fix(tools): tolerate duplicate sessionKey/label in sessions_send

[Yanhu007]

Summary

When calling sessions_send, LLMs and UI layers (ClawX, Control UI) sometimes mirror the same value into both sessionKey and label. This triggers the mutual-exclusion guard even though the intent is unambiguous.

Changes

Relax the check: only reject when both params are provided AND they differ. When they are equal, treat the call as sessionKey-only (the more specific routing path).

Testing

• When sessionKey and label are the same → uses sessionKey, no error
• When sessionKey and label differ → still rejects with existing error
• When only one is provided → unchanged behavior

Fixes #64699

[greptile-apps]

Greptile Summary

Relaxes the sessions_send mutual-exclusion guard so that providing equal sessionKey and label values is no longer treated as an error — the call is routed through the sessionKey path instead. This cleanly handles the case where LLMs or UI layers (ClawX, Control UI) mirror the same value into both fields unintentionally. Differing values continue to reject as before.

Confidence Score: 5/5

Safe to merge — the change is minimal, well-scoped, and preserves existing rejection behavior for the differing-values case.

Only a P2 style observation about asymmetric normalization between sessionKeyParam and labelParam in the equality check; no correctness or behavioral regressions identified.

No files require special attention.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/agents/tools/sessions-send-tool.ts
Line: 109

Comment:
**Asymmetric normalization in equality check**

`sessionKeyParam` is the raw value from `readStringParam` (not trimmed), while `labelParam` passes through `normalizeOptionalString` which calls `.trim()`. A caller that sends the same logical value with incidental whitespace in the `sessionKey` field (e.g. LLM-generated padding) will still hit the error even though the intent matches. Applying the same normalization to both sides before comparison would make the guard consistent.

```suggestion
      if (sessionKeyParam && labelParam && sessionKeyParam.trim() !== labelParam) {
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(tools): tolerate duplicate sessionKe..." | Re-trigger Greptile}

[greptile-apps]

Asymmetric normalization in equality check

sessionKeyParam is the raw value from readStringParam (not trimmed), while labelParam passes through normalizeOptionalString which calls .trim(). A caller that sends the same logical value with incidental whitespace in the sessionKey field (e.g. LLM-generated padding) will still hit the error even though the intent matches. Applying the same normalization to both sides before comparison would make the guard consistent.

Suggested change

	if (sessionKeyParam && labelParam && sessionKeyParam !== labelParam) {
	if (sessionKeyParam && labelParam && sessionKeyParam.trim() !== labelParam) {

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/tools/sessions-send-tool.ts
Line: 109

Comment:
**Asymmetric normalization in equality check**

`sessionKeyParam` is the raw value from `readStringParam` (not trimmed), while `labelParam` passes through `normalizeOptionalString` which calls `.trim()`. A caller that sends the same logical value with incidental whitespace in the `sessionKey` field (e.g. LLM-generated padding) will still hit the error even though the intent matches. Applying the same normalization to both sides before comparison would make the guard consistent.

```suggestion
      if (sessionKeyParam && labelParam && sessionKeyParam.trim() !== labelParam) {
```

How can I resolve this? If you propose a fix, please make it concise.

[clawsweeper]

Codex automated review: keeping this open.

Keep open. Current main still has the exact unconditional sessions_send rejection for any call containing both sessionKey and label, while this PR is a narrow implementation candidate for the linked open bug #64699. The PR is not obsolete or unsafe on the inspected surface, but it should gain focused regression tests and be reconciled with overlapping open attempts before landing.

Best possible solution:

Keep this PR open as a valid implementation candidate for #64699. The best landed fix should update src/agents/tools/sessions-send-tool.ts to treat equal trimmed sessionKey and label values as a sessionKey route, continue rejecting differing values, and add focused regression coverage in the agent tool tests. Maintainers should consolidate this with the overlapping open sessions_send PRs before merge.

What I checked:

• Current main still rejects duplicate targets: createSessionsSendTool reads sessionKey and label, then immediately returns Provide either sessionKey or label (not both). whenever both are present, without checking equality. (src/agents/tools/sessions-send-tool.ts:105, 52249927ac2d)
• Bot review whitespace concern is already covered on main: readStringParam defaults trim to true and trims string values before returning them, so sessionKeyParam and label both arrive trimmed through the current call path. (src/agents/tools/common.ts:106, 52249927ac2d)
• Focused tests do not cover this regression: Existing sessions_send gating tests cover missing target and failed label resolution, but there is no current regression test for equal sessionKey plus label being accepted or differing values still being rejected. (src/agents/tools/sessions.test.ts:607, 52249927ac2d)
• PR context is a live implementation candidate: The provided GitHub context shows this PR is open, unmerged, contributor-authored, and uses closing syntax for [Bug]: sessions_send unexpectedly injects label, causing mutual-exclusion error with sessionKey #64699, whose report includes a concrete duplicated sessionKey/label invocation from ClawX and Control UI paths. (abca6622f7b3)
• Security review found no supply-chain surface in the patch: The PR patch only changes the sessions_send guard in src/agents/tools/sessions-send-tool.ts; it does not touch workflows, dependencies, lockfiles, install scripts, publishing metadata, secrets, or downloaded code. The sessionKey path still proceeds through resolveVisibleSessionReference and createSessionVisibilityGuard before delivery. (src/agents/tools/sessions-send-tool.ts:216, 52249927ac2d)
• Checkout remained clean: Final git status --short produced no output after read-only inspection. (52249927ac2d)

Remaining risk / open question:

• The PR currently has no regression test for equal duplicated values or still-rejected differing values.
• There are overlapping open sessions_send PRs in the provided related-item context, so maintainers should choose one canonical patch rather than merge competing variants independently.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against 52249927ac2d.

[openclaw-clownfish]

Thanks @Yanhu007. I’m closing this as superseded by #39551 because both PRs address the same sessions_send mixed sessionKey/label failure, and #39551 is now the maintained canonical branch for the broader sessionKey-first rule.

Clownfish is keeping #64699 linked as validation context, and this source PR keeps credit for the duplicate-value reproduction. If maintainers decide the narrower equal-values-only behavior is still needed after #39551 lands, please reply and we can reopen or split it back out.