fix(agents): add trajectory flush timeout diagnostics

[galiniliev]

Summary

• Problem: pi-trajectory-flush cleanup timeout warnings only showed the timeout envelope, leaving operators unable to tell whether trajectory flush was waiting on queued writer work, event-loop yield, or file append IO.
• Why it matters: the BUG evidence shows repeated cleanup timeout warnings; without bounded writer state, the next investigation cannot distinguish slow file IO from pending queued writes.
• What changed: queued file writers now expose non-path diagnostics, trajectory runtime formats that state, and the embedded runner passes it into the generic cleanup timeout warning for pi-trajectory-flush.
• What did NOT change (scope boundary): this does not change timeout duration, trajectory file caps, append semantics, or abort behavior for in-flight filesystem writes.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug]: pi-trajectory-flush timeout warning lacks queued writer state #82961
• Related fix(agents): make trajectory cleanup timeout configurable #81622
• Related fix: prevent event loop saturation from trajectory flush (setImmediate yield + 10MB cap + 30s timeout) #77133
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: pi-trajectory-flush timeout warnings now include bounded trajectory writer state such as pending write count, queued bytes, active operation, and active write bytes.
• Real environment tested: local OpenClaw checkout on Windows, Node v24.15.0, direct tsx runtime import of the patched cleanup helper; no live provider or channel credentials involved.
• Exact steps or command run after this patch: node --import tsx -e '<invoke runAgentCleanupStep with step=pi-trajectory-flush, timeoutMs=5, and trajectory writer timeout details>'
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

$ node --import tsx -e '<invoke runAgentCleanupStep with trajectory writer timeout details>'
{
  "logs": [
    "agent cleanup timed out: runId=proof-run sessionId=proof-session step=pi-trajectory-flush timeoutMs=5 details=pendingWrites=2 queuedBytes=128 activeOperation=file-append yieldBeforeWrite=true activeWriteBytes=64 maxQueuedBytes=1024 maxFileBytes=2048"
  ]
}

• Observed result after fix: the timeout warning includes details= with queued writer state and no local file path.
• What was not tested: focused Vitest and remote Testbox/AWS proof could not complete from this host; see verification notes below. Live production gateway soak with a real long-running trajectory flush was not tested.
• Before evidence (optional but encouraged): BUG evidence showed only agent cleanup timed out: runId=[redacted run id] sessionId=[redacted session id] step=pi-trajectory-flush timeoutMs=10000, with no queue or file-append state.

Root Cause (if applicable)

• Root cause: runAgentCleanupStep had no way for owner-specific cleanup steps to attach bounded state to the timeout warning, and QueuedFileWriter.flush() exposed no pending queue diagnostics.
• Missing detection / guardrail: cleanup timeout tests asserted the warning string but did not cover owner-provided timeout details; trajectory runtime tests did not assert flush-state formatting.
• Contributing context (if known): fix(agents): make trajectory cleanup timeout configurable #81622 made the trajectory flush timeout configurable, but did not add state showing what a timed-out flush is waiting on.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/agents/run-cleanup-timeout.test.ts, src/agents/queued-file-writer.test.ts, src/trajectory/runtime.test.ts
• Scenario the test should lock in: cleanup timeout details are included and detail callback failures do not break cleanup; queued writer diagnostics report pending bytes/writes; trajectory runtime formats writer state for timeout logs.
• Why this is the smallest reliable guardrail: the behavior lives at the cleanup helper, queued writer, and trajectory runtime seams, not in a provider or channel path.
• Existing test that already covers this (if any): existing cleanup timeout tests covered generic timeout logging only.
• If no new test is added, why not: N/A.

User-visible / Behavior Changes

Timed-out pi-trajectory-flush cleanup warnings now include bounded writer diagnostics. Defaults and behavior are otherwise unchanged.

Diagram (if applicable)

Before:
pi-trajectory-flush -> runAgentCleanupStep -> timeout warning without flush state

After:
pi-trajectory-flush -> trajectoryRecorder.describeFlushState() -> runAgentCleanupStep -> timeout warning with bounded queue/file-append state

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A. Diagnostics intentionally omit file paths and payload contents.

Repro + Verification

Environment

• OS: Windows local checkout
• Runtime/container: Node v24.15.0; direct tsx runtime proof
• Model/provider: N/A
• Integration/channel (if any): N/A
• Relevant config (redacted): none

Steps

1. Confirm the BUG evidence only contains the generic pi-trajectory-flush timeout warning.
2. Apply this patch.
3. Run the direct tsx cleanup helper proof above.
4. Run patch hygiene checks.

Expected

• The timeout warning includes bounded cleanup details when the cleanup step provides them.
• Detail collection failures do not make cleanup fail after timeout.
• Generic cleanup warnings without details remain unchanged.

