Telegram direct session can become unrecoverable after context overflow and auto-compaction hangs

[asleep75]

Summary

A long-lived Telegram direct chat became permanently non-responsive after hitting context overflow. The gateway and Telegram provider both restarted normally, but the same Telegram direct session immediately re-entered auto-compaction and never recovered enough to send a reply. Repeated gateway restarts did not fix it. The only effective recovery was to back up and quarantine/reset the session JSONL so a fresh Telegram session could be created.

Environment

• OpenClaw: 2026.4.14
• Host OS: Ubuntu 24.04
• Runtime: Node 22.22.2
• Model in affected session: openai-codex/gpt-5.4
• Channel: Telegram direct chat

Affected session

• sessionKey: agent:main:telegram:direct:8365774449
• session file: ~/.openclaw/agents/main/sessions/a6154fac-955a-40ca-b04d-90ff98dd9f20.jsonl
• size at failure: about 5.1 MB
• message count shown in logs around failure: 239-241

Symptoms

• Telegram bot stopped replying in that direct chat
• Gateway restart succeeded
• Telegram provider startup succeeded
• On each fresh start, the same session immediately hit context overflow again
• No reply was ever emitted back to Telegram
• The typing indicator eventually expired, but the session remained wedged

Relevant log pattern

Observed repeatedly after restart:

[telegram] [default] starting provider (@Cooter_the_bot)
[agent/embedded] [context-overflow-diag] sessionKey=agent:main:telegram:direct:8365774449 provider=openai-codex/gpt-5.4 source=assistantError messages=239/240/241 sessionFile=/home/.../a6154fac-955a-40ca-b04d-90ff98dd9f20.jsonl ... error=Context overflow: estimated context size exceeds safe threshold during tool loop.
[agent/embedded] context overflow detected (attempt 1/3); attempting auto-compaction for openai-codex/gpt-5.4
typing TTL reached (2m); stopping typing indicator

There was no visible recovery message such as auto-compaction succeeded, and the chat remained non-responsive.

What did NOT fix it

• Restarting the gateway
• Letting the provider reconnect
• Sending new Telegram messages into the same chat

What DID fix it

1. Back up the affected session JSONL
2. Move/quarantine/reset the stuck session file
3. Restart the gateway
4. Let Telegram create/use a fresh session

After that, Telegram replies resumed immediately.

Expected behavior

If a session overflows and auto-compaction cannot recover it, OpenClaw should fail more gracefully. Examples:

• automatically fork/reset the session after repeated compaction failure
• emit a visible error or fallback reply to the user instead of hanging indefinitely
• avoid reloading the same poisoned session into an endless overflow/compaction loop on startup

Additional notes

• This same chat appears to have overflowed previously and recovered once, so the issue may be tied to transcript growth plus a compaction edge case rather than a one-off Telegram outage.
• There were also occasional Telegram network fallback warnings (ETIMEDOUT, ENETUNREACH, UND_ERR_SOCKET), but those did not appear to be the root cause here because the provider started successfully and the failure reproduced specifically on the same session transcript.

If helpful, I can provide a sanitized copy of the failing session transcript or more exact timestamps from logs.

[rafiki270]

Triage Verdict: ✅ VALID (P1 Bug)

Confidence: 7/10 — Root cause chain identified via code inspection.

---

Root Cause

File:

The bug is a perfect storm of three interacting failures:

1. Compaction hangs indefinitely: with uses a 15-minute timeout — too long for Telegram's synchronous message handler. If compaction genuinely hangs, the handler never completes.

2. Error reply trapped in same dispatch failure: After (3) failures, the code returns an error payload () with "try /reset". But this reply is trapped in the same dispatch failure that caused the hang — the user never sees it.

3. No automatic recovery: The Telegram extension has no handling. There's no automatic session fork, reset, or quarantine after overflow exhaustion.

Result: Long-lived Telegram direct chat becomes permanently wedged. The next poll reloads the same overflowing session → immediate overflow again → infinite loop.

