[Bug]: Auto-compaction leaves session JSONL write lock held after timeout, blocking all later Discord turns

[jkoopmann]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

OpenClaw 2026.5.18 can finish an Anthropic/Opus Discord run, enter post-run auto-compaction, and then leave the session JSONL write lock held after the compaction path times out.

After that, every new request in the same Discord channel session waits 60000ms for the session file lock and fails before the agent can reply:

SessionWriteLockTimeoutError: session file locked (timeout 60000ms)

The only observed recovery was a Gateway restart, which removed the live lock state and allowed the channel to accept requests again.

This appears related to existing session-lock/event-loop/compaction reliability reports, but this reproduction is narrower: a successful Opus run is followed by auto-compaction that holds the same session JSONL lock long enough to make all subsequent channel turns fail with no useful in-channel recovery.

Steps to reproduce

1. Run OpenClaw Gateway as a user systemd service with Discord enabled.
2. Use a Discord channel session with Anthropic Opus as the active model.
3. Start a larger file-producing task so the session crosses the auto-compaction threshold.
4. Let the assistant finish the requested work.
5. Observe post-run auto-compaction start for the same session.
6. Send another user request in the same Discord channel while the compaction path is stuck.
7. Observe the new request wait for the existing JSONL lock and fail after 60000ms.

Observed reproduction:

• Discord channel: #mws
• Session key: agent:main:discord:channel:1506258704541159484
• Session file: /home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl
• Lock file: /home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock
• Run id: 7d2170b5-3733-4439-8451-cad42efa577b

The final assistant answer for the original Opus run was written to the JSONL around 2026-05-19T13:33:13.804Z. The session lock was then created immediately after for the same gateway process:

{
  "pid": 963591,
  "createdAt": "2026-05-19T13:33:13.808Z",
  "starttime": 335126537
}

Later user requests in the same channel failed at 13:45, 13:46, and 13:54 UTC while waiting for the same lock.

Expected behavior

Post-run auto-compaction should not leave a live session write lock behind after timeout or abort.

Expected behavior:

• compaction releases the session JSONL lock on success, failure, timeout, or cancellation
• subsequent user turns in the same Discord channel are not blocked by stale in-process compaction state
• if compaction cannot complete, OpenClaw surfaces a recoverable channel/session error
• a Gateway restart should not be required to make the channel usable again
• the stale-lock check should consider both PID and process start time, and should have a cleanup path for locks left by failed compaction

Actual behavior

The original Opus run completed useful work and wrote its final assistant output to the session JSONL.

Immediately afterward, auto-compaction held the session write lock. The compaction path timed out, but the lock remained held by the live Gateway process. New Discord requests in the same channel then failed before an embedded agent could start or reply.

User-visible result:

• Discord typing/traffic stops
• no final or error answer reaches the channel for later requests
• each new request waits about 60 seconds and fails
• the channel remains unusable until Gateway restart

OpenClaw version

OpenClaw 2026.5.18

Operating system

Ubuntu

Install method

npm global

Model

claude-opus-4-7

Provider / routing chain

anthropic/claude-opus-4-7 -> OpenClaw embedded run -> Discord channel session -> post-run auto-compaction

Additional provider/model setup details

Anthropic was used through the normal OpenClaw embedded runner path.

The incident happened after changing Discord group visible replies to automatic delivery to work around a separate message tool argument issue. The write-lock failure is independent of that delivery setting: the failing path is session persistence/auto-compaction before any later assistant reply can be generated.

The same environment also has separate reports for:

• Codex app-server turns stalling after item/completed
• model-generated SendMessage arguments being rejected instead of normalized to message

Those are distinct symptoms. This report is specifically about the session JSONL lock left behind by post-run auto-compaction.

Logs, screenshots, and evidence

Original compaction timeout signal:


May 19 13:43:45 casper node[963591]:
2026-05-19T13:43:45.077+00:00 [agent/embedded]
embedded run timeout reached during compaction; extending deadline:
runId=7d2170b5-3733-4439-8451-cad42efa577b
sessionId=49e71c56-dcbc-40ab-be04-4a92fd2230be
extraMs=900000



May 19 13:44:14 casper node[963591]:
CommandLaneTaskTimeoutError: Command lane "main" task timed out after 930000ms


Subsequent requests failed waiting for the same session JSONL lock:


May 19 13:45:17 casper node[963591]:
2026-05-19T13:45:17.707+00:00 [diagnostic]
lane task error: lane=main durationMs=61155
error="SessionWriteLockTimeoutError: session file locked (timeout 60000ms):
pid=963591 /home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock"



May 19 13:45:17 casper node[963591]:
2026-05-19T13:45:17.712+00:00 [diagnostic]
lane task error: lane=session:agent:main:discord:channel:1506258704541159484 durationMs=61165
error="SessionWriteLockTimeoutError: session file locked (timeout 60000ms):
pid=963591 /home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock"



May 19 13:45:17 casper node[963591]:
Embedded agent failed before reply:
session file locked (timeout 60000ms):
pid=963591 /home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock


The same pattern repeated:


