sessionKey silently overrides sessionTarget=isolated, causing cron jobs to collide with WebUI dashboard sessions

[ctbritt]

Summary

When a cron job has both sessionTarget: "isolated" and an explicit sessionKey value, OpenClaw uses the sessionKey and ignores sessionTarget. There's no warning at creation, no indication in openclaw cron list, and no documentation I could find calling this out.

The practical result: cron jobs whose sessionKey happens to be a WebUI dashboard session key will run INTO that dashboard session every time they fire. Symptoms include WebUI session-state confusion mid-conversation, AbortError: CLI run aborted when the user tries to interact after a cron firing, and cron output interleaving with dashboard messages in the same transcript.

In my environment, I discovered 10 of 25 cron jobs had this collision, accumulated quietly over months. Every interval-based keepalive job was hijacking dashboard sessions on each firing.

Version

OpenClaw 2026.5.22 (a374c3a) — macOS, Homebrew install.

Reproduction

1. Open the WebUI dashboard and start a chat session
2. From within that session (or via openclaw cron add while the dashboard is the active session), create a cron job
3. openclaw cron get <id> will show:

{
  "sessionTarget": "isolated",
  "sessionKey": "agent:main:dashboard:<active-session-uuid>",
  ...
}

Both fields are populated. sessionTarget: "isolated" is silently ignored; the cron fires into the dashboard session on each run.

Expected behavior

One of:

1. sessionTarget: "isolated" should always create a fresh session and ignore any inherited sessionKey
2. If both are set, surface a warning at job creation
3. Reject job creation that combines sessionTarget: "isolated" with a non-isolated sessionKey as a configuration error

Currently neither happens. The override is silent and counterintuitive given the docs around sessionTarget.

Workaround

openclaw cron edit <full-uuid> --clear-session-key on every affected job. sessionTarget: "isolated" then took effect properly.

Related issues found while debugging

These compounded the difficulty of finding and fixing the primary bug:

A. openclaw cron rm <partial-uuid> silently fails to persist

$ openclaw cron rm abc12345
{ "ok": true, "removed": false }   # exit 0
$ openclaw cron get abc12345
GatewayClientRequestError: cron job not found: abc12345

Looks like a successful delete. But jobs.json still has the job. On gateway restart, the job comes back.

Only full UUIDs trigger an actual persisted delete (returns "removed": true). Partial-ID rm modifies in-memory state but doesn't write to disk.

This actively misled debugging — jobs thought to be deleted came back after a routine restart.

B. openclaw cron list doesn't show sessionKey

There's no sessionKey column in cron list output and no --show-session-key flag. To audit for collisions you have to either cron get each job individually or script against jobs.json directly. Both are nuisances that masked this issue.

Suggestion: add a column or a --columns sessionKey opt-in.

C. No openclaw cron edit --clear-model flag

To remove a redundant payload.model override (common doctor warning), you have to edit jobs.json by hand. --clear-session-key, --clear-tools, and --clear-agent all exist; --clear-model would complete the set.

D. Doctor warning for "cron model overrides" is too noisy

It warns about all jobs with payload.model set, but many overrides are deliberate (cheap models for keepalive, premium for analysis). The warning should probably distinguish:

• "different from default" — likely intentional, no action needed
• "same as default" — redundant, safe to clear

Currently it just counts both, which makes the warning hard to act on.

Suggested fix priority

1. (HIGH) Document the intended behavior of sessionTarget vs sessionKey, and surface a warning when both are set (or make sessionTarget: "isolated" always win)
2. (HIGH) Fix cron rm <partial-uuid> silent persistence failure
3. (MEDIUM) Add sessionKey visibility to cron list
4. (LOW) Add --clear-model to cron edit
5. (LOW) Refine doctor's model-override warning

How I noticed

Tracing AbortError: CLI run aborted errors that appeared mid-conversation in the WebUI. Eventually traced through gateway logs, agent session files, and jobs.json to find that a 3-hour cron job shared its sessionKey with the active dashboard session. The cron ran, executed for 2 minutes, ended with NO_REPLY — and the next message sent in the WebUI hit the session in a mid-cron state and aborted.

