fix: dedupe OpenAI strict schema downgrade diagnostics

[galiniliev]

Summary

• Problem: OpenAI/Azure OpenAI strict tool schema downgrade diagnostics repeated on nearly every request when the visible tool inventory was not strict-compatible.
• Why it matters: repeated debug lines hid new provider diagnostics and made the same known downgrade look like fresh failures.
• What changed: the downgrade diagnostic is now keyed by provider/model/transport/tool-violation signature and logged once per unique signature per process.
• What did NOT change (scope boundary): this does not alter strict-mode selection or repair incompatible schemas; incompatible inventories still send strict=false.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug]: OpenAI strict tool schema downgrade diagnostic repeats on nearly every request #82930
• Related Azure OpenAI Responses stalls before first event when memory tools are exposed #80926
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior addressed: repeated OpenAI responses tool schema strict mode downgraded to strict=false diagnostics for the same Azure OpenAI Responses provider/model/tool-violation signature.
• Real environment tested: local OpenClaw worktree, Node v24.15.0, focused OpenAI transport test file exercising the request-build diagnostic seam with a mocked OpenAI transport logger.
• Exact steps or command run after this patch: node scripts/run-vitest.mjs src/agents/openai-transport-stream.test.ts --reporter=verbose
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): copied terminal capture:

RUN  v4.1.6

✓ |agents-core| ../../src/agents/openai-transport-stream.test.ts > openai transport stream > deduplicates repeated OpenAI strict schema downgrade diagnostics 256ms
✓ |agents-support| ../../src/agents/openai-transport-stream.test.ts > openai transport stream > deduplicates repeated OpenAI strict schema downgrade diagnostics 180ms

Test Files  2 passed (2)
Tests  338 passed (338)
Duration  16.04s

• Observed result after fix: the new regression imports the transport module in isolation with debug logging enabled, calls buildOpenAIResponsesParams twice for the same strict-incompatible provider/model/tool signature, verifies both payloads keep strict=false, and verifies the mocked logger receives exactly one downgrade diagnostic.
• What was not tested: no live Azure OpenAI Responses rerun was performed because the evidence came from a private affected gateway log/session; private deployment names, session identifiers, local paths, and job names were redacted and not reused publicly.
• Before evidence (optional but encouraged): redacted local log evidence showed 2,068 lines matching strict mode downgraded; lines 227, 238, 247, 259, and 268 repeated OpenAI responses tool schema strict mode downgraded to strict=false for azure-openai-responses/gpt-5.3-codex because 13 tool schema(s) are not strict-compatible within seconds.

Root Cause (if applicable)

• Root cause: resolveOpenAIStrictToolFlagWithDiagnostics logged every debug-enabled strict downgrade without remembering that the same provider/model/transport/tool-violation set had already been reported.
• Missing detection / guardrail: there was no regression coverage for repeated downgrade diagnostics.
• Contributing context (if known): OpenAI strict schema compatibility is inventory-wide, so one incompatible visible tool inventory can downgrade every request until schemas are fixed or the tool surface changes.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/agents/openai-transport-stream.test.ts
• Scenario the test should lock in: building the same native OpenAI Responses request twice with the same strict-incompatible tool signature keeps strict=false while emitting one downgrade diagnostic.
• Why this is the smallest reliable guardrail: the failure is in request-build diagnostic emission, before provider generation; an isolated module import with a mocked logger exercises the production buildOpenAIResponsesParams path without adding test-only source exports or requiring live provider credentials.
• Existing test that already covers this (if any): none.
• If no new test is added, why not: N/A.

User-visible / Behavior Changes

OpenAI strict schema downgrade debug logs are less noisy for repeated identical tool-schema incompatibilities. Provider payload strictness behavior is unchanged.

Diagram (if applicable)

Before:
[same incompatible tool inventory] -> [strict=false] -> [debug line on every request]

After:
[same incompatible tool inventory] -> [strict=false] -> [debug line once per unique signature]

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: local source checkout; original affected OS not enough info from redacted evidence
• Runtime/container: Node v24.15.0
• Model/provider: azure-openai-responses/gpt-5.3-codex in before evidence; local regression uses native OpenAI Responses model metadata
• Integration/channel (if any): OpenAI transport
• Relevant config (redacted): native Azure OpenAI Responses route with strict tool shaping enabled and 13 strict-incompatible schemas in the visible tool inventory

Steps

1. Enable debug logging for OpenAI transport/tool schema diagnostics.
2. Send repeated requests using the same native OpenAI/Azure OpenAI Responses model and same strict-incompatible tool inventory.
3. Observe repeated downgrade diagnostics before the patch; after the patch, identical signatures are suppressed after the first log.

Expected

• Identical strict downgrade diagnostics are emitted once per unique provider/model/transport/tool-violation signature.

Actual

• Before the patch, the same downgrade diagnostic repeated on nearly every request.
• After the patch, the focused regression test proves identical signatures are deduplicated.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: focused OpenAI transport test file passes after adding the behavior-level dedupe regression.
• Edge cases checked: the repeated same-signature request path keeps strict=false for both payload builds while suppressing only the duplicate debug diagnostic.
• What you did not verify: live Azure OpenAI Responses rerun with the private affected session/provider setup.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: a later identical downgrade diagnostic is suppressed even if an operator wanted repeated per-request reminders.
  • Mitigation: changed provider/model/transport/tool-violation signatures still log, and strict false behavior is unchanged.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Adds a process-local keyed cache to log OpenAI strict tool-schema downgrade diagnostics once per provider/model/transport/violation signature, plus focused transport coverage and a changelog entry.

