[Bug]: Active memory injection breaks prompt cache hit rate (99.9% → 22%)

[Enominera]

[Bug]: Active memory injection breaks prompt cache hit rate (99.9% → 22%)

Phenomenon

Enabling the active-memory plugin causes prompt cache hit rate to collapse
from ~99.9% (clean baseline) to ~22% in production dashboard observations.

Reproduction across two Anthropic-compatible providers (independent test runs
by two coding agents) shows:

• Clean baseline (5 identical prompts, no prependContext): 99.9% warm hit
• Static 32KB prependContext (5 identical prompts, fixed content): 99.8% warm hit
• Variable 32KB prependContext (5 prompts, content changes per call): 0.0% warm hit

Root cause

The active-memory plugin injects recalled memories via the before_prompt_build
hook, returning content through hookResult.prependContext. In the prompt-preparation
layer, this context is concatenated into the user message (not the system prompt).

For every eligible conversational reply, the plugin spawns a blocking memory
sub-agent that runs memory_search to recall facts. The recall query is derived
from the current user message, so different user messages → different recalled
fact lists → character-level changes in prependContext.

Anthropic protocol cache_control: {type: "ephemeral"} markers are intended to
isolate the stable system-prompt block from the variable user-message block.
However, the observed behavior across two Anthropic-compatible providers is that
the cache_control boundary does not work as expected: any character-level change
in the user-message block causes the entire prompt to miss cache (0% hit rate),
instead of just the variable part.

Reproduction

1. Configure any Anthropic-compatible provider
2. Enable active-memory with config.agents: ["main"]
3. Send 5 near-identical user messages (e.g. "hi count 3")
4. With prependContext: 32KB of varied content per call, observe:
   • cache_creation_input_tokens and cache_read_input_tokens both = 0
   • All 5 calls rebuild the entire prompt (warm hit rate = 0%)
5. Production dashboard: 22% (weighted average across triggered and non-triggered
   conversational turns)

Code-level trace

prependContext injection site

In the prompt preparation layer, hookResult.prependContext is concatenated
directly before the user prompt:

// selection-DrXxngyT.js ~L12796
effectivePrompt = `${hookResult.prependContext}\n\n${effectivePrompt}`;

active-memory hook returns prependContext

// active-memory/index.js ~L1743: before_prompt_build hook
// ~L1829: return value
return { prependContext: promptPrefix };
// promptPrefix = "Untrusted context..." + XML-wrapped summary

cache_control placement

// anthropic-payload-policy-jufdNb_5.js ~L66-85
// cache_control placed on the LAST block of the LAST user message
// This should isolate the stable prefix from the variable suffix,
// but does not on the tested endpoints.

memory_search tool registration

// memory-core/index.js ~L270
api.registerTool(..., { names: ["memory_search"] });
// Semantic search tool: different queries → different results

Suggested fixes

1. Document the limitation: At minimum, document that enabling active-memory
   effectively disables prompt cache for any user message that includes variable
   recalled content. This is silent and undocumented.

2. Stabilize prependContext output: Have the active-memory plugin produce
   deterministic output for a given session (e.g. fixed ordering, fixed truncation,
   hash-based fingerprint in place of timestamps) so character-level changes don't
   propagate to the user-message block.

3. Skip active-memory for cache-critical prompts: Allow callers to mark
   "cache-critical" prefixes that bypass active-memory injection.

4. Tighten cache_control boundary: Make the Anthropic cache boundary respect
   the prependContext vs system-prompt split so that stable system-prompt content
   is cached independently of variable user-message content.

Workaround

Disable active-memory (set enabled: false) and use memory_search explicitly
when needed. Cache hit rate returns to ~99.9%.

Impact

Any user with active-memory enabled and an Anthropic-compatible provider that
supports prompt caching will see cache hit rate collapse. This is silent (no
warning, no log entry) and undocumented. Common configuration, common failure mode.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 8, 2026, 2:37 AM ET / 06:37 UTC.

Summary
Keep open: the added live-provider comment strengthens the report, and current main plus v2026.6.1 still route active-memory recall through variable prependContext in the user prompt without an active-memory prompt-cache warning. This needs maintainer product/provider judgment rather than conservative cleanup closure.

Reproducibility: no. not as a maintainer-controlled current-main reproduction yet. Source confirms the variable user-prompt injection path and the reporter supplied useful two-provider live metrics, but the endpoints are redacted and this review did not independently run the live cache probe.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Maintainers need to choose the active-memory/provider cache contract before a safe implementation lane can be queued.

Review details

Best possible solution:

Define the cache contract for dynamic plugin context, then either document active-memory as cache-hostile on affected providers or add a tested plugin/provider boundary that preserves stable-prefix caching without changing trust semantics accidentally.

Do we have a high-confidence way to reproduce the issue?

No, not as a maintainer-controlled current-main reproduction yet. Source confirms the variable user-prompt injection path and the reporter supplied useful two-provider live metrics, but the endpoints are redacted and this review did not independently run the live cache probe.

Is this the best way to solve the issue?

Unclear. A docs warning is the narrow safe mitigation, while any code fix needs a maintainer decision about whether dynamic memory belongs in user prompt space, system prompt space, or an explicit cache-bypass/cache-critical contract.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The live evidence uses redacted Anthropic-compatible endpoints, so maintainers still need either trusted live reproduction or a provider fixture before choosing a code-level cache contract.
• Moving active-memory output from user-prompt space into system-prompt space could change trust and prompt-injection semantics, so a code fix needs explicit product/provider ownership rather than an automated narrow repair.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 538d36eaaaa6.

