Codex app-server: long agent replies silently truncated at ~1000-1100 chars (stop=null, aborted=false)

[olegchatgpt401-sys]

Summary

Configured Codex/OAuth agent (gpt-5.5) replies are silently truncated at ~1000–1100 chars when invoked headlessly via openclaw message. The model is not aborted: data.aborted: false, stopReason/finishReason/errorMessage all null, yet assistantTexts[0] ends mid-sentence and the CLI wrapper reports status=timeout.

This is not the webchat DEFAULT_CHUNK_LIMIT = 4000 truncation — the number (1100 vs 4000) and the codepath (codex app-server stdio vs webchat outbound) are different.

Environment

• OpenClaw: 2026.5.18 stable
• Node v22.22.2, Linux 6.8.0 x86_64
• Agent: Codex on OpenAI OAuth (gpt-5.5)
• Channel: direct CLI (openclaw message), not Telegram/Discord

Symptom — last 10 invocations

UTC time	reply chars	aborted	stopReason	errorMessage
2026-05-20 06:28	810	false	null	null
2026-05-20 06:23	455	false	null	null
2026-05-20 06:15	546	false	null	null
2026-05-19 18:50	214 (short, ok)	false	null	null
2026-05-19 18:24	1101	false	null	null
2026-05-19 17:48	1074	false	null	null
2026-05-18 13:19	1009	false	null	null
2026-05-18 06:17	1066	true	null	null

Replies above ~1000 chars cut mid-sentence; replies below complete cleanly.

Reproduction

1. Configure a Codex/OAuth gpt-5.5 agent.
2. Ask for a structured 1700-char reply (five labeled sections, 3–5 sentences each, "do not stop short").
3. Inspect the resulting *.trajectory.jsonl:

import json
for line in open("<session>.trajectory.jsonl"):
    e = json.loads(line)
    if e.get("type") == "model.completed":
        d = e["data"]
        print(d["aborted"], d.get("stopReason"), len(d["assistantTexts"][0]))

Length lands 800–1100 chars; sentence is incomplete; aborted=false, stopReason=None.

Tested on 2026.5.19-beta.2 — worse, not better

Same prompt, same install, gateway restarted:

• 5.18 stable: truncated at 810 chars
• 5.19-beta.2: truncated at 455 chars

Rolled back to 5.18.

What this is NOT

• Not a real timeout (no errorMessage, no codex 5xx).
• Not DEFAULT_CHUNK_LIMIT (different number, different codepath).
• Not auth (PR fix(agents): inject resolved OAuth bearer into boundary-aware embedded streams #73588 is in 5.18; the agent responds, just truncated).
• Not quota (short prompts complete cleanly back-to-back).

Asks

1. Identify the buffer/window capping the codex app-server stdio path at ~1100 chars.
2. Make it configurable, or unbounded.
3. Surface a real stopReason ("buffer_full" / "stream_cutoff") when this happens — currently null makes the internally-inconsistent state hard to detect from the outside.

Full trajectory .jsonl files and additional repros available on request.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep this issue open: the report is recent, detailed, and current source shows a plausible Codex app-server path where completed assistant output can be released as a successful run without a turn/completed terminal event, but I did not establish the exact live gpt-5.5 1000-1100 character cutoff.

Reproducibility: no. high-confidence live reproduction was established. Source and existing tests do show a current-main path that can release assistant text as a successful run without turn/completed, but the exact long-reply cutoff needs live or fixture proof.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Share version, platform, channel/provider, and relevant config details.

Next step
A repair may be narrow, but the current source, tests, and docs show an intentional assistant-output release policy that needs maintainer approval before automation changes it.

Review details

Best possible solution:

Keep the issue open and decide the Codex app-server terminal-event contract; a fix should surface missing or partial terminal output as a timeout or stream-cutoff condition while preserving known-good complete assistant replies.

Do we have a high-confidence way to reproduce the issue?

No high-confidence live reproduction was established. Source and existing tests do show a current-main path that can release assistant text as a successful run without turn/completed, but the exact long-reply cutoff needs live or fixture proof.

Is this the best way to solve the issue?

Unclear. The likely repair is not just adding a buffer knob; maintainers need to decide whether completed assistant items without turn/completed should stay a success fallback, become a diagnosed cutoff, or be retried under specific evidence.

