fix(compaction): break safeguard cancel loop for sessions with no summarizable messages (#41981)

[lml2468]

What

Break the compaction safeguard cancel loop that blocks cron lanes when isolated sessions have no summarizable history.

Why

Fixes #41981 — Isolated cron sessions with sessionTarget: "isolated" get stuck in a compaction cancel loop:

1. SDK auto-compaction triggers after each assistant response when shouldCompact() returns true
2. prepareCompaction() marks all messages as "recent" (within keepRecentTokens), producing empty messagesToSummarize
3. Safeguard detects no real conversation messages → cancels compaction
4. SDK accepts cancellation but re-triggers on next assistant response → infinite loop
5. Each loop iteration wastes time and floods logs, causing cron job timeout

How

Instead of returning { cancel: true } when messagesToSummarize is empty, return a minimal compaction result with a structured fallback summary. This writes a compaction boundary entry via sessionManager.appendCompaction(), which:

• Marks the session as "recently compacted"
• Causes _checkAutoCompaction to skip (assistant timestamps are before the compaction boundary)
• Breaks the cancel loop

Also added per-session tracking (WeakSet) to downgrade repeated log messages from info to debug, reducing log noise for sessions that hit this path multiple times.

Testing

• pnpm build && pnpm check — pending CI
• npx vitest run src/agents/pi-extensions/compaction-safeguard.test.ts — 68/68 tests pass
• Updated existing test: "cancels compaction when no real messages" now expects compaction result instead of cancel
• New test: verifies fallback summary preserves previous summary structure
• New test: verifies log downgrade on repeated attempts for same session
• AI-assisted (OpenClaw agent, fully tested)

[greptile-apps]

Greptile Summary

This PR fixes a compaction cancel loop in isolated cron sessions (#41981) by replacing { cancel: true } returns (when messagesToSummarize is empty) with a minimal compaction boundary result that causes the SDK to mark the session as recently compacted, preventing immediate re-triggering.

• Fix is mechanically correct — writing a compaction boundary instead of cancelling cleanly breaks the re-trigger loop without touching session history
• buildStructuredFallbackSummary can produce duplicate section headings — when previousSummary is present but only partially structured (e.g. "## Decisions\nDid X." without the other four required headings), the entire string is embedded verbatim as the body of the template's ## Decisions block, duplicating any section markers that appear in it. The test at line 1537 exercises this exact case but only uses toContain assertions that mask the duplication
• Stale naming — noRealMessagesCancelledSessions and its comment still say "cancelled" even though the behaviour is now "write empty boundary"; the local alias alreadyCancelled carries the same confusion
• Log-level downgrade test has no log assertions — the test named "downgrades log level on repeated no-real-messages compaction for same session" only checks result.compaction is defined, never asserting which log method was invoked
• The _summarizationInstructions parameter added to buildStructuredFallbackSummary is intentionally unused (prefixed with _); it appears reserved for future use

Confidence Score: 3/5

• Safe to merge with minor caveats — the core loop-break fix is sound, but a logic edge case in fallback summary building can produce malformed output for partially-structured prior summaries.
• The primary fix is well-reasoned and correctly addresses the infinite cancel loop. The main concern is that buildStructuredFallbackSummary silently produces duplicate section headings when previousSummary has some but not all required sections, and the corresponding test's misleading comment and weak assertions mean this edge case went unnoticed. In production this path is only hit when there is no real conversation content to compact, so the malformed output is low-impact but could accumulate confusion in session history over time. Variable naming and test coverage gaps reduce confidence slightly.
• src/agents/pi-extensions/compaction-safeguard.ts lines 484-508 (buildStructuredFallbackSummary) and the corresponding test case at line 1537

Comments Outside Diff (1)

1. src/agents/pi-extensions/compaction-safeguard.ts, line 488-508 (link)

   Duplicated headings when previousSummary contains partial sections

   When previousSummary is present but doesn't pass hasRequiredSummarySections (e.g. "## Decisions\nDid X."), the function falls into the else branch and embeds the entire previousSummary verbatim as the body of the ## Decisions block. If previousSummary itself starts with a section heading, the output will contain that heading twice:

   ## Decisions       ← injected by the template
   ## Decisions       ← from previousSummary
   Did X.
   
   ## Open TODOs
   None.
   ...
   

   The test at line 1537 demonstrates this exact case (previousSummary: "## Decisions\nUsed approach A."), but the assertions only call toContain("## Decisions") so the duplication isn't caught. The test comment also says "Fallback preserves previous summary when it has required sections", but the test data only contains one of the five required sections — so it actually exercises the template path, not the preserve path.

