openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/.generated/config-baseline.sha256‎
Lines changed: 2 additions & 2 deletions b/‎docs/.generated/config-baseline.sha256‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/reference/session-management-compaction.md‎
Lines changed: 5 additions & 1 deletion b/‎docs/reference/session-management-compaction.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎extensions/codex/src/app-server/transcript-mirror.ts‎
Lines changed: 2 additions & 2 deletions b/‎extensions/codex/src/app-server/transcript-mirror.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/agents/command/attempt-execution.ts‎
Lines changed: 2 additions & 5 deletions b/‎src/agents/command/attempt-execution.ts‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎src/agents/pi-embedded-runner/compact.hooks.harness.ts‎
Lines changed: 5 additions & 0 deletions b/‎src/agents/pi-embedded-runner/compact.hooks.harness.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/agents/pi-embedded-runner/compact.ts‎
Lines changed: 5 additions & 4 deletions b/‎src/agents/pi-embedded-runner/compact.ts‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎src/agents/pi-embedded-runner/context-engine-maintenance.test.ts‎
Lines changed: 107 additions & 0 deletions b/‎src/agents/pi-embedded-runner/context-engine-maintenance.test.ts‎
Lines changed: 107 additions & 0 deletions
diff --git a/‎src/agents/pi-embedded-runner/context-engine-maintenance.ts‎
Lines changed: 17 additions & 4 deletions b/‎src/agents/pi-embedded-runner/context-engine-maintenance.ts‎
Lines changed: 17 additions & 4 deletions
@@ -227,6 +227,7 @@ Docs: https://docs.openclaw.ai
 - Update/installers: override npm `min-release-age` quarantine for OpenClaw-managed package installs, so `openclaw update`, plugin updates, and hosted installer scripts can install the requested latest release immediately.
 - Agents/sessions: preserve fresh post-compaction token snapshots across stale usage updates, preventing repeated auto-compaction after every message. Fixes #82576. (#82578) Thanks @njuboy11.
 - Agents/replies: preserve active inbound reply context at the LLM boundary so Discord referenced-message turns do not answer from stale session history. Fixes #82608. (#82801) Thanks @joshavant.
+- Agents/sessions: expose session transcript lock stale and max-hold tuning, and release the embedded run's coarse transcript lock before model I/O while locking persistence and cleanup separately. Fixes #13744. Thanks @amknight.
 - Agents/OpenAI Responses: log redacted diagnostics for detail-less `response.failed` events while preserving failed response ids, so operators can correlate provider-side failures. Fixes #82558.
 - Agents/OpenRouter: strip non-replayable Anthropic/xAI reasoning provenance tags from follow-up requests, preventing poisoned thinking signatures from breaking second turns. Fixes #82335. (#82380) Thanks @hclsys.
 - Providers/xAI: send configurable reasoning effort only for Grok 4.3, preserving xAI's default low reasoning while omitting unsupported controls for Grok 4.20 reasoning models. (#81227) Thanks @jason-allen-oneal.
 
@@ -1,4 +1,4 @@
-1a4ff6c148f4c28eb2c07c77025c6ba13ed9f56d23bbb221fc6dd83781fda671  config-baseline.json
-a2663c4aed132ae968e8e6ef84566d22063143f8b093e839e1063393135842f5  config-baseline.core.json
+4b52f0bff12148f4695150a45c91d4b9bda2d1bfbc1162a79a2bb2cf62c3c1eb  config-baseline.json
+73e11d9d5c5b27d8d075202f59b9f19537ded361ea761ed0aef78dc9446bc82f  config-baseline.core.json
 fe4f1cb00d7d1dee9746779ec3cf14236e5f672c91502268a12ad6e467a2c4ad  config-baseline.channel.json
 e9049ce0154f484f44bb0ac174a44198269256044da5ba62a6e107e78bfd7a70  config-baseline.plugin.json
@@ -97,7 +97,11 @@ OpenClaw no longer creates automatic `sessions.json.bak.*` rotation backups duri
 Transcript mutations use a session write lock on the transcript file. Lock acquisition waits up to
 `session.writeLock.acquireTimeoutMs` before surfacing a busy-session error; the default is `60000`
 ms. Raise this only when legitimate prep, cleanup, compaction, or transcript mirror work contends
-longer on slow machines. Stale-lock detection and maximum hold warnings remain separate policies.
+longer on slow machines. `session.writeLock.staleMs` controls when an existing lock can be
+reclaimed as stale; the default is `1800000` ms. `session.writeLock.maxHoldMs` controls the
+in-process watchdog release threshold; the default is `300000` ms. Emergency env overrides are
+`OPENCLAW_SESSION_WRITE_LOCK_ACQUIRE_TIMEOUT_MS`, `OPENCLAW_SESSION_WRITE_LOCK_STALE_MS`, and
+`OPENCLAW_SESSION_WRITE_LOCK_MAX_HOLD_MS`.
 
