Message pipeline has two major performance bottlenecks (auth 6.2s, fixed overhead 16s)

[hongfangsong]

Bug Report: Message pipeline has two major performance bottlenecks (auth 6.2s, fixed overhead 16s)

Environment

• OpenClaw version: 2026.4.29
• Model: MiniMax-M2.7
• Network: WiFi (GPON) — baseline 0.1-0.14s Feishu API latency

Description

During message pipeline profiling, two major bottlenecks were identified:

1. Authentication: 6.2 seconds (per message)

Every single message requires re-authentication to the LLM provider. During this 6.2s window, the model does no processing at all — it's purely waiting for auth to complete.

Impact: ~15-20% of total message time is wasted on authentication.

2. Fixed overhead: 16.4 seconds (system-prompt + core-plugin-tools)

• core-plugin-tools: 7.8s
• system-prompt: 8.6s
• Combined: 16.4s of fixed overhead that does not scale with message content

This overhead is incurred regardless of message length, complexity, or session warmth.

Impact: Even for simple hi messages, minimum ~20s+ total processing time just from auth + fixed overhead.

Observed Timings (WiFi baseline, Feishu API at 0.1-0.14s)

Pipeline Stage	Duration
auth	6.2s
core-plugin-tools	7.8s
system-prompt	8.6s
stream-setup	8.7s
model-resolution	minimal
Total baseline	~45s

Root Cause Hypothesis

1. Auth bottleneck: Token/credential refresh happens on every request instead of being cached/reused. No connection pooling or token caching layer.

2. Fixed overhead: core-plugin-tools + system-prompt suggest per-message initialization that loads plugins and context from scratch each time, rather than maintaining warm state between messages.

Expected Behavior

1. Auth should be cached: Authentication tokens should be reused across messages. If a token is valid, don't re-authenticate. Target: < 0.5s per message for auth.

2. System prompt should be cached: For active sessions, the system prompt should be computed once and cached in memory, not rebuilt on every message. Target: < 1s for cached sessions.

3. Plugin initialization should be deferred: Core plugins should be initialized once on startup, not on every message.

Potential Impact

Current: ~45s minimum per message
Target: < 5s for simple messages (by eliminating auth cache miss + reducing fixed overhead)

Suggested Fixes

For auth (6.2s → <0.5s):

• Implement token caching with TTL-based refresh
• Use connection keep-alive for LLM API calls
• Batch auth operations where possible

For fixed overhead (16.4s → <2s):

• Implement session-level system prompt caching
• Defer plugin initialization to startup, not per-message
• Add session warm-up step that pre-computes common context

Additional Context

The 4G→WiFi migration already reduced Feishu API latency from 1.79s → 0.14s (92% improvement), but total message time didn't improve proportionally because auth (6.2s) and fixed overhead (16.4s) remain as dominant factors.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open. Current main has partial post-release improvements for stable system-prompt prefix caching and plugin tool descriptors, but the embedded runner still initializes auth per run and no MiniMax runtime-auth reuse path proves the reported 6.2s auth bottleneck is solved.

Reproducibility: Partial, not high confidence. The reported stage names map to current embedded-run telemetry, but the issue lacks raw trace logs/config and I did not run a live MiniMax-M2.7/Feishu message to reproduce the exact timings.

Next step
The report is plausible but not a safe autonomous fix yet because it needs current-main live profiling and auth/session-cache design before code boundaries are clear.

Review details

Best possible solution:

Capture the same stage trace on current main, then split fixes into durable provider/session auth reuse and any remaining generic prompt/tool hot paths without adding MiniMax-specific policy to core.

Do we have a high-confidence way to reproduce the issue?

Partial, not high confidence. The reported stage names map to current embedded-run telemetry, but the issue lacks raw trace logs/config and I did not run a live MiniMax-M2.7/Feishu message to reproduce the exact timings.

Is this the best way to solve the issue?

Unclear. Stable prompt-prefix caching and plugin descriptor caching are useful partial steps, but the auth proposal needs a narrower design that preserves OAuth expiry, profile rotation, provider runtime hooks, and plugin disablement behavior.