   Consider stripping leading section headings from previousSummary before embedding it, or placing it under a dedicated prose key ("Prior context") instead of reusing ## Decisions:

   const priorContext = trimmedPreviousSummary
     ? trimmedPreviousSummary.replace(/^##[^\n]*\n?/, "").trim() || "No prior history."
     : "No prior history.";
   return [
     "## Decisions",
     priorContext,
     ...
   ].join("\n");

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: src/agents/pi-extensions/compaction-safeguard.ts
   Line: 488-508
   
   Comment:
   **Duplicated headings when `previousSummary` contains partial sections**
   
   When `previousSummary` is present but doesn't pass `hasRequiredSummarySections` (e.g. `"## Decisions\nDid X."`), the function falls into the else branch and embeds the entire `previousSummary` verbatim as the body of the `## Decisions` block. If `previousSummary` itself starts with a section heading, the output will contain that heading twice:
   
   ```
   ## Decisions       ← injected by the template
   ## Decisions       ← from previousSummary
   Did X.
   
   ## Open TODOs
   None.
   ...
   ```
   
   The test at line 1537 demonstrates this exact case (`previousSummary: "## Decisions\nUsed approach A."`), but the assertions only call `toContain("## Decisions")` so the duplication isn't caught. The test comment also says "Fallback preserves previous summary **when it has required sections**", but the test data only contains one of the five required sections — so it actually exercises the *template* path, not the preserve path.
   
   Consider stripping leading section headings from `previousSummary` before embedding it, or placing it under a dedicated prose key (`"Prior context"`) instead of reusing `## Decisions`:
   
   ```typescript
   const priorContext = trimmedPreviousSummary
     ? trimmedPreviousSummary.replace(/^##[^\n]*\n?/, "").trim() || "No prior history."
     : "No prior history.";
   return [
     "## Decisions",
     priorContext,
     ...
   ].join("\n");
   ```
   
   How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: 0c6a371}

[greptile-apps]

Stale variable name and comment after behaviour change

The variable is still called noRealMessagesCancelledSessions and the comment above it still says "compaction was already cancelled", but the behaviour was changed by this very PR — we now write a compaction boundary instead of cancelling. The misleading name also bleeds into the local alreadyCancelled variable at line 711, which is equally confusing.

Suggested change

	// Track session managers where compaction was already cancelled due to no real messages,
	// so repeated attempts within the same session run only log at debug level.
	const noRealMessagesCancelledSessions = new WeakSet<object>();
	// Track session managers that have already hit the no-real-messages fast-path so
	// repeated attempts within the same session lifetime only log at debug level.
	const noRealMessagesBoundarySessions = new WeakSet<object>();

And the corresponding change to the local variable name on line 711:

const alreadyBoundaried = noRealMessagesBoundarySessions.has(ctx.sessionManager);

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/pi-extensions/compaction-safeguard.ts
Line: 32-34

Comment:
**Stale variable name and comment after behaviour change**

The variable is still called `noRealMessagesCancelledSessions` and the comment above it still says *"compaction was already cancelled"*, but the behaviour was changed by this very PR — we now write a compaction boundary instead of cancelling. The misleading name also bleeds into the local `alreadyCancelled` variable at line 711, which is equally confusing.

```suggestion
// Track session managers that have already hit the no-real-messages fast-path so
// repeated attempts within the same session lifetime only log at debug level.
const noRealMessagesBoundarySessions = new WeakSet<object>();
```

