fix(agents,gateway): three subagent announce delivery failures

claude · claude · commit 89db7a09f11a · 2026-05-23T12:59:04.000Z
Fixes three related bugs that break subagent completion delivery in loopback token-auth setups (e.g. Google Chat with sessions_spawn). All three were found and validated on a production Linux/GCP deployment (openclaw 2026.5.20, Node 22, systemd user service). --- ## Fix 1 — gateway: keep device identity for BACKEND calls with explicit scopes File: src/gateway/call.ts Fixes: #77807 `shouldOmitDeviceIdentityForGatewayCall` unconditionally omitted device identity for all BACKEND + GATEWAY_CLIENT + loopback calls. Internal calls such as `callSubagentGateway` carry explicit operator scopes like `["operator.write"]`. Without device identity the gateway cannot verify those scopes against the paired device token and rejects with: Subagent completion direct announce failed: missing scope: operator.write Fix: return false (keep device identity) when `params.scopes` is non-empty. Also threads `scopes` through `resolveDeviceIdentityForGatewayCall` so the helper can inspect them. --- ## Fix 2 — sessions_yield: await settle promise after timeout File: src/agents/pi-embedded-runner/run/attempt.sessions-yield.ts `waitForSessionsYieldAbortSettle` raced the settle promise against a 2 s timeout and returned immediately on timeout, leaving the session transcript file lock held. The next turn on the same persistent session (e.g. a Google Chat DM) then failed with "file lock stale", triggering a model fallback and surfacing an internal error message to end users. Fix: after logging the timeout warning, await `settlePromise.catch(() => {})` so the file lock is always released before the function returns. --- ## Fix 3 — sessions_yield: strip context message before completion announce File: src/agents/pi-embedded-runner/run/attempt.sessions-yield.ts When a new incoming message aborts an active `sessions_yield`, the `openclaw.sessions_yield` context message (containing "[Context: The previous turn ended intentionally via sessions_yield...]") remains in the session transcript. When a subagent completion announce subsequently re-runs the agent to deliver the result, the agent sees this context message and responds via `sessions_yield` again (a `custom_message`). The announce system does not recognise a `custom_message` as a visible reply and emits: Subagent announce give up: completion agent did not produce a visible reply `stripSessionsYieldArtifacts` already strips the interrupt custom type (`openclaw.sessions_yield_interrupt`) but not the context custom type (`openclaw.sessions_yield`). Fix: strip both types in the in-memory messages loop and in the fileEntries loop. --- Tested on production (Google Chat + Pipedrive sub-agent workflow): - Single sub-agent turn: delivers correctly - Two rapid consecutive messages (second arrives while sub-agent runs): both deliver, no fallback, no stale lock, no scope errors Reported-by: jailbirt <jailbirt@theeye.io>
diff --git a/src/agents/pi-embedded-runner/run/attempt.sessions-yield.ts b/src/agents/pi-embedded-runner/run/attempt.sessions-yield.ts
@@ -40,6 +40,11 @@ export async function waitForSessionsYieldAbortSettle(params: {
     log.warn(
       `sessions_yield abort settle timed out: runId=${params.runId} sessionId=${params.sessionId} timeoutMs=${SESSIONS_YIELD_ABORT_SETTLE_TIMEOUT_MS}`,
     );
+    // Continue waiting for the settle to complete so the session file lock is
+    // released before the next turn starts. Without this, the lock remains
+    // held and the next turn fails with "file lock stale", causing model
+    // fallback and visible error messages in the delivery channel.
+    await params.settlePromise.catch(() => {});
   }
 }
 
@@ -167,6 +172,20 @@ export function stripSessionsYieldArtifacts(activeSession: {
       strippedMessages.pop();
       continue;
     }
+    // Also strip the sessions_yield context message. When a new incoming
+    // message aborts an active sessions_yield, this context marker remains in
+    // the session. If a subagent completion announce then re-runs the agent to
+    // deliver the result, the agent sees the context message, responds via
+    // sessions_yield again (a custom_message), and the announce system
+    // rejects it as "completion agent did not produce a visible reply".
+    if (
+      last?.role === "custom" &&
+      "customType" in last &&
+      last.customType === SESSIONS_YIELD_CONTEXT_CUSTOM_TYPE
+    ) {
+      strippedMessages.pop();
+      continue;
+    }
     break;
   }
   if (strippedMessages.length !== activeSession.messages.length) {
@@ -205,7 +224,9 @@ export function stripSessionsYieldArtifacts(activeSession: {
       last.message?.stopReason === "aborted";
     const isYieldInterruptMessage =
       last.type === "custom_message" && last.customType === SESSIONS_YIELD_INTERRUPT_CUSTOM_TYPE;
-    if (!isYieldAbortAssistant && !isYieldInterruptMessage) {
+    const isYieldContextMessage =
+      last.type === "custom_message" && last.customType === SESSIONS_YIELD_CONTEXT_CUSTOM_TYPE;
+    if (!isYieldAbortAssistant && !isYieldInterruptMessage && !isYieldContextMessage) {
       break;
     }
     fileEntries.pop();
diff --git a/src/gateway/call.ts b/src/gateway/call.ts
@@ -328,10 +328,20 @@ function shouldOmitDeviceIdentityForGatewayCall(params: {
   url: string;
   token?: string;
   password?: string;
+  scopes?: string[];
 }): boolean {
   const mode = params.opts.mode ?? GATEWAY_CLIENT_MODES.CLI;
   const clientName = params.opts.clientName ?? GATEWAY_CLIENT_NAMES.CLI;
   const hasSharedAuth = Boolean(params.token || params.password);
+  // When the call carries explicit operator scopes (e.g. ["operator.write"]),
+  // keep device identity so the gateway can verify them against the paired
+  // device token. Without this, loopback backend calls — such as subagent
+  // completion announce — fail with "missing scope: operator.write" even when
+  // the device has full scopes. Fixes #77807.
+  const requestedScopes = Array.isArray(params.scopes) ? params.scopes : [];
+  if (requestedScopes.length > 0) {
+    return false;
+  }
   return (
     mode === GATEWAY_CLIENT_MODES.BACKEND &&
     clientName === GATEWAY_CLIENT_NAMES.GATEWAY_CLIENT &&
@@ -345,6 +355,7 @@ function resolveDeviceIdentityForGatewayCall(params: {
   url: string;
   token?: string;
   password?: string;
+  scopes?: string[];
 }): ReturnType<typeof loadOrCreateDeviceIdentity> | null {
   if (shouldOmitDeviceIdentityForGatewayCall(params)) {
     return null;
@@ -773,7 +784,7 @@ async function executeGatewayRequestWithScopes<T>(params: {
       scopes,
       deviceIdentity:
         opts.deviceIdentity === undefined
-          ? resolveDeviceIdentityForGatewayCall({ opts, url, token, password })
+          ? resolveDeviceIdentityForGatewayCall({ opts, url, token, password, scopes })
           : opts.deviceIdentity,
       minProtocol: opts.minProtocol ?? MIN_CLIENT_PROTOCOL_VERSION,
       maxProtocol: opts.maxProtocol ?? PROTOCOL_VERSION,
