WebChat can silently rotate agent:main:main after gateway restart, hiding prior session/checkpoints

[Squirbie]

Summary

After a gateway service reinstall/restart, a WebChat reconnect followed by a normal visible user message caused the active agent:main:main WebChat session to be reset/rotated. The previous transcript was archived to *.jsonl.reset.*, the active session store started pointing at a new sessionId, and the Control UI showed only the new short session and its checkpoint.

From the user's perspective this looked like data loss:

• prior upper chat history disappeared from the main WebChat view
• previous compaction checkpoints were no longer shown for the active session
• the new session started at the first post-reconnect message
• the agent behaved as if it had no prior context

The transcript was recoverable on disk, but only with manual file/session-store repair.

This appears related to:

• [Bug]: Control UI/WebChat previous chat becomes inaccessible after New session #59839 - Control UI/WebChat previous chat becomes inaccessible after New session
• WebChat /new drops label and hides reset history despite transcripts on disk #23755 - WebChat /new drops label and hides reset history despite transcripts on disk

This report adds a narrower failure mode: the reset/rotation happened immediately after gateway restart/reconnect even though the user did not intentionally request a new/reset session in the visible message.

Environment

• OpenClaw CLI: 2026.4.21 (f788c88)
• Control UI / WebChat client reported in logs: webchat v2026.4.15
• OS: macOS 26.4.1 arm64
• Gateway service: macOS LaunchAgent
• Gateway mode: local loopback, token auth
• Default WebChat session key: agent:main:main
• Model: openai-codex/gpt-5.4

What happened

1. The main WebChat session had been running under:

   key: agent:main:main
   old sessionId: 315349e0-36d8-4edb-a0de-2ebadbffb471
   

2. Another agent was fixing a gateway warning and ran:

   openclaw gateway install --force && openclaw gateway restart
   

3. The gateway received SIGTERM, and the WebChat socket disconnected.

4. The gateway came back up. The Control UI reconnected and fetched chat.history, sessions.list, models, etc.

5. The user sent a normal visible recovery message in WebChat to continue the previous task.

6. The prior active transcript was archived:

   ~/.openclaw/agents/main/sessions/315349e0-36d8-4edb-a0de-2ebadbffb471.jsonl.reset.2026-04-22T19-07-46.300Z
   

7. sessions.json then pointed agent:main:main at a new session:

   key: agent:main:main
   new sessionId: 600f198c-7155-4ed7-b4f8-7eb6eeaf20bb
   sessionFile: ~/.openclaw/agents/main/sessions/600f198c-7155-4ed7-b4f8-7eb6eeaf20bb.jsonl
   

8. The new transcript's first user message was the post-reconnect recovery message. The stored message did not visibly contain /new or /reset.

9. The UI now showed the new short session and no longer showed the old session/checkpoints under the active WebChat row.

10. The new session later compacted with a summary beginning with No prior history, which made the agent behave as if it had lost context.

Sanitized log evidence

Approximate local timeline:

03:51:52  exec: openclaw gateway install --force && openclaw gateway restart
03:51:55  gateway: SIGTERM received; shutting down
03:51:55  ws: webchat disconnected
03:58:34  gateway ready
04:01:43  ws: webchat connected
04:01:44  ws: chat.history OK
04:01:44  ws: sessions.list OK
04:02:56  ws: second webchat connected
04:06:52  ws: chat.history OK
04:07:46  ws: chat.send OK
04:07:46  previous transcript archived to .jsonl.reset.*
04:16:08  context overflow on new sessionId 600f198c...
04:17:42  auto-compaction succeeded

Disk/session-store evidence:

old live file missing:
  ~/.openclaw/agents/main/sessions/315349e0-36d8-4edb-a0de-2ebadbffb471.jsonl

old archive present:
  ~/.openclaw/agents/main/sessions/315349e0-36d8-4edb-a0de-2ebadbffb471.jsonl.reset.2026-04-22T19-07-46.300Z

old checkpoint files still present:
  315349e0-...checkpoint.14f08e4d-....jsonl
  315349e0-...checkpoint.4de9839f-....jsonl
  315349e0-...checkpoint.b7376126-....jsonl
  ...

new active session file:
  ~/.openclaw/agents/main/sessions/600f198c-7155-4ed7-b4f8-7eb6eeaf20bb.jsonl

sessions.json after the incident:

{
  "agent:main:main": {
    "sessionId": "600f198c-7155-4ed7-b4f8-7eb6eeaf20bb",
    "sessionFile": "~/.openclaw/agents/main/sessions/600f198c-7155-4ed7-b4f8-7eb6eeaf20bb.jsonl",
    "origin": {
      "provider": "webchat",
      "surface": "webchat",
      "chatType": "direct"
    },
    "compactionCount": 1
  }
}

The prior archive had about 1000 JSONL entries, while the new active session had under 200 at the time of inspection.