 Enforcement order for disk budget cleanup (`mode: "enforce"`):
 
 
@@ -4,7 +4,7 @@ import {
   acquireSessionWriteLock,
   appendSessionTranscriptMessage,
   emitSessionTranscriptUpdate,
-  resolveSessionWriteLockAcquireTimeoutMs,
+  resolveSessionWriteLockOptions,
   runAgentHarnessBeforeMessageWriteHook,
   type AgentMessage,
   type EmbeddedRunAttemptParams,
@@ -128,7 +128,7 @@ export async function mirrorCodexAppServerTranscript(params: {
 
   const lock = await acquireSessionWriteLock({
     sessionFile: params.sessionFile,
-    timeoutMs: resolveSessionWriteLockAcquireTimeoutMs(params.config),
+    ...resolveSessionWriteLockOptions(params.config),
   });
   try {
     const existingIdempotencyKeys = await readTranscriptIdempotencyKeys(params.sessionFile);
 
@@ -30,10 +30,7 @@ import { isCliProvider } from "../model-selection.js";
 import { resolveOpenAIRuntimeProviderForPi } from "../openai-codex-routing.js";
 import { runEmbeddedPiAgent, type EmbeddedPiRunResult } from "../pi-embedded.js";
 import { buildAgentRuntimeAuthPlan } from "../runtime-plan/auth.js";
-import {
-  acquireSessionWriteLock,
-  resolveSessionWriteLockAcquireTimeoutMs,
-} from "../session-write-lock.js";
+import { acquireSessionWriteLock, resolveSessionWriteLockOptions } from "../session-write-lock.js";
 import { buildWorkspaceSkillSnapshot } from "../skills.js";
 import { buildUsageWithNoCost } from "../stream-message-shared.js";
 import {
@@ -228,7 +225,7 @@ async function persistTextTurnTranscript(
   });
   const lock = await acquireSessionWriteLock({
     sessionFile,
-    timeoutMs: resolveSessionWriteLockAcquireTimeoutMs(params.config),
+    ...resolveSessionWriteLockOptions(params.config),
     allowReentrant: true,
   });
   try {
 
@@ -461,6 +461,11 @@ export async function loadCompactHooksHarness(): Promise<{
     acquireSessionWriteLock: vi.fn(async () => ({ release: vi.fn(async () => {}) })),
     resolveSessionLockMaxHoldFromTimeout: vi.fn(() => 0),
     resolveSessionWriteLockAcquireTimeoutMs: vi.fn(() => 60_000),
+    resolveSessionWriteLockOptions: vi.fn(() => ({
+      timeoutMs: 60_000,
+      staleMs: 1_800_000,
+      maxHoldMs: 300_000,
+    })),
   }));
 
   vi.doMock("../../context-engine/init.js", () => ({
 
@@ -99,7 +99,7 @@ import { sanitizeToolUseResultPairing } from "../session-transcript-repair.js";
 import {
   acquireSessionWriteLock,
   resolveSessionLockMaxHoldFromTimeout,
-  resolveSessionWriteLockAcquireTimeoutMs,
+  resolveSessionWriteLockOptions,
 } from "../session-write-lock.js";
 import { detectRuntimeShell } from "../shell-utils.js";
 import {
@@ -956,9 +956,10 @@ async function compactEmbeddedPiSessionDirectOnce(
     const compactionTimeoutMs = resolveCompactionTimeoutMs(params.config);
     const sessionLock = await acquireSessionWriteLock({
       sessionFile: params.sessionFile,
-      timeoutMs: resolveSessionWriteLockAcquireTimeoutMs(params.config),
-      maxHoldMs: resolveSessionLockMaxHoldFromTimeout({
-        timeoutMs: compactionTimeoutMs,
+      ...resolveSessionWriteLockOptions(params.config, {
+        maxHoldMsFallback: resolveSessionLockMaxHoldFromTimeout({
+          timeoutMs: compactionTimeoutMs,
+        }),
       }),
     });
     try {
 