Label changes:

• add P1: The report describes repeated silent truncation of real Codex/OAuth agent replies in a supported direct CLI workflow.
• add impact:message-loss: The affected behavior is lost or truncated assistant message text without an explicit terminal reason.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.
• add clawsweeper:no-new-fix-pr: Current issue advisory state selects this label.
• add clawsweeper:needs-maintainer-review: Current issue advisory state selects this label.
• add clawsweeper:needs-product-decision: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes repeated silent truncation of real Codex/OAuth agent replies in a supported direct CLI workflow.
• impact:message-loss: The affected behavior is lost or truncated assistant message text without an explicit terminal reason.

What I checked:

• Assistant-output release can finish without terminal turn: fireTurnAssistantCompletionIdleRelease records a diagnostic and interrupts Codex best-effort, but then sets completed = true and resolves completion without setting timedOut, aborted, or a prompt error. (extensions/codex/src/app-server/run-attempt.ts:1471, 110042d840bb)
• Timeout path is separate from assistant release path: The real completion-idle timeout path marks timedOut, turnCompletionIdleTimedOut, and projector.markTimedOut(), which the assistant-output release path above does not do. (extensions/codex/src/app-server/run-attempt.ts:1563, 110042d840bb)
• Existing regression test locks the success fallback: Current tests expect an item/completed assistant message with no turn/completed to return aborted: false, timedOut: false, promptError: null, and the assistant text, which makes the requested behavior a contract change rather than a trivial missing branch. (extensions/codex/src/app-server/run-attempt.test.ts:4028, 110042d840bb)
• Docs describe the current release policy: The Codex harness docs say completed agentMessage and pre-tool raw assistant completions release the session lane if Codex goes quiet without turn/completed, while post-tool raw assistant progress waits for turn/completed or the terminal watchdog. Public docs: docs/plugins/codex-harness.md. (docs/plugins/codex-harness.md:555, 110042d840bb)
• No obvious 1KB OpenClaw stdio cap found: The app-server client parse buffer is 1,000,000 characters and trajectory runtime events are bounded at 256 KiB, so the inspected OpenClaw stdio/trajectory code does not explain a hard 1000-1100 character cap by itself. (extensions/codex/src/app-server/client.ts:27, 110042d840bb)
• History provenance is shallow but points at current Codex app-server area: git blame attributes the relevant Codex app-server release and timeout logic in the checked-out history to commit ac28341ebfcc6fb12a1f3f9893f018f49570a75e; the checkout history is grafted, so this is routing evidence, not blame. (extensions/codex/src/app-server/run-attempt.ts:1471, ac28341ebfcc)

Likely related people:

• Ayaan Zaidi: Local blame and log history for the Codex app-server run attempt, event projector, tests, and docs all point to the current grafted commit that introduced the checked-out implementation of this behavior. (role: recent area contributor; confidence: low; commits: ac28341ebfcc; files: extensions/codex/src/app-server/run-attempt.ts, extensions/codex/src/app-server/run-attempt.test.ts, extensions/codex/src/app-server/event-projector.ts)
• openperf: The issue explicitly references the merged Codex OAuth bearer fix as related context; that work touched the adjacent embedded Codex/OAuth streaming boundary even though it does not appear to solve this truncation symptom. (role: adjacent Codex/OAuth contributor; confidence: low; commits: 16fd9a9d5973; files: src/agents/pi-embedded-runner/stream-resolution.ts, src/agents/pi-embedded-runner/stream-resolution.test.ts)

Remaining risk / open question:

• No live Codex/OAuth gpt-5.5 reproduction was run, so the exact upstream event sequence and 1000-1100 character threshold remain unproven.
• Current docs and tests intentionally allow success fallback after completed assistant output without turn/completed; changing it needs maintainer judgment to avoid breaking complete short replies from older app-server behavior.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 110042d840bb.

[olegchatgpt401-sys]

Update: persists in 2026.5.19 stable (one day after submission)

Bumped openclaw 2026.5.18 → 2026.5.19 today (2026-05-21) hoping the changelog "Telegram bridge recovery helper" / channel-hardening line would touch this. Truncation behaviour unchanged.

