Bug: sessions_yield can leave parent session transcript lock held, causing subagent completion callback timeout

[XueJourney]

Summary

When a parent run starts a subagent and then calls sessions_yield, the subagent completion callback may fail to resume/write back to the yielded parent session because the parent session transcript lock remains held by the live gateway process.

The observed error is:

session file locked (timeout 60000ms): pid=<gateway-pid> /root/.openclaw/agents/main/sessions/<session-id>.jsonl.lock

This causes subagent completion events/callback messages to be missed by the parent session.

Environment

• OpenClaw package version: 2026.5.22
• Runtime: gateway process, Node v24.15.0
• Repo/package: openclaw/openclaw
• Session transcript directory: /root/.openclaw/agents/main/sessions

What happened

A parent session spawned a subagent and used sessions_yield to wait for completion. After the yield/abort path, the session lock file remained present. The lock payload showed that the owner was the still-running gateway PID, not a dead process:

{
  "pid": <gateway-pid>,
  "createdAt": "2026-05-24T05:04:42.710Z",
  "maxHoldMs": 1020000,
  "starttime": <gateway-starttime>
}

ps confirmed the PID was the active gateway process:

/root/.nvm/versions/node/v24.15.0/bin/node .../openclaw/dist/index.js gateway --port 19000

The affected session transcript ended around a sessions_yield call followed by an assistant message with stopReason: "aborted". After that, subagent completion/resume writes contended on the same .jsonl.lock and timed out after the default 60000ms acquire timeout.

Expected behavior

After sessions_yield causes the parent run to yield/abort for subagent completion, the parent session transcript write lock should be released reliably so that the completion event can be written back to the yielded parent session.

Actual behavior

The gateway process can keep the parent session .jsonl.lock held in-process after the sessions_yield abort path. Since the owner PID is alive and recognized as OpenClaw, other writers do not reclaim the lock. They wait until session.writeLock.acquireTimeoutMs and then fail with SessionWriteLockTimeoutError.

Suspected cause

The lock lifecycle around the embedded attempt controller appears to lack a final unconditional release for all exit paths.

Relevant code areas observed in the built package:

• createEmbeddedAttemptSessionLockController(...)
• releaseForPrompt() / reacquireAfterPrompt()
• the yieldAborted branch for sessions_yield
• acquireForCleanup(...) / cleanupEmbeddedAttemptResources(...)
• session-write-lock watchdog behavior

The current flow appears to allow a lock to be reacquired/held after the prompt abort/yield path, then not released if the run exits through a particular aborted/yielded path. Because maxHoldMs may be extended (observed 1020000ms), the watchdog does not release it before subagent completion callbacks hit the 60000ms acquire timeout.

Suggested fix direction

Add a defensive final-release path to the embedded attempt session lock controller, for example:

1. Add a controller method that releases any currently held lock regardless of whether normal cleanup completed, e.g. forceReleaseHeldLock().
2. Call it from the outer attempt finally block so every abort/error/yield path releases the transcript lock.
3. Ensure sessions_yield transitions to its waiting state only after the parent session write lock has been released.
4. Consider using a shorter/non-run-timeout-derived maxHoldMs for locks held around yield state, since subagent completion needs to write back much sooner than a long run timeout.

Workaround

Avoid sessions_yield for now. Let subagents write results to files or retrieve child results via sessions_history/manual inspection instead of relying on push-back completion into the parent session.

Related issues

This may overlap with or be related to:

• [Bug]: subagent completion spawns a fresh run on the parent's route instead of resuming the yielded session (supersedes #80310) #81490 (subagent completion spawns a fresh run on the parent's route instead of resuming the yielded session)
• Multi-agent orchestration is unstable: concurrent agents add/config overwrites, session-lock failures, and detached child work #43367 (Multi-agent orchestration is unstable... session-lock failures...)

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Latest ClawSweeper review: 2026-05-24 06:23 UTC / May 24, 2026, 2:23 AM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: the report describes a concrete sessions_yield/session-lock failure that is still meaningful on current main, and I did not find a post-release change that fixes the embedded attempt lock lifecycle. It overlaps the broader subagent-yield cluster, but the live-PID parent transcript lock timeout is specific enough to track separately unless maintainers choose a canonical consolidation.

Reproducibility: Do we have a high-confidence way to reproduce the issue? Not live yet; the issue provides concrete runtime lock evidence, and source inspection shows the relevant sessions_yield lock lifecycle and same-process lock contention behavior, but a current-main end-to-end repro still needs to be added.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Share version, platform, channel/provider, and relevant config details.

