fix(export): preserve explicit trajectory session keys

[giodl73-repo]

Summary

• omit absent/blank decoded trajectory export request fields instead of merging empty placeholders
• preserve direct CLI options such as sessionKey and store when the encoded request only supplies another option
• add coverage for encoded request merging with explicit direct options

Fixes #83282.

Real behavior proof

Behavior addressed: encoded trajectory export requests that omit sessionKey should not erase an explicit direct --session-key/--store option.

Real environment tested: WSL Ubuntu OpenClaw source checkout at PR head 978ce2859e5b6df3bfdd4eebfe772f2ddedd29ec on branch tmp-pr-83308-proof.

Exact steps or command run after this patch:

cd /root/src/openclaw-branches/base
git fetch origin pull/83308/head:tmp-pr-83308-proof --force
git switch tmp-pr-83308-proof
payload=$(node -e 'process.stdout.write(Buffer.from(JSON.stringify({output:"/tmp/trajectory-proof.json"})).toString("base64url"))')
store=$(mktemp /tmp/openclaw-83308-store.XXXXXX.json)
printf '{}\n' > "$store"
node --import tsx src/entry.ts sessions export-trajectory \
  --session-key agent:main:telegram:direct:123 \
  --store "$store" \
  --request-json-base64 "$payload" \
  --json

Evidence after fix:

command: node --import tsx src/entry.ts sessions export-trajectory --session-key agent:main:telegram:direct:123 --store /tmp/openclaw-83308-store.SDjoSG.json --request-json-base64 eyJvdXRwdXQiOiIvdG1wL3RyYWplY3RvcnktcHJvb2YuanNvbiJ9 --json
Session not found: agent:main:telegram:direct:123. Run openclaw sessions to see available sessions.
exit=1
Session not found: agent:main:telegram:direct:123. Run openclaw sessions to see available sessions.

Observed result after fix: the CLI kept the explicit direct --session-key and --store while decoding a partial encoded request that only contained output. It reached the expected Session not found: agent:main:telegram:direct:123 path for the empty test store, instead of the pre-fix --session-key is required path.

What was not tested: a successful trajectory export against a real stored session transcript; this proof covers the regression path where option merging erased the direct session key before lookup.

Root Cause

• Root cause: decoded request options included empty placeholders for absent optional fields, then spread them over already-defined CLI options.
• Missing detection / guardrail: no regression coverage for mixing direct options with an encoded request that only supplies a different field.
• Contributing context: the decoder returned a partial options object but populated sessionKey even when the encoded JSON omitted it.

Regression Test Plan

• Coverage level that should have caught this: unit test.
• Target test or file: src/commands/export-trajectory.test.ts.
• Scenario the test should lock in: encoded request fields that are absent or blank do not replace direct CLI options.
• Why this is the smallest reliable guardrail: the bug is in option decoding/merge behavior before filesystem export work begins.

Validation

• CI=1 node scripts/run-vitest.mjs src/commands/export-trajectory.test.ts
• pnpm check:changed

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR changes trajectory export request decoding to omit absent or blank encoded fields and adds a regression test that direct sessionKey and store options survive a partial encoded request.

Reproducibility: yes. source-level with high confidence. Current main returns sessionKey: "" for an encoded request that omits it and spreads that over explicit direct options; I did not run tests during this read-only sweep.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Normal mergeable bug fix with sufficient terminal proof and no blocking findings; remaining handling is maintainer approval for a protected session-state change.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Brave Lint Imp

       _..------.._          
    .-'  .-.  .-.  '-.       
   /    ( * )( * )    \      
  |        .--.        |     
  |   <\   ====   />   |     
   \    '.______.'    /      
    '-._   ____   _.-'       
        `-.____.-'           
       __/|_||_|\__          
      /__.'    '.__\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: sparkles near resolved comments.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Brave Lint Imp in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (terminal): The PR body supplies terminal proof from a WSL OpenClaw checkout at PR head showing the real CLI keeps direct --session-key and --store with a partial encoded request and reaches the expected session lookup path.

Risk before merge
Why this matters: - The merge intentionally changes trajectory export option precedence for session identity and store selection: non-empty encoded values still override direct options, while absent or blank encoded fields no longer erase them.

Maintainer options:

1. Merge with precedence accepted (recommended)
   Merge this PR if maintainers agree that absent or blank encoded fields must preserve direct CLI options while non-empty encoded fields keep the existing override precedence.
2. Request broader export proof
   If maintainers want stronger assurance, ask for one additional redacted run against a real stored session, but the supplied terminal proof covers the reported merge regression path.

