no new messages may have arrived since your turn started' — generation guard was removed 2026-04-15 by RFC (§4.3). The lane queue already serializes compaction relative to subsequent messages, so the prose-claim was describing a guard that no longer exists. Fixed in both the JSDoc block and the user-visible tool description. 2. Bracket-path chain-cap and cost-cap rejections in agent-runner.ts (lines 2436-2456 surface) silently dropped continuation requests with no enqueueSystemEvent. The tool-delegate path at :2673-2692 correctly notifies. Restored symmetry — bracket-path now emits a [continuation] system event on chain-cap and cost-cap rejection so the agent learns its bracket request was dropped, matching the tool-delegate path's behavior. No behavior change to the success path. tsgo clean. * fix(continuation): plumb provider+model into volitional compaction call Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean. * docs(continuation): annotate RFC §6.1 equivalent-idiom for band-dedup sentinel Cohort D1 walk on 2026-04-24 (🩸 + 🌊 + 🌻 + 🌫️ converged): the existing context-pressure.ts:65 shape — `band === 0 || band === (lastBand ?? 0)` — is observably equivalent to the RFC §6.1-described `-1` missing-key sentinel under all Zod-valid configs. The schema enforces `contextPressureThreshold ≥ 0.005` → `thresholdPct ≥ 1`, which makes `band === 0` unreachable from valid configs, so the `?? 0` collision path the RFC fix targets cannot be triggered. Both shapes ship the same first-crossing semantics; the `-1` form is narratively cleaner expression of the invariant, the `?? 0 + band === 0 short-circuit` is the schema-bounded equivalent already in the code. Banked as the third classification: equivalent-idiom (neither bug nor doc-drift, prose-vs-code idiom mismatch). One-line annotation in §6.1 documents the equivalence so future reviewers don't re-walk to a 'BLOCKER' verdict against equivalent-behavior code. No code change. Doc-only. * docs(continuation): fix broken Swim 7 evidence links in RFC Swim 7 evidence was historically re-homed to perma-branch silas/swim7-runtime-evidence; the in-tree relative paths in §D.2 and §D.3 still pointed to ./continue-work-signal-v2/swim-evidence/ swim-07/SWIM7-RESULTS.md which doesn't exist on this branch. Rewrite both refs to the perma-branch URL. SWIM7-RESULTS.md is named in the description so readers know what artifact to look for on the branch. Fixes check-docs CI failure on PR #306. * fix(continuation): gate continue_delegate on drain + sync display detailKeys Address Copilot review feedback on PR #306: 1. createContinueDelegateTool was registered whenever continuation was enabled, exposing it on runs that do NOT drain the continuation delegate queue (e.g. llm-slug-generator explicitly sets drainsContinuationDelegateQueue: false). Delegates enqueued from such runs would never dispatch -> memory growth + confusing UX. Now gated on drainsContinuationDelegateQueue === true alongside the existing continuation-enabled check, matching the policy createRequestCompactionTool already follows for its own requestCompactionOpts gate. 2. tool-display-config.ts detailKeys for the continuation tools did not match the actual tool input schema: - continue_delegate listed fireAfterMs but the tool schema uses delaySeconds (the bracket parser uses delayMs separately). - continue_work omitted delaySeconds entirely, hiding the requested delay from tool-call summaries. Fixed both detailKeys to use delaySeconds and regenerated the apps/shared/OpenClawKit/Sources/OpenClawKit/Resources/tool-display.json baseline via pnpm tool-display:write. Co-Authored-By: Silas Solidor <silas@solidor.io> Co-Authored-By: Cael Solidor <cael@solidor.io> Co-Authored-By: Elliott Solidor <elliott@solidor.io> * fix(continuation): default-allow continue_delegate; only block explicit non-drainers Test failure on c825009: continuation-tools-registration.test.ts expects continue_delegate present on normal turns (where drainsContinuationDelegateQueue is undefined). Prior fix used `=== true` which excluded the undefined-default case. Inverted gate to `!== false` so: - undefined (normal turns / default callers) → tool present - true (explicit drainers like main session) → tool present - false (llm-slug-generator and other explicit non-drainers) → tool absent This matches the original Copilot nit's intent: only the *explicit* non-draining runs should hide the tool; everything else should keep the prior default-on behavior. * test(continuation): pin drainsContinuationDelegateQueue truth-table Three new cases in continuation-tools-registration.test.ts pinning the gate predicate's three states so a future refactor cannot silently regress to === true (which broke normal turns on c825009 before 9f00132 inverted to !