Main session prompt crash: Cannot read properties of undefined (reading 'length') in compaction token estimation

[DSVinC]

Main session prompt crash: Cannot read properties of undefined (reading 'length')

Date: 2026-04-09
Host: macOS
OpenClaw version: 2026.4.8

Summary

A long-lived main session can become unrecoverable with the error:

Agent failed before reply: Cannot read properties of undefined (reading 'length')

This is not a provider/model error. The crash happens before prompt submission, during pre-prompt compaction token estimation.

Exact stack

Observed via added local diagnostic logging:

TypeError: Cannot read properties of undefined (reading 'length')
    at estimateTokens (file:///Users/vvc/.local/lib/node_modules/openclaw/node_modules/@mariozechner/pi-coding-agent/src/core/compaction/compaction.ts:257:26)
    at file:///Users/vvc/.local/lib/node_modules/openclaw/dist/pi-embedded-CNTNdlGw.js:20243:73
    at Array.reduce (<anonymous>)
    at estimateMessagesTokens (file:///Users/vvc/.local/lib/node_modules/openclaw/dist/pi-embedded-CNTNdlGw.js:20243:42)
    at estimatePrePromptTokens (file:///Users/vvc/.local/lib/node_modules/openclaw/dist/pi-embedded-CNTNdlGw.js:31147:20)
    at shouldPreemptivelyCompactBeforePrompt (file:///Users/vvc/.local/lib/node_modules/openclaw/dist/pi-embedded-CNTNdlGw.js:31151:32)
    at runEmbeddedAttempt (file:///Users/vvc/.local/lib/node_modules/openclaw/dist/pi-embedded-CNTNdlGw.js:32286:35)

Impact

• main session cannot reply at all.
• All fallback models fail the same way because the error occurs before the request reaches the provider.
• Long-lived sessions are affected most often because they pass through preemptive compaction/token estimation on every new turn.

What seems to trigger it

• A long-lived main session with mixed message history:
  • user/assistant messages
  • toolResult messages
  • compaction/summary-related messages
• At least one replayed message block appears to have a shape that is valid enough to survive history loading, but invalid for compaction token estimation.

Root cause

The crash point is in pi-coding-agent compaction token estimation logic. estimateTokens() assumes message block fields always exist:

• assistant.content is iterable
• block.text.length is always safe
• block.thinking.length is always safe
• block.name.length is always safe for tool calls
• toolResult/custom.content is always an array or string

That assumption breaks on malformed or partially-normalized history blocks.

Local evidence from runtime logs

Representative runtime log lines:

embedded_prompt_error_stack
embedded run failover decision: stage=prompt decision=surface_error
lane task error: lane=session:agent:main:main error="TypeError: Cannot read properties of undefined (reading 'length')"
Embedded agent failed before reply: Cannot read properties of undefined (reading 'length')

Local mitigation that restored the session

Two layers were patched locally:

1. Normalize replayed message content before replay sanitization/validation in:
   • dist/pi-embedded-CNTNdlGw.js
2. Add null guards in compaction token estimation in:
   • node_modules/@mariozechner/pi-coding-agent/dist/core/compaction/compaction.js

Specifically, local guards were added for:

• missing/non-array assistant.content
• missing/non-array toolResult/custom.content
• missing block.text
• missing block.thinking
• missing block.name

After patching the compaction estimateTokens() path, the main session recovered.

Suggested upstream fix

In pi-coding-agent compaction token estimation, treat malformed blocks as zero-length instead of throwing.

Minimal expectation:

• return 0 for invalid message objects
• treat missing content as empty
• gate all .length access behind type checks

Why this matters

This is a high-impact session-killer bug because it affects the recovery path itself:

• once a main session contains one malformed block
• every subsequent prompt attempt can fail before provider dispatch
• model fallback cannot help

Notes

This issue was observed on a heavily-used main session, but the underlying bug looks general and could affect any long-running session that accumulates malformed history blocks.

[jokemanfire]

Fix Applied

I've identified and fixed the root cause of this crash in the estimateTokens() function.

Root Cause

The estimateTokens() function in pi-coding-agent compaction module was accessing .length properties without null/undefined checks on:

• assistant.content (may not be an array)
• block.text, block.thinking, block.name (may be undefined)
• message.content for toolResult/custom (may be undefined)
• message.command, message.output for bashExecution (may be undefined)
• message.summary for branchSummary/compactionSummary (may be undefined)

Fix

Added comprehensive null guards throughout the function:

export function estimateTokens(message) {
    let chars = 0;
    // Guard against invalid message objects
    if (!message || typeof message !== 'object') {
        return 0;
    }
    // ... all property accesses now have null checks
}

Key changes:

