[Bug]: OpenClaw can persist `tool.call` without a matching `tool.result` when a Codex turn is denied, interrupted, or terminated

[jsompis]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

In OpenClaw 2026.5.24-beta.2, a native Codex tool invocation can be recorded as tool.call without a matching tool.result in the persisted transcript/trajectory. This has been observed when the Codex turn is denied, interrupted by a gateway restart, or finishes with a terminal assistant message before the tool result is emitted.

This appears to be a runtime invariant bug, not a configuration issue. The safety behavior should be: if a tool call was started but no real result is available, OpenClaw should synthesize a failed tool.result, mark the turn/job as failed, and preserve terminal proof for cron/reporting consumers.

Steps to reproduce

1. Run an OpenClaw cron job or isolated agent turn that uses the Codex native runtime and invokes a local command/tool.
2. Cause the turn to be denied or interrupted before the native tool result is emitted. Observed cases include:
   • a denied shell/tool command that results in final assistant text containing SYSTEM_RUN_DENIED
   • a gateway restart while the cron session has already emitted tool.call
3. Inspect the persisted cron/session trajectory.
4. Observe that tool.call exists, but no matching tool.result exists for the same tool call id.
5. Observe that downstream cron/read-model/reporting logic has incomplete terminal proof and cannot reliably distinguish “runtime failed before producing proof” from “tool completed but report was lost”.

Expected behavior

Every persisted tool.call should have exactly one matching terminal tool.result before the turn result is finalized.

If the real tool result cannot be emitted because the turn was denied, interrupted, or terminated, OpenClaw should fail closed by recording a synthetic failed tool.result, for example:

status: failed
reason: missing_tool_result
error: OpenClaw recorded a tool.call without a matching tool.result before the Codex turn completed

The turn/job should then be classified as failed or unproven, and cron/reporting/dashboard consumers should have durable terminal proof instead of an incomplete trajectory.

Actual behavior

OpenClaw can persist a tool.call without a matching tool.result.

Observed outcomes:

• cron detects SYSTEM_RUN_DENIED in final assistant text and marks the job as failed
• another cron run is marked failed because it was interrupted by gateway restart
• the persisted session trajectory contains tool.call but no matching tool.result
• there is no model.completed / session.ended proof in at least one interrupted case
• downstream reporting may have no user-visible failure report because no terminal runtime proof exists
• dashboard/read-model layers can only classify the symptom after the fact; they cannot reconstruct the missing tool result invariant

OpenClaw version

2026.5.24-beta.2

Operating system

macOS 26.5

Install method

npm grobal

Model

openai/gpt-5.5

Provider / routing chain

openclaw -> codex -> openai/gpt-5.5

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

Severity: High for cron/workflow reliability.

Impact:

• Cron jobs can fail without durable terminal tool proof.
• User-visible failure reports can be lost because reporting has no completed runtime result to report from.
• Read models and dashboards must infer from incomplete state instead of relying on a strict transcript invariant.
• Automation can become ambiguous after gateway restarts or denied tool invocations.
• Operators may be tempted to bypass cron with direct launchers, but the correct fix is to restore the invariant in the shared Codex/OpenClaw runtime layer.

This is especially risky for approval/publish/report workflows, where OpenClaw must distinguish successful publish, failed publish, interrupted runtime, and missing proof without guessing.

Additional information

Environment

• OpenClaw version: 2026.5.24-beta.2
• Runtime: OpenAI Codex native runtime via OpenClaw app-server
• Affected area: cron / isolated agent turns / Codex native tool projection / persisted transcript and trajectory
• Observed with scheduled approval/content automation jobs that invoke local runtime wrappers through the normal cron-owned path

Logs, screenshots, and evidence

Cron warning example:

warn cron {"module":"cron"} {"jobName":"agent-ops-approval-daily","error":"cron classifier: denial token \"SYSTEM_RUN_DENIED\" detected in final text","diagnosticsSummary":"cron classifier: denial token \"SYSTEM_RUN_DENIED\" detected in final text"}
cron: job run returned error status

Another observed cron run state:

jobName: agent-ops-approval-daily
status: error
error: cron: job interrupted by gateway restart
deliveryStatus: unknown

Trajectory evidence from the interrupted run:

session.started
tool.call emitted for the expected command
no matching tool.result
no model.completed
no session.ended

Observed denial final text shape:

SYSTEM_RUN_DENIED ... did not run the owned wrapper

Local diagnostic patch direction:

Fail closed on missing Codex tool results

The patch approach was to update the Codex app-server event projector so terminal result construction checks for any recorded tool call without a matching tool result. Missing results are synthesized as failed tool.result records, and the turn is marked fail-closed with SYSTEM_RUN_DENIED / missing_tool_result proof.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 26, 2026, 4:04 AM ET / 08:04 UTC.

