fix(agents): log warnings instead of swallowing subagent errors

[SebTardif]

Problem

Two catch blocks in the subagent registry silently discard errors, leaving no diagnostic trail when hook emission or disk restore fails:

1. emitSubagentEndedHookOnce (subagent-registry-completion.ts:116): catch { return false; } discards hook-runner errors when emitting the subagent_ended lifecycle hook.
2. restoreSubagentRunsOnce (subagent-registry.ts:645): catch { // ignore restore failures } discards errors when restoring subagent runs from disk on cold start.

When either path fails (hook runner unavailable, corrupt disk state, reconciliation error), the system continues silently. Operators have no indication that subagent lifecycle hooks were skipped or that restored runs were lost.

Fix

Wire log.warn() into both catch blocks so errors are logged before the existing fallback behavior continues:

1. Hook emission path: catch (err) { log.warn("failed to emit subagent_ended hook for run ${runId}: ..."); return false; }
2. Restore path: catch (err) { log.warn("failed to restore subagent runs from disk: ..."); }

Both paths still return/continue as before (no behavior change beyond logging). The completion file gets its own createSubsystemLogger("agents/subagent-registry-completion") to match the existing createSubsystemLogger("agents/subagent-registry") in the registry file.

Production diff is +8 lines changed across 2 files.

Real behavior proof

Behavior addressed: Two silent catch blocks in the subagent registry discard errors during hook emission and disk restore. The fix adds log.warn() to both paths so failures leave a diagnostic trail instead of being silently swallowed.

Real environment tested: Linux (Ubuntu 24.04, WSL2), Node.js v22.16.0, OpenClaw built from source (commit 1d5b5db) at /tmp/fix-82943.

Exact steps or command run after this patch:

Step 1. Build OpenClaw from patched source
cd /tmp/fix-82943
CI=true pnpm install --frozen-lockfile
pnpm build

Step 2. Verify both log.warn calls are in compiled production code
grep -n "failed to emit subagent_ended hook" dist/subagent-registry-DLVHJynj.js
grep -n "failed to restore subagent runs" dist/subagent-registry-DLVHJynj.js

Step 3. Start the patched gateway
timeout 10 node openclaw.mjs gateway

Step 4. Run test suites for both changed files
node scripts/run-vitest.mjs src/agents/subagent-registry-completion.test.ts
node scripts/run-vitest.mjs src/agents/subagent-registry.test.ts

Evidence after fix: terminal output copied below.

Compiled production code verification

Both log.warn calls are present in the compiled subagent-registry bundle:

$ grep -n "failed to emit subagent_ended hook" dist/subagent-registry-DLVHJynj.js
94:log$2.warn(`failed to emit subagent_ended hook for run ${runId}: ${err instanceof Error ? err.message : String(err)}`);

$ grep -n "failed to restore subagent runs" dist/subagent-registry-DLVHJynj.js
1911:log.warn(`failed to restore subagent runs from disk: ${err instanceof Error ? err.message : String(err)}`);

Line 94 is emitSubagentEndedHookOnce (the hook emission path). Line 1911 is restoreSubagentRunsOnce (the disk restore path). Before this fix, both were catch { } (empty) and catch { // ignore restore failures } respectively.

The log$2 prefix on line 94 is the compiled form of the new createSubsystemLogger("agents/subagent-registry-completion"), while log on line 1911 is the existing createSubsystemLogger("agents/subagent-registry").

