[Bug]: [core] LINE delivery-recovery sends wrong recipient (lowercased / session-key prefix kept), causing silent push failures

[sungnoone]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

LINE delivery-recovery and post-reply-token push paths emit recipient IDs that LINE rejects (lowercased first character or full session-key prefix kept as to), causing silent push failures while the dashboard reports the message as delivered.

Steps to reproduce

1. Bind a LINE account to an agent in openclaw.json and add the bot to a LINE group.
2. From the group, send the agent a request that takes longer than the LINE reply-token TTL (~60 seconds), e.g. a query that runs a DB lookup and emails the result.
3. The agent run completes and the messaging tool returns "sent"; the dashboard shows the assistant message as delivered.
4. The LINE group receives nothing.
5. Inspect ~/.openclaw/delivery-queue/failed/*.json — the to field is either lowercased (e.g. "cxxx..." instead of "Cxxx...") or contains the full session-key prefix (e.g. "line:group:Cxxx...").
6. Reproduce against the LINE API directly: pushing with a lowercase first character returns HTTP 400 "The property, 'to', in the request body is invalid"; the same call with capital Cxxx... returns HTTP 200.

Expected behavior

The agent's reply should reach the LINE group. The recipient ID passed to the LINE Messaging API should preserve the original casing returned by the inbound webhook (LINE chat IDs are case-sensitive and must start with capital C/U/R), and any session-key prefix such as line:group: should be stripped before being used as to. The inbound webhook → reply path within the reply-token TTL already behaves correctly — trajectory traces show to: "Cxxx..." with capital C — confirming the bug is specific to delivery-recovery and the post-token-expiry push path.

Actual behavior

The reply never arrives in the LINE group. ~/.openclaw/delivery-queue/failed/*.json shows queued payloads with to either lowercased (e.g. "uxxx..." with lowercase u) or set to the raw session-key string (e.g. "line:group:Cxxx..."). Gateway logs show [delivery-recovery] Retry failed for delivery <uuid>: 400 - Bad Request repeated 5 times per payload before they are moved to failed/. Direct curl reproduction confirms LINE returns HTTP 400 for the lowercased recipient and HTTP 200 for the same id with capital C.

OpenClaw version

2026.5.7 (eeef486)

Operating system

Ubuntu (Linux 6.17.0-23-generic, x64)

Install method

npm global

Model

anthropic-vertex/claude-opus-4-7

Provider / routing chain

openclaw -> @openclaw/line plugin (2026.5.7) -> LINE Messaging API

Additional provider/model setup details

Bug is on the channel delivery path, not the model provider path. The LINE plugin (@openclaw/line 2026.5.7) is bundled and configured in openclaw.json under channels.line. Multiple LINE accounts (sub-accounts under the same agent) are configured; the bug reproduces on every account.

Logs, screenshots, and evidence

Sanitized failed delivery payload from ~/.openclaw/delivery-queue/failed/:


{
  "channel": "line",
  "to": "uxxx...",                  // <-- lowercased; LINE expects "U..."
  "accountId": "<account-id>",
  "payloads": [{ "text": "..." }],
  "lastError": "400 - Bad Request"
}


Gateway log excerpt:


[delivery-recovery] Retry failed for delivery <uuid>: 400 - Bad Request
[delivery-recovery] Delivery <uuid> exceeded max retries (5/5) — moving to failed/


Direct LINE API verification (only the case of the first character differs):


# Lowercase first char (what core enqueues) → HTTP 400
curl -X POST https://api.line.me/v2/bot/message/push \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"to":"cxxx...","messages":[{"type":"text","text":"x"}]}'
# {"message":"The property, 'to', in the request body is invalid (line: -, column: -)"}

# Uppercase first char (the actual LINE id) → HTTP 200
curl -X POST https://api.line.me/v2/bot/message/push \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"to":"Cxxx...","messages":[{"type":"text","text":"x"}]}'
# {"sentMessages":[{"id":"...","quoteToken":"..."}]}


The `@openclaw/line` plugin's `normalizeTarget()` (in `markdown-to-line-CCWK6PJh.js`) correctly strips `line:(group|room|user):` prefixes and never mutates case. If every push went through it, neither failure mode would happen — the bug is on the core side, in `delivery-recovery` retries and in session-key → recipient resolution.

Impact and severity

Affected: every LINE account / agent that handles long-running tasks in groups (i.e. anything taking longer than the reply-token TTL of ~60s).
Severity: High — the agent's final reply is silently dropped while the dashboard shows it as delivered, so operators do not realize there is a problem until end users complain.
Frequency: Reproducible on every long-task push observed; we accumulated dozens of failed deliveries over a few weeks across multiple LINE accounts before noticing the pattern.
Consequence: End users in LINE groups never see long-task results (reports, query answers, status updates). Cron failure alerts also vanish, so cron job failures go unnoticed.

Additional information

Not a regression as far as we can tell — observed on 2026.5.7, no known earlier good version since this deployment was set up on 2026.5.x. Workaround in place: an out-of-band script that calls the LINE push API directly with normalized casing, used by agents instead of the built-in messaging tool when the reply token has expired.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still has a credible LINE target-routing bug. The LINE plugin strips line:*: prefixes when its send helpers own the push, but core can still persist/replay raw durable targets and infer a lowercased LINE recipient from session keys, matching the reported silent push failures.