Expected behavior

After gateway restart/reconnect:

• WebChat should continue using the existing active session unless the user explicitly confirms a new/reset action.
• A normal visible chat message should not silently rotate agent:main:main.
• If a reset/new action happens, the UI should make it clear:
  • old session id
  • new session id
  • whether this was triggered by UI button, slash command, RPC, or internal recovery
  • where the archived transcript can be found
• Prior reset archives/checkpoints should remain discoverable from the Control UI.

Actual behavior

• The active WebChat session key continued to be agent:main:main, but its sessionId rotated from 315349e0... to 600f198c....
• The old transcript/checkpoints were still on disk, but not visible as the active WebChat history/checkpoints.
• The visible first message in the new session did not contain /new or /reset, so the user had no obvious explanation for why the session rotated.
• Manual recovery required:
  • backing up sessions.json and both transcript files
  • copying the .jsonl.reset.* archive back to the old .jsonl name
  • patching sessions.json so agent:main:main pointed back to the old sessionId
  • reattaching checkpoint metadata
  • restarting the gateway

Why this is serious

This is not just a cosmetic history-list issue. It breaks operational continuity for long-running WebChat agents:

• the agent may lose the actual task context
• checkpoint UI no longer corresponds to the user's expected session
• the user may continue in a fresh context and get wrong or nonsensical actions
• recovery requires low-level edits in ~/.openclaw/agents/*/sessions

For write-capable/local-admin agents, this can create risky follow-up behavior because the user thinks they are continuing the prior state while the agent is actually in a fresh or reconstructed state.

Possible root cause area

From inspecting the installed dist, WebChat reset/new can be triggered through the same chat.send path:

const RESET_COMMAND_RE = /^\/(new|reset)(?:\s+([\s\S]*))?$/i;
...
const resetCommandMatch = message.match(RESET_COMMAND_RE);
if (resetCommandMatch && requestedSessionKey) {
  ...
  const resetResult = await runSessionResetFromAgent(...);
  ...
  const postResetMessage = normalizeOptionalString(resetCommandMatch[2]) ?? "";
  if (postResetMessage) message = postResetMessage;
}

Because the reset command is stripped and only the post-reset message is stored, the resulting transcript can look like a normal first message even though a reset/new command was processed.

That makes this class of bug difficult to diagnose after the fact.

Suggested fixes

Minimum product safety changes:

1. Do not implement the WebChat "New session" button as handleSendChat("/new"). Use a dedicated RPC such as sessions.reset / sessions.create and include an explicit trigger: "ui-button" or similar audit field.

2. For WebChat, reject /new and /reset inside generic chat.send unless the request includes an explicit allowSessionControl: true flag generated by a confirmed UI action.

3. Persist a reset audit event in the session store or transcript:

   {
     "type": "session_reset",
     "trigger": "slash-command | ui-button | rpc | recovery",
     "oldSessionId": "...",
     "newSessionId": "...",
     "sessionKey": "agent:main:main",
     "timestamp": "...",
     "postResetMessagePresent": true
   }

4. Do not silently strip /reset some message into some message without preserving a visible/auditable reset marker.

5. After gateway restart/reconnect, clear stale pending "new/reset" UI state and stale drafts/idempotency state so a reconnect cannot accidentally replay a reset command.

6. Surface reset archives/checkpoints in Control UI. Even if agent:main:main intentionally remains one logical row, users need a first-class way to reopen or restore prior reset archives.

7. Add a confirmation dialog for reset/new on WebChat that shows the current session key and session id. This is especially important for long-running direct WebChat sessions.

Workaround used locally

Manual recovery was possible because the old transcript/checkpoints were still on disk:

1. back up sessions.json and all relevant transcript files
2. copy 315349e0...jsonl.reset... back to 315349e0...jsonl
3. patch sessions.json so agent:main:main points back to 315349e0...
4. reattach checkpoint metadata for existing 315349e0...checkpoint.*.jsonl files
5. restart the gateway

This restored the old WebChat view, but it is too risky for normal users.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 30, 2026, 12:43 AM ET / 04:43 UTC.

Summary
Codex review failed: codex execution failed.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Include the exact command, prompt, or workflow that triggered it.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against f848a6f7f74b.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Squirbie]

This is not a new issue; it is a follow-up evidence note for #70330.

I did another local pass over the remaining session-store evidence. The useful clarification is that the reset archive timestamp does not line up with the gateway restart/SIGTERM moment itself. It lines up with a later post-reconnect chat.send.

Sanitized timeline:

• 2026-04-23 03:38:23 +0900: WebChat connected (openclaw-control-ui webchat v2026.4.15)
• 2026-04-23 03:38:24 +0900: chat.history OK
• 2026-04-23 03:50:14 +0900: chat.send OK
• 2026-04-23 03:51:55 +0900: gateway received SIGTERM; WebChat disconnected
• 2026-04-23 03:58:34 +0900: gateway ready again
• 2026-04-23 04:01:43 +0900: WebChat reconnected
• 2026-04-23 04:01:44 +0900: chat.history OK and sessions.list OK
• 2026-04-23 04:02:56 +0900: another WebChat connection appeared
• 2026-04-23 04:07:46 +0900: chat.send OK
• reset archive filename timestamp: 2026-04-22T19-07-46.300Z, which is 2026-04-23 04:07:46 +0900

So the evidence looks less like "gateway restart immediately reset the session file" and more like "restart/reconnect left the WebChat/default session state in a condition where the next chat.send rotated agent:main:main", or a generic send path consumed an implicit/session-control reset without leaving an audit marker.