Live gateway startup proof

The patched gateway starts, loads the subagent registry with both warning-enabled catch blocks, and runs cleanly:

$ timeout 10 node openclaw.mjs gateway
2026-05-21T12:39:28.862-07:00 [gateway] loading configuration…
2026-05-21T12:39:28.917-07:00 [gateway] starting...
2026-05-21T12:39:33.527-07:00 [health-monitor] started (interval: 300s, startup-grace: 60s, channel-connect-grace: 120s)
2026-05-21T12:39:34.421-07:00 [gateway] agent model: openai/gpt-5.5 (thinking=medium, fast=off)
2026-05-21T12:39:34.422-07:00 [gateway] http server listening (8 plugins: acpx, browser, canvas, device-pair, file-transfer, memory-core, phone-control, talk-voice; 5.5s)
2026-05-21T12:39:34.913-07:00 [gateway] ready
2026-05-21T12:39:52.803-07:00 [gateway] signal SIGTERM received
2026-05-21T12:39:52.807-07:00 [gateway] received SIGTERM; shutting down
2026-05-21T12:39:52.856-07:00 [shutdown] completed cleanly in 38ms

No [agents/subagent-registry-completion] or [agents/subagent-registry] warnings appear in the startup log, confirming the catch blocks are not triggered during normal operation (they are defensive logging for error paths only).

Vitest test suites (supplemental)

$ node scripts/run-vitest.mjs src/agents/subagent-registry-completion.test.ts
 ✓ |agents-core| subagent-registry-completion.test.ts (8 tests) 86ms
 ✓ |agents-support| subagent-registry-completion.test.ts (8 tests) 73ms
 Test Files  2 passed (2)
      Tests  16 passed (16)

$ node scripts/run-vitest.mjs src/agents/subagent-registry.test.ts
 ✓ |agents-core| subagent-registry.test.ts (29 tests) 2679ms
 ✓ |agents-support| subagent-registry.test.ts (29 tests) 2264ms
 Test Files  2 passed (2)
      Tests  58 passed (58)

Fault injection proof: restore catch path fires in real gateway

The restoreSubagentRunsOnce catch handler was triggered in a live running gateway by injecting throw new Error("INJECTED: corrupt registry state") at the top of the try block in the compiled dist/subagent-registry-DLVHJynj.js. This forces the catch path to fire during gateway startup.

Steps:

1. Back up the compiled subagent-registry bundle.
2. Inject throw new Error(...) inside the try block of restoreSubagentRunsOnce (after restoreAttempted = true, before restoreSubagentRunsFromDisk).
3. Start the gateway.
4. Observe the log.warn message in the gateway output.
5. Confirm the gateway continues to start normally (the catch swallows the error).
6. Restore the original bundle.

Terminal output (fault injection):

2026-05-21T16:15:54.095-07:00 [gateway] starting...
2026-05-21T16:15:54.710-07:00 [agents/subagent-registry] failed to restore subagent runs from disk: INJECTED: corrupt registry state
2026-05-21T16:15:54.832-07:00 [gateway] starting HTTP server...
2026-05-21T16:15:56.662-07:00 [gateway] agent model: openai/gpt-5.5 (thinking=medium, fast=off)
2026-05-21T16:15:56.665-07:00 [gateway] http server listening (8 plugins; 2.6s)
2026-05-21T16:15:57.476-07:00 [gateway] ready

Line-by-line analysis:

• [gateway] starting...: Gateway startup begins.
• [agents/subagent-registry] failed to restore subagent runs from disk: INJECTED: corrupt registry state: The log.warn in the catch handler fired. The error message includes the full error text. Before this fix, this catch block was catch { // ignore restore failures } with no logging at all.
• [gateway] ready: The gateway continued to start normally despite the restore failure. The catch handler swallowed the error and let startup proceed.

Without this fix, the same error would be silently ignored (empty catch block with only a comment), leaving no diagnostic trail.

Fault injection proof: hook emission catch path fires in real gateway

The emitSubagentEndedHookOnce catch handler was also triggered in a live running gateway. A conditional throw was injected inside the try block of emitSubagentEndedHookOnce in dist/subagent-registry-DLVHJynj.js (line 73), and a timed trigger called the function after the gateway was ready.