And the corresponding change to the local variable name on line 711:
```typescript
const alreadyBoundaried = noRealMessagesBoundarySessions.has(ctx.sessionManager);
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Test doesn't verify the log-level downgrade it claims to cover

The test is named "downgrades log level on repeated no-real-messages compaction for same session", but the assertions only check that result.compaction is defined — they say nothing about which log function was actually called. The claimed behaviour (switching from log.info to log.debug on the second invocation) is never asserted.

To make the test meaningful, consider spying on log.info and log.debug and asserting that:

• The first call fires log.info exactly once
• The second call fires log.debug exactly once (and log.info zero additional times)

Without this, the test is an integration smoke-test but not a unit test for the log-downgrade feature, and a future refactor could silently break that feature without the test catching it.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/pi-extensions/compaction-safeguard.test.ts
Line: 1568-1599

Comment:
**Test doesn't verify the log-level downgrade it claims to cover**

The test is named "downgrades log level on repeated no-real-messages compaction for same session", but the assertions only check that `result.compaction` is defined — they say nothing about which log function was actually called. The claimed behaviour (switching from `log.info` to `log.debug` on the second invocation) is never asserted.

To make the test meaningful, consider spying on `log.info` and `log.debug` and asserting that:
- The first call fires `log.info` exactly once
- The second call fires `log.debug` exactly once (and `log.info` zero additional times)

Without this, the test is an integration smoke-test but not a unit test for the log-downgrade feature, and a future refactor could silently break that feature without the test catching it.

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0c6a371e98

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Include split-turn prefixes before emitting empty compaction

This early return now writes a compaction result using only previousSummary, but it can trigger even when turnPrefixMessages still contains real conversation content (for split-turn preparations where messagesToSummarize is empty). In that case, the later split-turn summarization path (isSplitTurn + turnPrefixMessages) is skipped and the compaction boundary is still applied, so prefix context can be discarded instead of summarized; previously this path canceled compaction and preserved history. Please guard this branch with turnPrefixMessages as well (or summarize them before returning).

Useful? React with 👍 / 👎.

[lml2468]

Thanks @byungsker! Both points addressed:

1. Variable naming — already renamed to noRealMessagesBoundarySessions / alreadyBoundaried in commit 54c1462 (before your review landed).

2. buildStructuredFallbackSummary(undefined) test — added explicit assertions verifying the minimal structured summary content (## Decisions → No prior history., ## Open TODOs → None., etc.) in commit be20909.

69/69 tests pass.

[jalehman]

Changes Requested

Thank you for this contribution! We've reviewed this PR and have some feedback before it can move forward.

Repeat-attempt fast path can recreate the original cancel loop

The new session-lifetime WeakSet only guarantees that we write a fallback boundary the first time an empty preparation occurs. After a later assistant message, prepareCompaction() can produce another empty preparation in the same session, but at that point this path now returns { cancel: true } instead of writing a fresh boundary. That puts us back in the same SDK re-trigger loop this PR is trying to break.

Please change this so the decision to return a boundary vs. cancel is based on whether the current transcript state is still protected by a boundary, rather than only on whether the session has ever hit this path.

Add a regression test for boundary -> assistant message -> empty preparation

The repeated-attempt test currently calls the safeguard twice against the same empty preparation, which does not model the failing progression above. Please add coverage for the real sequence: empty preparation writes a boundary, a later assistant turn makes compaction eligible again, and a subsequent empty preparation still avoids the loop. That will make the intended guarantee explicit and keep this from regressing.

---

Once these are addressed, we'll re-review. Feel free to ask questions if anything is unclear.

[lml2468]

@jalehman Thank you for the thorough review! Both issues addressed in commit c7d17fcde:

1. Removed WeakSet cancel path — always write boundary on empty preparation

You were right that the WeakSet approach recreated the cancel loop after a new assistant message arrived. The fix removes noRealMessagesBoundarySessions entirely. Now every empty preparation writes a boundary entry. This is safe because the SDK's prepareCompaction() returns undefined when the last entry is a compaction boundary, blocking immediate re-triggering. The frequency is bounded to at most one boundary per LLM round-trip.

2. Updated regression test for boundary → assistant message → empty preparation

Replaced the "cancels on repeated" test with a new test that verifies two consecutive empty preparations both write boundaries (not cancel on the second call), modeling the scenario where a new assistant message makes compaction eligible again.

69/69 tests pass, oxlint clean.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d60631489f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Handle absent turnPrefixMessages in empty-prep fast path

The new guard calls preparation.turnPrefixMessages.some(...) unconditionally, but this hook already treats turnPrefixMessages as optional later (?? []), so an event payload that omits this field will now throw before the safeguard can return a compaction boundary. In that case the extension fails exactly in the no-summarizable-messages path this commit is trying to stabilize, so auto-compaction can keep re-attempting instead of being suppressed.

Useful? React with 👍 / 👎.

[jalehman]

Merged via squash.

• Prepared head SHA: 7ce6bd834e8653561f5389b8756bfab7664ab9f3
• Merge commit: 7b61b025ff903857cf12b4df062fab118f418655

Thanks @lml2468!