[Bug]: Embedded agent failover treats session-file mutation as model failure and exhausts all fallbacks

[jsompis]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

OpenClaw 2026.5.16-beta.6 can fail an embedded agent turn before replying when the active session JSONL changes while the embedded prompt lock is released. The failure is classified as a model/candidate failure, so the same local session-file mutation is retried across unrelated fallback models. This exhausts the fallback chain and surfaces as “All models failed”, even though the first two failures are not provider/model failures.

Steps to reproduce

1. Use a long-lived embedded agent session with automatic context/maintenance activity enabled.
2. Trigger an embedded agent turn on the active main session.
3. While the embedded prompt lock is released, allow a local process such as context compaction, maintenance, memory sync, or another gateway write path to append/update the same session JSONL file.
4. Observe model fallback behavior for the turn.

Expected behavior

A local session takeover/session-file mutation should be treated as a runtime coordination failure, not as a model failure.

The system should either:

• abort the current turn with a clear non-model error and avoid consuming fallback models, or
• restart/rebase the turn safely after re-reading the updated session state, if that is supported.

Fallback should be reserved for provider/model failures such as timeout, rate limit, auth, or provider runtime errors.

Actual behavior

The embedded run fails before reply with All models failed. The same session-file mutation is counted against multiple model candidates:

• openai/gpt-5.5 fails with: session file changed while embedded prompt lock was released
• claude-bridge/claude-opus-4-7 fails with the same local session-file mutation
• google/gemini-3.1-pro-preview then times out

The user sees a generic model-chain failure even though the primary cause is local session state changing underneath the embedded run.

OpenClaw version

2026.5.16-beta6

Operating system

macOS 26.5

Install method

npm global

Model

openai/gpt-5.5

Provider / routing chain

openclaw->openai/gpt-5.5

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

Severity: High for interactive reliability.

Impact:

• User-facing turns fail before any assistant reply.
• Fallback models are wasted on a non-model local coordination error.
• The final error message misleads operators toward provider/model diagnosis instead of session lock/session mutation handling.
• Repeated occurrences make long-lived or maintenance-heavy sessions unreliable.
• This can mask the true cause when the last fallback happens to time out, because the final surfaced error is All models failed rather than a deterministic session takeover error.

Suggested direction:

• Classify EmbeddedAttemptSessionTakeoverError/session-file mutation as a non-provider runtime coordination error.
• Do not count this error against model fallback candidates.
• Either fail fast with a clear session-concurrency message or retry only after safely rebuilding prompt/context from the updated session file.

Additional information

Environment

• Product: OpenClaw
• Version observed in gateway/session UI: 2026.5.16-beta.6
• Host: macOS 26.5
• Node runtime in logs: node 24.15.0
• Main session key: agent:main:main
• Affected session file: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl
• Models/fallback chain observed: openai/gpt-5.5 -> claude-bridge/claude-opus-4-7 -> google/gemini-3.1-pro-preview

Logs, screenshots, and evidence

Gateway log evidence from /tmp/openclaw/openclaw-2026-05-18.log showed repeated occurrences of this error pattern. A local grep found 61 occurrences of:

session file changed while embedded prompt lock was released

Concrete user-visible failure at 2026-05-18T14:09:40.850+07:00:

Embedded agent failed before reply: All models failed (3): openai/gpt-5.5: session file changed while embedded prompt lock was released: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl (unknown) | claude-bridge/claude-opus-4-7: session file changed while embedded prompt lock was released: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl (unknown) | google/gemini-3.1-pro-preview: LLM idle timeout (120s): no response from model (timeout) | LLM request timed out.

Nearby diagnostic/fallback evidence showed the same local session mutation being recorded as model fallback candidate failures:

lane task error: lane=main durationMs=36956 error="EmbeddedAttemptSessionTakeoverError: session file changed while embedded prompt lock was released: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl"

model_fallback_decision: candidate_failed, candidate=openai/gpt-5.5, errorPreview="session file changed while embedded prompt lock was released: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl", fallbackStepFinalOutcome="next_fallback"

model_fallback_decision: candidate_failed, candidate=claude-bridge/claude-opus-4-7, errorPreview="session file changed while embedded prompt lock was released: /Users/sompisjunsui/.openclaw/agents/main/sessions/67ebbe47-a99f-4eec-9524-728658b5f6a2.jsonl", fallbackStepFinalOutcome="next_fallback"

model_fallback_decision: candidate_failed, candidate=google/gemini-3.1-pro-preview, reason="timeout", errorPreview="LLM idle timeout (120s): no response from model", fallbackStepFinalOutcome="chain_exhausted"

Additional context from nearby logs:

• lossless-claw/context maintenance was active around the same session.
• The session file was below the auto-rotate size threshold, so this was not simply a large-file rotation case.
• The same session path appears consistently across the failed candidates.