Next step before merge
No ClawSweeper repair job is needed; the PR appears code-complete and needs explicit maintainer handling for the protected session-state precedence change.

Security
Cleared: The diff only changes local CLI option decoding and a colocated unit test; it does not touch dependencies, workflows, secrets, permissions, downloads, or package resolution.

Review details

Best possible solution:

Land this decoder/test fix after maintainer approval, preserve non-empty encoded-value precedence, and then close the linked bug as fixed.

Do we have a high-confidence way to reproduce the issue?

Yes, source-level with high confidence. Current main returns sessionKey: "" for an encoded request that omits it and spreads that over explicit direct options; I did not run tests during this read-only sweep.

Is this the best way to solve the issue?

Yes. Building the decoded partial only from non-empty encoded strings is the narrow maintainable fix and avoids changing CLI registration, slash-command request generation, or session store lookup semantics.

Label justifications:

• P2: This is a normal-priority trajectory export bug fix with limited command-surface blast radius.
• merge-risk: 🚨 session-state: The PR changes how trajectory export resolves session keys and store paths when encoded and direct options are combined.

Acceptance criteria:

• CI=1 node scripts/run-vitest.mjs src/commands/export-trajectory.test.ts
• pnpm check:changed

What I checked:

• Current-main bug path: Current main decodes an omitted encoded sessionKey as "" and then spreads decoded request fields over direct options, so a partial encoded request can erase an explicit CLI sessionKey. (src/commands/export-trajectory.ts:59, 583eb711ecb1)
• Reachable CLI surface: The sessions export-trajectory command forwards direct --session-key, --store, --agent, and --request-json-base64 values into exportTrajectoryCommand, making the merge path user-reachable. (src/cli/program/register.status-health-sessions.ts:290, 583eb711ecb1)
• PR patch shape: The PR builds the decoded partial options object only when readOptionalString returns a defined value, preserving direct options when encoded fields are absent or blank while keeping non-empty encoded values in the existing override position. (src/commands/export-trajectory.ts:56, 978ce2859e5b)
• Regression coverage: The added unit test exercises an encoded request containing only output together with direct sessionKey and store, then asserts the direct store lookup and session-not-found path. (src/commands/export-trajectory.test.ts:57, 978ce2859e5b)
• Real behavior proof: The PR body includes a WSL terminal run at PR head invoking node --import tsx src/entry.ts sessions export-trajectory with direct --session-key and --store plus a partial encoded request; it reaches Session not found rather than --session-key is required. (978ce2859e5b)
• Related implementation state: The linked bug remains open and the earlier related fix PR is closed and unmerged, so this PR remains the active implementation candidate rather than a duplicate already landed on main.

Likely related people:

• pashpashpash: Commit 6ce1058 wired trajectory exports through the core chat command and touched the CLI/export request path now being patched. (role: feature path contributor; confidence: high; commits: 6ce1058296cc; files: src/auto-reply/reply/commands-export-trajectory.ts, src/cli/program/register.status-health-sessions.ts, src/commands/export-trajectory.ts)
• vincentkoc: Commit 49e2888 recently changed malformed trajectory export request handling in the same command and test files. (role: recent decoder maintainer; confidence: high; commits: 49e288823cda; files: src/commands/export-trajectory.ts, src/commands/export-trajectory.test.ts)
• scoootscooob: Commit a3d9c53 introduced the trajectory bundle export feature family and touched the trajectory export reply path. (role: original trajectory export contributor; confidence: medium; commits: a3d9c53db299; files: src/auto-reply/reply/commands-export-trajectory.ts)
• steipete: Recent export and runtime-state refactors, including 78010b6 and the SQLite refactor/revert path, touched trajectory export behavior and session storage assumptions. (role: recent export/state refactor contributor; confidence: medium; commits: 78010b65edd5, f91de52f0d23, 694ca50e9775; files: src/commands/export-trajectory.ts, src/commands/export-trajectory.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 583eb711ecb1.

[giodl73-repo]

@clawsweeper re-review

Updated the PR body with real after-fix CLI proof from a WSL OpenClaw source checkout at PR head. The run exercises sessions export-trajectory with direct --session-key/--store plus a partial encoded request and shows the fixed path reaches Session not found instead of --session-key is required.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26064389565
• Updated: 2026-05-18T22:41:41.852Z