openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extensions/acpx/src/runtime-internals/process.test.ts‎
Lines changed: 66 additions & 1 deletion b/‎extensions/acpx/src/runtime-internals/process.test.ts‎
Lines changed: 66 additions & 1 deletion
diff --git a/‎extensions/acpx/src/runtime-internals/process.ts‎
Lines changed: 62 additions & 6 deletions b/‎extensions/acpx/src/runtime-internals/process.ts‎
Lines changed: 62 additions & 6 deletions
diff --git a/‎extensions/acpx/src/runtime.ts‎
Lines changed: 9 additions & 1 deletion b/‎extensions/acpx/src/runtime.ts‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎src/acp/control-plane/manager.core.ts‎
Lines changed: 88 additions & 59 deletions b/‎src/acp/control-plane/manager.core.ts‎
Lines changed: 88 additions & 59 deletions
@@ -20,6 +20,7 @@ Docs: https://docs.openclaw.ai
 - Outbound/send config threading: pass resolved SecretRef config through outbound adapters and helper send paths so send flows do not reload unresolved runtime config. (#33987) Thanks @joshavant.
 - Sessions/subagent attachments: remove `attachments[].content.maxLength` from `sessions_spawn` schema to avoid llama.cpp GBNF repetition overflow, and preflight UTF-8 byte size before buffer allocation while keeping runtime file-size enforcement unchanged. (#33648) Thanks @anisoptera.
 - Runtime/tool-state stability: recover from dangling Anthropic `tool_use` after compaction, serialize long-running Discord handler runs without blocking new inbound events, and prevent stale busy snapshots from suppressing stuck-channel recovery. (from #33630, #33583) Thanks @kevinWangSheng and @theotarr.
+- ACP/Discord startup hardening: clean up stuck ACP worker children on gateway restart, unbind stale ACP thread bindings during Discord startup reconciliation, and add per-thread listener watchdog timeouts so wedged turns cannot block later messages. (#33699) Thanks @dutifulbob.
 - Extensions/media local-root propagation: consistently forward `mediaLocalRoots` through extension `sendMedia` adapters (Google Chat, Slack, iMessage, Signal, WhatsApp), preserving non-local media behavior while restoring local attachment resolution from configured roots. Synthesis of #33581, #33545, #33540, #33536, #33528. Thanks @bmendonca3.
 - Gateway/security default response headers: add `Permissions-Policy: camera=(), microphone=(), geolocation=()` to baseline gateway HTTP security headers for all responses. (#30186) thanks @habakan.
 - Plugins/startup loading: lazily initialize plugin runtime, split startup-critical plugin SDK imports into `openclaw/plugin-sdk/core` and `openclaw/plugin-sdk/telegram`, and preserve `api.runtime` reflection semantics for plugin compatibility. (#28620) thanks @hmemcpy.
 
@@ -1,9 +1,15 @@
+import { spawn } from "node:child_process";
 import { mkdir, mkdtemp, rm, writeFile } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import path from "node:path";
 import { afterEach, describe, expect, it } from "vitest";
 import { createWindowsCmdShimFixture } from "../../../shared/windows-cmd-shim-test-fixtures.js";
-import { resolveSpawnCommand, type SpawnCommandCache } from "./process.js";
+import {
+  resolveSpawnCommand,
+  spawnAndCollect,
+  type SpawnCommandCache,
+  waitForExit,
+} from "./process.js";
 
 const tempDirs: string[] = [];
 