Reproducibility: no. live current-main reproduction was run. Source inspection gives a clear path for the lowercase failure through session-key normalization and cron fallback, while the prefixed queue symptom needs a focused recovery test because the LINE plugin normally strips prefixes before the API call.

Next step
This is a narrow source-reproducible routing bug with clear likely files and no product or config decision required.

Review details

Best possible solution:

Normalize LINE recipients at the channel-owned delivery boundary and avoid reconstructing LINE push targets from lowercased session-key fragments; preserve or reuse case-exact delivery context with focused LINE regression coverage.

Do we have a high-confidence way to reproduce the issue?

No live current-main reproduction was run. Source inspection gives a clear path for the lowercase failure through session-key normalization and cron fallback, while the prefixed queue symptom needs a focused recovery test because the LINE plugin normally strips prefixes before the API call.

Is this the best way to solve the issue?

Yes, the best fix is a narrow routing/normalization repair rather than a new setting. Keep core plugin-agnostic and use channel-owned target normalization or stored case-preserving delivery context, with LINE-specific tests for durable recovery and session-key fallback.

Acceptance criteria:

• pnpm test extensions/line/src/send.test.ts extensions/line/src/channel.sendPayload.test.ts extensions/line/src/bot-message-context.test.ts extensions/line/src/monitor-durable.test.ts extensions/line/src/auto-reply-delivery.test.ts src/agents/tools/cron-tool.test.ts src/infra/outbound/delivery-queue.recovery.test.ts src/infra/outbound/deliver.test.ts
• pnpm check:changed

What I checked:

• LINE push contract: Official LINE docs say group webhooks expose source.groupId/source.roomId, and push-message to must be a userId, groupId, or roomId returned in a webhook event object. (developers.line.biz)
• LINE send strips prefixes but preserves case: Current LINE send code removes line:group:, line:room:, line:user:, and line: prefixes before client.pushMessage({ to: chatId }), without lowercasing the remaining ID. (extensions/line/src/send.ts:55, 256377c029f6)
• LINE inbound durable path uses prefixed address: LINE inbound context builds group addresses such as line:group:<groupId>, and the monitor passes ctxPayload.From into durable reply options and direct auto-reply delivery. (extensions/line/src/bot-message-context.ts:265, 256377c029f6)
• Queue recovery replays stored target: The queue stores params.to verbatim and recovery rebuilds delivery params with to: entry.to; if a lowercased LINE ID reaches the queue, recovery will replay that lowercased value. (src/infra/outbound/delivery-queue-recovery.ts:125, 256377c029f6)
• Session-key fallback can lower-case LINE IDs: buildAgentPeerSessionKey lowercases peer IDs, while cron fallback parses the session-key fragment and assigns it directly to delivery.to, so a LINE C..., U..., or R... target can become lowercase when no current delivery context is available. (src/routing/session-key.ts:210, 256377c029f6)
• Adjacent tests do not cover this LINE case: Current tests cover LINE prefix stripping and a Matrix current-context-over-session-key case, but I did not find a LINE-specific durable recovery or cron/session-key fallback regression for case-sensitive LINE IDs. (src/agents/tools/cron-tool.test.ts:805, 256377c029f6)

Likely related people:

• steipete: Recent GitHub history shows steipete authored the bundled plugin message-lifecycle migration and durable outbound lifecycle commits that touch LINE send/adapters and the delivery queue path. (role: recent area contributor; confidence: high; commits: 05eda57b3c72, 2ead1502c9bf, 538605ff44d2; files: extensions/line/src/send.ts, extensions/line/src/outbound.ts, src/infra/outbound/delivery-queue-recovery.ts)
• Kaspre: Recent history for src/routing/session-key.ts includes cron-run/session-key remapping work by Kaspre, adjacent to the lowercased session-key fallback path involved here. (role: recent session-key contributor; confidence: medium; commits: 7eefb26bc8d8; files: src/routing/session-key.ts, src/sessions/session-key-utils.ts)
• masatohoshino: GitHub history shows masatohoshino contributed the LINE outbound media support that touched LINE send, outbound adapter, and related tests, which are part of the affected channel-owned send boundary. (role: LINE outbound feature contributor; confidence: medium; commits: 9449e54f4ffc; files: extensions/line/src/send.ts, extensions/line/src/outbound.ts, extensions/line/src/channel.sendPayload.test.ts)
• pashpashpash: Current local history shows recent work on message-tool and outbound message-action routing, which is adjacent to post-token/message-tool send paths but not the central LINE/session-key root cause. (role: recent adjacent contributor; confidence: low; commits: 78eb92e62277; files: src/agents/tools/message-tool.ts, src/infra/outbound/message-action-runner.ts)

Remaining risk / open question:

• No live LINE API reproduction or local test run was performed in this read-only review.
• The raw line:group:* value in queue files may be benign when recovery reaches the LINE plugin normalizer; the lowercased session-key fallback is the clearer source-visible failure path.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 256377c029f6.

[steipete]

Fixed on main by #81704 / 8338412.

Proof:

• Codex review: clean after adding the per-peer LINE session-key case.
• Focused test: node scripts/run-vitest.mjs src/agents/tools/cron-tool.test.ts extensions/line/src/send.test.ts, 3 files / 180 tests passed.
• GitHub Real behavior proof passed on dbd2899.

The fix covers lowercased LINE group session keys, per-account LINE DM session keys, and channel-less per-peer LINE DM session keys. LINE push also now rejects lowercased LINE-shaped recipients locally instead of retrying an undeliverable target.