Sanitized session evidence:

• session key: agent:main:main
• old sessionId: 315349e0-36d8-4edb-a0de-2ebadbffb471
• new sessionId: 600f198c-7155-4ed7-b4f8-7eb6eeaf20bb
• old reset archive filename: 315349e0-36d8-4edb-a0de-2ebadbffb471.jsonl.reset.2026-04-22T19-07-46.300Z
• old archive size observed locally: 8,428,254 bytes
• a later reset archive for the same old session also existed: 315349e0-36d8-4edb-a0de-2ebadbffb471.jsonl.reset.2026-04-24T19-01-05.895Z
• later archive size observed locally: 15,343,548 bytes, 1,756 JSONL entries
• 13 checkpoint files still existed for the old sessionId
• the new session had checkpoints as well, for example 600f198c-7155-4ed7-b4f8-7eb6eeaf20bb.checkpoint.3e6fc748-2713-414c-96f7-c7d23c7e30f7.jsonl
• local recovery backup filenames confirmed old archive, new live session, and session index backups existed; I am intentionally not pasting local paths or the full session index here

I intentionally did not include full transcripts, tokens, full config, full sessions.json, or skillsSnapshot.prompt data.

One extra clue: the backed-up sessions.json entry for agent:main:main pointed at the new 600f198c-... session file and had WebChat/direct metadata (deliveryContext.channel: webchat, lastChannel: webchat, origin.surface: webchat, origin.chatType: direct). On the current install, direct chats can still collapse to the canonical key agent:main:main, which may make cross-surface direct metadata changes hard to audit if WebChat and another direct surface touch the same logical key.

Suggested PR direction:

1. Add a reset audit marker in the session store and/or transcript whenever performGatewaySessionReset runs. It should include at least sessionKey, oldSessionId, newSessionId, trigger/source (ui-button, sessions.reset, slash-command, gateway:agent, reconnect-recovery, etc.), and whether a post-reset message was present.
2. Keep WebChat "New Session" on a dedicated RPC path (sessions.reset or a clearer create/rotate RPC), and avoid using generic chat.send("/new") as a UI control path.
3. If /new or /reset remains supported through generic chat.send, require an explicit session-control flag or return explicit metadata (reset: true, old/new session ids) so the UI and disk state are not silently ambiguous.
4. Make reset archives/checkpoints discoverable through an RPC or sessions.list({ includeResetArchives: true }), so prior WebChat sessions do not look lost when they were only archived.
5. Add a regression test for: existing agent:main:main with sessionId A -> gateway restart/reconnect -> chat.history/sessions.list -> plain chat.send("continue") must keep sessionId A and must not create A.jsonl.reset.*.

[DerianF]

Reproduction variant: Agent binding + WebSocket 1006 disconnect

Hitting the same class of bug from a different angle — agent bindings make the silent rotation much worse.

Setup

• Config: {"agentId": "belle", "match": {"channel": "webchat"}} in bindings
• Compaction: was set to default + truncateAfterCompaction: true (since reverted to safeguard + false)

What happened

1. WebSocket 1006 disconnects (abnormal close, no close frame — event loop lag up to 6s observed)
2. UI reconnects → chat.history fails because Belle's session was deleted/pruned
3. UI shows blank chat — effectively a reset without any /reset or /new
4. This happened 5 times in one morning. Each time the entire conversation was gone.

Evidence

• Found Belle's session file deleted: 5c03f04a-9cd7-453d-a857-24843e579d8f.jsonl.deleted.2026-05-07T12-55-03.456Z
• Belle's session store (sessions.json) was empty ({})
• No session recovery was attempted by the UI — just a blank chat

UI behavior analysis

After tracing the Control UI source (v2026.5.5):

• wL() handles reconnects but does not attempt session recovery beyond chat.history
• When Gl() (history loader) fails, it sets lastError but does not auto-create a new session or notify the user
• The SR() function (session switch) clears all chat state unconditionally (e.chatMessages=[])
• There is no "session not found → recover or create" path in the reconnect flow

Workarounds applied

1. Removed the Belle→webchat binding so webchat uses main agent directly (main session is more stable/active)
2. Increased session maintenance limits: pruneAfter: 30d, maxEntries: 60, maxDiskBytes: 200mb (was 14d/30/50mb)
3. Reverted compaction to safeguard + truncateAfterCompaction: false

Core ask

The UI needs a session-not-found recovery path on reconnect: either reattach to the existing session (if it was just rotated/archived), or create a new one with a clear notification to the user — not silently present a blank chat that looks like a reset.

Environment: OpenClaw v2026.5.5, macOS arm64, local gateway, Safari browser

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If this is still an issue, please retry on the latest OpenClaw release and share updated details.
If you are absolutely sure it still happens on the latest release, open a new issue with fresh steps to reproduce.