@@ -225,3 +231,62 @@ describe("resolveSpawnCommand", () => {
     expect(second.args[0]).toBe(scriptPath);
   });
 });
+
+describe("waitForExit", () => {
+  it("resolves when the child already exited before waiting starts", async () => {
+    const child = spawn(process.execPath, ["-e", "process.exit(0)"], {
+      stdio: ["pipe", "pipe", "pipe"],
+    });
+
+    await new Promise<void>((resolve, reject) => {
+      child.once("close", () => {
+        resolve();
+      });
+      child.once("error", reject);
+    });
+
+    const exit = await waitForExit(child);
+    expect(exit.code).toBe(0);
+    expect(exit.signal).toBeNull();
+    expect(exit.error).toBeNull();
+  });
+});
+
+describe("spawnAndCollect", () => {
+  it("returns abort error immediately when signal is already aborted", async () => {
+    const controller = new AbortController();
+    controller.abort();
+    const result = await spawnAndCollect(
+      {
+        command: process.execPath,
+        args: ["-e", "process.exit(0)"],
+        cwd: process.cwd(),
+      },
+      undefined,
+      { signal: controller.signal },
+    );
+
+    expect(result.code).toBeNull();
+    expect(result.error?.name).toBe("AbortError");
+  });
+
+  it("terminates a running process when signal aborts", async () => {
+    const controller = new AbortController();
+    const resultPromise = spawnAndCollect(
+      {
+        command: process.execPath,
+        args: ["-e", "setTimeout(() => process.stdout.write('done'), 10_000)"],
+        cwd: process.cwd(),
+      },
+      undefined,
+      { signal: controller.signal },
+    );
+
+    setTimeout(() => {
+      controller.abort();
+    }, 10);
+
+    const result = await resultPromise;
+    expect(result.error?.name).toBe("AbortError");
+  });
+});
@@ -114,6 +114,12 @@ export function resolveSpawnCommand(
   };
 }
 
+function createAbortError(): Error {
+  const error = new Error("Operation aborted.");
+  error.name = "AbortError";
+  return error;
+}
+
 export function spawnWithResolvedCommand(
   params: {
     command: string;
@@ -140,6 +146,15 @@ export function spawnWithResolvedCommand(
 }
 
 export async function waitForExit(child: ChildProcessWithoutNullStreams): Promise<SpawnExit> {
+  // Handle callers that start waiting after the child has already exited.
+  if (child.exitCode !== null || child.signalCode !== null) {
+    return {
+      code: child.exitCode,
+      signal: child.signalCode,
+      error: null,
+    };
+  }
+
   return await new Promise<SpawnExit>((resolve) => {
     let settled = false;
     const finish = (result: SpawnExit) => {
@@ -167,12 +182,23 @@ export async function spawnAndCollect(
     cwd: string;
   },
   options?: SpawnCommandOptions,
+  runtime?: {
+    signal?: AbortSignal;
+  },
 ): Promise<{
   stdout: string;
   stderr: string;
   code: number | null;
   error: Error | null;
 }> {
+  if (runtime?.signal?.aborted) {
+    return {
+      stdout: "",
+      stderr: "",
+      code: null,
+      error: createAbortError(),
+    };
+  }
   const child = spawnWithResolvedCommand(params, options);
   child.stdin.end();
 
@@ -185,13 +211,43 @@ export async function spawnAndCollect(
     stderr += String(chunk);
   });
 
-  const exit = await waitForExit(child);
-  return {
-    stdout,
-    stderr,
-    code: exit.code,
-    error: exit.error,
+  let abortKillTimer: NodeJS.Timeout | undefined;
+  let aborted = false;
+  const onAbort = () => {
+    aborted = true;
+    try {
+      child.kill("SIGTERM");
+    } catch {
+      // Ignore kill races when child already exited.
+    }
+    abortKillTimer = setTimeout(() => {
+      if (child.exitCode !== null || child.signalCode !== null) {
+        return;
+      }
+      try {
+        child.kill("SIGKILL");
+      } catch {
+        // Ignore kill races when child already exited.
+      }
+    }, 250);
+    abortKillTimer.unref?.();
   };
+  runtime?.signal?.addEventListener("abort", onAbort, { once: true });
+
+  try {
+    const exit = await waitForExit(child);
+    return {
+      stdout,
+      stderr,
+      code: exit.code,
+      error: aborted ? createAbortError() : exit.error,
+    };
+  } finally {
+    runtime?.signal?.removeEventListener("abort", onAbort);
+    if (abortKillTimer) {
+      clearTimeout(abortKillTimer);
+    }
+  }
 }
 
 export function resolveSpawnFailure(
 
@@ -353,7 +353,10 @@ export class AcpxRuntime implements AcpRuntime {
     return ACPX_CAPABILITIES;
   }
 