Once the pattern was clear, grepping jobs.json for dashboard in sessionKey revealed 9 more jobs with the same trap.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 24, 2026, 5:14 PM ET / 21:14 UTC.

Summary
This should stay open: current main still lets agent-created isolated cron jobs carry an inherited active sessionKey, which conflicts with the documented isolated-session contract and can still affect task/session association and delivery routing. The linked lower-priority CLI/doctor requests are useful follow-ups, but the primary cron isolation bug has a clear source-level fix path.

Reproducibility: yes. at source level: normalizeCronJobCreate produces an isolated job, then cron-tool injects the active session key, and later task/delivery code reads that stored key. I did not establish a live WebUI failure path in this read-only pass.

Next step
The primary cron isolation and remove-result bugs are source-proven, narrow, and have clear files and regression-test targets; the optional ergonomics should be split unless maintainers explicitly include them.

Review details

Best possible solution:

Fix the high-priority cron bugs by preventing ambient sessionKey injection for explicitly isolated jobs and making failed cron removes return a clear error, then split the optional list/edit/doctor ergonomics into separate follow-ups if maintainers want them.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: normalizeCronJobCreate produces an isolated job, then cron-tool injects the active session key, and later task/delivery code reads that stored key. I did not establish a live WebUI failure path in this read-only pass.

Is this the best way to solve the issue?

Yes for the primary bug: the narrow maintainable fix is to avoid auto-injecting sessionKey when the normalized target is isolated, with regression coverage. The smaller list, clear-model, and doctor suggestions should not block that bug fix.

Remaining risk / open question:

• I did not run a live WebUI/Gateway reproduction in this read-only review; source inspection shows the isolated run session itself is cron:<jobId>, while task association and delivery still inherit job.sessionKey.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 367d584ee3bc.

Label changes

Label changes:

• add P1: The report describes active user-facing cron jobs colliding with dashboard session state and causing aborted or interleaved conversations.
• add impact:message-loss: The inherited session key can misroute or interleave cron output with dashboard chat delivery.
• add impact:session-state: The bug is about isolated cron jobs inheriting a dashboard session key and confusing session/task ownership.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes active user-facing cron jobs colliding with dashboard session state and causing aborted or interleaved conversations.
• impact:session-state: The bug is about isolated cron jobs inheriting a dashboard session key and confusing session/task ownership.
• impact:message-loss: The inherited session key can misroute or interleave cron output with dashboard chat delivery.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/tools/cron-tool.test.ts src/gateway/server-methods/cron.validation.test.ts src/cron/service/ops.test.ts
• node scripts/run-vitest.mjs src/gateway/server-cron.test.ts src/cron/service/timer.test.ts

What I checked:

• Current source: cron tool injects active session key after normalization: cron-tool normalizes the requested job, then unconditionally writes the resolved active session key when the job lacks an explicit sessionKey; there is no guard for sessionTarget: "isolated". (src/agents/tools/cron-tool.ts:655, 367d584ee3bc)
• Current source: isolated is the documented/default target for agent-turn jobs: normalizeCronJobCreate defaults agent-turn cron jobs to sessionTarget: "isolated" before the tool adds the ambient session key. (src/cron/normalize.ts:574, 367d584ee3bc)
• Current source: inherited sessionKey still influences runtime surfaces: Isolated cron execution itself uses cron:<jobId> for the run, but resolveCronTaskChildSessionKey prefers an explicit job.sessionKey, and delivery target resolution also receives params.job.sessionKey; that keeps the reported dashboard-session collision class source-reproducible for task/session association and delivery. (src/cron/service/timer.ts:481, 367d584ee3bc)
• Docs contract: isolated jobs should not inherit ambient conversation context: The cron docs say isolated jobs run in a dedicated cron:<jobId> fresh session and do not inherit ambient conversation context, channel/group routing, send or queue policy, elevation, origin, or ACP runtime binding. Public docs: docs/automation/cron-jobs.md. (docs/automation/cron-jobs.md:90, 367d584ee3bc)
• Shipped behavior: latest release contains the same injection path: The tagged v2026.5.22 release at a374c3a5 has the same cron-tool session-key injection block, so this is not fixed in the latest release named in the report. (src/agents/tools/cron-tool.ts:673, a374c3a5bfd5)
• Related cron remove bug is also source-visible: cron.remove returns a successful RPC response even when context.cron.remove() reports removed: false, while remove() returns { ok: true, removed } after filtering by exact id; this matches the silent failed remove report. (src/gateway/server-methods/cron.ts:479, 367d584ee3bc)