Actual

• Direct runtime proof emitted a timeout warning with details=pendingWrites=2 queuedBytes=128 activeOperation=file-append ....
• git diff --check passed.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Verification attempted:

git diff --check
node --import tsx -e '<invoke runAgentCleanupStep with trajectory writer timeout details>'
node scripts/run-vitest.mjs src/agents/run-cleanup-timeout.test.ts src/agents/queued-file-writer.test.ts src/trajectory/runtime.test.ts
node node_modules\vitest\vitest.mjs run src/agents/run-cleanup-timeout.test.ts --reporter=verbose --pool=threads --maxWorkers=1 --no-file-parallelism --configLoader=runner
codex review --uncommitted

Results:

git diff --check -> passed
node --import tsx ... -> emitted timeout warning with details=pendingWrites=2 queuedBytes=128 activeOperation=file-append yieldBeforeWrite=true activeWriteBytes=64 maxQueuedBytes=1024 maxFileBytes=2048
node scripts/run-vitest.mjs ... -> blocked locally by Windows spawn EPERM
node node_modules\vitest\vitest.mjs ... -> timed out without test output; lingering child was stopped
codex review --uncommitted -> blocked by OpenAI API 401 Unauthorized

Remote proof attempts:

Crabbox/Testbox via blacksmith-testbox -> blocked: blacksmith CLI not found on PATH
Crabbox AWS -> blocked: AWS credentials unavailable on this host

Human Verification (required)

• Verified scenarios: manual source review of the queued writer promise chain, trajectory runtime flush-state formatting, cleanup timeout logging path, and direct runtime proof for the patched timeout message.
• Edge cases checked: timeout details omitted when unavailable; timeout detail callback exceptions are converted into detailsError= without rejecting cleanup; writer diagnostics omit file paths.
• What you did not verify: Vitest pass, full changed gate, Testbox/AWS proof, and live gateway soak due host/tooling blockers listed above.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

No bot review conversations exist on this PR yet.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: timeout logs become longer for trajectory flush timeouts.
  • Mitigation: details are bounded scalar counters/enums only and omit file paths/payloads.
• Risk: diagnostic callback could fail while logging timeout.
  • Mitigation: runAgentCleanupStep catches detail callback failures and logs detailsError= instead of throwing.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR adds optional cleanup-timeout details, queued-file-writer diagnostics, trajectory flush-state formatting, a pi-trajectory-flush hook, focused tests, and a changelog entry.

Reproducibility: yes. at source level: current main's cleanup helper and pi-trajectory-flush call site can only emit the generic timeout envelope, while the linked bug provides representative repeated timeout lines. I did not reproduce a live stalled gateway flush.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: A narrow, well-scoped bug-fix PR with sufficient direct runtime proof and no blocking code findings, but focused test execution still needs CI or maintainer-side confirmation.

Rank-up moves:

• Run or wait for focused CI covering src/agents/run-cleanup-timeout.test.ts, src/agents/queued-file-writer.test.ts, and src/trajectory/runtime.test.ts before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 💎 rare Cosmic Lint Imp

       _..------.._          
    .-'  .-.  .-.  '-.       
   /    ( * )( * )    \      
  |        .--.        |     
  |   <\   ====   />   |     
   \    '.______.'    /      
    '-._   ____   _.-'       
        `-.____.-'           
       __/|_||_|\__          
      /__.'    '.__\         
       `-----------'         
 *===================*       

Rarity: 💎 rare.
Trait: watches the merge queue.
Share on X: post this hatch
Copy: My PR egg hatched a 💎 rare Cosmic Lint Imp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body includes copied after-fix live output from a local Node/tsx runtime invocation showing the timeout warning with bounded trajectory writer details and no file path.

Risk before merge
Why this matters: - The PR body says focused Vitest and remote Testbox proof did not complete, so CI or equivalent focused test proof should still gate merge.

• I did not run a live gateway trajectory flush timeout in this read-only review; the evidence is source-level plus the PR body's direct runtime output.

Maintainer options:

1. Decide the mitigation before merge
   Land this narrow diagnostics path after maintainer review and focused tests or CI confirm the logging additions do not alter writer flush semantics.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No automated repair is needed; the remaining action is maintainer review and validation of an active protected-label PR.

Security
Cleared: The diff adds scalar diagnostics and tests only; it does not add dependencies, permissions, network calls, secret handling, or path/payload logging.

Review details

Best possible solution:

Land this narrow diagnostics path after maintainer review and focused tests or CI confirm the logging additions do not alter writer flush semantics.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: current main's cleanup helper and pi-trajectory-flush call site can only emit the generic timeout envelope, while the linked bug provides representative repeated timeout lines. I did not reproduce a live stalled gateway flush.

Is this the best way to solve the issue?

Yes, the PR uses the narrow maintainable path: expose bounded writer state at the writer, format it in the trajectory owner, and pass it through a generic cleanup timeout seam with error isolation.

