Compaction failure leaves session in permanent failed state with no automatic recovery

[littlebest]

Bug: Compaction failure leaves session in permanent failed state with no automatic recovery

Summary

When session compaction fails (for any reason: timeout, API error, quota exceeded, model not supporting reasoning, etc.), the session enters status=failed permanently. There is no watchdog or automatic recovery mechanism — the channel becomes completely unresponsive (已读不回), and the only workaround is manual intervention.

Steps to reproduce

1. Have a session that grows large enough to trigger compaction (~500KB+ JSONL)
2. Compaction fails (e.g., model returns error, or times out)
3. Session status becomes "failed"
4. All subsequent messages to that channel receive no response
5. No automatic escalation, no fallback session, no user notification

Observed log

Session e1bc0eb2 at 04:11-04:14:

• Compaction triggered on large session
• Fallback model returned 400 (reasoning required but disabled in system prompt)
• Multiple retry attempts → 429 rate limit
• Session grew even larger from error messages
• Compaction failed → status=failed → no further responses
• Auto-recovery via external heartbeat watchdog was the only way out

Expected behavior

Compaction failure should have automatic escalation:

1. Try alternative compaction model
2. If all models fail, create a new session automatically and notify the user
3. Never leave a session permanently dead with no response

Impact

• High: Users experience '已读不回' with no explanation
• Data loss feel: users don't know history was preserved in .bak.recovered.* files
• Depends on external heartbeat watchdog to recover — not a proper fix

References

• Related: Timeout-compaction doesn't escalate when compaction fails to reduce context #64962 (compaction fails to reduce context, no escalation)
• Related: Session status field values ("failed", "timeout", "done") mislead agents into spawning duplicate sessions #64103 (session status field misleading — failed status spawns duplicates)
• Related: feat(compaction): add modelFallbacks for compaction model resolution #52012 (compaction model fallback feature request)

Suggested fix

Add a compaction-failure watchdog in the gateway that:

1. Detects when compaction has failed
2. Automatically creates a new session for the channel
3. Optionally preserves a backup of the old session file
4. Notifies the user that a new session was started

[sk7n4k3d]

Part of the same 2026.4.15 compaction-recovery cluster as #69287/#69286 (token count not reset) and #69269 (hook contexts drop messageProvider during compaction). Different symptom — there the session loops forever; here it hard-fails without recovery — but both trace to compaction not maintaining session invariants end-to-end. Fixing one in isolation will leave the other; the compaction pipeline needs a single pass that resets token counters, preserves hook context fields, and handles failure with a resumable state rather than terminal status=failed.

[clawsweeper]

Closing this as implemented after Codex automated review.

Current main already handles compaction failure by rotating the affected channel session to a fresh session id/transcript and returning a visible reset notice, rather than leaving the conversation permanently silent or stuck in a failed state. The implementation is present in current main and in the v2026.4.24 release tag.

Best possible solution:

Close #69202 as implemented on main and keep the shipped auto-reset behavior. Continue any narrower remaining compaction fallback or invariant work under the related open reports such as #52012, #64962, #69269, and #69270.

What I checked:

• Thrown compaction failures trigger automatic reset and notification: runAgentTurnWithFallback detects compaction failures, calls resetSessionAfterCompactionFailure once, marks the run failed, and returns a visible 'Context limit exceeded during compaction... reset our conversation' message instead of silently ending. (src/auto-reply/reply/agent-runner-execution.ts:1586, 6d60b035b4e7)
• Embedded overflow error payloads also reset the session: The same run loop treats embedded context-overflow error payloads as session-level failures and auto-recovers by starting a fresh session with a user-visible reset message. (src/auto-reply/reply/agent-runner-execution.ts:1462, 6d60b035b4e7)
• Runner wires the compaction-failure reset path: runReplyAgent wires resetSessionAfterCompactionFailure into the fallback runner and logs the specific 'Auto-compaction failed ... Restarting session ... and retrying' recovery path. (src/auto-reply/reply/agent-runner.ts:1141, 6d60b035b4e7)
• Reset creates a fresh resumable session: resetReplyRunSession generates a new session id, resolves a new transcript path, clears stale token/model/fallback runtime fields, persists the updated session store, refreshes queued followups, and marks the active entry as a new session. (src/auto-reply/reply/agent-runner-session-reset.ts:56, 6d60b035b4e7)
• Regression coverage exists for the reset helper: The reset helper test covers the compaction-failure case, verifying session id rotation, stale runtime/fallback field clearing, queue refresh, and persisted store update. (src/auto-reply/reply/agent-runner-session-reset.test.ts:34, 6d60b035b4e7)
• Implementation is shipped in v2026.4.24: The v2026.4.24 tag contains the compaction-failure reset wiring and user-visible compaction reset message. (src/auto-reply/reply/agent-runner-execution.ts:1514, cbcfdf62c729)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against 6d60b035b4e7; fix evidence: release v2026.4.24, commit cbcfdf62c729.