[Bug]: session_status leaks stale model identity via current alias and cached last-run model

[sene1337]

Summary

session_status({"sessionKey":"current"}) can report the wrong model identity because two separate registry/session-resolution problems compound:

1. "current" can resolve to a legacy per-channel direct session instead of the embedded run's actual live session.
2. Even when the correct live session is selected, session_status reads the cached sessions.json model field, which behaves like a last-run/last-fallback model stamp, instead of lazily resolving the current model intent from modelOverride / agent defaults.

The visible failure mode is that the assistant reports an older/fallback model such as gpt-5.4, while openclaw status and the actual live lane show the current intended model as gpt-5.5.

Environment

• OpenClaw: 2026.5.2 (8b2a6e5)
• Runtime: Node v22.22.0
• OS: Darwin 25.4.0 arm64
• Channel: Telegram direct embedded agent session
• Live lane provider/model: openai-codex/gpt-5.5
• Auth mode: Codex OAuth (openai-codex:<email>)

Registry snapshot

At the time of failure, ~/.openclaw/agents/main/sessions/sessions.json contained multiple session keys for the same agent/user lane:

sessionKey: agent:main:main
sessionId: 5e94482f-…
model: gpt-5.4
modelOverride: gpt-5.5
lastInteractionAt: live/current turn
deliveryContext: { channel: "telegram", to: "telegram:<chat_id>" }

sessionKey: agent:main:telegram:default:direct:<chat_id>
sessionId: c2c4115c-…
model: gpt-5.4
modelOverride: absent
lastInteractionAt: stale / ~30h old
deliveryContext: { channel: "telegram", to: "telegram:<chat_id>" }

sessionKey: agent:main:cron:d6fd5498-…
sessionId: 6a3933bd-…
model: gpt-5.3-codex
modelOverride: absent
lastInteractionAt: recent cron tick
deliveryContext: null

Two important details:

• The legacy agent:main:telegram:default:direct:<chat_id> entry appears to be a zombie from before the merged-session model. It was stale but still eligible for the "current" alias path.
• The live agent:main:main entry also had model: gpt-5.4 while modelOverride: gpt-5.5, so even resolving the right session could still return the wrong model identity.

Reproduction

Defect A — "current" resolves to a legacy direct session

1. Run OpenClaw 2026.5.2 with agents.list[id="main"].model.primary = "openai-codex/gpt-5.5" and Telegram configured.
2. Ensure the session registry contains both:
   • agent:main:main as the active merged/live session
   • a stale agent:main:telegram:default:direct:<chat_id> legacy session with an older cached model
3. From inside the agent, call:

{"sessionKey":"current"}

via the session_status tool.

4. Observe that session_status reports the stale legacy direct session's metadata instead of the embedded run's actual live session.

Defect B — the live session's model field is last-run/stamped, not current intent

1. Remove or ignore the stale legacy direct session so "current" resolves to agent:main:main.
2. Ensure the live session entry has:

model: gpt-5.4
modelOverride: gpt-5.5

This can happen after a lane fallback: the cached model field is stamped at the model actually used by the most recent completed run.

3. Call session_status({"sessionKey":"current"}) again.
4. Observe that the tool reports gpt-5.4, even though the session's own modelOverride and next intended lane model are gpt-5.5.

Observed behavior

In the live session transcript:

21:38:26 user: "what model are you using"
21:38:29 agent: session_status({"sessionKey":"current"}) -> reports gpt-5.4
21:39:05 user provides openclaw status screenshot showing agent:main:main -> gpt-5.5
21:39:19 agent: session_status({"sessionKey":"current"}) -> still reports gpt-5.4
21:40:54 agent identifies two sessions:
         - agent:main:telegram:default:direct:<chat_id> -> gpt-5.4
         - agent:main:main -> gpt-5.5

The assistant eventually self-corrected only after comparing explicit session keys. Without user pushback, the session_status tool surface kept reinforcing the wrong answer.

Expected behavior

session_status({"sessionKey":"current"}) should resolve "current" to the session/lane in which the calling embedded run is executing, not to a stale legacy per-channel direct session.

For the model field, the tool should report the current resolved model intent for that session/lane — e.g. modelOverride / agent default resolution — not a cached last-run or last-fallback model value.

If OpenClaw wants to retain last execution metadata, that should be exposed separately, e.g. lastRunModel, rather than overloading model in a way that makes status/introspection lie.

Suggested fix direction

These can land independently:

1. Tie session_status "current" to the running embedded run's session key.
   The embedded run already knows the lane/session it is executing in. Pass that through instead of re-running channel/direct lookup.

2. Lazy-resolve current model identity on read.
   When session_status reports a session's current model, resolve from the agent config / modelOverride chain at read time. Treat the cached model field as execution history or rename it to lastRunModel.

3. Registry hygiene for legacy direct sessions.
   On gateway start, prune or merge stale agent:<id>:<channel>:<account>:direct:<chat_id> entries when agent:<id>:main now owns the same deliveryContext.to.

