[Bug]: Safeguard compaction permanently blocked by Pi SDK auto-compaction (consecutive failures)

[bradhallett]

Bug Report: OpenClaw Safeguard Compaction Permanently Blocked by Pi SDK Auto-Compaction

Summary

When compaction.mode = "safeguard" is configured, OpenClaw's preflight compaction is permanently blocked by the Pi SDK's internal auto-compaction. The two systems operate on different thresholds and do not coordinate, causing a conflict where the session grows unchecked until overflow.

Environment

• OpenClaw: 2026.4.24 (cbcfdf6)
• Pi SDK: @mariozechner/pi-coding-agent 0.70.2
• Model: zai/glm-5.1 (202,800 token context window)
• OS: macOS 15.4 (arm64), Mac Studio M2 Ultra
• Session type: Telegram direct message (long-running, high-turnover)

Configuration

{
  "agents": {
    "defaults": {
      "compaction": {
        "mode": "safeguard",
        "reserveTokens": 110000,
        "keepRecentTokens": 40000,
        "recentTurnsPreserve": 3,
        "truncateAfterCompaction": true,
        "memoryFlush": {
          "enabled": true,
          "softThresholdTokens": 8000
        }
      }
    }
  }
}

Root Cause

Two independent compaction systems operate on the same session with no coordination:

1. Pi SDK Auto-Compaction (runs inside AgentSession)

• Triggered after every agent_end event when contextTokens > contextWindow - reserveTokens
• Uses Pi SDK defaults: reserveTokens: 16,384, keepRecentTokens: 20,000
• Does NOT respect OpenClaw's compaction config (110K reserve, 40K keepRecent)
• Threshold: 202,800 - 16,384 = 186,416 tokens

2. OpenClaw Safeguard Preflight Compaction

• Triggered before each agent response when tokens exceed budget
• Uses OpenClaw config: reserveTokens: 110,000, keepRecentTokens: 40,000
• Threshold: 202,800 - 110,000 - 8,000 = 84,800 tokens

The Conflict

1. Session grows past 186K tokens → Pi auto-compaction fires → succeeds → appends compaction entry
2. After Pi compaction, session is ~40-60K tokens (Pi kept only 20K recent)
3. This is below Pi's threshold (186K) so Pi won't fire again
4. But it's above OpenClaw's threshold (84.8K) so OpenClaw tries to compact
5. OpenClaw opens the session file → prepareCompaction() checks if last branch entry is compaction → yes → returns undefined
6. Pi SDK throws "Already compacted" → OpenClaw logs already_compacted_recently
7. Session keeps growing → eventually overflows

Missing Guard

applyPiAutoCompactionGuard() exists but is only invoked for context engines that declare ownsCompaction === true. Safeguard mode has no context engine, so Pi auto-compaction remains active, creating the conflict.

Relevant source:

• selection-C3otDzGD.js:6252 — applies guard only for context engines
• pi-settings-DnGbeiAj.js:62 — guard implementation
• compact-c7yzX715.js — safeguard compaction path (never calls the guard)

Evidence

Session file analysis

• Session: ca5e958f-d6ca-4914-b8e4-76d06a799548.jsonl
• 15 compaction entries in the session (all from Pi auto-compaction)
• Compaction interval: every 4-23 minutes
• File grew to 3.8 MB / 1,357 entries despite 15 compactions

Log evidence (all from Telegram session agent:main:telegram:direct:8089459921)

2026-04-27T11:31:55 outcome=failed reason=already_compacted_recently
2026-04-27T11:46:42 outcome=failed reason=already_compacted_recently
2026-04-27T12:03:15 outcome=failed reason=already_compacted_recently
2026-04-27T12:21:40 outcome=failed reason=already_compacted_recently
2026-04-27T13:07:08 outcome=failed reason=already_compacted_recently
2026-04-27T13:13:36 outcome=failed reason=already_compacted_recently
2026-04-27T13:35:43 outcome=failed reason=already_compacted_recently
2026-04-27T14:00:16 outcome=failed reason=already_compacted_recently
2026-04-27T14:10:48 outcome=failed reason=already_compacted_recently
2026-04-27T14:33:54 outcome=failed reason=already_compacted_recently
2026-04-27T14:55:17 outcome=failed reason=already_compacted_recently
2026-04-27T15:10:08 outcome=failed reason=already_compacted_recently

13 consecutive failures, zero successes over 4 hours. Not a single OpenClaw safeguard compaction succeeded.