@@ -182,6 +182,50 @@ describe("buildContextEngineMaintenanceRuntimeContext", () => {
     expect(rewriteTranscriptEntriesInSessionFileMock).not.toHaveBeenCalled();
   });
 
+  it("wraps active session manager rewrites in the supplied lock", async () => {
+    const events: string[] = [];
+    const sessionManager = { appendMessage: vi.fn() } as unknown as Parameters<
+      typeof buildContextEngineMaintenanceRuntimeContext
+    >[0]["sessionManager"];
+    rewriteTranscriptEntriesInSessionManagerMock.mockImplementationOnce((_params?: unknown) => {
+      events.push("rewrite");
+      return {
+        changed: true,
+        bytesFreed: 77,
+        rewrittenEntries: 1,
+      };
+    });
+    const runtimeContext = buildContextEngineMaintenanceRuntimeContext({
+      sessionId: "session-1",
+      sessionKey: "agent:main:session-1",
+      sessionFile: "/tmp/session.jsonl",
+      sessionManager,
+      withSessionManagerRewriteLock: async (operation) => {
+        events.push("lock-start");
+        try {
+          return await operation();
+        } finally {
+          events.push("lock-end");
+        }
+      },
+    });
+
+    await runtimeContext.rewriteTranscriptEntries?.({
+      replacements: [
+        { entryId: "entry-1", message: { role: "user", content: "hi", timestamp: 1 } },
+      ],
+    });
+
+    expect(events).toEqual(["lock-start", "rewrite", "lock-end"]);
+    expect(rewriteTranscriptEntriesInSessionManagerMock).toHaveBeenCalledWith({
+      sessionManager,
+      replacements: [
+        { entryId: "entry-1", message: { role: "user", content: "hi", timestamp: 1 } },
+      ],
+    });
+    expect(rewriteTranscriptEntriesInSessionFileMock).not.toHaveBeenCalled();
+  });
+
   it("defers file rewrites onto the session lane when requested", async () => {
     vi.useFakeTimers();
     try {
@@ -419,6 +463,69 @@ describe("runContextEngineMaintenance", () => {
     });
   });
 
+  it("locks foreground maintenance rewrites that use the active session manager", async () => {
+    const events: string[] = [];
+    const maintain = vi.fn(async (params?: unknown) => {
+      events.push("maintain-start");
+      await (
+        params as { runtimeContext?: ContextEngineRuntimeContext } | undefined
+      )?.runtimeContext?.rewriteTranscriptEntries?.({
+        replacements: [
+          { entryId: "entry-1", message: { role: "user", content: "hi", timestamp: 1 } },
+        ],
+      });
+      events.push("maintain-end");
+      return {
+        changed: false,
+        bytesFreed: 0,
+        rewrittenEntries: 0,
+      };
+    });
+    const sessionManager = { appendMessage: vi.fn() } as unknown as Parameters<
+      typeof buildContextEngineMaintenanceRuntimeContext
+    >[0]["sessionManager"];
+    rewriteTranscriptEntriesInSessionManagerMock.mockImplementationOnce((_params?: unknown) => {
+      events.push("rewrite");
+      return {
+        changed: true,
+        bytesFreed: 77,
+        rewrittenEntries: 1,
+      };
+    });
+
+    await runContextEngineMaintenance({
+      contextEngine: {
+        info: { id: "test", name: "Test Engine" },
+        ingest: async () => ({ ingested: true }),
+        assemble: async ({ messages }) => ({ messages, estimatedTokens: 0 }),
+        compact: async () => ({ ok: true, compacted: false }),
+        maintain,
+      },
+      sessionId: "session-foreground-manager-rewrite",
+      sessionKey: "agent:main:session-foreground-manager-rewrite",
+      sessionFile: "/tmp/session-foreground-manager-rewrite.jsonl",
+      reason: "turn",
+      sessionManager,
+      withSessionManagerRewriteLock: async (operation) => {
+        events.push("lock-start");
+        try {
+          return await operation();
+        } finally {
+          events.push("lock-end");
+        }
+      },
+    });
+
+    expect(events).toEqual(["maintain-start", "lock-start", "rewrite", "lock-end", "maintain-end"]);
+    expect(rewriteTranscriptEntriesInSessionManagerMock).toHaveBeenCalledWith({
+      sessionManager,
+      replacements: [
+        { entryId: "entry-1", message: { role: "user", content: "hi", timestamp: 1 } },
+      ],
+    });
+    expect(rewriteTranscriptEntriesInSessionFileMock).not.toHaveBeenCalled();
+  });
+
   it("defers turn maintenance to a hidden background task when enabled", async () => {
     await withStateDirEnv("openclaw-turn-maintenance-", async () => {
       vi.useFakeTimers();
 
