Bug: reopen can leave unresolved tail tool calls and relies on local transcript compensation

[glfruit]

Summary

When an OpenClaw run is interrupted after persisting an assistant message with toolCall blocks but before all matching toolResult messages are written, reopening the session can leave unresolved tail tool calls in transcript history.

In the same family of failures, persisted orphan user turns on reopen should be preserved explicitly rather than silently rewound.

Why this matters

This is a runtime/session-transcript integrity issue, not a plugin issue.

The affected seams are around:

• session transcript persistence
• reopen/startup transcript reconciliation
• toolCall/toolResult pairing at the tail of history
• interrupted-run recovery semantics

User-visible impact:

• dangling tail toolCalls remain in transcript history
• reopen behavior depends on local repair behavior instead of explicit first-party source truth
• interrupted sessions can produce confusing repaired history unless compensation is deterministic and append-only

Repro shape

A minimal broken tail looks like one of these:

1. assistant tool call with no trailing tool result

{ "role": "assistant", "content": [{ "type": "toolCall", "id": "tc_1", "name": "read" }], "stopReason": "tool_use" }

2. assistant tool calls with only partial trailing tool results

{ "role": "assistant", "content": [
  { "type": "toolCall", "id": "tc_1", "name": "exec" },
  { "type": "toolCall", "id": "tc_2", "name": "read" }
]}
{ "role": "toolResult", "toolCallId": "tc_1", "toolName": "exec", ... }

3. persisted orphan user tail

{ "role": "user", "content": [{ "type": "text", "text": "please continue" }] }

followed by process interruption before any next assistant turn is persisted.

Expected behavior

On reopen/startup, the runtime should:

• preserve existing transcript rows
• append explicit synthetic recovery rows only at the tail
• append synthetic error toolResult rows for unresolved tail tool calls
• append one explicit assistant recovery marker for a persisted orphan-user tail
• be idempotent on repeated reopen
• never re-execute tools during repair
• never silently rewind or delete prior transcript rows

Safe compensation strategy

The bounded first slice that worked well locally is:

• repair unresolved tail-only tool calls before prompt build
• then run orphan-user preservation logic
• use append-only synthetic recovery rows
• log structured repair telemetry
• do nothing for already-healthy transcripts

Validation performed locally

I validated this behavior in a local installed-package environment with targeted executable regressions covering:

• orphan-user replay marker append
• unresolved tail toolCall -> synthetic error toolResult repair
• idempotent second reopen
• healthy transcript no-op
• seam/order check that tail repair runs before orphan-user repair

Important environment note

The installed package available locally did not include a full upstream editable source tree / test harness suitable for a normal upstream patch cycle, so the local validation was done as:

• runtime-active bundle patch for immediate behavior validation
• installed-package source-truth overlay + targeted executable tests for parity evidence

That means this issue is not claiming a clean upstream repo patch was already merged. The request here is to absorb this behavior into official first-party runtime source + tests.

Requested upstream fix

Please add a first-party source-level transcript compensation seam that:

1. repairs unresolved tail toolCall / toolResult pairing on reopen
2. preserves orphan-user tails with an explicit assistant recovery marker
3. guarantees append-only, idempotent repair
4. includes upstream tests for:
   • missing tail toolResult
   • orphan-user replay
   • repeated reopen no-op
   • healthy transcript no-op

Non-goals for this issue

This is not asking for:

• deep historical transcript rewrite
• tool re-execution
• fabricated successful outputs
• a full write-atomicity redesign in the same patch

Those can be separate follow-ups if needed.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 6, 2026, 12:49 AM ET / 04:49 UTC.

Summary
Codex review failed: codex execution failed.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Include the exact command, prompt, or workflow that triggered it.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9313471fa579.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[glfruit]

Current suggested next step: turn this into a narrow regression around reopen/tail tool-call normalization. The fix should make unresolved tail tool calls explicit at reopen time instead of relying on local transcript compensation, then verify that a reopened session does not continue with an invalid assistant/tool-call tail.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If this is still an issue, please retry on the latest OpenClaw release and share updated details.
If you are absolutely sure it still happens on the latest release, open a new issue with fresh steps to reproduce.