Internal exec/heartbeat events leak into visible Control UI chat transcript

[mandomaker]

Summary

Internal async exec completion and heartbeat/system wake material is leaking into visible Control UI/webchat chat history as normal chat messages.

This is not just a local rendering issue. The behavior appears to come from upstream event/session classification, with internal exec-event and heartbeat followups being replayed or serialized into normal visible chat flows.

User-visible symptoms

Users see messages like:

• System (untrusted): Exec completed (...) :: ...
• An async command you ran earlier has completed. The result is shown in the system messages above...
• heartbeat/system-style prompt text appearing directly inside the main chat transcript

These messages pollute the main conversation and feel like broken internal plumbing surfacing to the user.

What we observed

• chat.history for the session can appear cleaner than the live chat stream, which suggests more than one leak path.
• Mission Control transcript-level filtering can hide some of this, but the actual live user chat still receives it.
• Repeated local bundle patches against UI-level suppression and selected heartbeat code paths did not fully solve the problem.
• This strongly suggests multiple upstream leak paths.

Likely leak paths

1. Internal/system material entering visible history

Heartbeat/exec-event followups appear to be getting stored or replayed as ordinary visible chat messages.

2. Live websocket/chat stream emitting internal activity as normal chat

Control UI appears to render live chat events that include internal heartbeat/exec/system followups as if they were normal user-facing chat messages.

Likely root cause

The async exec completion flow appears to:

1. enqueue a system event such as Exec completed (...) :: ...
2. trigger heartbeat handling with reason exec-event
3. heartbeat builds a synthetic prompt/turn from queued system events
4. that internal prompt/reply path can become visible chat instead of staying internal
5. processed events may be peeked/replayed instead of being fully consumed/drained

Relevant runtime areas we inspected in the installed bundle included:

• bash-tools.exec-runtime-*.js
• server-node-events-*.js
• heartbeat-runner-*.js
• session-system-events-*.js
• sessions-history-http-*.js
• transcript/session append paths

Strong indicators this is upstream and not unique to one setup

The behavior is consistent with prior issue reports involving:

• heartbeat wakeups persisting into dashboard/main session as synthetic visible messages
• exec-completion heartbeat handling using queued system events in a way that can replay them later

Recommended durable fix

Backend first

Internal exec-event / heartbeat / wake followups should never become ordinary visible transcript entries in the user session.

Recommended approach:

1. Keep exec completion and heartbeat wake handling on an internal event lane, not the visible user transcript lane.
2. Drain/consume processed exec-event system entries after handling, instead of leaving them available for replay.
3. Prevent synthetic heartbeat/system prompts from being serialized into normal chat.history message kinds.
4. Distinguish visible transcript messages from internal event-stream items in gateway/session mapping.

UI second

Control UI should still defensively filter internal event items, but only as defense in depth. UI-only content suppression is not sufficient because new variants and upstream replay paths still leak through.

Why this matters

This bug makes OpenClaw feel unstable and breaks trust in the chat surface, especially for users who rely heavily on async exec workflows. The more async/background work they do, the more spam they see.

Reproduction shape

A practical repro pattern is:

1. run an async/background exec task
2. let it complete
3. observe main Control UI/webchat chat transcript
4. internal exec completion / heartbeat followup text appears in visible chat

Expected behavior

• async exec completion should remain internal unless the assistant explicitly decides to summarize it to the user
• heartbeat/system prompts should never surface verbatim to the user
• visible main chat should contain only true user/assistant conversation content

[yuzilongleif-collab]

This is more serious than “internal events look a bit ugly”. In a real Control UI session it can make the assistant reply effectively unreadable.

A concrete user-visible failure mode I just hit:

• large heartbeat/system blocks were rendered directly inside the main chat area
• separate tool call / tool output cards were also inserted into the same flow
• the actual assistant reply was visually drowned out
• from the user perspective, it became unclear what the assistant actually said

So the impact is not just transcript pollution. It is a real readability / usability break:

• normal conversation flow is destroyed
• internal plumbing dominates the visible surface
• the user may incorrectly think the assistant failed to reply or “went silent”
• this directly amplifies the perception of long-task loss / missing follow-up because the reply may exist but is buried under system noise

In other words: this has crossed the line from cosmetic bug into severe chat UX breakage.

Please treat this as a high-severity Control UI bug, especially for users who rely on webchat during async/background work.

[yuzilongleif-collab]

I’ve been using OpenClaw as a long-term assistant / second brain / Telegram primary workflow assistant, and during real usage I’ve run into several issues that feel important enough to surface to the team.

This does not feel like a single isolated bug. It feels more like multiple layers interacting in ways that make long-running assistant use noticeably less reliable than expected.

1. Long single-thread conversations become unstable as they grow

Telegram is naturally a long-running single conversation surface. In this usage pattern, users should not be expected to regularly clear the conversation just to keep the system functioning well.

In actual use, once the conversation accumulates enough history, I can clearly observe issues such as:

• context overflow
• empty responses
• unstable behavior after auto-compaction
• follow-up style replies getting delayed, dropped, or effectively lost

This makes long-running primary-thread collaboration feel fragile over time.