Next step
A narrow repair attempt is reasonable because the report, docs contract, and current lock lifecycle point to a focused sessions_yield cleanup bug, but the worker must first capture the failing path in a regression test.

Review details

Best possible solution:

Fix the embedded sessions_yield abort/cleanup path so any parent transcript lock reacquired by the attempt is released before yielded-parent completion delivery can contend on it, with regression coverage for a competing in-process completion write.

Do we have a high-confidence way to reproduce the issue?

Do we have a high-confidence way to reproduce the issue? Not live yet; the issue provides concrete runtime lock evidence, and source inspection shows the relevant sessions_yield lock lifecycle and same-process lock contention behavior, but a current-main end-to-end repro still needs to be added.

Is this the best way to solve the issue?

Is this the best way to solve the issue? The suggested defensive final release is a plausible narrow repair, but the best fix should first prove the exact held-lock exit path and release the parent lock before yield completion delivery rather than relying only on a shorter maxHoldMs.

Label changes:

• add P1: A yielded parent can miss subagent completion callbacks and remain stuck in an automated orchestration workflow.
• add impact:message-loss: The observed timeout prevents subagent completion callback messages from being written back to the parent session.
• add impact:session-state: The report is about parent session transcript lock state surviving a sessions_yield abort path.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.

Label justifications:

• P1: A yielded parent can miss subagent completion callbacks and remain stuck in an automated orchestration workflow.
• impact:session-state: The report is about parent session transcript lock state surviving a sessions_yield abort path.
• impact:message-loss: The observed timeout prevents subagent completion callback messages from being written back to the parent session.

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/attempt.session-lock.test.ts
• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.test.ts
• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/sessions-yield.orchestration.test.ts
• node scripts/run-vitest.mjs src/agents/session-write-lock.test.ts

What I checked:

• Issue evidence: The issue body reports OpenClaw 2026.5.22 with sessions_yield followed by an assistant stopReason of aborted, then completion writes timing out on a .jsonl.lock owned by the still-running gateway PID.
• Documented sessions_yield contract: The docs say sessions_yield ends the current model turn and waits for sub-agent completion events to arrive as the next message, so callback delivery is expected behavior rather than a new feature request. Public docs: docs/tools/subagents.md. (docs/tools/subagents.md:250, 56eb23dda4dd)
• Yield abort path still writes under the session lock: Current main handles the sessions_yield abort by waiting for settle and then using sessionLockController.withSessionWriteLock to strip yield artifacts and persist the yield context message. (src/agents/pi-embedded-runner/run/attempt.ts:4225, 56eb23dda4dd)
• Lock release remains lifecycle-dependent: The attempt releases the prompt lock after post-prompt handling, then later reacquires a cleanup lock; this is the current path that needs regression coverage for the reported held-lock exit. (src/agents/pi-embedded-runner/run/attempt.ts:4276, 56eb23dda4dd)
• Controller can reacquire and hold the parent lock: reacquireAfterPrompt stores a newly acquired lock in heldLock, and acquireForCleanup later returns that lock for cleanup release, matching the area suspected in the report. (src/agents/pi-embedded-runner/run/attempt.session-lock.ts:780, 56eb23dda4dd)
• Cleanup releases only through the cleanup helper finally block: cleanupEmbeddedAttemptResources releases the sessionLock in its finally block, so a fix should prove the yield/cleanup path cannot leave the cleanup release unvisited or delayed past completion delivery. (src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.ts:115, 56eb23dda4dd)

Likely related people:

• steipete: Available local blame and file history map the sessions_yield abort handling, embedded attempt lock controller, cleanup helper, and session-write-lock implementation to the grafted 6a48258 checkout commit authored by Peter Steinberger. (role: recent area contributor; confidence: medium; commits: 6a482584ee62; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/run/attempt.session-lock.ts, src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.ts)
• Gio Della-Libera: Recent current-main history touches the embedded attempt runner in af76510, although that work is adjacent thinking replay behavior rather than the lock lifecycle itself. (role: recent adjacent contributor; confidence: low; commits: af765100ffa7; files: src/agents/pi-embedded-runner/run/attempt.ts)

Remaining risk / open question:

• I did not run a live gateway reproduction, so the exact exit path that leaves the live-process lock held still needs a focused regression test or real scenario proof.
• The issue overlaps broader yielded-parent and multi-agent orchestration reports, but the lock-held-by-live-gateway symptom may need a narrower fix than the route-resume/product work in those threads.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 56eb23dda4dd.