Cascading impact

• Stuck sessions (30-120s processing time)
• Context overflow crashes (2 observed)
• Rate limit exhaustion from cascading fallbacks
• sqlite-vec warnings from concurrent stress

Suggested Fix

In the safeguard compaction path (compact-c7yzX715.js), disable Pi SDK auto-compaction when OpenClaw owns the compaction lifecycle:

// After line 825 where applyPiCompactionSettingsFromConfig is called, add:
if (compactionMode === "safeguard") {
    settingsManager.setCompactionEnabled(false);
}

Alternatively, extend applyPiAutoCompactionGuard() to recognize safeguard mode:

function shouldDisablePiAutoCompaction(params) {
    return params.contextEngineInfo?.ownsCompaction === true 
        || params.compactionMode === "safeguard";  // ← Add this
}

Workaround

Users can work around this by using compaction.mode = "off" and relying solely on Pi SDK auto-compaction (with adjusted thresholds), or by using a context engine that declares ownsCompaction.

Severity

High — Safeguard mode is specifically designed to prevent context overflow, but this bug makes it completely ineffective for long-running sessions. The "safeguard" provides a false sense of security while the session grows uncontrolled.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main has a shipped z.ai-specific mitigation, but it still does not disable Pi auto-compaction merely because the effective compaction mode is safeguard, and open PR #73839 still targets this issue with closing syntax.

Reproducibility: yes. Source inspection gives a high-confidence path: configure agents.defaults.compaction.mode = "safeguard" with the legacy or another non-owning context engine and a non-z.ai provider, and current main still leaves Pi auto-compaction enabled because the guard never sees the mode.

Next step
A contributor PR already targets this issue with closing syntax, so a separate ClawSweeper repair lane would duplicate active work.

Review details

Best possible solution:

Land #73839 or an equivalent current-main patch that threads the effective compaction mode into applyPiAutoCompactionGuard across embedded, CLI, and reload paths while preserving the #76056 z.ai-specific guard and adding regression coverage.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection gives a high-confidence path: configure agents.defaults.compaction.mode = "safeguard" with the legacy or another non-owning context engine and a non-z.ai provider, and current main still leaves Pi auto-compaction enabled because the guard never sees the mode.

Is this the best way to solve the issue?

Yes. Extending the existing guard to use the effective compaction mode is the narrow maintainable fix; retrying around already_compacted_recently would leave two compaction owners competing.

What I checked:

• Guard is not mode-aware: applyPiAutoCompactionGuard only checks contextEngineInfo?.ownsCompaction and silentOverflowProneProvider; it has no compactionMode input, so explicit safeguard mode is not enough to disable Pi auto-compaction. (src/agents/pi-settings.ts:178, 95cee64ca6e8)
• Embedded runner omits compaction mode: The embedded run path builds guard args from the active context engine and silent-overflow-prone model detection, then reapplies the same args after DefaultResourceLoader.reload(). (src/agents/pi-embedded-runner/run/attempt.ts:1479, 95cee64ca6e8)
• CLI compaction omits compaction mode: The CLI compaction lifecycle calls the guard with settingsManager and contextEngine.info, but not the configured compaction mode. (src/agents/command/cli-compaction.ts:207, 95cee64ca6e8)
• Safeguard extension is activated separately: buildEmbeddedExtensionFactories turns on the safeguard extension when config mode is safeguard or a provider is configured, independent of the Pi auto-compaction guard. (src/agents/pi-embedded-runner/extensions.ts:126, 95cee64ca6e8)
• Default legacy engine does not own compaction: The built-in legacy context engine declares id, name, and version only; it does not set ownsCompaction, so the existing guard does not disable Pi auto-compaction for legacy safeguard mode unless the provider-specific silent-overflow check also fires. (src/context-engine/legacy.ts:21, 95cee64ca6e8)
• Pi SDK contract supports the conflict shape: The installed package version is 0.71.1; its settings default compaction to enabled with reserve 16384 and keepRecent 20000, and compact() throws Already compacted when prepareCompaction() returns no preparation because the latest entry is a compaction. (package.json:1668, 95cee64ca6e8)