-  async getStatus(input: { handle: AcpRuntimeHandle }): Promise<AcpRuntimeStatus> {
+  async getStatus(input: {
+    handle: AcpRuntimeHandle;
+    signal?: AbortSignal;
+  }): Promise<AcpRuntimeStatus> {
     const state = this.resolveHandleState(input.handle);
     const events = await this.runControlCommand({
       args: this.buildControlArgs({
@@ -363,6 +366,7 @@ export class AcpxRuntime implements AcpRuntime {
       cwd: state.cwd,
       fallbackCode: "ACP_TURN_FAILED",
       ignoreNoSession: true,
+      signal: input.signal,
     });
     const detail = events.find((event) => !toAcpxErrorEvent(event)) ?? events[0];
     if (!detail) {
@@ -586,6 +590,7 @@ export class AcpxRuntime implements AcpRuntime {
     cwd: string;
     fallbackCode: AcpRuntimeErrorCode;
     ignoreNoSession?: boolean;
+    signal?: AbortSignal;
   }): Promise<AcpxJsonObject[]> {
     const result = await spawnAndCollect(
       {
@@ -594,6 +599,9 @@ export class AcpxRuntime implements AcpRuntime {
         cwd: params.cwd,
       },
       this.spawnCommandOptions,
+      {
+        signal: params.signal,
+      },
     );
 
