[Bug]: Intermittent duplicate message delivery in 2026.4.24 across all channels

[bmdf]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

After upgrading from 2026.4.23 to 2026.4.24, identical user messages are occasionally delivered twice to the session with the same timestamp but different seq numbers, causing the assistant to reply to both and producing duplicate visible messages in all channels (webchat and WeChat).

Steps to reproduce

1. Run OpenClaw 2026.4.24 with webchat or WeChat channel configured
2. Send a user message from the webchat UI or WeChat
3. Observe session history via sessions_history API
4. Same user message appears twice in transcript with identical timestamp but sequential seq numbers (e.g., seq 2703 and seq 2705)
5. Assistant reply is also duplicated (seq 2704 and seq 2706) with same responseId

Expected behavior

In 2026.4.23, each user message was delivered exactly once. The same message should not appear twice in the session transcript.

Actual behavior

Same user message is delivered twice with identical timestamp but different __openclaw.id and sequential seq numbers. The assistant replies to both, producing duplicate visible messages. This happens intermittently, not on every message. Confirmed via sessions_history API showing duplicate entries for both user messages and assistant replies.

OpenClaw version

2026.4.24 (cbcfdf6)

Operating system

Linux 6.6.87.2-microsoft-standard-WSL2 (x64) / Windows 11 host

Install method

npm global

Model

bailian/qwen3.6-plus (also observed with nvidia-nim/z-ai/glm4.7)

Provider / routing chain

openclaw-weixin -> gateway -> bailian (dashscope) / webchat -> gateway -> bailian

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

Affected: All channels (webchat, WeChat)
Severity: Medium (annoying UX, duplicate visible messages, no data loss)
Frequency: Intermittent — not every message, but recurring across multiple sessions
Consequence: User sees duplicate messages in chat history, making conversations hard to follow

Additional information

Last known good version: 2026.4.23
First known bad version: 2026.4.24

Session history evidence from sessions_history API:

• User message seq 2703 at timestamp 1777207291784
• User message seq 2705 at same timestamp 1777207291784 (duplicate)
• Assistant reply seq 2704 at timestamp 1777207292059
• Assistant reply seq 2706 at same timestamp 1777207292059 (duplicate)

This pattern repeats multiple times (seq 2707-2710).

Possible related changes in 2026.4.24:

• Block streaming dedupe fix (Fixes Block-streaming channels deliver assembled final payload in addition to per-chunk streaming, causing full-reply duplication #70921)
• Gateway/sessions webchat mutation guard changes (Fixes fix(gateway): block webchat session compaction mutations #70716)
• Gateway/WebChat image attachment preservation (Fixes [Bug] User image attachments dropped when primary model lacks vision — imageModel fallback not honored #68513)

No workaround available — occurs at the session delivery layer.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 4, 2026, 1:12 AM ET / 05:12 UTC.

Summary
Keep open: current main and v2026.6.1 still make shared inbound dedupe invalid when a channel retry has no stable MessageSid, so the cross-channel duplicate-delivery report is narrowed but not solved. The related open fixes at #72314 and #72605 are better next steps than closing this issue now.

Reproducibility: yes. from source inspection, though not from a live run in this review: current main returns an invalid inbound dedupe claim when MessageSid is absent, which lets idless retries bypass the shared duplicate gate. The issue discussion also contains multiple release-version confirmations after the initial 2026.4.24 report.

Next step
No separate repair job is needed because active related PRs already cover the focused idless inbound and WebChat race repairs.

Review details

Best possible solution:

Land or replace the shared inbound idless-retry dedupe fix, validate that distinct same-body messages and attachment-only inputs are not collapsed, then close this issue with current-main or release proof.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection, though not from a live run in this review: current main returns an invalid inbound dedupe claim when MessageSid is absent, which lets idless retries bypass the shared duplicate gate. The issue discussion also contains multiple release-version confirmations after the initial 2026.4.24 report.

Is this the best way to solve the issue?

