fix(memory): keep archive transcript visibility safe

vincentkoc · vincentkoc · commit 4881323bc176 · 2026-05-03T00:57:26.000-07:00
diff --git a/extensions/memory-core/src/session-search-visibility.test.ts b/extensions/memory-core/src/session-search-visibility.test.ts
@@ -11,6 +11,7 @@ const crossAgentStore = {
     sessionFile: "/tmp/sessions/w1.jsonl",
   },
 };
+let combinedSessionStore: typeof crossAgentStore | Record<string, never> = crossAgentStore;
 
 vi.mock("openclaw/plugin-sdk/session-transcript-hit", async (importOriginal) => {
   const actual =
@@ -19,14 +20,15 @@ vi.mock("openclaw/plugin-sdk/session-transcript-hit", async (importOriginal) =>
     ...actual,
     loadCombinedSessionStoreForGateway: vi.fn(() => ({
       storePath: "(test)",
-      store: crossAgentStore,
+      store: combinedSessionStore,
     })),
   };
 });
 
 describe("filterMemorySearchHitsBySessionVisibility", () => {
   afterEach(() => {
     vi.mocked(sessionTranscriptHit.loadCombinedSessionStoreForGateway).mockClear();
+    combinedSessionStore = crossAgentStore;
   });
 
   it("drops sessions-sourced hits when requester key is missing (fail closed)", async () => {
@@ -148,4 +150,57 @@ describe("filterMemorySearchHitsBySessionVisibility", () => {
     });
     expect(filtered).toEqual([]);
   });
+
+  it("keeps same-agent deleted archive hits using owner metadata when the live store entry is gone", async () => {
+    combinedSessionStore = {};
+    const hit: MemorySearchResult = {
+      path: "sessions/main/deleted-stem.jsonl.deleted.2026-02-16T22-27-33.000Z",
+      source: "sessions",
+      score: 1,
+      snippet: "x",
+      startLine: 1,
+      endLine: 2,
+    };
+    const cfg = asOpenClawConfig({
+      tools: {
+        sessions: { visibility: "agent" },
+      },
+    });
+
+    const filtered = await filterMemorySearchHitsBySessionVisibility({
+      cfg,
+      requesterSessionKey: "agent:main:main",
+      sandboxed: false,
+      hits: [hit],
+    });
+
+    expect(filtered).toEqual([hit]);
+  });
+
+  it("still denies cross-agent deleted archive hits resolved from owner metadata when a2a is disabled", async () => {
+    combinedSessionStore = {};
+    const hit: MemorySearchResult = {
+      path: "sessions/peer/deleted-stem.jsonl.deleted.2026-02-16T22-27-33.000Z",
+      source: "sessions",
+      score: 1,
+      snippet: "x",
+      startLine: 1,
+      endLine: 2,
+    };
+    const cfg = asOpenClawConfig({
+      tools: {
+        sessions: { visibility: "all" },
+        agentToAgent: { enabled: false },
+      },
+    });
+
+    const filtered = await filterMemorySearchHitsBySessionVisibility({
+      cfg,
+      requesterSessionKey: "agent:main:main",
+      sandboxed: false,
+      hits: [hit],
+    });
+
+    expect(filtered).toEqual([]);
+  });
 });
diff --git a/extensions/memory-core/src/session-search-visibility.ts b/extensions/memory-core/src/session-search-visibility.ts
@@ -1,7 +1,7 @@
 import type { OpenClawConfig } from "openclaw/plugin-sdk/memory-core-host-runtime-core";
 import type { MemorySearchResult } from "openclaw/plugin-sdk/memory-core-host-runtime-files";
 import {
-  extractTranscriptStemFromSessionsMemoryHit,
+  extractTranscriptIdentityFromSessionsMemoryHit,
   loadCombinedSessionStoreForGateway,
   resolveTranscriptStemToSessionKeys,
 } from "openclaw/plugin-sdk/session-transcript-hit";
@@ -42,13 +42,16 @@ export async function filterMemorySearchHitsBySessionVisibility(params: {
     if (!params.requesterSessionKey || !guard) {
       continue;
     }
-    const stem = extractTranscriptStemFromSessionsMemoryHit(hit.path);
-    if (!stem) {
+    const identity = extractTranscriptIdentityFromSessionsMemoryHit(hit.path);
+    if (!identity) {
       continue;
     }
     const keys = resolveTranscriptStemToSessionKeys({
       store: combinedSessionStore,
-      stem,
+      stem: identity.stem,
+      ...(identity.archived && identity.ownerAgentId
+        ? { archivedOwnerAgentId: identity.ownerAgentId }
+        : {}),
     });
     if (keys.length === 0) {
       continue;
diff --git a/packages/memory-host-sdk/src/host/session-files.test.ts b/packages/memory-host-sdk/src/host/session-files.test.ts
@@ -2,7 +2,11 @@ import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it } from "vitest";
-import { buildSessionEntry, listSessionFilesForAgent } from "./session-files.js";
+import {
+  buildSessionEntry,
+  listSessionFilesForAgent,
+  sessionPathForFile,
+} from "./session-files.js";
 
 let fixtureRoot: string;
 let tmpDir: string;
@@ -61,6 +65,28 @@ describe("listSessionFilesForAgent", () => {
   });
 });
 