Tested

• openclaw --version → OpenClaw 2026.5.19 (a185ca2)
• Gateway: reinstalled via openclaw gateway install --force (CLI was on 5.19 but running gateway was stuck on 2026.5.16-beta.7 — separate symptom of [Bug]: openclaw update doesn't update the Gateway — causes silent version skew #20963 family; doctor --fix cleared 791 stale skill symlinks, gateway respawned by supervisor on 5.19)
• All 9 OpenClaw agents short-reply ping: ✅ alive (bers, archivist, razvedchik, planner, scheduler, logic-reviewer, security-reviewer, test-engineer, verifier-adversarial)
• Telegram DM stream end-to-end: ✅ now delivers (the 5.19 recovery helper works for the channel path)
• openclaw agent --agent bers --json --timeout 400 on a 3700-char question expecting >1500 chars reply: same ceiling

New envelope shape (2026.5.19)

{
  "runId": "<uuid>",
  "status": "timeout",
  "result": {
    "payloads": [],
    "meta": {
      "durationMs": 130537,
      "finalAssistantVisibleText": "1. **Verdict: ...** <... 1083 chars then cut mid-word>",
      "stopReason": "stop",
      "livenessState": "blocked",
      "replayInvalid": false,
      "executionTrace": {
        "winnerProvider": "openai-codex",
        "winnerModel": "gpt-5.5",
        "attempts": [{"provider":"openai-codex","model":"gpt-5.5","result":"success","stage":"assistant"}],
        "fallbackUsed": false,
        "runner": "embedded"
      },
      "completion": {"stopReason":"stop","finishReason":"stop"}
    }
  }
}

Session jsonl tail correlates:

{"timestamp":"...:09:54:18Z","type":"event_msg","payload":{
  "type":"turn_aborted","reason":"interrupted","duration_ms":122730
}}

Notable new field

result.meta.livenessState: "blocked" (was not in the original 2026.5.18 envelope shape we reported) — appears to be diagnostic surface added in 5.16-beta+. The combination livenessState=blocked + executionTrace.attempts[0].result=success + top-level status=timeout is internally contradictory for any consumer — the wrapper says we timed out, the trace says the assistant turn succeeded.

Empirical ceiling holds

Across 5.18 / 5.19-beta.2 / 5.19 stable:

• ~1000-1100 chars output OR ~130s wall-clock, whichever first
• Persists across --timeout 60 / 180 / 400 / 600 — the flag has no effect on the cap
• Independent of prompt size (3.7KB vs 11KB briefs both hit the same ceiling)
• Independent of agent (bers, razvedchik both reproduce)

Adjacent observations (file as comments, not separate issues)

1. Post-update gateway version skew — npm install -g openclaw@X.Y.Z updates CLI but leaves the running gateway process on the previous version (matches [Bug]: openclaw update doesn't update the Gateway — causes silent version skew #20963 / Gateway entrypoint mismatch after openclaw update — plist not reinstalled #40811). Required openclaw gateway install --force after npm install to actually pick up 5.19 in the gateway path. This is doc-able rather than a code bug — but the silent skew confused our TG-delivery diagnostic for several hours.

2. 5.19 Telegram bridge recovery (channel delivery) — works as advertised. Messages that were ack'd by the gateway in 5.16-beta.7 but never delivered to the Bers session are now coming through after the gateway respawn on 5.19. No issue here, just a positive confirmation since the changelog item is the only relevant 5.19 entry for our setup.

Ask (unchanged from OP)

If maintainers can either re-open #46049 with this envelope or document the undocumented internal cap, that would unblock our long-reply path. Happy to share the full session jsonl traces or reproducer harness on request.

[olegchatgpt401-sys]

Correction: Telegram path is also affected, in fact worse than agent --json

Apologies — my previous comment ("Telegram DM stream end-to-end: ✅ now delivers") was based on the 5.19 changelog's "Telegram bridge recovery helper" entry and verified incoming message delivery, but I overstated by extrapolating to outbound replies. I did not test outbound long replies through Telegram before posting. We just ran the empirical test and the result is the opposite of what I claimed.