Acceptance criteria:

• Capture a live MiniMax-M2.7/Feishu message trace on current main and compare auth, core-plugin-tools, system-prompt, and stream-setup timings against the report.
• For a later targeted fix, run pnpm test src/agents/pi-embedded-runner/run/auth-controller.test.ts src/agents/pi-embedded-runner/run/attempt-stage-timing.test.ts src/agents/system-prompt.test.ts src/plugins/tools.optional.test.ts or the narrowed touched-surface equivalent.
• If auth reuse changes provider runtime hooks or module boundaries, run the changed gate in Testbox per repository policy.

What I checked:

• Auth still runs in startup path: The embedded runner calls initializeAuthProfile() before marking the startup auth stage, so auth initialization remains part of each embedded run startup. (src/agents/pi-embedded-runner/run.ts:713, 829364f85e4c)
• Runtime auth state is run-scoped: The runner stops the runtime auth refresh timer in final cleanup, which does not prove durable cross-message auth reuse. (src/agents/pi-embedded-runner/run.ts:2613, 829364f85e4c)
• Auth controller resolves and prepares credentials during initialization: initializeAuthProfile() reaches getApiKeyForModel() and prepareRuntimeAuthForModel() through applyApiKeyInfo(), then stores a runtime API key for the current run. (src/agents/pi-embedded-runner/run/auth-controller.ts:349, 829364f85e4c)
• Core tool and prompt prep are still per-attempt stages: Each attempt constructs OpenClaw coding tools, marks core-plugin-tools, later marks system-prompt, and only then reaches stream-setup. (src/agents/pi-embedded-runner/run/attempt.ts:936, 829364f85e4c)
• System prompt caching is partial: Current main caches a stable prompt prefix and inserts a cache boundary, while dynamic project context is appended below that boundary. (src/agents/system-prompt.ts:800, 829364f85e4c)
• MiniMax registration lacks a visible runtime auth exchange hook: The MiniMax provider hooks include replay, fast-stream, and reasoning output hooks; rg found no prepareRuntimeAuth implementation under extensions/minimax. (extensions/minimax/provider-registration.ts:46, 829364f85e4c)

Likely related people:

• @steipete: Recent current-main commits touch the system prompt cache, session write-lock/runtime startup area, and adjacent embedded runner tests involved in this latency path. (role: recent maintainer of embedded runner and prompt preparation; confidence: high; commits: 0f16edf329a9, f7ed29e11812, 829364f85e4c; files: src/agents/system-prompt.ts, src/agents/pi-embedded-runner/run.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• @simonusa: Recent work classified tool-execution timeouts and skipped retry paths in the same runner area, relevant to separating fixed prep overhead from model/tool latency. (role: recent adjacent embedded-runner maintainer; confidence: medium; commits: 2605490dbd30, 8996161e992a, fbad17bf4f33; files: src/agents/pi-embedded-runner/run.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• Ayaan Zaidi: History shows prior work preserving embedded auth on HTTP fallback and recent commits/merges around the runner paths touched by auth and retry behavior. (role: adjacent auth/runtime maintainer; confidence: medium; commits: 5e8db468ff03, 731f640bca0a, f842f518cd83; files: src/agents/pi-embedded-runner/run.ts, src/agents/pi-embedded-runner/run/attempt.ts)

Remaining risk / open question:

• No live MiniMax-M2.7/Feishu trace was run against current main, so the exact 6.2s auth and 16.4s fixed-overhead numbers remain unverified.
• A durable auth cache needs careful handling of OAuth expiry, profile rotation, provider hooks, cooldown/failover behavior, and run cleanup semantics.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 829364f85e4c.

[lpietrzak83]

I see the same issue

[BunsDev]

Thanks for the detailed report and profiling here, @hongfangsong — it helped connect this symptom to the broader WebUI/runtime latency cluster.

PR #76277 is now tracking the fix for this issue. It reduces redundant Control UI session reloads on message-phase updates, carries known session keys through transcript update events so Gateway hot paths can skip extra lookup work, and makes explicit media provider resolution lazy so reply startup does less unnecessary work.

The PR branch has been cleaned up to a single verified commit and CI is running/green on the relevant fast checks so far. We'll close this out when #76277 lands. Appreciate the careful report.

[BunsDev]

Landed in #76277 via verified merge commit 05c9492. Thanks again for the careful report and profiling details — they helped us connect the latency symptoms across the Control UI session reload path, transcript update handling, and media provider discovery hot paths. Closing this as fixed in main.