+describe("sessionPathForFile", () => {
+  it("includes the owning agent id when the transcript lives under an agent sessions dir", () => {
+    const absPath = path.join(
+      tmpDir,
+      "agents",
+      "main",
+      "sessions",
+      "deleted-session.jsonl.deleted.2026-02-16T22-27-33.000Z",
+    );
+
+    expect(sessionPathForFile(absPath)).toBe(
+      "sessions/main/deleted-session.jsonl.deleted.2026-02-16T22-27-33.000Z",
+    );
+  });
+
+  it("keeps the legacy basename-only path when the agent owner cannot be derived", () => {
+    expect(sessionPathForFile(path.join(tmpDir, "loose-session.jsonl"))).toBe(
+      "sessions/loose-session.jsonl",
+    );
+  });
+});
+
 describe("buildSessionEntry", () => {
   it("returns lineMap tracking original JSONL line numbers", async () => {
     // Simulate a real session JSONL file with metadata records interspersed
@@ -155,6 +181,53 @@ describe("buildSessionEntry", () => {
     expect(checkpointEntry?.lineMap).toEqual([]);
   });
 
+  it("keeps cron-run deleted archives opaque when the live session store entry is gone", async () => {
+    const archivePath = path.join(tmpDir, "cron-run.jsonl.deleted.2026-02-16T22-27-33.000Z");
+    const jsonlLines = [
+      JSON.stringify({
+        type: "message",
+        message: {
+          role: "user",
+          content: "[cron:job-1 Codex Sessions Sync] Run internal sync.",
+        },
+      }),
+      JSON.stringify({
+        type: "message",
+        message: { role: "assistant", content: "Internal cron output that must stay out." },
+      }),
+    ];
+    fsSync.writeFileSync(archivePath, jsonlLines.join("\n"));
+
+    const entry = await buildSessionEntry(archivePath);
+
+    expect(entry).not.toBeNull();
+    expect(entry?.content).toBe("");
+    expect(entry?.lineMap).toEqual([]);
+    expect(entry?.generatedByCronRun).toBe(true);
+  });
+
+  it("keeps cron-run reset archives opaque when session metadata preserves the cron key", async () => {
+    const archivePath = path.join(tmpDir, "cron-run.jsonl.reset.2026-02-16T22-26-33.000Z");
+    const jsonlLines = [
+      JSON.stringify({
+        type: "session-meta",
+        data: { sessionKey: "agent:main:cron:job-1:run:run-1" },
+      }),
+      JSON.stringify({
+        type: "message",
+        message: { role: "assistant", content: "Internal cron output that must stay out." },
+      }),
+    ];
+    fsSync.writeFileSync(archivePath, jsonlLines.join("\n"));
+
+    const entry = await buildSessionEntry(archivePath);
+
+    expect(entry).not.toBeNull();
+    expect(entry?.content).toBe("");
+    expect(entry?.lineMap).toEqual([]);
+    expect(entry?.generatedByCronRun).toBe(true);
+  });
+
   it("skips blank lines and invalid JSON without breaking lineMap", async () => {
     const jsonlLines = [
       "",
diff --git a/packages/memory-host-sdk/src/host/session-files.ts b/packages/memory-host-sdk/src/host/session-files.ts
@@ -14,6 +14,7 @@ import {
   isSessionArchiveArtifactName,
   isSilentReplyPayloadText,
   isUsageCountedSessionTranscriptFileName,
+  parseUsageCountedSessionIdFromFileName,
   resolveSessionTranscriptsDirForAgent,
   stripInboundMetadata,
   stripInternalRuntimeContext,
@@ -82,6 +83,15 @@ function shouldSkipTranscriptFileForDreaming(absPath: string): boolean {
   return false;
 }
 
+function isUsageCountedSessionArchiveTranscriptPath(absPath: string): boolean {
+  const fileName = path.basename(absPath);
+  return (
+    isUsageCountedSessionTranscriptFileName(fileName) &&
+    isSessionArchiveArtifactName(fileName) &&
+    parseUsageCountedSessionIdFromFileName(fileName) !== null
+  );
+}
+
 function isDreamingNarrativeBootstrapRecord(record: unknown): boolean {
   if (!record || typeof record !== "object" || Array.isArray(record)) {
     return false;
@@ -150,6 +160,30 @@ function isDreamingNarrativeSessionStoreKey(sessionKey: string): boolean {
   return sessionSegment.startsWith(DREAMING_NARRATIVE_RUN_PREFIX);
 }
 