     if (result.error) {
 
@@ -316,70 +316,85 @@ export class AcpSessionManager {
   async getSessionStatus(params: {
     cfg: OpenClawConfig;
     sessionKey: string;
+    signal?: AbortSignal;
   }): Promise<AcpSessionStatus> {
     const sessionKey = normalizeSessionKey(params.sessionKey);
     if (!sessionKey) {
       throw new AcpRuntimeError("ACP_SESSION_INIT_FAILED", "ACP session key is required.");
     }
+    this.throwIfAborted(params.signal);
     await this.evictIdleRuntimeHandles({ cfg: params.cfg });
-    return await this.withSessionActor(sessionKey, async () => {
-      const resolution = this.resolveSession({
-        cfg: params.cfg,
-        sessionKey,
-      });
-      if (resolution.kind === "none") {
-        throw new AcpRuntimeError(
-          "ACP_SESSION_INIT_FAILED",
-          `Session is not ACP-enabled: ${sessionKey}`,
-        );
-      }
-      if (resolution.kind === "stale") {
-        throw resolution.error;
-      }
-      const {
-        runtime,
-        handle: ensuredHandle,
-        meta: ensuredMeta,
-      } = await this.ensureRuntimeHandle({
-        cfg: params.cfg,
-        sessionKey,
-        meta: resolution.meta,
-      });
-      let handle = ensuredHandle;
-      let meta = ensuredMeta;
-      const capabilities = await this.resolveRuntimeCapabilities({ runtime, handle });
-      let runtimeStatus: AcpRuntimeStatus | undefined;
-      if (runtime.getStatus) {
-        runtimeStatus = await withAcpRuntimeErrorBoundary({
-          run: async () => await runtime.getStatus!({ handle }),
-          fallbackCode: "ACP_TURN_FAILED",
-          fallbackMessage: "Could not read ACP runtime status.",
+    return await this.withSessionActor(
+      sessionKey,
+      async () => {
+        this.throwIfAborted(params.signal);
+        const resolution = this.resolveSession({
+          cfg: params.cfg,
+          sessionKey,
         });
-      }
-      ({ handle, meta, runtimeStatus } = await this.reconcileRuntimeSessionIdentifiers({
-        cfg: params.cfg,
-        sessionKey,
-        runtime,
-        handle,
-        meta,
-        runtimeStatus,
-        failOnStatusError: true,
-      }));
-      const identity = resolveSessionIdentityFromMeta(meta);
-      return {
-        sessionKey,
-        backend: handle.backend || meta.backend,
-        agent: meta.agent,
-        ...(identity ? { identity } : {}),
-        state: meta.state,
-        mode: meta.mode,
-        runtimeOptions: resolveRuntimeOptionsFromMeta(meta),
-        capabilities,
-        runtimeStatus,
-        lastActivityAt: meta.lastActivityAt,
-        lastError: meta.lastError,
-      };
-    });
+        if (resolution.kind === "none") {
+          throw new AcpRuntimeError(
+            "ACP_SESSION_INIT_FAILED",
+            `Session is not ACP-enabled: ${sessionKey}`,
+          );
+        }
+        if (resolution.kind === "stale") {
+          throw resolution.error;
+        }
+        const {
+          runtime,
+          handle: ensuredHandle,
+          meta: ensuredMeta,
+        } = await this.ensureRuntimeHandle({
+          cfg: params.cfg,
+          sessionKey,
+          meta: resolution.meta,
+        });
+        let handle = ensuredHandle;
+        let meta = ensuredMeta;
+        const capabilities = await this.resolveRuntimeCapabilities({ runtime, handle });
+        let runtimeStatus: AcpRuntimeStatus | undefined;
+        if (runtime.getStatus) {
+          runtimeStatus = await withAcpRuntimeErrorBoundary({
+            run: async () => {
+              this.throwIfAborted(params.signal);
+              const status = await runtime.getStatus!({
+                handle,
+                ...(params.signal ? { signal: params.signal } : {}),
+              });
+              this.throwIfAborted(params.signal);
+              return status;
+            },
+            fallbackCode: "ACP_TURN_FAILED",
+            fallbackMessage: "Could not read ACP runtime status.",
+          });
+        }
+        ({ handle, meta, runtimeStatus } = await this.reconcileRuntimeSessionIdentifiers({
+          cfg: params.cfg,
+          sessionKey,
+          runtime,
+          handle,
+          meta,
+          runtimeStatus,
+          failOnStatusError: true,
+        }));
+        const identity = resolveSessionIdentityFromMeta(meta);
+        return {
+          sessionKey,
+          backend: handle.backend || meta.backend,
+          agent: meta.agent,
+          ...(identity ? { identity } : {}),
+          state: meta.state,
+          mode: meta.mode,
+          runtimeOptions: resolveRuntimeOptionsFromMeta(meta),
+          capabilities,
+          runtimeStatus,
+          lastActivityAt: meta.lastActivityAt,
+          lastError: meta.lastError,
+        };
+      },
+      params.signal,
+    );
   }
 
   async setSessionRuntimeMode(params: {
@@ -1295,9 +1310,23 @@ export class AcpSessionManager {
     }
   }
 
-  private async withSessionActor<T>(sessionKey: string, op: () => Promise<T>): Promise<T> {
+  private async withSessionActor<T>(
+    sessionKey: string,
+    op: () => Promise<T>,
+    signal?: AbortSignal,
+  ): Promise<T> {
     const actorKey = normalizeActorKey(sessionKey);
-    return await this.actorQueue.run(actorKey, op);
+    return await this.actorQueue.run(actorKey, async () => {
+      this.throwIfAborted(signal);
+      return await op();
+    });
+  }
+
+  private throwIfAborted(signal?: AbortSignal): void {
+    if (!signal?.aborted) {
+      return;
+    }
+    throw new AcpRuntimeError("ACP_TURN_FAILED", "ACP operation aborted.");
   }
 
   private getCachedRuntimeState(sessionKey: string): CachedRuntimeState | null {