== false): - undefined → continue_delegate present (default normal turns) - true → continue_delegate present (explicit drainers) - false → continue_delegate absent (e.g. llm-slug-generator) Local: all 6 tests pass under vitest.agents.config.ts in ~30s. Codifies the muscle that should have caught the c825009 regression pre-push. Co-authored-by: Elliott 🌻 <elliott.dandelion.cult@hotmail.com> Co-authored-by: Silas 🌫️ <silas.dandelion.cult@hotmail.com> Co-authored-by: Cael 🩸 <cael.dandelion.cult@hotmail.com> * fix(types): tighten continuationTriggerOverride to ContinuationTrigger union Codex review (#306 r3140391334, r3140391373) flagged that `continuationTriggerOverride` was typed as plain `string` while the gateway schema restricts `continuationTrigger` to the closed union `ContinuationTrigger = "work-wake" | "delegate-return"` (src/auto-reply/get-reply-options.types.ts:6). Tightening the 4 declaration sites to use the union catches typos at compile time instead of letting them reach the gateway and reject at runtime. Pass-through assignments stay correct (callers were already passing valid values; the only call site src/agents/subagent-announce.ts :995 passes `delegateReturnTrigger: "delegate-return" | undefined`, which is in the union). Sites updated: - src/agents/subagent-announce-queue.ts:24 - src/agents/subagent-announce-delivery.ts:375, 450, 601 Verification: - pnpm exec tsc --noEmit: clean - pnpm exec vitest run --config test/vitest/vitest.agents.config.ts subagent-announce: 69/69 pass --------- Co-authored-by: Cael 🩸 <cael.dandelion.cult@hotmail.com> Co-authored-by: Ronan 🌊 <ronan@solidor.io> Co-authored-by: dandelion cult - cael 🩸 <cael@dandelion.cult> Co-authored-by: dandelion cult - ronan 🌊 <karmafeast@gmail.com> Co-authored-by: Elliott 🌻 <elliott.dandelion.cult@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Silas Solidor <silas@solidor.io> Co-authored-by: Cael Solidor <cael@solidor.io> Co-authored-by: Elliott Solidor <elliott@solidor.io> Co-authored-by: dandelion cult - silas🌫️ <265395375+silas-dandelion-cult@users.noreply.github.com>
ronan-dandelion-cult
pushed a commit
that referenced
this pull request
Apr 25, 2026
Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean.
ronan-dandelion-cult
pushed a commit
that referenced
this pull request
Apr 25, 2026
Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean.
ronan-dandelion-cult
pushed a commit
that referenced
this pull request
Apr 26, 2026
Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean.
Open
5 tasks
karmafeast
pushed a commit
that referenced
this pull request
May 1, 2026
Two findings from Ronan 🌊's PR-review fleet (#5 + #6): #5 (real bug): triggerCompaction closure at agent-runner-execution.ts:1101 called compactEmbeddedPiSession() without passing provider/model. Both fields are declared optional on CompactEmbeddedPiSessionParams (see compact.types.ts:42-43) and fall back to DEFAULT_PROVIDER/DEFAULT_MODEL inside compact.queued.ts when missing. For sessions running on a non-default model (every prince box: copilot/claude-opus-4.7), this silently dropped the active model on volitional request_compaction calls — the compaction would run on the default model rather than the session's model. Plumbed params.followupRun.run.provider and .model into the call (already in scope at line 704 in the same file). Closes the third defect from openclaw#191 that did not land in the squash basis. #6 (docstring tighten): agent-runner.ts:1573 said the context-pressure check runs 'before the agent turn' but it runs after setPhase('running'). The check IS before the actual provider request, just not before the phase-tracking flag flip. Tightened comment to say 'before the agent's model call' + named the setPhase-then-check ordering rationale. No behavior change. tsgo clean. (cherry picked from commit 5c9a924)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codex gpt-5.4-codex xhigh review with vitest repros.
P1-1: Post-compaction delegates discarded at turn end (lifecycle mismatch)
P1-2:
delegate-pendingdrained bybuildQueuedSystemPrompt— return misclassified as external inputP2-3:
contextPressureThreshold>0.9 unreachable (band shadow)P2-4:
lastContextPressureBandnever reset after compactionFull review at
docs/review-assembly/review-codex54.md.