1. Early return for null/undefined/non-object messages
2. Check Array.isArray(content) before iterating
3. Check block && typeof block === 'object' before accessing block properties
4. Use optional chaining and fallback values: (block.name && typeof block.name === 'string') ? block.name.length : 0
5. Wrap JSON.stringify() in try-catch for toolCall arguments

Testing

Created test file test/compaction-estimateTokens-fix.test.ts with 15 test cases covering:

• Null/undefined messages
• Messages with missing fields
• Malformed blocks
• Valid messages (regression test)

Files Modified

• node_modules/@mariozechner/pi-coding-agent/dist/core/compaction/compaction.js - Fixed estimateTokens()
• patches/zte-feature-patches/pi-coding-agent-compaction-estimateTokens-null-guard.patch - Patch file for persistence
• test/compaction-estimateTokens-fix.test.ts - Test coverage

This fix ensures that malformed history blocks are treated as zero-length instead of crashing, allowing long-running sessions to recover gracefully.

[Artyomkun]

Fixed, closing.

[cygnostik]

Linking a Telegram-specific field report that may be another manifestation of this same reading length / malformed-history / compaction-estimation family: #64053

On a Linux 2026.4.9 host, the error is surfacing repeatedly on a Telegram direct lane as:

TypeError: Cannot read properties of undefined (reading 'length')

The lane partially recovers between failures, which makes it look less fatal than the main-session version here, but it appears to be the same general class of bug: some malformed or partially-normalized history/content shape eventually reaches code that assumes .length is always safe.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 3, 2026, 1:06 AM ET / 05:06 UTC.

Summary
Keep open. Current main appears to have hardened the pre-prompt pressure estimator, but the core compaction estimator still has unchecked .length reads and the open closing PR remains the canonical fix path for the malformed-history crash family.

Reproducibility: yes. by source inspection: a malformed assistant message with missing content, missing block fields, or malformed toolResult/custom content can still throw through estimateTokens when compaction preparation calls estimateContextTokens. I did not run a live damaged-session repro because this review is read-only.

Next step
No new repair lane: the issue is already paired with an open closing PR, so the next step is maintainer review, rebase, landing, or superseding that PR.

Review details

Best possible solution:

Land or supersede the linked guarded-estimator PR so malformed persisted history is normalized or counted safely across both pre-prompt pressure checks and actual compaction preparation.

Do we have a high-confidence way to reproduce the issue?

Yes, by source inspection: a malformed assistant message with missing content, missing block fields, or malformed toolResult/custom content can still throw through estimateTokens when compaction preparation calls estimateContextTokens. I did not run a live damaged-session repro because this review is read-only.

Is this the best way to solve the issue?

Unclear for the open PR because its diff is not available locally through gh, but the best direction is clear: centralize safe malformed-message token estimation instead of leaving guarded one-off estimators plus unsafe shared compaction code.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• Current main has only partial hardening: the pre-prompt estimator is safer, but actual compaction preparation still uses an unchecked shared estimator that can throw on malformed persisted messages.
• The open closing PR is unmerged and reported dirty in the provided context, so the canonical repair path needs maintainer review, rebase, or supersession before this issue can close.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c0c4156b6dc9.

Label changes

Label changes:

• remove clawsweeper:no-new-fix-pr: Current issue advisory state no longer selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.

Label justifications:

• P1: A malformed long-lived session can become unable to reply before provider dispatch, which is an urgent broken agent workflow.
• impact:session-state: The failure is triggered by persisted/replayed session history shapes and blocks recovery for the affected session.
• impact:crash-loop: The same malformed history can make every subsequent prompt attempt fail before provider dispatch.

Evidence reviewed

What I checked:

• Issue evidence: The report includes a stack from estimateTokens through pre-prompt compaction/token estimation and describes malformed assistant/toolResult/summary blocks making a long-lived main session unrecoverable; a later comment links the same reading 'length' failure family to Telegram direct lanes.
• Current unsafe estimator: Current main still dereferences assistant.content, block text/thinking/name, toolResult/custom content, bashExecution command/output, and summary fields without full shape guards in the shared compaction estimator. (packages/agent-core/src/harness/compaction/compaction.ts:245, c0c4156b6dc9)
• Compaction still calls unsafe estimator: estimateContextTokens and prepareCompaction still sum the shared estimateTokens result, so malformed loaded history can still throw during actual compaction preparation even though some diagnostics catch estimator failures. (packages/agent-core/src/harness/compaction/compaction.ts:202, c0c4156b6dc9)
• Partial current-main hardening: The pre-prompt estimator in current main uses local unknown-safe helpers for content blocks and toolResult payloads, so the exact old precheck path has changed but does not prove the broader compaction crash is fixed. (src/agents/embedded-agent-runner/run/preemptive-compaction.ts:79, c0c4156b6dc9)
• Runtime precheck call path: runEmbeddedAttempt now calls the safe pre-prompt estimator before prompt submission, but replay normalization still happens later and compaction recovery can still enter the shared compaction path. (src/agents/embedded-agent-runner/run/attempt.ts:4133, c0c4156b6dc9)
• Linked fix PR remains open: The provided GitHub context shows fix(compaction): guard malformed token estimation #63636 is open, unmerged, and explicitly closes this issue with a guarded estimator repair; the issue should stay open until that PR lands or is superseded.