Yes, the best fix belongs in the shared inbound dedupe layer rather than in one channel adapter. The narrow path should suppress same route/timestamp/body idless retries while preserving distinct messages and attachment-only inputs.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• Closing now would drop the canonical cross-channel tracking item while the shared idless retry dedupe fix is still only represented by an open PR.
• The duplicate-delivery reports span WebChat, WeChat, and Telegram, so landing only the WebChat race fix may not cover the remaining all-channel retry path.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c768a9e6ca02.

Label changes

Label justifications:

• P2: This is a normal-priority regression with visible duplicate messages and transcript pollution, but it is intermittent and not a core-runtime outage.
• impact:message-loss: The issue is about duplicate channel-visible message delivery and duplicated assistant replies.
• impact:session-state: The reported evidence shows duplicate entries written into session transcript history with separate sequence numbers.

Evidence reviewed

What I checked:

• Current source still requires a stable message id: buildInboundDedupeKey returns null unless both provider and MessageSid are present, so idless retries do not get an inbound dedupe key on current main. (src/auto-reply/reply/inbound-dedupe.ts:56, c768a9e6ca02)
• Dispatch depends on the shared inbound dedupe claim: dispatchReplyFromConfig claims inbound dedupe once and skips duplicate/inflight claims, but an invalid claim from a missing key falls through into normal dispatch. (src/auto-reply/reply/dispatch-from-config.ts:1727, c768a9e6ca02)
• Current tests cover MessageSid paths, not idless fallback: The inbound dedupe tests use a shared context with MessageSid and assert shared duplicate/inflight behavior, but they do not prove same body/timestamp idless retry suppression. (src/auto-reply/reply/inbound-dedupe.test.ts:10, c768a9e6ca02)
• Transcript idempotency is partially addressed: Gateway chat.send now prepares user transcript entries with a per-run idempotency key, so the remaining central gap is the earlier inbound idless retry path rather than all transcript writes. (src/gateway/server-methods/chat.ts:3218, c768a9e6ca02)
• Latest release has the same inbound-dedupe shape: v2026.6.1 still shows buildInboundDedupeKey returning null when provider or MessageSid is missing, so the unresolved idless-retry gap is not fixed in the latest release. (src/auto-reply/reply/inbound-dedupe.ts:56, 2e08f0f4221f)
• Related fix candidates remain open: Provided GitHub context shows fix(auto-reply): dedupe idless inbound retries #72314 open for idless inbound retry dedupe and fix(gateway): dedupe WebChat sends before attachment parsing #72605 open for a WebChat duplicate-send race.

Likely related people:

• mjamiv: Opened the active related fix for shared idless inbound retry dedupe, which matches the unresolved source gap in inbound-dedupe.ts. (role: likely follow-up owner; confidence: high; commits: 68d78b2eec20; files: src/auto-reply/reply/inbound-dedupe.ts, src/auto-reply/reply/inbound-dedupe.test.ts)
• inkdust2021: Opened the active related WebChat duplicate-send race PR in the same duplicate delivery cluster. (role: adjacent WebChat race follow-up owner; confidence: medium; commits: e11074cedcd7; files: src/gateway/server-methods/chat.ts, src/gateway/server.chat.gateway-server-chat-b.test.ts, src/gateway/server-methods/agent.test.ts)
• chinar-amrutkar: Authored the closed unmerged repair attempt that directly referenced this issue and proposed the same general idless/content fallback direction. (role: initial repair attempt author; confidence: medium; commits: b637f549a8e7; files: src/auto-reply/reply/inbound-dedupe.ts, src/gateway/server-methods/chat.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[xilopaint]

This is still an issue in v2026.5.2.

[schiles67]

Can confirm this is still present in v2026.5.12.

From session analysis on May 14-15: 23% of all assistant text messages are duplicated in the session transcript — one entry with short 8-char ID, one with full UUID, identical content. These both get delivered to Telegram, causing every substantial response to appear twice.

Notable because it creates confusion when subagent results or status updates land as duplicate bubbles.

Happy to provide session traces if helpful for debugging.