Terminal output (hook emission catch):

2026-05-21T21:35:44.608-07:00 [gateway] ready
2026-05-21T21:35:58.683-07:00 [agents/subagent-registry-completion] failed to emit subagent_ended hook for run INJECTED-PROOF-RUN: INJECTED: hook runner unavailable
2026-05-21T21:35:58.686-07:00 [gateway] signal SIGTERM received
2026-05-21T21:35:58.734-07:00 [gmail-watcher] gmail watcher stopped
2026-05-21T21:35:58.736-07:00 [shutdown] completed cleanly in 38ms

Analysis:

• [agents/subagent-registry-completion] subsystem prefix confirms the new createSubsystemLogger("agents/subagent-registry-completion") is active (this logger was added by this PR).
• failed to emit subagent_ended hook for run INJECTED-PROOF-RUN: INJECTED: hook runner unavailable is the exact log.warn message from the catch block at compiled line 94.
• The gateway continued running after the hook emission failure (the catch returns false, not rethrow).
• Before this fix, this catch block was catch { return false; } with no logging at all.

Both catch blocks are now proven in live gateway runs:

1. Restore catch (restoreSubagentRunsOnce): [agents/subagent-registry] failed to restore subagent runs from disk: INJECTED: corrupt registry state
2. Hook emission catch (emitSubagentEndedHookOnce): [agents/subagent-registry-completion] failed to emit subagent_ended hook for run INJECTED-PROOF-RUN: INJECTED: hook runner unavailable

Observed result after fix: Both new log.warn calls fire correctly in production compiled code. The restore catch logs under [agents/subagent-registry] and the hook emission catch logs under [agents/subagent-registry-completion]. Both allow the gateway to continue running. All 74 tests pass across both test files.

What was not tested: The hook emission was triggered via injected timer call rather than a real subagent completion event. The injection proves the catch handler mechanism (log.warn + return false + gateway continues) works identically to the restore path proof.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 24, 2026, 7:42 PM ET / 23:42 UTC.

Summary
The PR adds subsystem warning logs to subagent ended-hook emission and cold-start restore error catches while preserving the existing return/continue behavior.

PR surface: Source +8. Total +8 across 2 files.

Reproducibility: yes. Source inspection on current main shows both catch blocks swallow errors silently, and the PR body provides fault-injected gateway output showing the new warnings fire after the patch.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• This read-only review did not rerun tests; final merge should still rely on CI or targeted Vitest proof on a supported Node version for the current head.

Maintainer options:

1. Decide the mitigation before merge
   Land the narrow diagnostic change after normal maintainer review/checks, keeping the current fallback behavior while using the subsystem logger for both error paths.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair lane is needed because the diff is small, source-backed, and has no actionable review finding for automation to fix.

Security
Cleared: The diff only adds warning logs through OpenClaw's existing redacting subsystem logger and does not touch dependencies, workflows, credentials, or executable supply-chain paths.

Review details

Best possible solution:

Land the narrow diagnostic change after normal maintainer review/checks, keeping the current fallback behavior while using the subsystem logger for both error paths.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection on current main shows both catch blocks swallow errors silently, and the PR body provides fault-injected gateway output showing the new warnings fire after the patch.

Is this the best way to solve the issue?

Yes. Using the existing subsystem logger is the narrowest maintainable fix here because it preserves the existing fallback control flow and adds only the missing diagnostic trail.

Codex review notes: model gpt-5.5, reasoning high; reviewed against f68ed721b16c.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes terminal/live-gateway output proving both new warning paths fire and the gateway continues running after injected failures.

Label justifications:

• P3: This is a low-risk diagnostics improvement for subagent error visibility with no behavior, config, or API contract change.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes terminal/live-gateway output proving both new warning paths fire and the gateway continues running after injected failures.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes terminal/live-gateway output proving both new warning paths fire and the gateway continues running after injected failures.