Label changes

Label justifications:

• P2: This is a plausible user-facing performance and cost regression in a bounded active-memory/provider-cache surface, but it is not an outage or message-loss emergency.
• impact:other: The concrete impact is degraded prompt-cache efficiency and higher latency/cost, which is meaningful but outside the specific owned impact categories.

Evidence reviewed

What I checked:

• Current active-memory hook: Active-memory still registers before_prompt_build, builds query/search text from the current prompt and recent turns, then returns the prompt prefix as prependContext. (extensions/active-memory/index.ts:3005, 538d36eaaaa6)
• Prompt prefix shape: The prefix is an untrusted-context header plus <active_memory_plugin> XML around the recalled summary, so changes in recall output become byte-level changes in injected prompt text. (extensions/active-memory/index.ts:2093, 538d36eaaaa6)
• User-prompt injection path: Prompt preparation concatenates hookResult.prependContext directly before the latest prepared user prompt rather than into systemPrompt. (src/agents/cli-runner/prepare.ts:509, 538d36eaaaa6)
• Current test expectation: The active-memory test suite expects successful recall to produce prependContext, confirming this is current intended behavior rather than a stale report against removed code. (extensions/active-memory/index.test.ts:1352, 538d36eaaaa6)
• Anthropic cache-control shaping: The Anthropic provider applies cache control to eligible latest user content blocks and separately builds cache-controlled system blocks, matching the boundary surface discussed in the issue. (src/llm/providers/anthropic.ts:1192, 538d36eaaaa6)
• Docs gap: Active-memory docs disclose that /trace raw shows the hidden prefix in Model Input (User Role), but the active-memory page only mentions cacheTtlMs for its own short recall cache and does not document provider prompt-cache impact. Public docs: docs/concepts/active-memory.md. (docs/concepts/active-memory.md:174, 538d36eaaaa6)

Likely related people:

• Takhoffman: Introduced active-memory and later moved recall into the hidden prompt prefix, which is the central behavior under review. (role: feature owner; confidence: high; commits: b83726d13e33, f94d6778b1d5; files: extensions/active-memory/index.ts, docs/concepts/active-memory.md)
• steipete: Authored the prompt-caching guide and live cache probe history that define the cache-stability expectations around this report. (role: prompt-cache area contributor; confidence: medium; commits: 46dee26600e4, 936737977166, ca99ad0af8dc; files: docs/reference/prompt-caching.md, src/agents/live-cache-regression.live.test.ts, src/agents/live-cache-regression-baseline.ts)
• vincentkoc: Current-main blame and release refresh history touch active-memory, prompt preparation, and Anthropic payload surfaces; this is recent-maintenance provenance rather than clear original authorship. (role: recent area contributor; confidence: medium; commits: 8dff52958701, 2e08f0f4221f; files: extensions/active-memory/index.ts, src/agents/cli-runner/prepare.ts, src/llm/providers/anthropic.ts)
• Yzx: Recently maintained src/llm/providers/anthropic.ts, the provider surface involved in cache-control placement. (role: recent Anthropic provider contributor; confidence: low; commits: ccb9f2ca2be0; files: src/llm/providers/anthropic.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Enominera]

Live Anthropic-compatible cache probe evidence

In response to the Codex bot's acceptance criteria (live provider probe with cache token metrics), here is the supplementary empirical data.

Test setup

• Provider A: Anthropic-compatible endpoint (name/baseUrl redacted)
• Provider B: Anthropic-compatible endpoint (name/baseUrl redacted)
• Active memory: enabled, prependContext ~32KB variable per call
• Calls: 5 consecutive requests, prependContext content differs each call (simulating active memory recall results changing between invocations)

Test C results (variable prependContext, ~32KB)

Provider	Call	input_tokens	cache_creation_input_tokens	cache_read_input_tokens
A	1	~19K	0	0
A	2	~19K	0	0
A	3	~19K	0	0
A	4	~19K	0	0
A	5	~19K	0	0
B	1	~21K	0	0
B	2	~21K	0	0
B	3	~21K	0	0
B	4	~21K	0	0
B	5	~21K	0	0

Hit rate (calls 2–5)

• Provider A: 0.0% — all 5 calls cache miss, cache_read_input_tokens = 0 for all 5
• Provider B: 0.0% — all 5 calls cache miss, cache_read_input_tokens = 0 for all 5
• Test A baseline (5 identical prompts, no prependContext): ~99.9% warm hit (observed across both providers)

Cross-provider behavioral consistency

Two independent Anthropic-compatible providers exhibit identical real-world behavior (Test C 0%, Test A ~99.9%), corroborating the root cause analysis in this issue: character-level changes to prependContext cause the entire prompt cache key to change, resulting in a 0% hit rate.

cache_control partitioning (cache_control: {type: "ephemeral"} markers) has been empirically observed to have no effect on these two Anthropic-compatible endpoints. The Anthropic protocol intends it to separate stable vs. variable blocks, but the actual observed behavior is whole-prompt hashing.

Mapping to Codex acceptance criteria

• ✅ Run a live Anthropic-compatible cache probe — done (two independent providers, 5 calls each)
• ✅ Capture cache_read_input_tokens and cache_creation_input_tokens — done (all values = 0)
• ✅ Across repeated prompts — done (5 calls per provider)
• ⚠️ Active memory enabled AND disabled comparison — baseline of ~99.9% hit rate was previously established with identical prompts; this probe covers the enabled-with-variable-prependContext scenario

[Enominera]

@clawsweeper please re-review — new live Anthropic-compatible provider probe evidence attached above (5 calls each, both providers, cache_read_input_tokens=0 for all 10 calls). Cross-provider consistency observed.

[Enominera]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27120102717
• Updated: 2026-06-08T06:37:45.729Z