Likely related people:

• @jalehman: CONTRIBUTING routes Compaction and Context Engine to Josh Lehman, and the affected behavior hinges on the ownsCompaction context-engine contract documented and changed in the context-engine feature history. (role: adjacent compaction and context-engine owner; confidence: high; commits: fee91fefceb4; files: CONTRIBUTING.md, src/context-engine/types.ts, src/context-engine/legacy.ts)
• @openperf: PR fix(agents): keep state.messages intact across z.ai-style provider turns in embedded runs #76056 recently changed the same guard/call-site surface to disable Pi auto-compaction for z.ai-style silent-overflow providers, which partially overlaps the reporter's environment but not the explicit safeguard-mode gap. (role: recent adjacent fixer for Pi auto-compaction behavior; confidence: medium; commits: cc8a8f1df1cd; files: src/agents/pi-settings.ts, src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/compact.ts)
• @steipete: Current-line blame in the local checkout points the guard and embedded/CLI call sites to Peter Steinberger's current-main snapshot, and the current main head is also authored by Peter. (role: recent maintainer of affected guard and runner paths; confidence: medium; commits: 0135071833, 95cee64ca6e8; files: src/agents/pi-settings.ts, src/agents/pi-embedded-runner/run/attempt.ts, src/agents/command/cli-compaction.ts)
• @vincentkoc: CONTRIBUTING lists Vincent Koc for Agents, and the provided issue timeline shows Vincent was explicitly routed into this compaction/agent runtime discussion. (role: adjacent agents runtime maintainer; confidence: medium; commits: 4655ee803d27, cb88d751b8fd; files: CONTRIBUTING.md, src/agents/pi-settings.ts, src/agents/pi-embedded-runner/run/attempt.ts)

Remaining risk / open question:

• The reporter's exact z.ai/GLM setup is partially mitigated by fix(agents): keep state.messages intact across z.ai-style provider turns in embedded runs #76056 in v2026.5.2, so validation should distinguish that shipped fix from the remaining explicit safeguard-mode ownership gap.
• I did not run a live long-running Telegram reproduction; the verdict is based on current source, tests, docs, dependency source, and the issue's logged failures.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 95cee64ca6e8.

[LaFleurAdvertising]

Confirming this on a different stack: OpenClaw 2026.5.2 GA + DeepSeek V4 Flash (1M context) via webchat embedded-runtime. Reproduces with both compaction.mode = safeguard AND compaction.mode = default — switching modes does not change the behavior, consistent with the source comment at pi-settings-oSM7KEmJ.js:88: "Default-mode runs against ordinary providers keep Pi's auto-compaction as the existing baseline."

The architectural diagnosis here is correct and applies broadly. On any non-z.ai / non-GLM stack, applyPiAutoCompactionGuard never fires unless a contextEngine plugin claims ownsCompaction=true, so Pi's auto-compaction runs regardless of OpenClaw's compaction.* config.

In our case the symptom presents as compaction firing at ~21% of a 1M context window — Pi's contextWindow view appears to resolve to 200000 via one of the ?? 2e5 / ?? "openai" ?? "gpt-5.5" fallback paths in the gateway when the user's stack doesn't have an OpenAI provider configured.

Several days of troubleshooting on a long-running primary assistant

This issue was the terminal hop in a multi-day single-user investigation. Each suspected culprit was diagnosed, a fix was applied, the symptom persisted, and the next layer surfaced:

