fix: preserve active abort recovery on terminal stalls

Totalsolutionsync · Totalsolutionsync · commit 68542eb63b94 · 2026-05-20T18:08:52.000-07:00
diff --git a/extensions/telegram/src/polling-session.ts b/extensions/telegram/src/polling-session.ts
@@ -223,12 +223,10 @@ export class TelegramPollingSession {
   #spooledUpdateHandlerTimeoutMs: number;
   #spooledUpdateHandlerAbortGraceMs: number;
   #deliveryDrainInFlight = false;
-  // L5: callback supplied by the active isolated-ingress cycle to request
-  // the cycle abort itself when the bot has visibly lost its grammy
-  // initialized state mid-cycle (e.g., after a network drop during a
-  // handler retry loop). When set, calling it triggers a clean exit so
-  // the outer `runUntilAbort` loop creates a fresh bot and re-runs
-  // `bot.init()`. Cleared at the end of the cycle.
+  // Callback supplied by the active isolated-ingress cycle to request the cycle
+  // abort itself when the bot has visibly lost its grammy initialized state
+  // mid-cycle. When set, calling it triggers a clean exit so the outer
+  // `runUntilAbort` loop creates a fresh bot and re-runs `bot.init()`.
   #requestCycleRestartOnBotReinitNeeded: ((reason: string) => void) | null = null;
 
   constructor(private readonly opts: TelegramPollingSessionOpts) {
@@ -476,14 +474,10 @@ export class TelegramPollingSession {
     this.opts.log(
       `[telegram][diag] spooled update ${params.update.updateId} failed; keeping for retry: ${errMessage}`,
     );
-    // L5: if the grammy bot has lost its initialized state mid-cycle (typically
-    // after a network drop during a handler retry loop, where bot.init() never
-    // gets re-run), every subsequent update handler will fail with the same
-    // "Bot not initialized" message in a tight retry loop. Detect that case and
-    // ask the active cycle to abort itself; the outer runUntilAbort loop will
-    // create a fresh TelegramBot instance and re-run bot.init() against a now-
-    // stable network. Without this, the spool worker keeps retrying forever
-    // until something external (gateway restart, abort signal) intervenes.
+    // If the grammy bot has lost its initialized state mid-cycle, every
+    // subsequent update handler fails with the same message in a tight retry
+    // loop. Ask the active cycle to abort itself so the outer runUntilAbort
+    // loop can create a fresh TelegramBot instance and re-run bot.init().
     if (typeof errMessage === "string" && errMessage.includes("Bot not initialized")) {
       const requestRestart = this.#requestCycleRestartOnBotReinitNeeded;
       if (requestRestart) {
@@ -746,11 +740,10 @@ export class TelegramPollingSession {
       void worker.stop();
     };
     this.opts.abortSignal?.addEventListener("abort", stopOnAbort, { once: true });
-    // L5: install a one-shot callback that the spool failure path can use to
-    // ask this cycle to restart when it sees grammy's "Bot not initialized"
-    // error. Setting restartRequested + stopping the worker tears the cycle
-    // down via the existing try/finally cleanup below; the outer
-    // runUntilAbort loop then creates a new bot and re-runs bot.init().
+    // Install a one-shot callback that the spool failure path can use to ask
+    // this cycle to restart when it sees grammy's "Bot not initialized" error.
+    // Setting restartRequested and stopping the worker tears the cycle down via
+    // the existing try/finally cleanup below.
     this.#requestCycleRestartOnBotReinitNeeded = (reason: string) => {
       if (restartRequested) {
         return;
@@ -857,8 +850,8 @@ export class TelegramPollingSession {
       clearInterval(drainTimer);
       unsubscribe();
       this.opts.abortSignal?.removeEventListener("abort", stopOnAbort);
-      // L5: clear the restart-request callback so a future cycle (or other
-      // session) isn't accidentally talking to this cycle's local state.
+      // Clear the restart-request callback so a future cycle is not
+      // accidentally talking to this cycle's local state.
       this.#requestCycleRestartOnBotReinitNeeded = null;
       await worker.stop();
       if (!restartRequested) {
diff --git a/src/agents/auth-profiles/store.ts b/src/agents/auth-profiles/store.ts
@@ -590,16 +590,11 @@ export function loadAuthProfileStoreForSecretsRuntime(agentDir?: string): AuthPr
   return loadAuthProfileStoreForRuntime(agentDir, {
     readOnly: true,
     allowKeychainPrompt: false,
-    // L4 PATCH (lane-pump branch): include legacy OAuth sidecar material when
-    // the runtime is resolving secrets for an agent turn. Without this, embedded
-    // agent runs (Telegram replies, cron invocations) cannot reach the access
-    // token for openai-codex profiles whose `oauthRef.source` is
+    // Include legacy OAuth sidecar material when the runtime is resolving
+    // secrets for an agent turn. Without this, embedded agent runs cannot reach
+    // the access token for openai-codex profiles whose `oauthRef.source` is
     // "openclaw-credentials", and resolveApiKeyForProfile() falls through to
-    // "No API key found". The OAuth-manager-internal refresh helper added in
-    // upstream #83312 already sets this to true; this default was inadvertently
-    // left at `false` after the sidecar runtime removal in #82777, breaking
-    // the embedded-agent OAuth resolution path while leaving the direct CLI
-    // inference path unaffected. See UPSTREAM_ISSUE_DRAFT.md in local-patches.
+    // "No API key found".
     resolveLegacyOAuthSidecars: true,
   });
 }
@@ -614,12 +609,9 @@ export function loadAuthProfileStoreWithoutExternalProfiles(
   const options: LoadAuthProfileStoreOptions = {
     readOnly: true,
     allowKeychainPrompt: loadOptions?.allowKeychainPrompt ?? false,
-    // L4.1 PATCH: default sidecar resolution to true so that any caller
-    // not explicitly overriding (model-auth-label, model-provider-auth,
-    // pi-auth-discovery, list.list-command, etc.) still picks up legacy
-    // OAuth credential material. Was inadvertently left at `false` in the
-    // upstream #82777/#83312 refactor and breaks isolated/sub-agent auth
-    // resolution paths (e.g., cron-nested lanes).
+    // Default sidecar resolution to true so callers that do not explicitly
+    // override still pick up legacy OAuth credential material for isolated and
+    // sub-agent auth resolution paths.
     resolveLegacyOAuthSidecars: loadOptions?.resolveLegacyOAuthSidecars ?? true,
   };
   const store = loadAuthProfileStoreForAgent(agentDir, options);
@@ -657,10 +649,10 @@ export function ensureAuthProfileStoreWithoutExternalProfiles(
   agentDir?: string,
   options?: { allowKeychainPrompt?: boolean; resolveLegacyOAuthSidecars?: boolean },
 ): AuthProfileStore {
-  // L4.1 PATCH: forward `resolveLegacyOAuthSidecars` through this entry
-  // point so embedded-runner sub-agents (cron-nested, isolated session
-  // lanes for AgentOS sweeps) can read the legacy sidecar credential
-  // material. Default true to match `loadAuthProfileStoreWithoutExternalProfiles`.
+  // Forward `resolveLegacyOAuthSidecars` through this entry point so embedded
+  // runner sub-agents and isolated session lanes can read legacy sidecar
+  // credential material. Default true to match
+  // `loadAuthProfileStoreWithoutExternalProfiles`.
   const resolveLegacyOAuthSidecars = options?.resolveLegacyOAuthSidecars ?? true;
   const effectiveOptions: LoadAuthProfileStoreOptions = {
     ...(options ?? {}),
@@ -677,9 +669,8 @@ export function ensureAuthProfileStoreWithoutExternalProfiles(
     return store;
   }
 
