fix: add session-growth guard to prevent unbounded session store growth

[reverendrewind]

Summary

Fixes #11971.

• Context pruning (cache-ttl) and DM history limiting modify messages in-flight before the API call but never touch the session store. This masks the true session size from the pi-coding-agent library's auto-compaction trigger, causing the JSONL store to grow unbounded.
• Non-Anthropic providers sharing the same session then receive the full unpruned history (854K+ tokens observed in production, costing $0.66 in wasted API calls).
• Adds a provider-agnostic pre-prompt guard in runEmbeddedPiAgent that estimates actual stored tokens via SessionManager.open() and forces compaction when the store exceeds 80% of the context window.

Changes

File	Change
src/agents/pi-embedded-runner/compact.ts	Add estimateSessionFileTokens() helper
src/agents/pi-embedded-runner/run.ts	Add SESSION_GROWTH_COMPACTION_THRESHOLD and pre-prompt guard with try/catch
src/agents/pi-embedded-runner/run.session-growth-guard.test.ts	6 new tests

Design decisions

• Provider-agnostic: fires regardless of current provider, catching both cache-ttl pruning (Anthropic) and limitHistoryTurns (DM sessions)
• Best-effort: errors in session estimation are caught and logged, never block the prompt
• Runs once before the retry loop (existing overflow handling covers subsequent growth)
• Threshold at 80%: above pruning ratios (30-50%) to avoid interference, but catches clearly bloated sessions

Test plan

• 6 new tests pass (threshold logic, compaction success/failure, error resilience, no-session-file, compaction counting)
• 8 existing overflow-compaction tests pass (no regressions)
• Linter passes (0 warnings, 0 errors)

🤖 Generated with Claude Code

Greptile Overview

Greptile Summary

Adds a pre-prompt “session-growth guard” to runEmbeddedPiAgent that estimates the stored token count from the session JSONL and forces compaction when it exceeds 80% of the model context window. This is intended to prevent unbounded session store growth when downstream pruning/history-limiting modifies messages only in-flight.

Also introduces estimateSessionFileTokens() to compute an approximate token count from the on-disk session context, and adds a dedicated test suite for the guard behavior.

Confidence Score: 4/5

• This PR looks safe to merge after fixing a test that relies on an invalid type cast.
• The runtime change is isolated (best-effort guard + existing compaction path) and covered by new tests, but one test currently bypasses the real params contract by casting undefined to a required string, which can mask mismatches between intended and actual runtime states.
• src/agents/pi-embedded-runner/run.session-growth-guard.test.ts

_{(2/5) Greptile learns from your feedback when you react with thumbs up/down!}

Context used:

• Context from dashboard - CLAUDE.md (source)
• Context from dashboard - AGENTS.md (source)

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Invalid param type cast

RunEmbeddedPiAgentParams.sessionFile is a required string (src/agents/pi-embedded-runner/run/params.ts:57), but this test forces sessionFile to undefined via undefined as unknown as string. That defeats type-safety and makes the test cover a state that can’t occur for real callers, while also hiding that if (params.sessionFile) in run.ts is effectively dead under the current type.

Consider either (a) making sessionFile optional in the real params type (if “no session file” is a valid runtime scenario), or (b) update the test to pass a real string and instead cover the “missing file on disk” path (which estimateSessionFileTokens already handles) without type casting.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/pi-embedded-runner/run.session-growth-guard.test.ts
Line: 269:272

Comment:
**Invalid param type cast**

`RunEmbeddedPiAgentParams.sessionFile` is a required `string` (src/agents/pi-embedded-runner/run/params.ts:57), but this test forces `sessionFile` to `undefined` via `undefined as unknown as string`. That defeats type-safety and makes the test cover a state that can’t occur for real callers, while also hiding that `if (params.sessionFile)` in `run.ts` is effectively dead under the current type.

Consider either (a) making `sessionFile` optional in the real params type (if “no session file” is a valid runtime scenario), or (b) update the test to pass a real string and instead cover the “missing file on disk” path (which `estimateSessionFileTokens` already handles) without type casting.

How can I resolve this? If you propose a fix, please make it concise.

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[steipete]

Closing as AI-assisted stale-fix triage.

Linked issue #11971 ("Bug: contextPruning (cache-ttl) masks session size from compaction, causing unbounded growth for non-Anthropic models") is currently CLOSED and was closed on 2026-02-23T04:33:33Z with state reason NOT_PLANNED.
Given that issue state, this fix PR is no longer needed in the active queue and is being closed as stale.

If the underlying bug is still reproducible on current main, please reopen this PR (or open a new focused fix PR) and reference both #11971 and #11999 for fast re-triage.

[steipete]

Closed after AI-assisted stale-fix triage (closed issue duplicate/stale fix).