fix(gateway): reuse subagent registry snapshot in session listing

[vincentkoc]

Summary

• Problem: sessions listing rebuilt subagent registry reads repeatedly while rendering rows, which can produce inconsistent child-link state during active subagent work.
• Why it matters: the session list is used by subagent orchestration and QA visibility; inconsistent snapshots make active and recently completed children brittle.
• What changed: preserve the original fix(gateway): reuse subagent registry snapshot in session listing #75013 patch from @anyech by building a request-scoped subagent registry read context and reusing it across session row construction.
• What did NOT change (scope boundary): no session storage schema, agent runtime, or subagent spawn policy changes.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Related fix(gateway): reuse subagent registry snapshot in session listing #75013
• This PR fixes a bug or regression

Root Cause (if applicable)

• Root cause: session rows queried mutable subagent registry state independently instead of sharing one read snapshot for the list request.
• Missing detection / guardrail: row-level tests did not assert snapshot reuse across child session listing.
• Contributing context (if known): replacement branch for fix(gateway): reuse subagent registry snapshot in session listing #75013 after its fork branch was accidentally emptied during CI repair.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/agents/subagent-registry-read-context.test.ts, src/gateway/session-utils.subagent.test.ts
• Scenario the test should lock in: one sessions list request reuses a stable subagent registry snapshot while retaining child link liveness behavior.
• Why this is the smallest reliable guardrail: it tests the snapshot seam and gateway row composition without running the full QA lab.
• Existing test that already covers this (if any): N/A
• If no new test is added, why not: N/A

User-visible / Behavior Changes

None.

Diagram (if applicable)

Before:
sessions.list -> row A reads registry -> row B reads registry -> possible drift

After:
sessions.list -> one registry snapshot -> all rows share the same read context

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Environment

• OS: macOS local, GitHub/Blacksmith CI for parity gate
• Runtime/container: Node 22 local; CI runner for parity gate
• Model/provider: mock OpenAI QA parity lane
• Integration/channel (if any): qa-lab / qa-channel
• Relevant config (redacted): N/A

Steps

1. Run the focused registry and gateway session tests.
2. Run changed checks in CI.
3. Rerun the parity gate for the replacement branch.

Expected

• Session list child links are based on one request-scoped registry snapshot.

Actual

• Prior branch hit a QA parity timeout in source-docs-discovery-report; this replacement branch is draft until the new exact-head CI result is known.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

• Verified scenarios: pnpm test:serial src/agents/subagent-registry-read-context.test.ts src/gateway/session-utils.subagent.test.ts; git diff --check origin/main...HEAD; git diff --check
• Edge cases checked: active, ended, stale, and nested child session link selection in the restored patch tests.
• What you did not verify: full parity gate has not completed on this replacement PR yet.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Risks and Mitigations

• Risk: request-scoped snapshot could hide registry mutations within one long list render.
  • Mitigation: context is only request-scoped and rebuilt for each sessions list call.

[clawsweeper]

Codex review: passed.

Summary
The branch reuses a request-scoped subagent registry read index across Gateway sessions.list spawnedBy filtering and row enrichment, with focused regression tests and a changelog entry.

Reproducibility: yes. On current main, spawnedBy filtering still calls registry read helpers independently from the row-enrichment context, so source inspection gives a high-confidence reproduction path for snapshot drift during active registry mutation.

Next step before merge
No repair job is needed; the branch already contains the focused fix and should proceed through automerge once exact-head checks and merge gates pass.

Security
Cleared: The diff only changes TypeScript Gateway/subagent registry read logic, focused tests, and the changelog; it does not touch workflows, dependencies, secrets, network calls, command execution, or package publishing surfaces.

Review details

Best possible solution:

Land the current PR head after required exact-head checks finish, keeping the registry snapshot request-scoped and avoiding global cache or session schema changes.

Do we have a high-confidence way to reproduce the issue?

Yes. On current main, spawnedBy filtering still calls registry read helpers independently from the row-enrichment context, so source inspection gives a high-confidence reproduction path for snapshot drift during active registry mutation.

Is this the best way to solve the issue?

Yes. The PR uses the existing buildSubagentRunReadIndex/SessionListRowContext path and keeps the snapshot bounded to one list request, which is the narrowest maintainable fix for this behavior.

What I checked:

• Current-main reproduction path: filterAndSortSessionEntries reads subagent display and descendant state directly during spawnedBy filtering, while listSessionsFromStore separately builds a row context for enrichment, so one list request can observe different registry snapshots. (src/gateway/session-utils.ts:1857, 08ce17c33ddb)
• Existing request-scoped index seam: Current main already has buildSubagentRunReadIndex and SessionListRowContext; the PR adapts the fix to this existing architecture instead of adding persistent/global cache state. (src/gateway/session-utils.ts:483, 08ce17c33ddb)
• PR implementation: The PR diff threads rowContext into filterAndSortSessionEntries, lazy-builds one row context per list request, and avoids falling back to a second controller-run registry read when an index is present. (src/gateway/session-utils.ts:381, 23ae6243747e)
• Regression coverage: The PR adds pure read-index tests plus a Gateway session-list test that asserts one disk snapshot is reused across spawnedBy filtering and row enrichment, and that raw filters can avoid registry reads when no rows survive. (src/gateway/session-utils.subagent.test.ts:787, 23ae6243747e)
• Protected automerge state: The pull API reports authorAssociation MEMBER, labels maintainer and clawsweeper:automerge, mergeable: true, and head 23ae6243747e5e0f55cad8691e78ac6265fb4e00, so this should remain open for automerge/maintainer handling rather than cleanup closure. (23ae6243747e)
• Exact-head checks: The checks API returned 89 check runs for the repaired head, with broad CI/security checks mostly successful and a few still in progress at review time; merge should stay gated on those exact-head checks. (23ae6243747e)