-  // L4.1 PATCH: use effectiveOptions (with sidecar resolution) for the main
-  // fallback load too, otherwise sub-agents that need to merge in the main
-  // store would still miss the legacy credential material.
+  // Use the same options for the main fallback load; sub-agents that merge in
+  // the main store need the same legacy sidecar material.
   const mainStore = loadAuthProfileStoreForAgent(undefined, effectiveOptions);
   return mergeAuthProfileStores(mainStore, store);
 }
diff --git a/src/logging/diagnostic.ts b/src/logging/diagnostic.ts
@@ -3,14 +3,14 @@ import { resolveEmbeddedSessionLane } from "../agents/pi-embedded-runner/lanes.j
 import { getRuntimeConfig } from "../config/config.js";
 import { resolveAllAgentSessionStoreTargetsSync } from "../config/sessions/targets.js";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
-import { resetCommandLane } from "../process/command-queue.js";
 import {
   areDiagnosticsEnabledForProcess,
   emitDiagnosticEvent,
   isDiagnosticsEnabled,
   type DiagnosticPhaseSnapshot,
   type DiagnosticLivenessWarningReason,
 } from "../infra/diagnostic-events.js";
+import { resetCommandLane } from "../process/command-queue.js";
 import { emitDiagnosticMemorySample, resetDiagnosticMemoryForTest } from "./diagnostic-memory.js";
 import {
   getCurrentDiagnosticPhase,
@@ -1134,6 +1134,14 @@ export function startDiagnosticHeartbeat(
           thresholdMs: stuckSessionWarnMs,
           abortThresholdMs: stuckSessionAbortMs,
         });
+        const activeAbortRecoveryEligible =
+          classification !== undefined &&
+          isActiveAbortRecoveryEligible({
+            classification,
+            activity,
+            ageMs: attentionAgeMs,
+            stuckSessionAbortMs,
+          });
         if (classification?.recoveryEligible) {
           requestStuckSessionRecovery({
             recover: opts?.recoverStuckSession ?? recoverStuckSession,
@@ -1143,19 +1151,12 @@ export function startDiagnosticHeartbeat(
               sessionKey: state.sessionKey,
               ageMs: attentionAgeMs,
               queueDepth: state.queueDepth,
+              ...(activeAbortRecoveryEligible ? { allowActiveAbort: true } : {}),
               expectedState: state.state,
               stateGeneration: state.generation,
             },
           });
-        } else if (
-          classification &&
-          isActiveAbortRecoveryEligible({
-            classification,
-            activity,
-            ageMs: attentionAgeMs,
-            stuckSessionAbortMs,
-          })
-        ) {
+        } else if (classification && activeAbortRecoveryEligible) {
           requestStuckSessionRecovery({
             recover: opts?.recoverStuckSession ?? recoverStuckSession,
             classification,