Reproducibility: yes. at source level: current main emits the downgrade log every time the strict-false debug branch is reached, and the linked report supplies repeated real log lines. I did not establish a live Azure reproduction in this read-only review.

PR rating
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🦞 diamond lobster
Summary: The implementation is focused and well-covered at the seam, but mock-only after-fix proof keeps the PR below normal merge readiness.

Rank-up moves:

• Post redacted after-fix runtime output, terminal capture, copied live output, or logs from a real OpenClaw/Azure or native OpenAI run showing one downgrade diagnostic and suppression on a repeat.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: The PR body provides before logs and a focused mocked test run, but no after-fix live OpenClaw/Azure or native OpenAI runtime output showing suppression in a real setup. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• No after-fix live OpenClaw/Azure or native OpenAI runtime output has been posted showing the repeated diagnostic suppressed outside the focused mocked test seam.
• The process-local cache intentionally suppresses identical debug reminders until process restart or the 256-key cache clears, so maintainers should accept that operator-facing logging behavior before merge.

Maintainer options:

1. Decide the mitigation before merge
   Merge only after redacted after-fix runtime proof is added or a maintainer explicitly overrides the proof gate, while preserving the existing strict=false payload behavior.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
Manual review is needed because the PR has a protected maintainer label and needs contributor or maintainer-approved real runtime proof, not an automated code repair.

Security
Cleared: Cleared: the diff adds in-memory diagnostic state plus test/changelog coverage, with no new dependency, network, secret, permission, or execution surface.

Review details

Best possible solution:

Merge only after redacted after-fix runtime proof is added or a maintainer explicitly overrides the proof gate, while preserving the existing strict=false payload behavior.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: current main emits the downgrade log every time the strict-false debug branch is reached, and the linked report supplies repeated real log lines. I did not establish a live Azure reproduction in this read-only review.

Is this the best way to solve the issue?

Yes: the bounded signature cache is a narrow maintainable fix for repeated diagnostics and leaves strict-mode selection unchanged. The remaining blocker is proof and protected-label maintainer handling, not an obvious code defect.

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/openai-transport-stream.test.ts --reporter=verbose
• Redacted after-fix OpenClaw/Azure or native OpenAI runtime proof with debug logging showing one downgrade diagnostic for an identical signature and suppression on repeat

What I checked:

• Current main repeats the downgrade diagnostic: On current main, resolveOpenAIStrictToolFlagWithDiagnostics calls log.debug every time strict mode is requested, resolves to false, and debug logging is enabled; there is no process-local dedupe in that branch. (src/agents/openai-transport-stream.ts:971, 2ab3a4e422a0)
• PR branch adds bounded diagnostic dedupe: The PR head adds a 256-entry process-local Set and hashes transport, provider, model, and strict schema diagnostics before deciding whether to emit the debug line; it returns the same strict value either way. (src/agents/openai-transport-stream.ts:973, eebb15ed0bce)
• PR branch covers the request-build seam: The added test imports the OpenAI transport with a mocked subsystem logger, builds the same strict-incompatible Responses payload twice, verifies both payloads keep strict=false, and expects one downgrade debug call. (src/agents/openai-transport-stream.test.ts:3018, eebb15ed0bce)
• Strict-mode selection remains separate: The existing strict tool setting resolver enables native OpenAI/Azure strict shaping independently of the new diagnostic cache, so the PR does not change provider payload strictness selection. (src/agents/openai-strict-tool-setting.ts:42, 2ab3a4e422a0)
• Proof gate remains unresolved: The PR body includes before-log evidence and a post-patch focused test run, but explicitly says no live Azure OpenAI Responses rerun was performed; the live PR context also has maintainer and status: 📣 needs proof labels. (eebb15ed0bce)
• Feature-history signal: A bounded blame/history pass ties the current main strict downgrade diagnostic branch to commit 6899eff in the available local history; older authorship is not exposed by the checked-out history. (src/agents/openai-transport-stream.ts:944, 6899eff155ec)

Likely related people:

• @shakkernerd: The available main-branch blame for the strict downgrade diagnostic resolver and adjacent OpenAI transport code points to this commit as the current implementation history signal; the trail is broad, so confidence is limited. (role: current-main code history; confidence: low; commits: 6899eff155ec; files: src/agents/openai-transport-stream.ts, src/agents/openai-tool-schema.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 2ab3a4e422a0.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.

[galiniliev]

Maintainer landing proof for eebb15ed0bce067078f36ca6ac6d40a7be316f9d:

• Local focused proof after rebase: node scripts/run-vitest.mjs src/agents/openai-transport-stream.test.ts --reporter=verbose
  • Result: 2 files passed, 338 tests passed.
• Azure Crabbox proof: provider azure, lease cbx_bb323ff13ba1, slug blue-shrimp, remote HEAD eebb15ed0bce067078f36ca6ac6d40a7be316f9d.
  • Remote command: node scripts/run-vitest.mjs src/agents/openai-transport-stream.test.ts --reporter=verbose
  • Result lines included both agents-core and agents-support passing deduplicates repeated OpenAI strict schema downgrade diagnostics, with Test Files 2 passed (2) and Tests 338 passed (338).
• GitHub CI at landing check: merge state CLEAN, mergeable MERGEABLE, Real behavior proof SUCCESS, CI SUCCESS, CodeQL/security/workflow checks success, skipped, or neutral only.

Known proof gap: no live Azure OpenAI Responses rerun with the private affected credentials/session was performed. I’m accepting the focused OpenAI transport behavior proof here because the bug is the request-build diagnostic emission seam, the test exercises production buildOpenAIResponsesParams twice with debug logging enabled, and the patch leaves strict payload behavior unchanged.