[XueJourney]

Thanks for the review. Adding the concrete repro/evidence details I have from the affected live gateway. I do not have a recording, but the lock/process/transcript state was captured immediately after the failure.

Runtime details

• OpenClaw package: 2026.5.22
• Node: v24.15.0
• OS: Linux 6.8.0-101-generic x64
• Channel/surface: webchat, direct session
• Model/provider in the parent run: custom OpenAI-compatible provider (openai-completions API)
• Gateway command observed:

/root/.nvm/versions/node/v24.15.0/bin/node /root/.nvm/versions/node/v24.15.0/lib/node_modules/openclaw/dist/index.js gateway --port 19000

Observed failure sequence

1. Parent session starts one or more subagents with sessions_spawn.
2. Parent calls sessions_yield to wait for spawned subagent completion events.
3. Parent transcript records the sessions_yield tool call and then an assistant message with stopReason: "aborted".
4. The parent session .jsonl.lock remains present and owned by the live gateway PID.
5. When the subagent completion event tries to write/resume the parent session, it fails with:

session file locked (timeout 60000ms): pid=<live-gateway-pid> /root/.openclaw/agents/main/sessions/<parent-session-id>.jsonl.lock

Lock evidence captured at the time

One affected lock payload:

{
  "pid": 3744932,
  "createdAt": "2026-05-24T05:04:42.710Z",
  "maxHoldMs": 1020000,
  "starttime": 204117612
}

Another affected lock payload from a later parent session:

{
  "pid": 3744932,
  "createdAt": "2026-05-24T05:13:28.549Z",
  "maxHoldMs": 1020000,
  "starttime": 204117612
}

The owner PID was alive and was the active gateway process:

UID          PID    PPID  C STIME TTY          TIME CMD
root     3744932    7547 59 13:02 ?        00:06:47 /root/.nvm/versions/node/v24.15.0/bin/node /root/.nvm/versions/node/v24.15.0/lib/node_modules/openclaw/dist/index.js gateway --port 19000

So this was not a stale dead-PID lock. Because the owner was a live OpenClaw gateway process, the contending writer did not reclaim it and instead timed out after session.writeLock.acquireTimeoutMs.

Files seen around the failure

The affected session directory showed, for example:

/root/.openclaw/agents/main/sessions/d4467f66-fcf7-4f19-b81e-ea999d1cbc64.jsonl.lock
/root/.openclaw/agents/main/sessions/d4467f66-fcf7-4f19-b81e-ea999d1cbc64.jsonl
/root/.openclaw/agents/main/sessions/d4467f66-fcf7-4f19-b81e-ea999d1cbc64.trajectory.jsonl

The parent transcript tail around the failure included a sessions_yield tool call followed by an assistant entry with stopReason: "aborted".

Expected vs actual

Expected: after sessions_yield, the parent run should release the transcript lock before waiting for subagent completion, so completion delivery can append/resume the yielded parent session.

Actual: the parent transcript lock can stay held by the gateway process until maxHoldMs / watchdog release. In the observed case maxHoldMs was 1020000ms, while completion delivery only waited the default 60000ms, so the callback failed first.

Repro shape I would suggest for a regression test

A focused test could simulate:

1. Create a parent session with a real transcript file lock controller.
2. Trigger the sessions_yield abort path.
3. Ensure the parent attempt reaches the yielded/waiting state.
4. Before cleanup/watchdog release, try an in-process completion/resume append against the same parent session file.
5. Assert the append does not hit SessionWriteLockTimeoutError, and assert no live-process .jsonl.lock remains held after the yielded parent attempt exits/pauses.

The key assertion is not just that cleanup eventually releases the lock, but that the lock is released before yielded subagent completion delivery can contend with it.

Workaround confirmation

Avoiding sessions_yield and reading subagent results manually via sessions_history or file output avoids this specific callback write path.

[Tensor-0]

Same issue on Feishu group chats (Feishu plugin, WebSocket mode). Agent generates reply successfully (visible in session trajectory JSONL) but dispatch returns queuedFinal=false, replies=0. Direct messages work fine. Sub-agents (agent-coach) and main agent both affected when routing to group chats. Clearing sessions directory and restarting container doesn't help — lock reoccurs on next group message. Version: 2026.5.22, running in Docker.