+function hasCronRunSessionKey(value: unknown): boolean {
+  return typeof value === "string" && isCronRunSessionKey(value);
+}
+
+function isCronRunGeneratedRecord(record: unknown): boolean {
+  if (!record || typeof record !== "object" || Array.isArray(record)) {
+    return false;
+  }
+  const candidate = record as {
+    sessionKey?: unknown;
+    data?: unknown;
+  };
+  if (hasCronRunSessionKey(candidate.sessionKey)) {
+    return true;
+  }
+  if (!candidate.data || typeof candidate.data !== "object" || Array.isArray(candidate.data)) {
+    return false;
+  }
+  const nested = candidate.data as {
+    sessionKey?: unknown;
+  };
+  return hasCronRunSessionKey(nested.sessionKey);
+}
+
 function normalizeComparablePath(pathname: string): string {
   const resolved = path.resolve(pathname);
   return process.platform === "win32" ? resolved.toLowerCase() : resolved;
@@ -242,11 +276,20 @@ function classifySessionTranscriptFromSessionStore(absPath: string): {
 } {
   const sessionsDir = path.dirname(absPath);
   const normalizedAbsPath = normalizeComparablePath(absPath);
+  const primarySessionId = parseUsageCountedSessionIdFromFileName(path.basename(absPath));
+  const normalizedPrimaryPath =
+    primarySessionId && isSessionArchiveArtifactName(path.basename(absPath))
+      ? normalizeComparablePath(path.join(sessionsDir, `${primarySessionId}.jsonl`))
+      : null;
   const classification = loadSessionTranscriptClassificationForSessionsDir(sessionsDir);
+  const hasClassifiedPath = (paths: ReadonlySet<string>) =>
+    paths.has(normalizedAbsPath) ||
+    (normalizedPrimaryPath !== null && paths.has(normalizedPrimaryPath));
   return {
-    generatedByDreamingNarrative:
-      classification.dreamingNarrativeTranscriptPaths.has(normalizedAbsPath),
-    generatedByCronRun: classification.cronRunTranscriptPaths.has(normalizedAbsPath),
+    generatedByDreamingNarrative: hasClassifiedPath(
+      classification.dreamingNarrativeTranscriptPaths,
+    ),
+    generatedByCronRun: hasClassifiedPath(classification.cronRunTranscriptPaths),
   };
 }
 
@@ -264,8 +307,20 @@ export async function listSessionFilesForAgent(agentId: string): Promise<string[
   }
 }
 
+function extractAgentIdFromSessionPath(absPath: string): string | null {
+  const parts = path.normalize(path.resolve(absPath)).split(path.sep).filter(Boolean);
+  const sessionsIndex = parts.lastIndexOf("sessions");
+  if (sessionsIndex < 2 || parts[sessionsIndex - 2] !== "agents") {
+    return null;
+  }
+  return parts[sessionsIndex - 1] || null;
+}
+
 export function sessionPathForFile(absPath: string): string {
-  return path.join("sessions", path.basename(absPath)).replace(/\\/g, "/");
+  const agentId = extractAgentIdFromSessionPath(absPath);
+  return path
+    .join("sessions", ...(agentId ? [agentId] : []), path.basename(absPath))
+    .replace(/\\/g, "/");
 }
 
 async function logSessionFileReadFailure(absPath: string, err: unknown): Promise<void> {
@@ -495,8 +550,10 @@ export async function buildSessionEntry(
       opts.generatedByDreamingNarrative ??
       sessionStoreClassification?.generatedByDreamingNarrative ??
       false;
-    const generatedByCronRun =
+    let generatedByCronRun =
       opts.generatedByCronRun ?? sessionStoreClassification?.generatedByCronRun ?? false;
+    const allowArchiveContentCronClassification =
+      isUsageCountedSessionArchiveTranscriptPath(absPath);
     for (let jsonlIdx = 0; jsonlIdx < lines.length; jsonlIdx++) {
       const line = lines[jsonlIdx];
       if (!line.trim()) {
@@ -511,6 +568,16 @@ export async function buildSessionEntry(
       if (!generatedByDreamingNarrative && isDreamingNarrativeGeneratedRecord(record)) {
         generatedByDreamingNarrative = true;
       }
+      if (
+        !generatedByCronRun &&
+        allowArchiveContentCronClassification &&
+        isCronRunGeneratedRecord(record)
+      ) {
+        generatedByCronRun = true;
+        collected.length = 0;
+        lineMap.length = 0;
+        messageTimestampsMs.length = 0;
+      }
       if (
         !record ||
         typeof record !== "object" ||
@@ -534,6 +601,16 @@ export async function buildSessionEntry(
       if (rawText === null) {
         continue;
       }
+      if (
+        !generatedByCronRun &&
+        allowArchiveContentCronClassification &&
+        isGeneratedCronPromptMessage(normalizeSessionText(rawText), message.role)
+      ) {
+        generatedByCronRun = true;
+        collected.length = 0;
+        lineMap.length = 0;
+        messageTimestampsMs.length = 0;
+      }
       const text = sanitizeSessionText(rawText, message.role);
       if (!text) {
         // Assistant-side machinery (silent replies, system wrappers) is already
diff --git a/src/plugin-sdk/session-transcript-hit.test.ts b/src/plugin-sdk/session-transcript-hit.test.ts
diff --git a/src/plugin-sdk/session-transcript-hit.ts b/src/plugin-sdk/session-transcript-hit.ts