Summary
Keep open: current main still has a source-visible gap where Codex app-server native tool starts can be persisted as tool.call without a final reconciliation pass that records a failed tool.result. The related open rollout-repair PR is useful context, but it targets provider-owned native transcript repair before resume rather than this OpenClaw trajectory invariant.

Reproducibility: yes. at source level: start-path code can record tool.call, while result-path code is the only place that records tool.result, and finalization does not reconcile missing results. I did not run the live denied/restart scenario in this read-only review.

Next step
This is a narrow source-reproducible Codex app-server invariant repair with clear files and tests, but live restart/denial proof would still improve confidence.

Review details

Best possible solution:

Add a Codex app-server projector/finalization invariant that appends one synthetic failed tool.result for each started native tool call lacking a result before terminal trajectory events are flushed, with focused regression coverage for denied/interrupted turns.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: start-path code can record tool.call, while result-path code is the only place that records tool.result, and finalization does not reconcile missing results. I did not run the live denied/restart scenario in this read-only review.

Is this the best way to solve the issue?

Yes, the fail-closed projector/finalization repair is the narrow maintainable direction because it preserves the transcript invariant without tool re-execution or downstream guessing.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• No live denied/restart reproduction was run in this read-only review; the remaining gap is established from issue evidence plus current-main source inspection.
• The related open Codex rollout repair may reduce one gateway-restart trigger, but it does not appear to cover denied or prematurely finalized OpenClaw trajectory events.

Codex review notes: model gpt-5.5, reasoning high; reviewed against b93cee45d036.

Label changes

Label changes:

• add P2: The report describes a normal-priority runtime reliability bug with limited but real blast radius around Codex cron/session trajectories.
• add impact:message-loss: The report says cron/reporting consumers can lose or suppress user-visible failure reports when terminal tool proof is missing.
• add impact:session-state: The affected state is the persisted transcript/trajectory invariant for Codex native tool calls.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.

Label justifications:

• P2: The report describes a normal-priority runtime reliability bug with limited but real blast radius around Codex cron/session trajectories.
• impact:session-state: The affected state is the persisted transcript/trajectory invariant for Codex native tool calls.
• impact:message-loss: The report says cron/reporting consumers can lose or suppress user-visible failure reports when terminal tool proof is missing.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs run --config test/vitest/vitest.extensions.config.ts extensions/codex/src/app-server/event-projector.test.ts extensions/codex/src/app-server/run-attempt.test.ts
• pnpm exec oxfmt --check extensions/codex/src/app-server/event-projector.ts extensions/codex/src/app-server/event-projector.test.ts extensions/codex/src/app-server/run-attempt.ts extensions/codex/src/app-server/run-attempt.test.ts
• pnpm exec oxlint extensions/codex/src/app-server/event-projector.ts extensions/codex/src/app-server/event-projector.test.ts extensions/codex/src/app-server/run-attempt.ts extensions/codex/src/app-server/run-attempt.test.ts --tsconfig config/tsconfig/oxlint.extensions.json

What I checked:

• Root and scoped policy applied: Root AGENTS.md plus scoped extensions/agents/gateway guidance apply because this is core Codex runtime/session-state behavior, and VISION.md prioritizes stability and safe defaults. (AGENTS.md:14, b93cee45d036)
• Current source emits tool.call on native item start: recordToolTrajectoryEvent writes tool.call immediately for the start phase of Codex native tool items. (extensions/codex/src/app-server/event-projector.ts:997, b93cee45d036)
• Current source emits tool.result only on result phase: The same function records tool.result only in the result branch, so a started item that never reaches result completion can remain unpaired. (extensions/codex/src/app-server/event-projector.ts:1017, b93cee45d036)
• Terminal result construction lacks a pairing repair: buildResult appends collected tool transcript messages and computes terminal failure fields, but it does not reconcile toolTranscriptCallIds against toolTranscriptResultIds before returning. (extensions/codex/src/app-server/event-projector.ts:264, b93cee45d036)
• Run finalization records terminal events after buildResult: run-attempt.ts calls buildResult, records model.completed, then records session.ended; the inspected path does not insert missing tool results between those steps. (extensions/codex/src/app-server/run-attempt.ts:3119, b93cee45d036)
• Existing tests cover completed-pair happy paths: Current projector tests assert tool.call/tool.result pairing for completed native snapshots and duplicate suppression, but no regression covers a started native item finalized without result. (extensions/codex/src/app-server/event-projector.test.ts:1318, b93cee45d036)