Likely related people:

• Peter Steinberger: git shortlog shows the largest local history count on the cron, cron CLI, gateway cron, and cron-tool paths, and recent cron fixture/refactor commits are present in the history search. (role: heavy cron area contributor; confidence: high; commits: efda761724fb, e1fe71872c33, c96a0b111214; files: src/cron, src/cli/cron-cli, src/gateway/server-cron.ts)
• Ayaan Zaidi: git blame on the active injection, task session, and remove paths points to 24ddd18ae1, and cron history search shows adjacent cron delivery fixes by the same author. (role: recent adjacent cron contributor and current-line provenance; confidence: medium; commits: 24ddd18ae1dc, 13a0d7a9e035, 49ae60d6cae1; files: src/agents/tools/cron-tool.ts, src/cron/service/timer.ts, src/cron/service/ops.ts)
• Vincent Koc: Cron history search shows a cluster of recent lazy-loading and runtime-seam commits across isolated cron execution and delivery paths, and git shortlog places this author second on the relevant surfaces. (role: recent cron runtime refactor contributor; confidence: medium; commits: 28787985c4eb, 5b11985439e4, a5980df10128; files: src/cron, src/gateway/server-cron.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ctbritt]

Code-level analysis with suggested patches

I cloned the repo (main @ acfed375) to trace these. The relevant code is more localized than I expected — both primary bugs can be fixed with very small, surgical changes.

Bug 1: sessionKey auto-inject silently overrides sessionTarget

Location: src/agents/tools/cron-tool.ts:673-675

if (!("sessionKey" in job) && resolvedSessionKey) {
  (job as { sessionKey?: string }).sessionKey = resolvedSessionKey;
}

When a cron job is created via the cron-tool (i.e., an agent creating a job from within a dashboard session), this unconditionally injects the current session key if none was specified. Even when the user / agent set sessionTarget: "isolated" expecting a fresh session.

Suggested fix:

-            if (!("sessionKey" in job) && resolvedSessionKey) {
-              (job as { sessionKey?: string }).sessionKey = resolvedSessionKey;
-            }
+            if (!("sessionKey" in job) && resolvedSessionKey) {
+              // Don't auto-inject the current session key when the caller
+              // explicitly asked for an isolated session — that defeats the
+              // intent of sessionTarget: "isolated" and causes cron jobs to
+              // collide with active dashboard sessions on each firing.
+              const sessionTarget = (job as { sessionTarget?: unknown }).sessionTarget;
+              if (sessionTarget !== "isolated") {
+                (job as { sessionKey?: string }).sessionKey = resolvedSessionKey;
+              }
+            }

This preserves backward compatibility for the common case (job inherits caller's session when nothing is specified) while respecting explicit sessionTarget: "isolated".

Bug A: cron rm silent failure for unknown IDs

Location 1: src/cron/service/ops.ts:462-480

The remove function happily returns { ok: true, removed: false } when no job matches, after persisting the unchanged store.

Location 2: src/gateway/server-methods/cron.ts:479-484

const result = await context.cron.remove(jobId);
if (result.removed) {
  context.logGateway.info("cron: job removed", { jobId });
}
respond(true, result, undefined);

The handler responds ok: true regardless of whether anything was actually removed. The removed: false is in the body but easy for callers to miss — and the CLI's printCronJson(res) just dumps the JSON without surfacing it.