Evidence reviewed

PR surface:

Source +8. Total +8 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	11	3	+8
Tests	0	0	0	0
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	11	3	+8

What I checked:

• Current main hook catch is silent: Current main still returns false from emitSubagentEndedHookOnce when hook execution throws, with no diagnostic logging in the catch block. (src/agents/subagent-registry-completion.ts:116, f68ed721b16c)
• Current main restore catch is silent: Current main still ignores restoreSubagentRunsOnce failures after scheduling restore work, so disk restore failures leave no warning trail. (src/agents/subagent-registry.ts:649, f68ed721b16c)
• PR diff is focused: Live GitHub PR file data for head 3cfab54 shows only two source files changed, adding log.warn calls to the two existing catch blocks. (src/agents/subagent-registry-completion.ts:116, 3cfab5441be1)
• Existing logger contract supports the change: createSubsystemLogger exposes warn(), redacts console messages, and sends warn-level output through the existing subsystem logging pipeline. (src/logging/subsystem.ts:441, f68ed721b16c)
• Existing tests cover fallback control flow: The current completion test already asserts hook-runner throws return false, do not persist, clear in-flight state, and leave endedHookEmittedAt unset; the PR preserves that behavior while adding diagnostics. (src/agents/subagent-registry-completion.test.ts:157, f68ed721b16c)
• Contributor proof exercises the runtime paths: The PR body includes copied terminal output for compiled bundle greps, patched gateway startup, targeted Vitest runs, and fault-injected live gateway warnings for both restore and hook emission catch paths. (3cfab5441be1)

Likely related people:

• steipete: GitHub path history shows multiple recent subagent-registry.ts and subagent-registry-run-manager.ts fixes/refactors by this author across the same lifecycle and completion surface. (role: recent area contributor; confidence: high; commits: fc4bd448b611, d73f3ac85d5f, 5d81c29cc4f4; files: src/agents/subagent-registry.ts, src/agents/subagent-registry-run-manager.ts)
• Takhoffman: Commit 3689a82 changed the subagent ended-hook runtime initialization path and its completion tests. (role: adjacent hook-path contributor; confidence: medium; commits: 3689a82494a3; files: src/agents/subagent-registry-completion.ts, src/agents/subagent-registry-completion.test.ts, src/agents/subagent-registry.ts)
• onutc: The thread-bound subagents feature commit added subagent lifecycle hook surfaces including subagent-registry-completion.ts, and the implementation plan names onutc as owner. (role: original subagent lifecycle feature owner; confidence: medium; commits: 8178ea472db1; files: src/agents/subagent-registry-completion.ts, src/agents/subagent-lifecycle-events.ts, docs/experiments/plans/thread-bound-subagents.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Brave Branchling

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: purrs at green checks.
Image traits: location proof lagoon; accessory green check lantern; palette moss green and polished brass; mood bright-eyed; pose guarding a tiny green check; shell paper lantern shell; lighting soft studio lighting; background gentle dashboard dots.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Brave Branchling in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[SebTardif]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26235261712
• Updated: 2026-05-21T15:27:06.615Z

[SebTardif]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26243132158
• Updated: 2026-05-21T17:52:30.630Z

[SebTardif]

@clawsweeper re-review

Added real gateway startup proof: built OpenClaw from patched source, started the gateway showing clean 1.3s startup with 8 plugins. Verified both log.warn calls are present in the compiled production bundle. Red-green tests supplemental.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26367370369
• Updated: 2026-05-24T17:04:47.629Z

[SebTardif]

Real behavior proof

Subagent registry tests pass (66 tests across 2 suites):

✓  agents-core     subagent-registry.test.ts (33 tests) 1882ms
✓  agents-support  subagent-registry.test.ts (33 tests) 1729ms

The change is minimal: two catch blocks in subagent-registry-completion.ts and subagent-registry.ts now log warnings via createSubsystemLogger instead of silently swallowing errors. No behavior change in the success path; only the error diagnostic path is affected.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26368659028
• Updated: 2026-05-24T18:08:41.743Z

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26376143526
• Updated: 2026-05-24T23:51:49.282Z

[clawsweeper]

🦞🧹
ClawSweeper could not start a re-review for this item.

Reason: re-review requires an open issue or PR.