Likely related people:

• steipete: Recent main history shows repeated work on the session-list hot path, row-context/read-index shape, and subagent session-list tests. (role: recent maintainer and feature-history owner; confidence: high; commits: 3aaf30ffa600, 2b37b383ed9b, 9402bca614d0; files: src/gateway/session-utils.ts, src/gateway/session-utils.subagent.test.ts, src/agents/subagent-registry-read.ts)
• vincentkoc: Current-main history includes recent child-link indexing and bounded session-list/transcript work in the affected Gateway session utility file, separate from this PR author role. (role: recent gateway session-list maintainer; confidence: high; commits: 37f8c3806ac9, 694598822f19, ecf6cbf75d3d; files: src/gateway/session-utils.ts)
• Takhoffman: Recent subagent query history includes moved-child and restarted-descendant counting fixes that overlap the liveness and descendant-count semantics preserved by this PR. (role: adjacent subagent registry behavior owner; confidence: medium; commits: e48a0b80a81b, c541cde0f66e, e24704d5eb8a; files: src/agents/subagent-registry-queries.ts)

Remaining risk / open question:

• Exact-head GitHub checks for 23ae6243747e5e0f55cad8691e78ac6265fb4e00 still had a few in-progress runs at review time, so merge should remain gated on those checks finishing cleanly.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 08ce17c33ddb.

[vincentkoc]

CI update: exact head 5da0e2b490baed01cf323c20689efc6cbb08fb7e is green: 76 successful checks, 0 failed, 0 pending. The replacement branch passed the parity gate, including the OpenAI candidate lane that failed on #75013 at source-docs-discovery-report.

[vincentkoc]

/clawsweeper automerge

[clawsweeper]

🦞🦞
ClawSweeper automerge is enabled.

• Head: 23ae6243747e
• Label: clawsweeper:automerge
• Action: exact-head review queued.
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-02 19:37:08 UTC review queued [`5da0e2b490ba`](https://github.com/openclaw/openclaw/commit/5da0e2b490baed01cf323c20689efc6cbb08fb7e) (queued)
• 2026-05-02 20:01:00 UTC review passed [`5da0e2b490ba`](https://github.com/openclaw/openclaw/commit/5da0e2b490baed01cf323c20689efc6cbb08fb7e) (structured ClawSweeper verdict: pass (sha=5da0e2b490baed01cf323c20689efc6cbb08f...)
• 2026-05-01 12:04:19 UTC repair queued `5da0e2b490ba` (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25213633147
• 2026-05-01 12:38:02 UTC repair queued `5da0e2b490ba` (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25214528251
• 2026-05-01 12:41:33 UTC repair queued `5da0e2b490ba` (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25214629884
• 2026-05-02 19:57:14 UTC review queued [`5da0e2b490ba`](https://github.com/openclaw/openclaw/commit/5da0e2b490baed01cf323c20689efc6cbb08fb7e) (queued)
• 2026-05-02 19:41:26 UTC repair queued [`5da0e2b490ba`](https://github.com/openclaw/openclaw/commit/5da0e2b490baed01cf323c20689efc6cbb08fb7e) (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25260217169
• 2026-05-02 20:03:31 UTC repair completed [`23ae6243747e`](https://github.com/openclaw/openclaw/commit/23ae6243747e5e0f55cad8691e78ac6265fb4e00) (branch updated) in 19m 23s Run: https://github.com/openclaw/clawsweeper/actions/runs/25260217169 initial automerge rebase is delegated to Codex repair
• 2026-05-02 20:03:31 UTC review queued [`23ae6243747e`](https://github.com/openclaw/openclaw/commit/23ae6243747e5e0f55cad8691e78ac6265fb4e00) (after repair)
• 2026-05-02 20:07:00 UTC review passed [`23ae6243747e`](https://github.com/openclaw/openclaw/commit/23ae6243747e5e0f55cad8691e78ac6265fb4e00) (structured ClawSweeper verdict: pass (sha=23ae6243747e5e0f55cad8691e78ac6265fb4...)
• 2026-05-02 20:07:12 UTC merged [`23ae6243747e`](https://github.com/openclaw/openclaw/commit/23ae6243747e5e0f55cad8691e78ac6265fb4e00) (merged by ClawSweeper automerge)
• 2026-05-02 20:07:16 UTC review queued [`23ae6243747e`](https://github.com/openclaw/openclaw/commit/23ae6243747e5e0f55cad8691e78ac6265fb4e00) (queued)