Likely related people:

• Peter Steinberger: git blame attributes the current tool.call/tool.result projection and finalization lines to commit 609d70d, and recent path history shows repeated Codex app-server lifecycle/projection work. (role: current blamed author and recent area contributor; confidence: high; commits: 609d70d35e4f, a374c3a5bfd5, 659bcc5e5b59; files: extensions/codex/src/app-server/event-projector.ts, extensions/codex/src/app-server/run-attempt.ts)
• Vincent Koc: Recent history on run-attempt.ts includes Codex app-server auth/startup routing work in the same run-finalization surface. (role: adjacent Codex app-server runtime contributor; confidence: medium; commits: f1cc8f0cfc7c, 859eb0666282; files: extensions/codex/src/app-server/run-attempt.ts)
• pfrederiksen: Authored the related open PR that repairs orphaned Codex native custom tool outputs before resume, which is adjacent to the restart trigger but narrower than this issue. (role: adjacent open repair author; confidence: medium; commits: 97f258ad0bf1, 701b8241cf19, 66d0c449e409; files: extensions/codex/src/app-server/run-attempt.ts, extensions/codex/src/app-server/transcript-repair.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[jsompis]

This is the patch that my OpenClaw suggested:

Subject: [PATCH] Fail closed on missing Codex tool results

E2E-Contract-Section: Daily approval lanes / Topic Scout daily handoff and Cron execution proof

E2E-Broken-Class: Codex app-server runtime could persist a native tool.call without a matching tool.result, allowing cron agent turns to finish as successful assistant text without owned tool proof.

E2E-SoT-Authority: Codex app-server event projector trajectory and transcript persistence for the actual cron-owned agent turn.

E2E-Hardened-Entrypoints: CodexAppServerEventProjector buildResult now synthesizes failed tool.result records for any unmatched recorded tool.call before terminal classification.

E2E-Fail-Closed-Paths: Missing native tool results are marked SYSTEM_RUN_DENIED prompt errors and synthetic failed trajectory tool.result events instead of success.

E2E-Proof: node scripts/run-vitest.mjs run --config test/vitest/vitest.extensions.config.ts extensions/codex/src/app-server/event-projector.test.ts; pnpm tsgo:extensions

E2E-Limitations: Live npm dist was patched separately; running gateway needs restart before already-loaded code sees the source fix.
---
 .../src/app-server/event-projector.test.ts    | 75 +++++++++++++++++++
 .../codex/src/app-server/event-projector.ts   | 50 +++++++++++++
 2 files changed, 125 insertions(+)

diff --git a/extensions/codex/src/app-server/event-projector.test.ts b/extensions/codex/src/app-server/event-projector.test.ts
index 1b3ccd59..2416d86e 100644
--- a/extensions/codex/src/app-server/event-projector.test.ts
+++ b/extensions/codex/src/app-server/event-projector.test.ts
@@ -1496,6 +1496,81 @@ describe("CodexAppServerEventProjector", () => {
     ).toHaveLength(1);
   });