Test setup (2026-05-21 10:37 UTC)

• Same openclaw build as previous comment: 2026.5.19 (a185ca2), gateway respawned via gateway install --force
• User sends a substantive question to the Bers Codex/OAuth agent through Telegram DM (channel telegram:447978456)
• Question expects a multi-paragraph opinion reply, similar shape to direct-API test that produced 1083 chars before being cut
• Session jsonl is monitored in real time

Result

Path	Time-to-abort	Reply chars (visible)	Final outbound delivered?
openclaw agent --json (direct, earlier test)	~130s	1083 (cut mid-word, recoverable from finalAssistantRawText)	Partial — caller sees the truncated text
Telegram DM (this test)	148s	109 (only an initial acknowledgement: "Сейчас подниму свежий контекст...")	❌ None — task_complete.last_agent_message is null, no final_reply_delivered incident entry, user received nothing after the 109-char ack

Session evidence

ts=2026-05-21T10:37:22Z   start (channel: telegram:447978456)
ts=2026-05-21T10:37:29Z   assistant message #1: 109 chars (initial ack)
ts=2026-05-21T10:37:29Z   reasoning chunks begin (Bers reading workspace files for context)
ts=...                     ~140s of encrypted reasoning items; no further assistant message events
ts=2026-05-21T10:39:50Z   event_msg / turn_aborted / reason=interrupted / duration_ms=148020
                          task_complete.last_agent_message: NONE
                          incident_log: no final_reply_delivered for this turn

Why TG is worse than --json here

When the agent uses workspace tools (file reads / context lookup) before producing the substantive answer, the abort happens during reasoning, i.e. before the final assistant message is emitted at all. So the user gets only the lead-in ack ("let me pull context first") and silence. With agent --json, the assistant typically begins streaming substantive content immediately and we at least recover ~1000 chars in finalAssistantRawText. With TG, there is nothing to flush — the partial state is encrypted reasoning chunks that never become a user-visible message.

So: both transports are affected, and the Telegram path is in some workloads worse, depending on whether the model goes to tools/reasoning before composing the reply.

What 5.19 changelog item did fix on TG

The "Telegram bridge recovery helper" line in 5.19 fixed the incoming direction: messages from the user that the gateway acknowledged on 5.16-beta.7 but never delivered into the Bers session now reach the agent on 5.19. That part is genuinely improved; my earlier check confirmed it via session creation timing. The bug is in the outbound completion — same root cap as agent --json, but with a worse failure mode because there is no envelope to recover from.

Updated ask

Could maintainers also consider the channel-delivery path (Telegram) as part of the same investigation? Specifically:

1. If the wrapper cap fires while the agent is in reasoning / tool-use phase, is there any code path that flushes the partial state to the TG channel as a final user-visible message? (Currently it appears not — only the acknowledgement that was streamed before reasoning began reaches the user.)
2. Same --timeout question as in OP, but for channel-delivered agents — is there an undocumented per-turn cap that supersedes any configured value?

Happy to share the full session jsonl traces or run another reproducer with extra instrumentation if helpful.

[vincentkoc]

Maintainer stack note: keep this issue open and independent for now.

Related context, but not closure evidence:

• fix(codex): preserve streamed command output #83222 fixed command-output preservation for Codex command executions lose streamed output when aggregatedOutput is empty #83199.
• fix(codex): complete dynamic tool diagnostics #83476 fixed dynamic tool diagnostic terminalization for [Bug]: Codex dynamic tool calls can leave sessions stuck as blocked_tool_call #83474.
• fix(codex): make post-tool raw assistant timeout configurable #84135 covers configurable post-tool raw assistant completion idle timeout.
• fix(codex): keep interrupted turns visible-answer eligible #84494 covers interrupted/tool-only turns staying eligible for no-visible-answer recovery.
• Codex app-server: evaluate post-tool raw assistant completion semantics #84137 should remain the semantics/subagent-handoff follow-up hub.

This issue is still a different observable: long replies truncate or fail to deliver with contradictory success/timeout/liveness metadata. The stack above may reduce some stuck-turn outcomes, but none of those patches proves the ~1000-1100 char / ~130s cap or the Telegram outbound no-final-reply path is fixed.

Additional Linux VM environment context from a reporter, redacted before posting publicly: Kali rolling x86_64, kernel 6.19, Node 22.22.0, pnpm 11.1.0, Docker available, Docker Compose missing, 4 cores, 7.8 GiB RAM. Host and local username intentionally omitted.

Recommended next proof: capture the Codex app-server event sequence around the cutoff, especially agentMessage/rawResponseItem/turn/completed, the wrapper timeout source, and whether the final visible text is absent because no assistant item was emitted or because emitted text was capped downstream.