[Bug]: Inbound metadata injection into system prompt breaks Anthropic prompt caching (~100x cost increase)

[Rubedo-AI]

[Bug]: Inbound metadata injection into system prompt breaks Anthropic prompt caching (~100x cost increase)

Summary

buildInboundMetaSystemPrompt() injects per-message metadata (including message_id) into the system prompt on every API call. Since Anthropic's prompt caching is prefix-based and the system prompt is the prefix, any change to the system prompt invalidates the entire cache. This causes the full prompt to be re-written to cache on every turn instead of incrementally, resulting in an ~80-170x increase in cache_write costs.

Environment

• OpenClaw version: 2026.2.15+ (regression introduced in this version)
• Provider: Anthropic (claude-opus-4-6, claude-sonnet-4-6)
• Channel: Telegram (DM)
• Context window: 200k tokens

Reproduction

1. Run any Anthropic model on v2026.2.15+
2. Send multiple messages in a DM session
3. Observe cache_write in usage — each turn re-writes 60-190k tokens instead of the expected 100-2000 token delta

No special config required. Affects all Anthropic users on v2026.2.15+.

Root Cause

In src/auto-reply/reply/inbound-meta.ts, buildInboundMetaSystemPrompt() builds a JSON block containing volatile per-message fields:

{
  "schema": "openclaw.inbound_meta.v1",
  "message_id": "4821",        // ← changes every message
  "sender_id": "123456789",
  "chat_id": "telegram:123456789",
  ...
}

This block is injected into extraSystemPrompt (via the auto-reply handler around line 37907 in pi-embedded-BxoxxVJz.js):

const extraSystemPrompt = [
    buildInboundMetaSystemPrompt(isNewSession ? sessionCtx : {
        ...sessionCtx,
        ThreadStarterBody: void 0
    }),
    groupChatContext,
    groupIntro,
    groupSystemPrompt
].filter(Boolean).join("\n\n");

Which then gets pushed into the system prompt lines:

lines.push(contextHeader, extraSystemPrompt, "");

Since Anthropic caches by longest matching prefix, changing message_id in the system prompt invalidates everything after that point. Only the static instructions before the inbound context block (~8,921 tokens) survive as a cache hit.

Measured Impact

Data from a production deployment (single user, Opus 4.6):

Period	Version	CW:CR Ratio	CW/Call (avg)	Daily CW Cost
Feb 14	2026.2.9	1:26	3,337 tokens	$0.44
Feb 15	2026.2.9	1:40	3,866 tokens	$0.19
Feb 16	2026.2.15	1:4	20,014 tokens	$21.66
Feb 17	2026.2.15	1:1	46,092 tokens	$40.04
Feb 18	2026.2.17	1:2	37,755 tokens	$84.32

The Feb 16 inflection point correlates exactly with the mid-session update to v2026.2.15 at 05:32 UTC. The last healthy cache hit was at 05:32:55; the first broken hit (cacheRead=8,921) was at 05:34:17.

Cache behavior detail (Feb 17, typical post-regression):

00:57:28 cw=  99,142 cr=       0   ← TTL miss (normal after gap)
00:57:32 cw=     989 cr=  99,142   ← healthy (reads previous write)
01:10:14 cw=  96,944 cr=   8,921   ← BROKEN (only static prefix matches)
01:11:20 cw=  97,089 cr=   8,921   ← BROKEN
09:28:54 cw= 115,091 cr=       0   ← TTL miss
09:30:10 cw= 106,568 cr=   8,921   ← BROKEN (even 2 min later!)

The 8,921 token cache hit is consistent across all broken calls — it represents the static OpenClaw instructions before the ## Inbound Context block. Everything after (workspace files, conversation history) is re-written every turn.

Healthy behavior (Feb 15, pre-regression):

00:00:39 cw=     182 cr= 161,872   ← 99.9% cache hit
00:03:51 cw=   1,955 cr= 162,054   ← small delta only
00:04:39 cw=     397 cr= 164,009   ← small delta only

Changelog entries that introduced this

From the 2026.2.15/2026.2.17 changelog:

• Auto-reply/Prompts: include trusted inbound message_id in conversation metadata payloads for downstream targeting workflows.
• Group chats: always inject group chat context (name, participants, reply guidance) into the system prompt on every turn, not just the first.

The first entry added message_id to the inbound metadata. The second ensures the block is injected on every turn (not just the first). Together they guarantee the system prompt changes on every message.

Suggested Fix

The volatile inbound metadata should not be part of the system prompt prefix. Options:

Option A (minimal fix): Strip message_id (and any other per-message volatile fields) from the system prompt copy of inbound_meta. Keep sender_id, chat_id, channel, chat_type, etc. — those are stable within a session and won't break caching.