+  it("fails closed and synthesizes a result when a native tool call never completes", async () => {
+    const trajectoryRecorder = {
+      filePath: "trajectory.jsonl",
+      recordEvent: vi.fn(),
+      flush: vi.fn(async () => undefined),
+    };
+    const projector = await createProjector(await createParams(), { trajectoryRecorder });
+
+    await projector.handleNotification(
+      forCurrentTurn("item/started", {
+        item: {
+          type: "commandExecution",
+          id: "cmd-denied",
+          command: "/bin/zsh -lc 'python3 tools/topic_scout_daily.py --deliver-report'",
+          cwd: "/Users/sompisjunsui/.openclaw/workspace",
+          processId: null,
+          source: "agent",
+          status: "inProgress",
+          commandActions: [],
+          aggregatedOutput: null,
+          exitCode: null,
+          durationMs: null,
+        },
+      }),
+    );
+    await projector.handleNotification(
+      turnCompleted([
+        {
+          type: "agentMessage",
+          id: "msg-denied",
+          text: "SYSTEM_RUN_DENIED topic-scout-daily did not run the owned wrapper",
+        },
+      ]),
+    );
+
+    const result = projector.buildResult(buildEmptyToolTelemetry());
+
+    expect(String(result.promptError)).toContain("SYSTEM_RUN_DENIED");
+    expect(result.messagesSnapshot.map((message) => message.role)).toEqual([
+      "user",
+      "assistant",
+      "toolResult",
+      "assistant",
+    ]);
+    const toolResultMessage = requireRecord(result.messagesSnapshot[2], "tool result message");
+    expect(toolResultMessage.role).toBe("toolResult");
+    expect(toolResultMessage.toolCallId).toBe("cmd-denied");
+    expect(toolResultMessage.toolName).toBe("bash");
+    expect(toolResultMessage.isError).toBe(true);
+    const toolResultContent = requireArray(toolResultMessage.content, "tool result content");
+    expect(JSON.stringify(toolResultContent)).toContain("without a matching tool.result");
+    expect(trajectoryRecorder.recordEvent).toHaveBeenCalledWith("tool.call", {
+      threadId: THREAD_ID,
+      turnId: TURN_ID,
+      itemId: "cmd-denied",
+      toolCallId: "cmd-denied",
+      name: "bash",
+      arguments: {
+        command: "/bin/zsh -lc 'python3 tools/topic_scout_daily.py --deliver-report'",
+        cwd: "/Users/sompisjunsui/.openclaw/workspace",
+      },
+    });
+    expect(trajectoryRecorder.recordEvent).toHaveBeenCalledWith("tool.result", {
+      threadId: THREAD_ID,
+      turnId: TURN_ID,
+      itemId: "cmd-denied",
+      toolCallId: "cmd-denied",
+      name: "bash",
+      status: "failed",
+      isError: true,
+      result: { status: "failed", reason: "missing_tool_result" },
+      output: expect.stringContaining("SYSTEM_RUN_DENIED"),
+    });
+  });
+
   it("does not synthesize completed progress for running turn completion snapshots", async () => {
     const onAgentEvent = vi.fn();
     const projector = await createProjector({ ...(await createParams()), onAgentEvent });
diff --git a/extensions/codex/src/app-server/event-projector.ts b/extensions/codex/src/app-server/event-projector.ts
index fbfc6bb1..f26e7951 100644
--- a/extensions/codex/src/app-server/event-projector.ts
+++ b/extensions/codex/src/app-server/event-projector.ts
@@ -94,6 +94,8 @@ const CODEX_PROMPT_TOTAL_INPUT_KEYS = [

 const MAX_TOOL_OUTPUT_DELTA_MESSAGES_PER_ITEM = 20;
 const TOOL_TRANSCRIPT_OUTPUT_MAX_CHARS = 12_000;
+const MISSING_TOOL_RESULT_ERROR =
+  "SYSTEM_RUN_DENIED: OpenClaw recorded a tool.call without a matching tool.result before the Codex turn completed; treating the turn as failed.";
 const TRANSCRIPT_PROGRESS_SUPPRESSED_TOOL_NAMES = new Set([
   "message",
   "messages",
@@ -142,6 +144,9 @@ export class CodexAppServerEventProjector {
   private readonly toolResultOutputStreamedItemIds = new Set<string>();
   private readonly transcriptToolProgressSuppressedIds = new Set<string>();
   private readonly toolTranscriptArgumentsById = new Map<string, unknown>();
+  private readonly toolTranscriptNamesById = new Map<string, string>();
+  private readonly toolTrajectoryCallIds = new Set<string>();
+  private readonly toolTrajectoryResultIds = new Set<string>();
   private readonly toolResultOutputDeltaState = new Map<
     string,
     { chars: number; messages: number; truncated: boolean }
@@ -162,6 +167,7 @@ export class CodexAppServerEventProjector {
   private completedTurn: CodexTurn | undefined;
   private promptError: unknown;
   private promptErrorSource: EmbeddedRunAttemptResult["promptErrorSource"] = null;
+  private synthesizedMissingToolResultError: string | null = null;
   private aborted = false;
   private tokenUsage: ReturnType<typeof normalizeUsage>;
   private guardianReviewCount = 0;
@@ -267,6 +273,7 @@ export class CodexAppServerEventProjector {
     toolTelemetry: CodexAppServerToolTelemetry,
     options?: { yieldDetected?: boolean },
   ): EmbeddedRunAttemptResult {
+    this.synthesizeMissingToolResults();
     const assistantTexts = this.collectAssistantTexts();
     const reasoningText = collectTextValues(this.reasoningTextByItem).join("\n\n");
     const planText = collectTextValues(this.planTextByItem).join("\n\n");
@@ -314,6 +321,7 @@ export class CodexAppServerEventProjector {
     const turnInterrupted = this.completedTurn?.status === "interrupted";
     const promptError =
       this.promptError ??
+      this.synthesizedMissingToolResultError ??
       (turnFailed ? (this.completedTurn?.error?.message ?? "codex app-server turn failed") : null);
     const agentHarnessResultClassification = classifyAgentHarnessTerminalOutcome({
       assistantTexts,
@@ -987,6 +995,7 @@ export class CodexAppServerEventProjector {
     status: ReturnType<typeof itemStatus>;
   }): void {
     if (params.phase === "start") {
+      this.toolTrajectoryCallIds.add(params.item.id);
       this.options.trajectoryRecorder?.recordEvent("tool.call", {
         threadId: this.threadId,
         turnId: this.turnId,
@@ -997,6 +1006,7 @@ export class CodexAppServerEventProjector {
       });
       return;
     }
+    this.toolTrajectoryResultIds.add(params.item.id);
     const toolResult = itemToolResult(params.item).result;
     const output = itemOutputText(params.item, this.toolResultOutputTextByItem);
     this.options.trajectoryRecorder?.recordEvent("tool.result", {
@@ -1245,6 +1255,7 @@ export class CodexAppServerEventProjector {
       return;
     }
     this.toolTranscriptCallIds.add(params.id);
+    this.toolTranscriptNamesById.set(params.id, params.name);
     this.toolTranscriptArgumentsById.set(params.id, params.arguments);
     if (!shouldEmitTranscriptToolProgress(params.name, params.arguments)) {
       this.transcriptToolProgressSuppressedIds.add(params.id);
@@ -1274,6 +1285,45 @@ export class CodexAppServerEventProjector {
     );
   }