From a product perspective, this does not feel like abnormal usage. It feels like a normal usage pattern for a persistent assistant or second-brain workflow.

Suggested direction

• stronger support for long-lived primary conversations
• more stable compression / summarization / state retention for long sessions
• fewer silent failures or empty replies caused by accumulated context size

2. User-visible follow-up after async continuation is not reliable enough

This is currently one of the worst parts of the experience.

In real collaboration, the assistant often says things like:

• “I’ll continue”
• “I’ll keep watching it”
• “I already continued running it”
• “I’ll report back”

But the follow-up does not happen reliably in a user-visible way.

What often happens instead is:

• no proactive update arrives
• no clear completion message arrives
• no blocker message arrives
• the user has to manually ask again

This creates the experience of:
the assistant promised to continue, but did not actually follow through in a visible and dependable way.

There may be both an agent behavior layer issue and a product/platform layer issue here. But from a product capability perspective, the current system does not yet seem strong enough at handling visible follow-up after async continuation.

Suggested direction

• stronger product-level handling for “continue / report back later” style commitments
• clearer user-visible linkage across background tasks, detached exec, wake events, heartbeat, and async completion
• fewer situations where work may still be continuing internally, but from the user’s perspective the assistant has simply gone silent

3. Error / blocked-task states do not always turn into timely visible status

A related issue is what happens when a task gets stuck, fails, or hits an error.

In those cases, the user-visible experience can become:

• the task is no longer visibly progressing
• the user does not receive a timely update
• there is no clear “still running / blocked / failed / completed” closure
• the user has to keep checking manually

This makes execution feel passive and unreliable.

Even a short update such as:

• still running
• blocked on X
• retrying now
• next update in ~10 minutes

would already be much better than silence or ambiguity.

Suggested direction

• stronger explicit user-visible status transitions for stuck / blocked / failed / completed work
• better product support for proactive progress reporting over time
• less silent drift when a task is no longer moving normally

4. Control UI chat flow can be polluted or confusing

I have also repeatedly seen Control UI chat-flow issues such as:

• System (untrusted) rows appearing in the main chat flow
• Exec completed (...)
• An async command you ran earlier has completed.

These system / async messages sometimes pollute the normal conversation stream, and can even create the feeling that:

• the user said something strange
• the assistant reply got swallowed
• internal system rows are leaking into the user-facing conversation

I have also encountered cases where:

• the assistant side appears to have produced a reply
• but that reply does not actually appear clearly in the Control UI

This makes it much harder to trust the UI as the canonical user-facing state.

Suggested direction

• stronger isolation of system / async / internal rows from the main user chat flow
• more reliable front-end visibility for assistant replies
• reduced UI pollution from transcript repair, chat.history handling, and async completion events

5. The product currently feels stronger for one-shot assistance than for “long-running assistant” use

My usage pattern is not occasional Q&A. I am using OpenClaw as:

• a long-term Telegram primary assistant
• a second brain
• a persistent task-following collaborator
• something that should proactively follow up and report back over time

In this scenario, what matters is not only whether a single answer is smart.

What matters is:

• long-term stability
• not going silent
• if it says it will continue, it actually continues
• if it gives a time expectation, it proactively reports back
• long conversations do not gradually degrade into instability

From my experience so far, OpenClaw is clearly moving in this direction, but this part of the product still does not feel fully connected end to end.

6. This is not only a platform issue

To be fair, I do not think all of this is purely a platform problem.

Some of it is also clearly an agent behavior / execution-discipline problem.

For example, when the assistant says things like “I’ll keep watching” or “I’ll continue and report back,” but then fails to proactively follow up, that is partly a behavior problem, not only a systems problem.

So from my perspective the issue has both sides:

Agent behavior layer

• weak follow-through after commitments
• weak proactive progress reporting
• weak time-bounded follow-up discipline
• too much tendency to stop at explanation instead of repair / continuation

Product / platform layer

• long conversations becoming too fragile
• async / detached continuation not being visible enough to the user
• UI pollution and missing replies in Control UI
• insufficiently strong support for the long-running assistant interaction model

So I would describe this as:
both layers matter, but they currently reinforce each other in a bad way.

7. Why this matters so much

The core value of a long-term assistant is not just intelligence per turn.

It is that the user can gradually stop carrying so much of the tracking burden themselves.

When the user still has to keep reminding, checking, and chasing the assistant for follow-up, the system stops feeling like a second brain and starts feeling like another thing the user has to manage.

That is why these issues feel especially important in practice.

Repro / Observed Behavior / Expected Behavior

Repro context

A realistic long-running usage pattern:

• OpenClaw is used as a long-term assistant, not just for one-shot Q&A
• Telegram is the main ongoing conversation surface
• the same chat thread accumulates a lot of history over time
• the assistant is expected to continue tasks, follow up later, and proactively report progress
• some work is synchronous, while some is async / detached / background-like

From my perspective, this is not an edge case. It is a normal “persistent assistant / second brain” usage pattern.

