2026.5.12: session recovery can split-brain when CLI runs under Codex HOME shadow state

[chac4l]

Summary

We hit a production incident that started with the same Telegram/Codex stall symptoms tracked in #82274, but recovery exposed a separate state-path bug:

When OpenClaw CLI/session recovery is run from an agent/Codex environment whose HOME points at an isolated Codex home, session commands can read/write a shadow OpenClaw state tree instead of the gateway's real per-agent session store. The operator thinks sessions were reset, but the running gateway continues reading the canonical store and agents remain stuck in typing... / status=running.

This creates a nasty recovery split-brain during exactly the failure mode where operators are trying to unstick agents.

Environment

• OpenClaw: 2026.5.12
• Gateway: local systemd root runtime, listening on 127.0.0.1:18789
• Codex CLI/app-server: 0.130.0
• Channel involved: Telegram
• Model path involved: openai/gpt-5.5
• Related upstream incident: 2026.5.12: Telegram isolated-ingress HOL blocking + Codex app-server stalls mid-turn after custom_tool_call_output → 30 min idle timeout #82274

Observed evidence

During the incident the gateway logs showed repeated runtime stalls:

codex app-server turn idle timed out waiting for terminal event
codex app-server client retired after timed-out turn
timeout-compaction
active-memory timeout after 15000ms
before_prompt_build handler from active-memory failed: timed out after 15000ms

A recovery attempt then reset sessions from a CLI/tool context where HOME resolved under the Codex isolated home. That touched a shadow path like:

$OPENCLAW_HOME/agents/<coordinator>/agent/codex-home/home/.openclaw/agents/<target-agent>/sessions/sessions.json

But the running gateway was using the canonical per-agent store:

$OPENCLAW_HOME/agents/<target-agent>/sessions/sessions.json

Result: the shadow store looked reset, while the canonical store still had stale status=running sessions. Only after forcing the recovery with canonical env/path did the stuck agents clear.

Why this is dangerous

• Recovery tools can report success against the wrong state tree.
• A stalled agent lane can survive an apparent reset.
• Operators can create multiple divergent session histories for the same agent.
• The failure mode is easy to trigger from ACP/Codex launcher contexts because HOME is intentionally isolated.

Local mitigation applied

We mitigated by:

1. Backing up the shadow session directories.
2. Replacing the shadow codex-home/home/.openclaw/agents/<agent>/sessions directories with symlinks to the canonical $OPENCLAW_HOME/agents/<agent>/sessions directories.
3. Running future offline recovery with explicit canonical env:

HOME=/root \
OPENCLAW_CONFIG_DIR=/root/.openclaw \
OPENCLAW_CONFIG_PATH=/root/.openclaw/openclaw.json \
openclaw ...

We also moved compaction/fallback away from the same Codex runtime and tightened active-memory timeouts as local blast-radius reduction, but that does not fix the underlying state-path split.

Expected behavior

OpenClaw should not silently read/write a new state tree just because the process HOME is inside an isolated Codex/ACP home.

At minimum, session/state commands should do one of:

• derive the gateway home/config from OPENCLAW_CONFIG_DIR / OPENCLAW_CONFIG_PATH / the running gateway, not raw ~;
• warn/refuse when ~/.openclaw resolves under agent/*/codex-home/home/.openclaw;
• expose an explicit --home / --config-dir / --store for recovery tools;
• make doctor detect shadow codex-home/home/.openclaw/agents/*/sessions directories and offer a safe repair or warning.

Suggested acceptance criteria

• Running openclaw sessions from a Codex/ACP isolated HOME does not create or mutate a shadow session store by default.
• openclaw doctor detects divergent canonical vs shadow session stores.
• A recovery/reset command prints the exact session store path it will mutate before writing.
• Docs clarify the canonical gateway state path for systemd/root installs and ACP/Codex isolated homes.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Summary
Keep open: current main still has env-derived session-state paths that can point at a Codex-isolated HOME, and I did not find a guard or doctor check for nested Codex shadow session stores.