Local mitigation applied

A local cleanup was applied to confirm the diagnosis:

1. Deleted the zombie agent:main:telegram:default:direct:<chat_id> entry from sessions.json.
2. Aligned the live agent:main:main entry's model with its modelOverride (gpt-5.4 -> gpt-5.5).

This mitigates the local symptom, but it is not an upstream fix. Any user upgraded across the merged-session boundary may still hit Defect A, and any agent that has a lane fail over may still hit Defect B.

Related issues

• Heartbeat model leaks into user session status/runtime model #74217 — heartbeat model leaks into user session status/runtime model
• [Bug]: Control UI webchat routes user input into :heartbeat-suffixed session when main session is pruned #75203 — Control UI webchat routes user input into :heartbeat-suffixed session when main session is pruned
• [Bug]: Context overflow reset can map sessionFile to nonexistent transcript, orphaning real session history #75151 — context-overflow reset can map sessionFile to nonexistent transcript
• Heartbeat per-turn model override persists after turn completes (2026.4.29) #75452 — heartbeat per-turn model override persists after turn completes

[clawsweeper]

Thanks for the context here. I swept through the related work, and this is now duplicate or superseded.

Close as superseded: current main has already fixed the stale current alias half, and the remaining selected-model versus last-runtime-model status contract is already tracked by the older open #74217.

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Review details

Best possible solution:

Keep #74217 as the canonical tracker for separating selected model intent from active or last-run runtime model metadata, while preserving the current-main live-session binding from #76995.

Do we have a high-confidence way to reproduce the issue?

Yes for the remaining source-level model-contract behavior: current tests still expect runtime-only stored model fields to drive the selected status card when no override exists. The stale current alias path itself is not reproducible on current main because #76995 added run-session binding coverage.

Is this the best way to solve the issue?

Yes, closing this as superseded is the best cleanup path because the unique stale-alias defect is fixed and the still-open status/model semantics are already centralized in #74217. A new fix should avoid splitting that remaining contract across two issues.

Security review:

Security review: This is issue triage with no proposed patch to review for security or supply-chain impact.

What I checked:

• Live-session alias fixed on current main: Embedded attempts pass runSessionKey when the sandbox/runtime-policy key differs from the real run session key, so Telegram direct sandbox keys no longer have to be treated as the live status target. (src/agents/pi-embedded-runner/run/attempt.ts:887, 9dc3271efbd7)
• current now resolves through runSessionKey: session_status rewrites semantic current to opts.runSessionKey when present, before normal requester alias resolution. (src/agents/tools/session-status-tool.ts:367, 9dc3271efbd7)
• Regression coverage for stale sandbox key: The session-status test covers a Telegram direct sandbox key plus live agent:main:main run key and expects current to resolve to the live run session. (src/agents/openclaw-tools.session-status.test.ts:495, 9dc3271efbd7)
• Fix provenance: Commit 3f732ae is titled fix: session_status 'current' resolves to live run session instead of stale sandbox key (#76708) (#76995) and was committed at 2026-05-04T04:04:43Z; git tag --contains 3f732aee83 returned no shipped tag. (3f732aee83d5)
• Remaining model contract is already tracked: Heartbeat model leaks into user session status/runtime model #74217 covers the same remaining status-contract problem where persisted runtime model fields make a normal user session appear to use an internal/last-run model when no explicit override exists.
• Current tests still define runtime-only model display: Current regression coverage still expects session_status to use a stored runtime session model as the selected status-card model when no override is set, which is the remaining behavior to settle in Heartbeat model leaks into user session status/runtime model #74217. (src/agents/openclaw-tools.session-status.test.ts:1007, 9dc3271efbd7)

Likely related people:

• Alex Knight: Authored the current-main fix that binds session_status semantic current to the live run session key when the sandbox key differs. (role: recent maintainer; confidence: high; commits: 3f732aee83d5; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/tools/session-status-tool.ts, src/agents/openclaw-tools.session-status.test.ts)
• Bryan Tegomoh, MD, MPH: Prior issue discussion identifies commit f783101 as adding session_status support for sessionKey=current, the alias surface involved here. (role: introduced current alias behavior; confidence: medium; commits: f78310173578; files: src/agents/tools/session-status-tool.ts, src/agents/tools/sessions-resolution.ts, src/agents/openclaw-tools.session-status.test.ts)
• Vincent Koc: Prior issue discussion identifies commit 11318ef as aligning session_status with /status, the shared status/model display path involved in the remaining model contract. (role: status-surface maintainer; confidence: medium; commits: 11318ef9b949; files: src/agents/tools/session-status-tool.ts, src/auto-reply/reply/commands-status.ts)
• Bob: Prior issue discussion identifies commit 380de88 as extracting the shared session status runtime and touching the status text and test paths now involved in model display. (role: shared runtime refactor owner; confidence: medium; commits: 380de88a61de; files: src/agents/tools/session-status-tool.ts, src/status/status-text.ts, src/agents/openclaw-tools.session-status.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9dc3271efbd7.