+  private synthesizeMissingToolResults(): void {
+    const missingIds = [...this.toolTranscriptCallIds].filter(
+      (id) => !this.toolTranscriptResultIds.has(id),
+    );
+    if (missingIds.length === 0) {
+      return;
+    }
+    for (const id of missingIds) {
+      const name = this.toolTranscriptNamesById.get(id) ?? "tool";
+      const text = `${MISSING_TOOL_RESULT_ERROR} toolCallId=${id}; toolName=${name}`;
+      this.recordToolTranscriptResult({
+        id,
+        name,
+        text,
+        isError: true,
+      });
+      if (this.toolTrajectoryCallIds.has(id) && !this.toolTrajectoryResultIds.has(id)) {
+        this.toolTrajectoryResultIds.add(id);
+        this.options.trajectoryRecorder?.recordEvent("tool.result", {
+          threadId: this.threadId,
+          turnId: this.turnId,
+          itemId: id,
+          toolCallId: id,
+          name,
+          status: "failed",
+          isError: true,
+          result: { status: "failed", reason: "missing_tool_result" },
+          output: text,
+        });
+      }
+    }
+    if (!this.synthesizedMissingToolResultError) {
+      this.synthesizedMissingToolResultError =
+        missingIds.length === 1
+          ? MISSING_TOOL_RESULT_ERROR
+          : `${MISSING_TOOL_RESULT_ERROR} missingToolResultCount=${missingIds.length}`;
+    }
+  }
+
   private emitTranscriptToolCallProgress(params: ToolTranscriptCallInput): void {
     if (!shouldEmitTranscriptToolProgress(params.name, params.arguments)) {
       return;
--
2.50.1 (Apple Git-155)

[Jefsky]

I'll investigate this. The missing tool.result reconciliation during interrupted Codex turns seems like a safety invariant gap worth fixing.

[steipete]

Fixed in PR #88946 on the inference branch.

What changed:

• Codex app-server now tracks native tool-call and trajectory call/result ids during projection.
• When a turn finalizes with a started native tool call but no matching result, OpenClaw synthesizes a failed tool.result with reason: "missing_tool_result", marks the attempt as a prompt failure, and keeps durable trajectory proof instead of leaving a bare tool.call.
• The reconciliation is guarded so buffered terminal notifications that close cleanly without a final assistant/tool failure are not misclassified.

Proof run after the patch:

• node scripts/run-vitest.mjs extensions/codex/src/app-server/event-projector.test.ts extensions/codex/src/app-server/run-attempt.test.ts -> 2 files, 163 tests passed.
• pnpm exec oxfmt --check extensions/codex/src/app-server/event-projector.ts extensions/codex/src/app-server/event-projector.test.ts -> passed.
• node scripts/run-oxlint.mjs --tsconfig config/tsconfig/oxlint.extensions.json extensions/codex/src/app-server/event-projector.ts extensions/codex/src/app-server/event-projector.test.ts -> passed.
• node scripts/run-tsgo.mjs -p tsconfig.extensions.json --incremental false -> passed.
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json --incremental false -> passed.
• git diff --check -> passed.

Commit: ef5a961 (fix(codex): fail closed on missing tool results). Keeping this issue open until #88946 lands on main.