Observed behavior

A. Long conversations become unstable over time

As the Telegram conversation grows, the system becomes noticeably less reliable. Symptoms include:

• context overflow
• empty responses
• unstable behavior after compaction
• follow-up responses getting lost, delayed, or silently failing

This creates the feeling that long-running conversations gradually become fragile.

B. “I’ll continue / I’ll keep watching / I’ll report back” does not reliably produce visible follow-up

The assistant may explicitly say it will continue or report back later, but in practice:

• no proactive update arrives
• no clear completion message arrives
• no blocker message arrives
• the user often has to manually prompt again

This is one of the most damaging experience failures, because it breaks trust in long-running task continuity.

C. If a task hits an error or gets stuck, the user-visible behavior is often poor

When something fails or gets blocked, the system may end up in a state where:

• the task is no longer visibly progressing
• the user does not receive a timely update
• there is no clear “still running / blocked / failed / completed” closure
• the user has to chase status manually

This makes execution feel passive and unreliable.

D. Control UI sometimes shows polluted or confusing chat flow

I have seen cases where the main chat flow includes system/internal rows such as:

• System (untrusted)
• Exec completed (...)
• An async command you ran earlier has completed.

I have also seen cases where the assistant appears to have produced a reply internally, but that reply is not clearly visible in the Control UI.

This makes it difficult to trust the chat surface as the canonical user view.

Expected behavior

A. Long-lived chat threads should remain usable

A long-term Telegram assistant should not require the user to reset or clear the conversation just to preserve reliability.

The system should be able to support long-running threads more gracefully.

B. Async continuation should produce reliable user-visible closure

If the assistant says:

• “I’ll continue”
• “I’ll keep watching”
• “I’ll report back”
• “I’m continuing this in the background”

then one of the following should reliably happen:

• a progress update
• a completion update
• a blocker update
• a failure update

The user should not need to repeatedly ask what happened.

C. Error states should turn into explicit user-visible status, not silent drift

If work gets stuck, fails, or becomes blocked, the user should get a clear, timely update rather than silence.

Even a short “still working / blocked on X / next update in ~10 min” is much better than the current ambiguity.

D. Control UI should present a clean canonical chat flow

System / internal / async housekeeping messages should not pollute the user-facing conversation stream in a confusing way.

Assistant replies should also be reliably visible in the UI when they are generated.

If OpenClaw wants to fully support the long-term assistant / second brain / Telegram primary workflow use case, I think these areas are especially important.

[clawsweeper]

Closing this as duplicate or superseded after Codex automated review.

Close #66814 as superseded by the open canonical #69492. Current main has partial Control UI/history guards, but the remaining durable backend problem is the same system-event audience/classification gap that #69492 explicitly tracks; the linked #67036 PR is useful UI defense-in-depth but is not the backend fix.

Best possible solution:

Close #66814 as superseded by #69492, carry over the useful severity and Control UI observations there, and keep any UI filtering such as #67036 as defense-in-depth while the durable fix adds backend event-audience classification and consumer-path filtering.

What I checked:

• Canonical related issue: Provided GitHub context shows system-event-shape consumer-path leakage; propose per-event audience classification #69492 is open, explicitly frames itself as the system-event-shape canonical, lists Internal exec/heartbeat events leak into visible Control UI chat transcript #66814 as a cross-cutting report, and says residual system-event text is system-event-shape consumer-path leakage; propose per-event audience classification #69492's responsibility after narrower assistant-message/UI slices.
• UI-only related PR is not the durable fix: Provided context for open PR fix(ui): filter leaked control ui transcript rows #67036 says it filters known leaked Control UI transcript rows but explicitly does not change backend event production or session history serialization, so it is defense-in-depth rather than the canonical remaining work.
• SystemEvent still has no audience field: Current main's SystemEvent shape contains text, ts, contextKey, deliveryContext, and trusted only; enqueueSystemEvent persists those fields without an internal/user-facing audience classifier. (src/infra/system-events.ts:16, f4e6322649a1)
• Exec completions still enter the system-event lane: Background exec completion builds an Exec completed/failed summary, enqueues it as a system event, and wakes heartbeat with reason exec-event; there is no per-event audience decision at production time. (src/agents/bash-tools.exec-runtime.ts:314, f4e6322649a1)
• Heartbeat relay decision remains routing/visibility based: runHeartbeatOnce computes canRelayToUser from delivery channel, recipient, and visibility.showAlerts, then passes that to buildExecEventPrompt; this matches system-event-shape consumer-path leakage; propose per-event audience classification #69492's proposed missing event-audience primitive rather than proving Internal exec/heartbeat events leak into visible Control UI chat transcript #66814 is fully fixed. (src/infra/heartbeat-runner.ts:840, f4e6322649a1)
• Partial main guards are narrower than the issue: Visible session history now hides heartbeat prompts/acknowledgements and empty internal-only messages, but the predicate is limited to heartbeat/internal-runtime-context shapes and does not classify raw exec system events by audience. (src/gateway/session-history-state.ts:83, f4e6322649a1)

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against f4e6322649a1.