Label justifications:

• P2: This is a normal-priority agent diagnostics bug fix with limited blast radius and no crash, security bypass, or broad channel outage.

What I checked:

• Current main timeout warning lacks owner details: runAgentCleanupStep on current main logs only run id, session id, step, and timeoutMs after a cleanup timeout. (src/agents/run-cleanup-timeout.ts:90, 04eac15f43d5)
• Current main trajectory caller passes no diagnostic hook: The embedded runner currently calls runAgentCleanupStep for pi-trajectory-flush with only the cleanup callback, so the warning cannot include queued writer state. (src/agents/pi-embedded-runner/run/attempt.ts:4786, 04eac15f43d5)
• PR adds bounded timeout details seam: The PR head adds getTimeoutDetails, trims optional detail strings, and catches detail callback failures as detailsError= without changing cleanup completion behavior. (src/agents/run-cleanup-timeout.ts:31, 0a76f908e380)
• PR exposes non-path queued writer diagnostics: The PR head adds scalar queue diagnostics for pending writes, queued bytes, active operation, active write bytes, queue/file caps, and yield state. (src/agents/queued-file-writer.ts:7, 0a76f908e380)
• PR wires trajectory flush diagnostics: The PR head formats writer diagnostics inside the trajectory owner and passes trajectoryRecorder?.describeFlushState() to the pi-trajectory-flush cleanup step. (src/trajectory/runtime.ts:212, 0a76f908e380)
• PR adds focused regression coverage: The diff adds tests for timeout details, detail callback failures, queued writer diagnostics, and trajectory flush-state formatting. (src/agents/run-cleanup-timeout.test.ts:65, 0a76f908e380)

Likely related people:

• steipete: git log -S'getQueuedFileWriter' points to Peter Steinberger introducing the shared queued JSONL writer, and current blame for the central files is dominated by the current imported main snapshot. (role: introduced shared writer and heavy adjacent contributor; confidence: medium; commits: 817b5812e10a, 0903fa61d08e; files: src/agents/queued-file-writer.ts, src/agents/run-cleanup-timeout.ts, src/trajectory/runtime.ts)
• BunsDev: The related merged trajectory cleanup timeout PR changed runAgentCleanupStep and trajectory docs immediately before this diagnostics work. (role: recent area contributor; confidence: high; commits: 5d4a8b00721a, d330193b2d34; files: src/agents/run-cleanup-timeout.ts, docs/tools/trajectory.md)
• joshavant: Recent history shows adjacent maintenance in the embedded attempt runner that owns the pi-trajectory-flush cleanup call site. (role: recent adjacent contributor; confidence: low; commits: cc835b6d7276; files: src/agents/pi-embedded-runner/run/attempt.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 04eac15f43d5.

[YonganZhang]

Drive-by +1 from #83050 — clawsweeper correctly flagged my parallel attempt as superseded; my version only added the getCleanupDiagnostic hook scaffold and reported writer=present/absent, whereas this PR actually exposes the queued-writer counters the issue asked for (queued bytes, active op, etc.), which is what operators actually need on a 5-second-page recovery.

One tiny suggestion if not already wired: the diagnostic-capture callback should run inside a try/catch so a future change to queuedFileWriter.getDiagnostic() that throws on a half-initialized writer can never suppress the timeout warning itself (the warning is the user's only signal that flush hung). Trivial to add if not present — diagnosticError=<msg> as the appended suffix.

Closing my parallel PR. Thanks for the broader fix.

[galiniliev]

Verification before merge:

• Source review: confirmed the fix adds bounded trajectory writer diagnostics through runAgentCleanupStep, QueuedFileWriter.describeQueue(), createTrajectoryRuntimeRecorder().describeFlushState(), and the pi-trajectory-flush cleanup caller without changing flush timeout duration, file caps, append semantics, or abort behavior.
• Local commands: git diff --check upstream/main...HEAD; node scripts/run-vitest.mjs src/agents/run-cleanup-timeout.test.ts src/agents/queued-file-writer.test.ts src/trajectory/runtime.test.ts (5 files, 41 tests passed).
• CI on head 0a76f908e3800f6c8864e8feda0061b4fabcc07c: CI run 26080042512 passed; CodeQL high run 26080042491 passed; Critical Quality run 26080042519 passed; Real behavior proof run 26080041471 passed; OpenGrep PR diff run 26080042456 passed.
• Behavior proof: PR body includes after-fix runtime output showing agent cleanup timed out ... step=pi-trajectory-flush ... details=pendingWrites=2 queuedBytes=128 activeOperation=file-append ..., and CI accepted the Real behavior proof marker for the exact head.
• Known proof gap: I did not run a live gateway soak with real slow filesystem IO; this PR adds diagnostics for the observed missing-state warning and leaves the underlying stall investigation to the next incident/proof path.