feat(cli-runner): opt-in flag to reseed from raw transcript when no compaction exists

[eduardm23]

Summary

Today loadCliSessionReseedMessages returns [] for any CLI session that has not yet compacted, even after a gateway restart. This is the intentional safety property asserted by the existing test "does not reseed fresh CLI sessions from raw transcript history before compaction" — pre-compaction transcripts may contain raw operator context that should not bleed into a resumed session, and compaction is treated as the filtering boundary. The literal "raw secret" test data makes that intent unambiguous.

The cost of that safety default is restart amnesia for operators in trusted single-user / single-consumer environments: a gateway restart that invalidates the resumeSession (mcp/system-prompt hash mismatch is routine) drops all prior thread state with no way to opt back in.

Change

This PR adds an opt-in CliBackendConfig field reseedFromRawTranscriptWhenUncompacted (default false) plus a matching allowRawTranscriptReseed?: boolean parameter on loadCliSessionReseedMessages. The default behavior is unchanged — pre-compaction transcripts still short-circuit to [] when the flag is not set, and the existing safety test passes untouched. When opted in, the function falls back to the most recent MAX_CLI_SESSION_HISTORY_MESSAGES from the raw transcript, mirroring what loadCliSessionHistoryMessages already does for hooks.

prepare.ts reads the flag off backendResolved.config.reseedFromRawTranscriptWhenUncompacted and threads it through, so a per-backend setting like:

{
  "agents": {
    "defaults": {
      "cliBackends": {
        "claude-cli": {
          "reseedFromRawTranscriptWhenUncompacted": true
        }
      }
    }
  }
}

…controls the behavior without any code changes from the operator.

Why this matters in practice

A team running OpenClaw on a single operator's workstation (where the agent is the only consumer of its own transcripts) currently has to maintain a vendored patch over this function to survive gateway restarts. An opt-in flag removes the need for that vendored patch upstream-permanently while preserving the safety default for everyone else.

Tests

Three test cases cover this code path:

• Existing: "does not reseed fresh CLI sessions from raw transcript history before compaction" — unchanged. Asserts [] is still returned by default. Still passes.
• New: "reseeds from raw transcript tail when allowRawTranscriptReseed is opted in" — asserts the opt-in returns the recent message tail in the no-compaction case.
• New: "falls back to raw transcript tail when compaction summary is empty and opt-in is set" — asserts the opt-in branch also covers the existing if (!summary) return []; short-circuit.

Considered alternative

A larger architectural option is "force a compaction at restart time, then reseed the compacted summary" — that preserves the safety boundary AND solves the amnesia problem without an opt-in flag at all. More invasive (needs a compaction trigger on gateway:startup or just-before-resume). I'd be happy to file that as a follow-up issue if maintainers prefer that direction long-term; this PR is the smallest change that unblocks the use case while being explicit about the safety tradeoff via the flag name and docstring.

[clawsweeper]

Thanks for the context here. I did a careful shell check against current main, and this is already implemented.

Current main already contains the useful PR behavior via the merged successor implementation, and it also fixes this branch’s missing schema/docs and raw-transcript auth-boundary gaps. This branch should close rather than be revived.

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review details

Best possible solution:

Keep the current main implementation from the merged successor PR and close this stale branch rather than merge its incomplete version.

Do we have a high-confidence way to reproduce the issue?

Yes for the PR review findings: source inspection shows this branch exposes a backend config key without the strict schema and does not preserve auth-boundary no-raw behavior. A runtime repro is not needed to close because current main already contains the completed successor implementation.

Is this the best way to solve the issue?

No for this branch; it is not the best way to solve the issue because it omits schema/docs and auth-boundary gating. Yes for current main’s successor implementation, which keeps the opt-in explicit, bounded, documented, and no-raw for auth-profile or credential-epoch resets.

Security review:

Security review needs attention: The branch introduces a raw transcript replay path without enough auth-boundary gating; current main’s successor implementation addresses that before closure.

• [medium] Raw reseed can cross auth-boundary resets — src/agents/cli-runner/prepare.ts:410
  Because the branch only checks the opt-in flag, changed auth profile or credential epoch resets can still replay raw pre-compaction transcript history into a fresh CLI session. That is a privacy/security boundary issue for this patch, even though current main’s merged successor now gates it.
  Confidence: 0.86

What I checked:

• Current main raw-reseed implementation: Current main implements allowRawTranscriptReseed with a rawTranscriptReseedReason allow-list and falls back to the bounded raw tail only for allowed reset reasons. (src/agents/cli-runner/session-history.ts:202, bb8aa0cfe2b0)
• Current main prepare wiring: Current main reads backendResolved.config.reseedFromRawTranscriptWhenUncompacted, computes the reset reason, and passes both the opt-in and reason into loadCliSessionReseedMessages. (src/agents/cli-runner/prepare.ts:414, bb8aa0cfe2b0)
• Config contract implemented: Current main includes the option in both the public CliBackendConfig type and the strict CliBackendSchema, addressing the schema gap in this PR branch. (src/config/zod-schema.core.ts:657, bb8aa0cfe2b0)
• Regression coverage present: Current tests preserve the no-raw default, cover opted-in bounded raw-tail reseed, and assert auth-boundary invalidations do not raw-reseed. (src/agents/cli-runner/session-history.test.ts:250, bb8aa0cfe2b0)
• User-facing docs and changelog present: Current docs describe the opt-in and its auth-boundary limit, and the changelog records the merged fix for the related issue and successor PR. Public docs: docs/gateway/cli-backends.md. (docs/gateway/cli-backends.md:237, bb8aa0cfe2b0)
• Merged successor PR provenance: GitHub shows fix(cli-runner): add opt-in raw transcript reseed for invalidated CLI sessions #79764 merged on 2026-05-09 and implemented the opt-in with schema, docs, tests, and auth-boundary gating. (aeb7d0736446)

Likely related people:

• steipete: Provided maintainer direction on the successor PR and authored the raw-transcript gate commit that shaped the current main behavior. (role: reviewer and recent adjacent owner; confidence: high; commits: 92cef04847bb, aeb7d0736446; files: src/agents/cli-runner/session-history.ts, src/agents/cli-runner/prepare.ts, src/config/zod-schema.core.ts)
• hclsys: Opened and implemented the merged successor PR that completed the config contract, docs, tests, and changelog for this feature. (role: successor implementation author; confidence: high; commits: 7f2ba4d69428, b63f3afdc44c, aeb7d0736446; files: src/agents/cli-runner/session-history.ts, src/agents/cli-runner/prepare.ts, src/config/types.agent-defaults.ts)
• obviyus: The earlier fix(cli): bound fresh session reseed commit is tied to the fresh-session reseed and compaction-boundary behavior this PR changes. (role: introduced related reseed boundary behavior; confidence: medium; commits: 8559a84e4ea5; files: src/agents/cli-runner/session-history.ts, src/agents/cli-runner/session-history.test.ts, src/agents/cli-runner/prepare.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against bb8aa0cfe2b0; fix evidence: commit aeb7d0736446, main fix timestamp 2026-05-09T14:52:30Z.