[XueJourney]

My original report is specifically about this failure mode:

• parent run uses sessions_spawn + sessions_yield
• parent transcript lock remains owned by the live gateway PID
• subagent completion/resume write then fails with SessionWriteLockTimeoutError / session file locked (timeout 60000ms)

Your Feishu group-chat symptom sounds adjacent, but it may not be the same root cause yet:

queuedFinal=false, replies=0

That could be a dispatch/routing/filtering issue, a group-chat send-policy issue, or it could be downstream of the same session lock problem if the final assistant message cannot be persisted/resumed correctly.

Details that would help maintainers connect it to this issue:

1. Do gateway logs or trajectory/tool results show the exact session file locked (timeout 60000ms) error?
2. Is there a live-owned lock file at the same time, e.g.:

find /root/.openclaw/agents/main/sessions -maxdepth 1 -name '*.jsonl.lock' -printf '%TY-%Tm-%Td %TH:%TM:%TS %s %p\n' | sort | tail
cat /root/.openclaw/agents/main/sessions/<session-id>.jsonl.lock
ps -fp <pid-from-lock>

3. Does the affected group-chat path involve sessions_yield / subagent completion delivery, or does it also reproduce with a plain single-agent reply and no subagent?
4. If it reproduces without subagents/yield, it may be better as a separate Feishu/group dispatch issue linked here, because the queuedFinal=false, replies=0 symptom could be a channel delivery decision rather than transcript lock contention.

The strongest overlap would be if you can capture both:

session file locked (timeout 60000ms): pid=<live-gateway-pid> .../<session-id>.jsonl.lock

and the matching live gateway PID in the lock payload. That would confirm this is the same live-PID session-lock failure rather than a Feishu-specific reply dispatch problem.

[XueJourney]

Adding a related PR that appears to address a closely matching part of this failure mode: #85716.

The most relevant change in #85716 is in waitForSessionsYieldAbortSettle(...):

 if (result === "timed-out") {
   log.warn(...);
+  // Continue waiting for the settle to complete so the session file lock is
+  // released before the next turn starts. Without this, the lock remains
+  // held and the next turn fails with "file lock stale", causing model
+  // fallback and visible error messages in the delivery channel.
+  await params.settlePromise.catch(() => {});
 }

That sounds very close to the observed behavior here: after sessions_yield, the parent run can leave the transcript lock held by the live gateway process, and the next completion/resume write times out on the same session lock.

I have not validated #85716 locally against this exact issue yet, so I would not call it confirmed fixed from my side. But it looks like the strongest existing repair candidate for the lock-release part of this report. If maintainers agree, this issue may be useful as an additional validation case for #85716, especially checking that subagent completion delivery no longer hits:

session file locked (timeout 60000ms): pid=<live-gateway-pid> .../<parent-session-id>.jsonl.lock

after a parent session yields via sessions_yield.

[anyech]

Adding a fresh corroborating observation from a Discord-originated subagent workflow on 2026.5.22. This is not a full current-main repro for the exact held-lock path, but it shows the same user-visible failure mode and a practical workaround boundary.

Observed shape:

1. A parent run spawned a subagent and used sessions_yield/wait semantics to report back when the child finished.
2. The wait was interrupted before the child result was visibly bridged back to the origin thread.
3. A follow-up watchdog was added, but because it ran as an isolated agent turn, it could not recover the parent-spawned child session state/history.
4. The child had completed; the result was only recovered later by manually inspecting from the parent/main surface.

This matches the user-visible consequence described here: successful child work can be completed but not delivered to the waiting parent/origin surface, so the user has to ask for status manually.

Local mitigation now in use:

• Do not treat sessions_yield alone as a durable completion monitor for user-visible Discord work.
• Require artifact-backed child handoff (status.json + result.md or equivalent) for long-running workers.
• Parent/main remains the reporter; watchdogs either read the explicit artifacts or only remind the parent/user to check.
• Isolated watchdogs should not promise they can read parent-spawned child session history unless that permission/scope has been verified.

Possible product/runtime implication:

A durable completion reporter primitive would avoid making the model/operator stitch this together with ad-hoc sessions_yield + cron. At minimum, the runtime should make it clear when a promised completion report is no longer owned by a live parent turn, and should provide a safe persisted completion/report target or artifact/inbox path.

I’m not claiming this new observation proves the lock lifecycle root cause by itself; it is additional evidence that the current yield/completion handoff is not durable enough for user-visible subagent completion reporting.