Reproducibility: yes. from source inspection: without canonical OPENCLAW_STATE_DIR/OPENCLAW_CONFIG_PATH, session-store resolution follows the process HOME and CLI session paths can read or write that derived tree. I did not run a live mutating repro because this review is read-only.

Next step
The source bug is credible, but choosing when recovery commands should warn, refuse, or derive the running Gateway path is a state/recovery UX decision.

Review details

Best possible solution:

Add a shared shadow-state guard and doctor detector: online recovery should use the running Gateway/canonical state, while offline writes should require explicit canonical env or --store and print the target path before mutation.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: without canonical OPENCLAW_STATE_DIR/OPENCLAW_CONFIG_PATH, session-store resolution follows the process HOME and CLI session paths can read or write that derived tree. I did not run a live mutating repro because this review is read-only.

Is this the best way to solve the issue?

Unclear as a product choice: the report gives several viable fixes, and maintainers should choose whether commands warn, refuse, or derive the Gateway state automatically. The narrowest maintainable direction is a shared Codex-shadow detector plus Gateway-first recovery for online writes.

What I checked:

• State dir follows process env: resolveStateDir uses OPENCLAW_STATE_DIR when set, otherwise resolves the default state directory from the effective home, which itself can come from process HOME. (src/config/paths.ts:60, 3de97057d0bc)
• Effective home uses HOME without OpenClaw override: resolveRawHomeDir falls back from OPENCLAW_HOME to HOME/USERPROFILE, so an isolated Codex HOME becomes the default OpenClaw home when no canonical env is supplied. (src/infra/home-dir.ts:24, 3de97057d0bc)
• Default session store is derived from that state dir: When no session.store is configured, resolveStorePath returns resolveAgentSessionsDir(...)/sessions.json, and that directory is rooted in resolveStateDir(env). (src/config/sessions/paths.ts:284, 3de97057d0bc)
• CLI sessions listing reads the resolved store directly: sessionsCommand resolves store targets from the runtime config and calls loadSessionStore(target.storePath) directly, so openclaw sessions can inspect the env-selected shadow store rather than asking the running gateway. (src/commands/sessions.ts:242, 3de97057d0bc)
• Cleanup only partly avoids direct local writes: Non-dry-run cleanup without --store first tries sessions.cleanup over the Gateway, but --store, dry-run, or Gateway transport fallback continues through the local env-derived store target. (src/commands/sessions-cleanup.ts:163, 3de97057d0bc)
• Doctor does not specifically detect nested Codex session shadows: State-integrity doctor computes one active env-derived state/store path and warns about other top-level home .openclaw directories, but the search found no codex-home/home/.openclaw/.../sessions shadow-store detector. (src/commands/doctor-state-integrity.ts:824, 3de97057d0bc)

Likely related people:

• Peter Steinberger: Dominant contributor across the inspected config/session/doctor paths, and blame on the current state-dir and session CLI code points to recent current-main source snapshots. (role: recent area contributor; confidence: medium; commits: 4859edd9f83d, f066dd2f31c2; files: src/config/paths.ts, src/config/sessions/paths.ts, src/commands/sessions.ts)
• Tak Hoffman: Recent history on gateway session reset preservation and transcript path handling is directly adjacent to recovery/reset behavior. (role: recent session-reset contributor; confidence: medium; commits: fa56682b3ced, 0235cca58a3f, 22f9c19a3904; files: src/gateway/session-reset-service.ts, src/gateway/server-methods/sessions.ts)
• B: Auth doctor history includes a Codex-shadow warning change, which is adjacent to the requested doctor detection work even though it does not cover session stores. (role: adjacent doctor-shadow contributor; confidence: low; commits: 505001754301; files: src/commands/doctor/shared/stale-oauth-profile-shadows.ts, docs/gateway/doctor.md)

Remaining risk / open question:

• The issue body does not name the exact recovery command that wrote the shadow store, so the full fix likely needs an audit of all session reset/delete/cleanup entry points, not only openclaw sessions and cleanup.
• No live gateway plus Codex-HOME reproduction was run in this read-only review; the reproduction confidence comes from source-path inspection and the provided production incident notes.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3de97057d0bc.