1. Queued-message replay loop ([Bug]: Agent loop does not terminate after final response when Queued messages exist in context — causes full task replay #50956) — fixed via messages.queue.mode = steer-backlog. Symptom unchanged.
2. Daily 4 AM session reset rotation — disabled via session.resetByType.direct.mode = idle. Symptom unchanged.
3. Silent retain failure (hooks.allowConversationAccess not opted in by non-bundled plugins post-4.22) — fixed. Hindsight retain restarted.
4. Hindsight 0.5.4 → 0.5.6 upgrade. Symptom unchanged.
5. Webchat assistant-turn drop on compaction (Webchat persistence regression: embedded-runtime turns skip persistCliTurnTranscript causing silent assistant message drops #77518) — confirmed. Fix PR fix(agents): persist embedded-runtime assistant turns in session JSONL #77665 still gated on triage: needs-real-behavior-proof.
6. Compaction safeguard cache-read inflation (Compaction emits empty fallback summary; tokensBefore counts cacheRead, triggering premature compactions on Opus 1M #72964) — switched to default mode. Symptom unchanged. Reverted.
7. maxHistoryShare schema-capped at 0.9 — already at the cap. Cannot raise.
8. Compaction-target fallback to openai/gpt-5.5 → 200K (DEFAULT_CONTEXT_TOKENS = 2e5) — fixed by setting compaction.provider/model explicitly. Symptom unchanged.
9. 14+ other ?? "openai" ?? "gpt-5.5" fallback locations across model-fallback-*, sessions-*, status-*, session-utils-*, commands-registry-*, pi-embedded-*, status.summary-* — worked around by registering a synthetic openai provider aliased to api.deepseek.com (openai-compatible) with contextWindow=1M and params.model: "deepseek-v4-flash" rewriting outgoing calls. Symptom unchanged.
10. agents.defaults.contextTokens = 1000000 backstop added. Symptom unchanged.
11. agent-runner.runtime-DCKwkWFL.js:1444 resolveMemoryFlushContextWindowTokens(...) ?? 2e5 — sister bug to pi-embedded:100-101. Surfaced via source dive. No config-level fix exists.
12. Pi-coding-agent native auto-compaction is the actual gate (this issue) — only disable path is a contextEngine plugin claiming ownsCompaction=true. Lossless-claw appears to be the sole option in the wild.

Stack at the time of diagnosis: OpenClaw 2026.5.2 GA, webchat embedded-runtime, DeepSeek V4 Flash 1M, no OpenAI provider in real use, hindsight-openclaw 0.6.5 in plugins.slots.memory, agents.defaults.compaction set to provider=deepseek model=deepseek-v4-flash mode=safeguard reserveTokens=60000 recentTurnsPreserve=5 maxHistoryShare=0.9.

The broader pattern this user observes

The memory subsystem in OpenClaw has been actively regressing across 4.22 → 5.2 (~April 22 → May 2 2026). Six active-memory bugs filed AND closed on 2026-05-03 alone. Across third-party memory plugins (mem0 #71794, mem9-ai/mem9 #285, memory-lancedb-pro #707, MemOS #1591, hindsight-openclaw 0.6.5 with retainQueuePath silently dropped — vectorize-io/hindsight#1443), the same shape recurs: schema declares a config knob, runtime ignores it; or a fix lands in a release without a coordinated heads-up to plugin authors; or an architectural decision (?? "openai" ?? "gpt-5.5") silently degrades for stacks without that provider.

Daily release cadence + memory-touching changes shipping to stable + no config override for systemic architectural decisions like Pi auto-compaction adds up to the user-visible result that long-lived persistent assistants break on update day, then break again on the day after, with no forward path other than discovering and installing a third-party plugin (lossless-claw) to escape the maintainer's own architectural choice.

Lossless-claw works as a workaround — but it is a workaround

Installing @martian-engineering/lossless-claw via plugins.slots.contextEngine = "lossless-claw" does fix this issue. The plugin claims ownsCompaction=true, which gates Pi's auto-compaction off. That's the only path to relief on 5.2 GA today.

A workaround that requires every affected user to discover a separate ~5k-star community plugin to escape the maintainer's own architectural decision is not a maintained product experience — it is a beta-tester pipeline. The architectural decision documented in pi-settings-oSM7KEmJ.js:85-95 deserves either a config-level override (agents.defaults.compaction.disablePiAuto: true or equivalent) OR a louder migration warning than a buried code comment.

Where this leaves the user

After several days unwinding cascading issues that all turn out to be different facets of "OpenClaw's memory subsystem is unstable on stable releases," this user is openly evaluating two paths:

1. Roll back to OpenClaw 2026.4.21 (a release that worked) and decline future updates until the memory architecture stabilizes.
2. Migrate to an assistant runtime that does not treat the community as beta testers and does not silently break primary user experiences across daily releases on settings the user did not ask to be changed.

Filing this to add weight to #73003 and put on record: the architecture deserves a config-level escape hatch, and memory regressions shipping to stable without coordinated migration warnings is breaking trust.