[Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript

[Ncross97]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Two related but distinct bugs were found by inspecting the compiled TUI bundle (dist/tui-Da-djW_y.js) and the strip-inbound-meta module.

Bug 1 — TUI Display Layer: Command envelopes rendered to operator

Component: src/tui/tui-event-handlers.ts

Describe the bug

When a chat event with message.command === true arrives (e.g. async exec completion notices, gateway system messages), the TUI passes the full text to chatLog.addSystem() without any filtering. This causes internal agent-facing text to render visibly in the operator's terminal.

Root cause

extractTextFromMessage() calls stripLeadingInboundMetadata() only when record.role === "user". Command messages carry no role, so they bypass stripping entirely.

Affected call sites

Approximate compiled bundle locations:

• handleChatEvent() → isCommandMessage branch (~line 2652)
• loadHistory() → command message branch (~line 3022)

Expected behavior

Command/system messages intended for agent context should not render as raw text in the operator's TUI view. They should either be suppressed or collapsed to a compact operator summary such as:

[exec completed: code 0]

### Steps to reproduce

1. Run OpenClaw 2026.4.1 with a gateway on WSL2/Linux and use the TUI client on Windows.
2. Start a session where the agent requests an exec approval.
3. Approve the exec and let it complete asynchronously.
4. Observe the TUI output after completion.
5. Repeat with multiple approvals, including stale/timed-out ones if possible.
6. Check both:
   - what is rendered in the TUI
   - what is injected back into the agent transcript after exec completion

### Expected behavior

1. Internal command/system envelopes should not render raw in the operator TUI.
2. Async exec completions should appear either suppressed or as a short operator-friendly summary, such as:
   [exec completed: code 0]
3. Agent-facing async completion events should be injected into context in a compact format containing only the essentials:
   - short id
   - exit code
   - truncated output
4. Redundant behavioral instructions such as “Do not run the command again” and “Only ask the user for help if you are actually blocked” should not be injected on every async completion event.

### Actual behavior

1. The TUI renders raw internal command/system envelope text, including async completion wrappers.
2. The agent receives verbose async completion messages in its working context, including repeated behavioral instructions.
3. These messages consume unnecessary context tokens and can create focus noise, especially when several async completions arrive in sequence or when stale/timed-out approvals complete later.
4. In practice, the operator sees internal wrapper text in the terminal, and the agent must process the full verbose completion envelope instead of a compact result summary.

### OpenClaw version

2026.4.1

### Operating system

Gateway: WSL2 / Linux Client: Windows

### Install method

_No response_

### Model

Claude Sonnet 4.6

### Provider / routing chain

Claude CLI / Anthropic via OpenClaw gateway Channels used during testing: TUI and Telegram

### Additional provider/model setup details

_No response_

### Logs, screenshots, and evidence

```shell

Impact and severity

Severity: Medium for TUI display bug, High for gateway/session transcript injection bug.

Impact:

1. TUI display-layer issue — Medium

• Internal command/system envelopes are rendered directly to the operator.
• This creates noisy, confusing terminal output and exposes agent-facing internal wrapper text that should not be shown raw.
• It is primarily a UX/operator-clarity problem.

2. Gateway/session transcript injection issue — High

• Every async exec completion injects a verbose human-readable wrapper into the agent’s working context.
• This adds roughly 150–300 unnecessary tokens per completion event.
• Repeated or stale async completions can accumulate quickly and dilute working context.
• The injected text includes redundant behavioral instructions that overlap with the system prompt.
• This can reduce model focus, waste context budget, and increase the chance of off-track responses or unnecessary acknowledgments.

Overall:

• The display bug is cosmetic but disruptive.
• The transcript injection bug affects model quality and context efficiency and is the more serious issue.

Additional information

This appears to involve two related issues:

1. TUI display-layer bug:
   command-type messages bypass metadata stripping and render raw to the operator.

2. Gateway/session transcript formatting bug:
   async exec completion events are injected into agent context as verbose human-readable envelopes instead of compact structured summaries.

The TUI issue is cosmetic/UX-facing.
The transcript injection issue affects model focus and token usage.

[Ncross97]

This was user caused in code.

[clawsweeper]

Closing this as duplicate or superseded after Codex automated review.

Close #59871 as superseded by #69492. The TUI display-layer half is already fixed on current main via #59985, while the remaining async/system-event transcript injection problem is now tracked by the broader open canonical #69492.

What I checked:

• TUI command-message metadata stripping exists on main: extractTextFromMessage now strips leading inbound metadata when record.role is user or record.command is true, addressing the TUI display-layer leak reported in [Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript #59871. (src/tui/tui-formatters.ts:353, b64bfc5d9abf)
• Regression coverage for [Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript #59871 TUI slice: The TUI formatter test includes an explicit '[Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript #59871' case proving command messages with inbound metadata render only the actual command notice text. (src/tui/tui-formatters.test.ts:142, b64bfc5d9abf)
• Changelog records shipped TUI fix: Current changelog credits fix(tui): strip inbound metadata from command messages before rendering (#59871) #59985 for stripping raw envelope metadata from async command notices; latest provided release is v2026.4.24, but this review is closing as superseded rather than fully implemented. (CHANGELOG.md:1567, b64bfc5d9abf)
• Remaining transcript-injection behavior is still broader system-event work: Current main still has verbose async exec follow-up prompt text such as 'Do not run the command again' and 'Only ask the user for help if you are actually blocked', matching the remaining half of [Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript #59871 rather than proving it fully fixed. (src/agents/bash-tools.exec-approval-followup.ts:57, b64bfc5d9abf)
• Canonical open tracker exists for remaining system-event leakage: Provided GitHub context for system-event-shape consumer-path leakage; propose per-event audience classification #69492 explicitly lists [Bug]: [Bug] TUI renders internal command envelopes to operator; async completion events inject verbose agent instructions into session transcript #59871 under direct system-event-shape reports and scopes the remaining work to per-event audience classification / consumer-path filtering across surfaces.

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against b64bfc5d9abf.