Suggested fix in the handler:

     const result = await context.cron.remove(jobId);
-    if (result.removed) {
-      context.logGateway.info("cron: job removed", { jobId });
+    if (!result.removed) {
+      respond(
+        false,
+        undefined,
+        errorShape(ErrorCodes.NOT_FOUND, `cron job not found: ${jobId}`),
+      );
+      return;
     }
+    context.logGateway.info("cron: job removed", { jobId });
     respond(true, result, undefined);

(Replace ErrorCodes.NOT_FOUND with whatever the canonical "not found" code is in error-codes.ts if different.)

This makes the API contract honest: ok: true means it's gone; anything else is an explicit error the CLI can surface. The CLI then doesn't need separate changes — it already has handleCronCliError which converts errors to a clean non-zero exit.

Optional follow-up: the underlying remove in ops.ts only does exact-match (j.id === id). Other commands like findJobOrThrow in src/cron/service/jobs.ts:338 also use exact match. So no command supports partial UUIDs anywhere — the confusion was that cron get abc12345 returns "not found" (correctly) AND cron rm abc12345 returns "ok: true" (incorrectly), creating the illusion that the second one worked.

Two options for partial-UUID support, separate from the silent-failure bug:

1. Reject ambiguous matches: add prefix matching, but error if more than one job matches the prefix.
2. Don't support partial UUIDs at all: keep exact-match everywhere, but the silent-failure fix above is still required.

Option 1 would be a real UX win (cron job IDs are long UUIDs and prefix-matching is the obvious affordance), but it's scope creep for this bug.

Bug B: cron list doesn't expose sessionKey

Adding a sessionKey column to openclaw cron list (or --columns sessionKey opt-in, or --with-session-key) would have made this entire bug class self-detectable. Discovery required grepping jobs.json directly. I don't have a specific code suggestion here — depends on the table-rendering library used — but the output formatter in src/cli/cron-cli/register.cron-add.ts (the listing handler) is the right place.

Bug C: --clear-model flag

src/cli/cron-cli/register.cron-edit.ts defines --clear-session-key, --clear-tools, --clear-agent. Adding --clear-model that sets payload.model to undefined (and deletes the key) would complete the symmetric pattern. Should be a ~5-line change matching the pattern of the other clear flags.

Bug D: doctor's model-override noise

src/commands/doctor-cron.ts (or wherever the cron audit lives) — distinguish between "overrides match defaults" (safe to clear, surface as "redundant overrides: N") and "overrides differ from defaults" (informational, "N jobs intentionally use non-default models"). Current output lumps both together, which makes the message hard to act on.

Test coverage notes

Existing tests for sessionKey injection in src/agents/tools/cron-tool.test.ts (lines 807, 827, 845) set sessionKey explicitly, so adding the sessionTarget !== "isolated" guard shouldn't break them. A new test case for "isolated target + no sessionKey + active session" would lock in the fix.

For cron remove (src/gateway/server-cron.test.ts:261) the only existing test uses a real job.id (full UUID match). Adding a test for "rm with non-matching id returns error" would close out the regression.

---

Happy to put up a PR for any/all of these — sessionTarget guard + cron.remove handler change are the most defensible to land. Let me know if you'd prefer issues split per-bug or kept as one umbrella.

[ctbritt]

Per the contributor workflow described in #84599 — this issue should be eligible for the clawsweeper:fix-shape-clear and clawsweeper:source-repro queues:

• Source repro: the prior comment includes file:line refs into main@acfed375 (src/agents/tools/cron-tool.ts:673-675 for the sessionKey auto-inject; src/gateway/server-methods/cron.ts:479-484 and src/cron/service/ops.ts:462-480 for the silent-remove failure)
• Fix shape: both primary bugs have diff-formatted patches in the previous comment, scoped to ≤10 lines each; both would also benefit from a small additional test (existing test files identified)
• Size: XS for the sessionKey guard, S for the remove handler + tests

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26372760242
• Updated: 2026-05-24T21:06:52.290Z