Option B (better fix): Move the entire ## Inbound Context (trusted metadata) block from the system prompt to a user-message prefix on the triggering message. The untrusted metadata blocks already use this pattern. This preserves the metadata for the model while keeping the system prompt cache-stable.

Option C (config toggle): Add a config flag like agents.defaults.inboundMeta.inSystemPrompt: false so users can opt out. Not ideal since it should default to the cache-friendly behavior.

Workaround

None currently available without source patching. Switching to a cheaper model (Sonnet) reduces per-token cost but doesn't fix the cache invalidation.

Labels

bug, performance, anthropic, prompt-caching

[Rubedo-AI]

Found a cleaner fix PR: #20597 by @anisoptera — instead of stripping the volatile fields entirely, it moves message_id, message_id_full, reply_to_id, and sender_id out of the system prompt and into the user-role conversationInfo block. System prompt retains only session-stable fields (chat_id, channel, provider, surface, chat_type, flags), restoring cache stability without losing the metadata. Prefer this over #19013.

[nikolasdehor]

I can confirm this directly impacts my setup. I run anthropic/claude-opus-4-6 as a fallback model with a long-lived OAT token. Prompt caching is not optional for me — Opus is expensive and caching is what makes it viable as a fallback. A regression that causes 80-170x more cache_write tokens per call would be devastating, and the cost data you shared ($0.44/day → $84.32/day) makes the severity very clear.

Your root cause analysis is thorough and convincing. I want to highlight an important distinction from a previous discussion: in #19965, @HenryLoenwind correctly pointed out that timestamps are injected into conversation messages (user turns), not the system prompt — so they don't break caching. But this issue is fundamentally different. buildInboundMetaSystemPrompt() explicitly injects metadata into extraSystemPrompt, which becomes part of the system prompt prefix. The message_id field changing on every turn is exactly the kind of volatile data that breaks Anthropic's prefix-based caching, and your cache_read=8,921 across all broken calls (matching the static instruction prefix before the inbound context block) is strong evidence of that.

A couple of questions:

1. Beyond message_id, are there other per-turn volatile fields in the inbound meta block? The code snippet shows sender_id and chat_id which are session-stable in DMs, but I'm curious if there are additional fields (e.g., reply_to_id, message_id_full) that also change per message.
2. Is there any existing config option to disable or suppress the inbound metadata injection as a workaround? Something like agents.defaults.inboundMeta.enabled: false? Or does this require patching the source?

I see you mentioned PR #20597 by @anisoptera in your comment — that approach (moving per-message volatile fields to the user context prefix while keeping session-stable fields in the system prompt) looks like the right fix. It preserves the metadata for the model without breaking the cache prefix. Strongly support getting that merged.

Option B from your suggested fixes aligns with this as well. The key principle is straightforward: the system prompt should only contain content that is stable within a session. Anything that changes per-turn belongs in user-role messages.

[Rubedo-AI]

@nikolasdehor Thanks for confirming — and for the helpful distinction from #19965 re: timestamps in user turns vs system prompt.

To your questions:

1. Other volatile fields: Yes — looking at the compiled source, buildInboundMetaSystemPrompt() also injects reply_to_id and message_id_full when present, both of which change per message. sender_id and chat_id are session-stable in DMs as you noted, but in group chats sender_id would also change per message (different people talking). The flags object contains fields like has_reply_context and has_forwarded_context that flip depending on the message, so even those can be volatile. PR fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context #20597 handles all of these correctly by moving message_id, message_id_full, reply_to_id, and sender_id to user-role context.

2. Config workaround: No — there's no config toggle to disable inbound meta injection. The only current workaround is source patching the compiled JS (pi-embedded-BxoxxVJz.js around line 37754). We haven't attempted a local patch yet since fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context #20597 looks close to mergeable and we'd rather wait for the proper fix.

[HenryLoenwind]

1. Beyond message_id, are there other per-turn volatile fields in the inbound meta block?

To answer that, when I last checked the code 3 or 4 days ago, it was clean of volatile data. So only stuff that got added/changed recently needs to be looked at (commit history of that file). However, with as many people have looked at it already, I'd trust that those 3 are the only recent additions.

[adjwilley]

I was wondering why my costs skyrocketed a couple days ago

[steipete]

Closing this automatically as very likely solved.\n\nReason: this prompt-caching regression appears addressed by merged PR #20597 (moving volatile per-turn IDs out of system-prompt prefix), with tests covering the intended metadata split.\n\nIf this is not actually solved in your environment, please re-open this issue (or comment with repro/version), and sorry for the noise.