@@ -60,6 +60,8 @@ type DeferredTurnMaintenanceRunState = {
 
 const activeDeferredTurnMaintenanceRuns = new Map<string, DeferredTurnMaintenanceRunState>();
 
+type SessionManagerRewriteLock = <T>(operation: () => Promise<T> | T) => Promise<T>;
+
 type DeferredTurnMaintenanceSignal = "SIGINT" | "SIGTERM";
 type DeferredTurnMaintenanceProcessLike = Pick<NodeJS.Process, "on" | "off"> &
   Partial<Pick<NodeJS.Process, "listenerCount" | "kill" | "pid">> & {
@@ -277,6 +279,7 @@ export function buildContextEngineMaintenanceRuntimeContext(params: {
   sessionKey?: string;
   sessionFile: string;
   sessionManager?: Parameters<typeof rewriteTranscriptEntriesInSessionManager>[0]["sessionManager"];
+  withSessionManagerRewriteLock?: SessionManagerRewriteLock;
   runtimeContext?: ContextEngineRuntimeContext;
   agentId?: string;
   allowDeferredCompactionExecution?: boolean;
@@ -297,10 +300,15 @@ export function buildContextEngineMaintenanceRuntimeContext(params: {
     ...(params.allowDeferredCompactionExecution ? { allowDeferredCompactionExecution: true } : {}),
     rewriteTranscriptEntries: async (request) => {
       if (params.sessionManager) {
-        return rewriteTranscriptEntriesInSessionManager({
-          sessionManager: params.sessionManager,
-          replacements: request.replacements,
-        });
+        const sessionManager = params.sessionManager;
+        const rewriteSessionManagerEntries = () =>
+          rewriteTranscriptEntriesInSessionManager({
+            sessionManager,
+            replacements: request.replacements,
+          });
+        return params.withSessionManagerRewriteLock
+          ? await params.withSessionManagerRewriteLock(rewriteSessionManagerEntries)
+          : rewriteSessionManagerEntries();
       }
       const rewriteTranscriptEntriesInFile = async () =>
         await rewriteTranscriptEntriesInSessionFile({
@@ -329,6 +337,7 @@ async function executeContextEngineMaintenance(params: {
   sessionFile: string;
   reason: "bootstrap" | "compaction" | "turn";
   sessionManager?: Parameters<typeof rewriteTranscriptEntriesInSessionManager>[0]["sessionManager"];
+  withSessionManagerRewriteLock?: SessionManagerRewriteLock;
   runtimeContext?: ContextEngineRuntimeContext;
   agentId?: string;
   executionMode: "foreground" | "background";
@@ -346,6 +355,8 @@ async function executeContextEngineMaintenance(params: {
       sessionKey: params.sessionKey,
       sessionFile: params.sessionFile,
       sessionManager: params.executionMode === "background" ? undefined : params.sessionManager,
+      withSessionManagerRewriteLock:
+        params.executionMode === "background" ? undefined : params.withSessionManagerRewriteLock,
       runtimeContext: params.runtimeContext,
       agentId: params.agentId,
       allowDeferredCompactionExecution: params.executionMode === "background",
@@ -636,6 +647,7 @@ export async function runContextEngineMaintenance(params: {
   sessionFile: string;
   reason: "bootstrap" | "compaction" | "turn";
   sessionManager?: Parameters<typeof rewriteTranscriptEntriesInSessionManager>[0]["sessionManager"];
+  withSessionManagerRewriteLock?: SessionManagerRewriteLock;
   runtimeContext?: ContextEngineRuntimeContext;
   agentId?: string;
   executionMode?: "foreground" | "background";
@@ -681,6 +693,7 @@ export async function runContextEngineMaintenance(params: {
       sessionFile: params.sessionFile,
       reason: params.reason,
       sessionManager: params.sessionManager,
+      withSessionManagerRewriteLock: params.withSessionManagerRewriteLock,
       runtimeContext: params.runtimeContext,
       agentId: params.agentId,
       executionMode,