May 19 13:46:27 ... SessionWriteLockTimeoutError ... 49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock
May 19 13:54:04 ... SessionWriteLockTimeoutError ... 49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock


Lock file observed before Gateway restart:


/home/casper/.openclaw/agents/main/sessions/49e71c56-dcbc-40ab-be04-4a92fd2230be.jsonl.lock
mtime: 2026-05-19 13:33:13.807249173 +0000
pid: 963591
createdAt: 2026-05-19T13:33:13.808Z


After a Gateway restart, the lock file was gone and the channel could accept new work again:


LOCK_GONE


Related public issues found:

- https://github.com/openclaw/openclaw/issues/43367 mentions session lock timeouts and detached background work in multi-agent orchestration.
- https://github.com/openclaw/openclaw/issues/75882 mentions gateway stalls, lane waits, file lock timeouts, and missed replies.

Neither is an exact match for this post-run auto-compaction lock leak in a single Discord channel session.

Impact and severity

Severity: High / work-blocking.

Impact:

• the affected Discord channel session becomes unusable
• every new request waits about 60 seconds and fails before reply
• users see no actionable recovery message in the channel
• completed work may exist on disk, but the user receives no reliable completion signal
• the only practical recovery observed is a Gateway restart

Additional information

Immediate workaround:

1. Restart the Gateway cleanly.
2. Verify the affected lock file is gone.
3. Retry work in the channel only after the lock is cleared.

Operational workaround until fixed:

• keep high-context Discord sessions short
• use fresh channel/session context for large site/build tasks before auto-compaction is likely
• split large tasks into smaller turns
• avoid continuing work in a session that is close to compaction/context limits
• monitor for old *.jsonl.lock files in active session directories
• do not manually delete a lock while its owning Gateway PID is still alive unless there is strong evidence the lock is stale and the process is no longer using it
• if the lock owner is the live Gateway process and the channel is blocked, prefer a clean Gateway restart over deleting the lock file

Suggested upstream fix areas:

• ensure session write locks are released in finally blocks around compaction
• add timeout/cancellation cleanup for compaction-held session locks
• make lock diagnostics identify the owning operation, not only the owning PID
• surface a user-visible recovery event when compaction blocks a later interactive turn
• optionally isolate compaction writes from normal interactive turn acquisition so a failed compaction cannot starve new user turns indefinitely

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
This should stay open: the report has concrete runtime evidence from OpenClaw 2026.5.18, and current main still has a plausible source path where Pi auto-compaction runs under the session JSONL write lock while later turns hit the 60s acquisition timeout.

Reproducibility: yes. with medium confidence from source plus report logs: a Pi auto-compaction call is wrapped under the session JSONL write lock, later turns have a 60000ms acquire timeout, and the report shows the same lock owner blocking repeated Discord turns. I did not run a live Opus/Discord reproduction in this read-only review.

Next step
This is a concrete reliability bug with a clear suspected surface, but the repair must be careful about transcript fencing and async compaction cancellation.

Review details

Best possible solution:

Make auto-compaction timeout/abort cleanup release or safely abandon the session write lock with transcript fencing, then add a regression test proving a later turn can acquire the same session lock after a stuck compaction path.

Do we have a high-confidence way to reproduce the issue?

Yes, with medium confidence from source plus report logs: a Pi auto-compaction call is wrapped under the session JSONL write lock, later turns have a 60000ms acquire timeout, and the report shows the same lock owner blocking repeated Discord turns. I did not run a live Opus/Discord reproduction in this read-only review.

Is this the best way to solve the issue?

No patch is proposed yet. The maintainable fix is in the embedded runner/session-lock cleanup path, with tests that simulate a stuck or timed-out compaction and verify the lock is released or safely fenced before the next turn.

Label justifications:

• P1: The reported failure makes a real Discord channel session unusable and drops later replies until Gateway restart.
• impact:message-loss: Later Discord turns fail before the assistant can send a user-visible reply.
• impact:session-state: The problem centers on live session transcript lock state and compaction lifecycle cleanup.

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/attempt.session-lock.test.ts src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts src/agents/session-write-lock.test.ts
• node scripts/run-vitest.mjs

What I checked:

• Issue evidence: The report includes a concrete Discord session key, session file, run id, lock payload with pid/starttime, a compaction grace timeout, a 930000ms command-lane timeout, and repeated later SessionWriteLockTimeoutError failures against the same .jsonl.lock file.
• Session write lock timeout path: Current main defaults session write-lock acquisition to 60000ms and throws SessionWriteLockTimeoutError with the lock owner pid/path when acquisition times out. (src/agents/session-write-lock.ts:39, d0f7c8fa2805)
• Pi compaction is lock-wrapped: The embedded attempt session-lock wrapper installs a lock around session.compact(), and the wrapper releases only after the wrapped compaction call returns or throws. (src/agents/pi-embedded-runner/run/attempt.session-lock.ts:235, d0f7c8fa2805)
• Timeout recovery still reacquires the transcript lock: After releasing the coarse prompt lock, the runner waits for compaction retry with a 60000ms aggregate timeout, marks timedOutDuringCompaction, then later reacquires the session write lock for transcript bookkeeping. (src/agents/pi-embedded-runner/run/attempt.ts:4146, d0f7c8fa2805)
• Lock max-hold can exceed later-turn timeout: The attempt lock max-hold fallback is derived from run timeout plus compaction grace, while docs define compaction.timeoutSeconds default as 900; this can leave a live in-process lock held far longer than a later turn's 60000ms acquire timeout. (src/agents/pi-embedded-runner/run/attempt.ts:2050, d0f7c8fa2805)
• Prior related fixes do not terminally close this narrower report: History shows earlier work on compaction deadlocks, stale lock watchdogs, queued compaction, and bounded compaction retry waits, but this new report is against 2026.5.18 with a narrower post-run Discord auto-compaction lock leak. (src/agents/pi-embedded-runner/run/attempt.ts:4146, 54be30ef89f5)