Workaround

Rollback to 2026.5.16-beta5

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: current main still lets embedded session-file takeover errors pass through model fallback as unknown candidate failures, so a local session mutation can consume unrelated fallback models despite the documented failover boundary.

Reproducibility: yes. at source level: current tests prove the session-file mutation throws EmbeddedAttemptSessionTakeoverError, and current fallback code continues unknown non-last errors to the next candidate. I did not establish a full live gateway reproduction in this read-only review.

Next step
This is a narrow, source-proven regression in embedded attempt and fallback error classification with clear implementation and validation targets.

Review details

Best possible solution:

Add a narrow non-model abort path for embedded session takeover errors, fail fast with a clear session-concurrency message, and cover it without changing normal provider fallback for genuine unclassified provider errors.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: current tests prove the session-file mutation throws EmbeddedAttemptSessionTakeoverError, and current fallback code continues unknown non-last errors to the next candidate. I did not establish a full live gateway reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, the best first fix is a narrow fail-fast/non-failover classification for this coordination error. Re-reading and rebasing the turn would be broader product behavior and should not be required to fix the regression.

Label justifications:

• P1: This is a reported regression that can fail an interactive embedded-agent turn before any reply and waste the configured model fallback chain.
• impact:session-state: The failure is triggered by active session JSONL mutation while the embedded attempt has released its prompt lock.
• impact:auth-provider: The observable bug is in model fallback/routing classification, where a non-provider session coordination error is counted against provider/model candidates.

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/model-fallback.test.ts
• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/attempt.session-lock.test.ts
• node scripts/run-vitest.mjs src/agents/model-fallback.run-embedded.e2e.test.ts

What I checked:

• Session takeover source: Current main defines EmbeddedAttemptSessionTakeoverError with the reported message when the embedded session file changes while the prompt lock is released. (src/agents/pi-embedded-runner/run/attempt.session-lock.ts:167, 4a1745281ec7)
• Takeover throw path: The embedded lock controller fingerprints the session file before releasing the lock and throws EmbeddedAttemptSessionTakeoverError when the fingerprint differs after reacquiring the lock. (src/agents/pi-embedded-runner/run/attempt.session-lock.ts:280, 4a1745281ec7)
• Fallback current behavior: runWithModelFallback normalizes errors, rethrows only selected non-retryable classes, and records non-last unrecognized errors as candidate_failed before continuing to the next candidate. (src/agents/model-fallback.ts:1217, 4a1745281ec7)
• Missing non-model classification: Failover classification has special handling to keep session write-lock timeouts out of timeout failover classification, but it does not recognize EmbeddedAttemptSessionTakeoverError. (src/agents/failover-error.ts:218, 4a1745281ec7)
• Existing source-level reproduction pieces: Tests already prove a post-prompt session-file append throws EmbeddedAttemptSessionTakeoverError, while model-fallback tests prove an unknown first-candidate error continues to the next fallback. (src/agents/pi-embedded-runner/run/attempt.session-lock.test.ts:159, 4a1745281ec7)
• Documented fallback boundary: The model failover docs say OpenClaw advances only on failover-worthy errors and records provider/model failure reasons such as rate_limit, overloaded, billing, auth, and model_not_found. Public docs: docs/concepts/model-failover.md. (docs/concepts/model-failover.md:31, 4a1745281ec7)

Likely related people:

• Vincent Koc: Current blame for the embedded session takeover error, fingerprint fence, and related current-main agent files points to Vincent's recent commits. (role: recent area contributor; confidence: medium; commits: 2bf5e5f20d9f, 4a1745281ec7; files: src/agents/pi-embedded-runner/run/attempt.session-lock.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• Sid-Qin: Commit 156f13a introduced the intentional behavior that unrecognized provider errors continue through the fallback chain, which this fix must preserve while excluding session takeover errors. (role: fallback behavior contributor; confidence: medium; commits: 156f13aa64cd; files: src/agents/model-fallback.ts, src/agents/model-fallback.test.ts)

Remaining risk / open question:

• A broad fix could regress the intended unrecognized-provider-error fallback behavior introduced by 156f13a; the new non-retryable path should target embedded session takeover/session-lock coordination errors only.
• I did not run a live macOS gateway reproduction; the current-main source and existing tests provide a high-confidence code-path reproduction.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 4a1745281ec7.

[steipete]

Fixed on main by #83550 / 6a5a135.

The fix makes direct embedded session takeover / session write-lock coordination failures abort the fallback chain immediately, while preserving provider-classified fallback metadata when those coordination errors are only nested under an actual provider failure. Regression coverage was added for both direct coordination errors and provider 429 wrappers, and CI passed on the merged head.