Likely related people:

• Bryan Tegomoh, MD, MPH: Current blame for the pre-prompt estimator and shared compaction estimator points to commit 00d846daf76732b025beb271535ce45e44201b8d, making this the strongest local current-main routing signal in the shallow checkout. (role: recent area contributor; confidence: medium; commits: 00d846daf767; files: src/agents/embedded-agent-runner/run/preemptive-compaction.ts, packages/agent-core/src/harness/compaction/compaction.ts)
• GaosCode: The linked open PR explicitly closes this issue and targets guarded malformed token estimation, so they are the active follow-up owner for the proposed repair path. (role: open fix PR author; confidence: medium; commits: 107c93966766; files: src/agents/compaction.ts, src/agents/compaction.test.ts, src/agents/embedded-agent-runner/run/preemptive-compaction.test.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep open. Current main still routes pre-prompt compaction token estimation through the pinned upstream estimator without malformed-message guards, replay normalization still happens after the precheck, and PR #63636 remains open with closing syntax for this issue.

Required change / next step:

An open implementation PR already targets this issue with closing syntax, so the next action is maintainer review, landing, or superseding that PR rather than queuing a second automated repair.

Review details

Best possible solution:

Add a shared guarded estimator or normalize all history before any compaction/pre-prompt estimation, then use that path across compaction and preemptive compaction with regression tests for malformed assistant, toolResult/custom, bashExecution, and summary messages.

What I checked:

• Current estimator path still calls upstream directly: estimateMessagesTokens() strips runtime/tool-result details, then reduces through estimateTokens(message) from @mariozechner/pi-coding-agent with no local malformed-message guard. (src/agents/compaction.ts:104, acae48b790fa)
• Pre-prompt check still uses the same unsafe estimation path: estimatePrePromptTokens() calls estimateMessagesTokens(messages) for active history and imports upstream estimateTokens directly for synthetic system/user messages. (src/agents/pi-embedded-runner/run/preemptive-compaction.ts:19, acae48b790fa)
• Replay normalization runs after the precheck: runEmbeddedAttempt() invokes shouldPreemptivelyCompactBeforePrompt() on activeSession.messages before normalizeAssistantReplayContent(activeSession.messages), so malformed active history can reach estimation first. (src/agents/pi-embedded-runner/run/attempt.ts:2653, acae48b790fa)
• Pinned dependency still has unsafe length reads: package.json pins @mariozechner/pi-coding-agent to 0.70.5, and the published 0.70.5 estimateTokens() still iterates assistant.content and reads fields such as block.text.length, block.thinking.length, block.name.length, message.command.length, message.output.length, and message.summary.length without null guards. (package.json:1610, acae48b790fa)
• Open implementation PR is still pending: The GitHub API shows PR fix(compaction): guard malformed token estimation #63636 is open, unmerged, not draft, and its body contains closing syntax for this issue plus the intended guarded-estimator fix.

Likely related people:

• steipete: Recent current-main history shows repeated maintenance around compaction, replay normalization, token snapshots, and embedded runner flow near the affected paths. (role: recent maintainer; confidence: high; commits: 11e6928b3edc, f3e8a8a3195a, c5c08c074a44; files: src/agents/compaction.ts, src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/replay-history.ts)
• Takhoffman: Relevant history includes restoring/refining the reserve-based overflow precheck and later tightening context limits around the preemptive compaction route that calls token estimation. (role: precheck routing maintainer; confidence: medium; commits: 3e2a05f4251f, 66daafccae09, 4f00b769251d; files: src/agents/pi-embedded-runner/run/preemptive-compaction.ts)
• fuller-stack-dev: Recent merged work normalized malformed assistant replay content and hardened replay normalization guards, which is adjacent because current normalization does not run before the reported precheck path. (role: adjacent replay-normalization owner; confidence: medium; commits: 3105597f8f1b, f58dd0f9b6ae; files: src/agents/pi-embedded-runner/replay-history.ts)

Remaining risk / open question:

• No sanitized damaged main-session transcript is available in the repository, so the exact user session was not replayed end to end; source inspection still shows the unsafe pre-provider path remains.
• The open fix PR changes token-estimation behavior for malformed inputs; maintainers should confirm valid-message estimates continue to use upstream behavior or remain close enough for compaction routing.

Codex review notes: model gpt-5.5, reasoning high; reviewed against acae48b790fa.