Likely related people:

• joshavant: Current main blame for the session write-lock, embedded attempt lock controller, compaction path, and timeout handling points to the grafted current-main commit carrying this area. (role: recent area contributor; confidence: medium; commits: eb6dd2c65d11; files: src/agents/session-write-lock.ts, src/agents/pi-embedded-runner/run/attempt.session-lock.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• Michael Verrilli: History includes a focused fix titled 'prevent session lock deadlock on timeout during compaction' in the embedded attempt runner. (role: prior compaction-timeout fix author; confidence: medium; commits: e6f67d5f3150; files: src/agents/pi-embedded-runner/run/attempt.ts)
• Vishal Doshi: History includes the stale session-lock release and watchdog implementation that is central to this lock-leak recovery path. (role: prior session-lock watchdog contributor; confidence: medium; commits: e91a5b021648; files: src/agents/session-write-lock.ts)
• Charles Dusek: History includes the bounded compaction retry wait and embedded-run drain work near the exact timeout path shown in the report. (role: prior compaction retry contributor; confidence: medium; commits: 54be30ef89f5; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.ts)
• vincentkoc: History includes the queued embedded compaction wrapper split, which is adjacent to direct/manual compaction versus in-run auto-compaction ownership. (role: adjacent compaction wrapper contributor; confidence: low; commits: f1c4e2f11daf; files: src/agents/pi-embedded-runner/compact.queued.ts)

Remaining risk / open question:

• A repair must not force-release a lock while Pi or a context engine is still mutating the transcript; it needs cancellation/fencing so transcript state is not corrupted.
• The existing watchdog budget is deliberately tied to long run and compaction timeouts, so the fix needs to restore later-turn progress without breaking legitimate long compactions.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d0f7c8fa2805.

[Suidge]

Additional reproduction: dual-lane parallel write race on Feishu direct session (v2026.5.22)

Another failure mode producing the same SessionWriteLockTimeoutError with identical recovery profile (only Gateway restart clears it).

Setup

• OpenClaw 2026.5.22, macOS (Darwin arm64), LaunchAgent
• Agent: silvermoon, model: deepseek-v4-pro / deepseek-v4-flash
• Session: agent:silvermoon:feishu:direct:ou_8072af0701714ee36e1e66d6690be4d7
• Session file: 31b35f44-3619-49ef-a6d7-eed0db14bd40.jsonl
• maxHoldMs on lock: 1,020,000ms (17 minutes)

Failure sequence

1. User sends message in Feishu DM → triggers an embedded run on lane=session:agent:silvermoon:feishu:direct:…
2. Simultaneously, lane=main initiates a parallel write to the same session file (tool results, context assembly)
3. Both lanes compete for 31b35f44-…jsonl.lock
4. The lane holding the lock does a 60s+ API call; the waiting lane times out at 60,000ms:

   SessionWriteLockTimeoutError: session file locked (timeout 60000ms):
     pid=44536 …/31b35f44-…jsonl.lock
   

5. The lock file survives the timeout — it does not get cleaned up

Key differences from the original compaction-triggered repro

• Trigger is dual-lane contention (session lane + main lane both writing the same session file), not auto-compaction
• Lock maxHoldMs is 1,020,000ms, far exceeding the 60s lane timeout — even if the lane times out, the lock persists
• The lock is owned by the current live PID (44536), so PID-liveness checks pass and cleanStaleLockFiles() skips it

Recovery

• Manual deletion of .lock file restores the session for one turn, but the race reproduces reliably on the next turn
• Only a full Gateway restart permanently clears it

Log evidence

lane task error: lane=main durationMs=60271 error="SessionWriteLockTimeoutError: …"
lane task error: lane=session:agent:silvermoon:feishu:direct:ou_8072… durationMs=60272 error="SessionWriteLockTimeoutError: …"
Embedded agent failed before reply: session file locked (timeout 60000ms): pid=44536 …

This may overlap with the remediation needed for #49603 (boot-time self-PID lock sweep) and #85913 (lane race with EmbeddedAttemptSessionTakeoverError), but the specific pattern here — same-PID dual-lane write timeout leaving a persistent lock — might need its own lock-release logic for lane timeouts.