Evidence

• Telegram extension () doesn't reference or at all
• Typing indicator TTL fires at 2 minutes but user never sees an error message
• Manual session JSONL reset is the only recovery

Related Recent Commits

• — "test: cover Telegram session recreation" (Apr 21, 2026) — Telegram session recreation is a known concern
• — "retry silent stopReason=error turns" (Apr 17, 2026)
• — "gate silent-error retry on replay safety" (Apr 19, 2026)

Proposed Fix Directions

1. Shorter, more aggressive compaction timeout for message-handler context (3-5 min instead of 15 min)
2. Automatic session fork/reset after exhaustion
3. Ensure error replies reach Telegram even when primary dispatch is failing
4. Startup session health check — detect sessions that were "blocked" on last run and proactively offer recovery

---

Triaged by orchestrator at 2026-04-23 20:07 UTC

[steipete]

Discord triage found another context-overflow failure mode worth comparing with this issue.

Current support-thread evidence from 2026-04-23:

• Surface: Discord session, agent:main:discord:channel:<id>.
• Model: google/gemma-4-31b-it, fallback configured to the same model.
• /status shows Context: 203k/200k (101%), Compactions: 0, and 99% cache hit.
• The provider returns Google 500 INTERNAL on larger agent/session requests, while a tiny direct openclaw infer model run --model google/gemma-4-31b-it --prompt "Summarize: hello world" --json succeeds.
• User had run /new elsewhere; the failing Discord session remained over limit, so recovery was session-local.

This is not the same Telegram direct-chat repro, but it supports the same product problem: once a channel session exceeds its effective model window, recovery/compaction guidance is not reliably triggered or delivered, and the visible error can look like a provider 500 rather than a context/compaction failure.

[asleep75]

This lines up with what I saw on the Telegram DM side.

The repro I hit was a direct Telegram session that became effectively unrecoverable after context overflow and repeated auto-compaction attempts. Gateway/Telegram startup looked healthy, but the same DM session kept re-entering overflow/compaction trouble until I deleted the bad session state. Restarting the gateway by itself did not fix it.

What your Discord triage adds is useful because it points to the broader product behavior rather than one Telegram-only bug:

• a channel/session can exceed the model's effective window
• compaction/recovery guidance does not reliably trigger or get surfaced
• the user can get a misleading provider error instead of a clear context/compaction failure
• /new or other resets elsewhere do not necessarily fix the specific poisoned session

That matches the practical shape here. In my case, dashboard session delete/reset was a more effective recovery path than restart, and manual transcript quarantine/reset was the deeper fallback.

So I think this issue should probably be treated as a wider session-recovery failure mode around context overflow, with Telegram DM being one visible repro and Discord now showing another variant.

[clawsweeper]

Closing this as implemented after Codex automated review.

Current main already implements channel-agnostic recovery for the reported failure mode: context-overflow/compaction failures rotate the affected session key to a fresh session id/file and return a visible fallback instead of leaving the Telegram DM pinned to the poisoned transcript. The recovery path is present in the v2026.4.24 release tree and has focused timeout/session-reset coverage.

Best possible solution:

Close this issue as implemented and keep the current channel-agnostic recovery path. If users still see long waits before recovery, track that separately as a timeout/Telegram UX tuning request rather than reopening the unrecoverable-session bug.

What I checked:

• Overflow payload recovery: Embedded context-overflow error payloads are treated as session-level failures: the runner calls resetSessionAfterCompactionFailure, marks the run failed, and returns a visible 'conversation reset' reply. (src/auto-reply/reply/agent-runner-execution.ts:1462, c74fb781943f)
• Thrown compaction failure recovery: Thrown compaction failures take the same recovery path, resetting once and returning a visible context-limit message. (src/auto-reply/reply/agent-runner-execution.ts:1586, c74fb781943f)
• Session rotation implementation: resetReplyRunSession assigns a new sessionId and sessionFile for the same sessionKey, clears stale model/token/runtime fields, persists the session store, updates queued followups, and logs the recovery. (src/auto-reply/reply/agent-runner-session-reset.ts:59, c74fb781943f)
• Compaction safety timeout coverage: Compaction has a configurable safety timeout and tests cover never-settling compaction rejecting, invoking cancellation, and clearing timers. (src/agents/pi-embedded-runner.compaction-safety-timeout.test.ts:19, c74fb781943f)
• Release tree contains recovery path: The v2026.4.24 tag points at cbcfdf6, and git-show of that tag contains the resetSessionAfterCompactionFailure/context-limit recovery strings in agent-runner-execution.ts and agent-runner.ts. (appcast.xml:6, cbcfdf62c729)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against c74fb781943f; fix evidence: release v2026.4.24, commit cbcfdf62c729.