fix(cron): keep recovered tool warnings diagnostic

[abnershang]

Summary

• Mark recovered middleware tool errors as diagnostic warnings instead of fatal cron output.
• Keep real trailing tool failures fatal unless they are explicitly marked as non-terminal middleware warnings.
• Preserve structured/media-only cron delivery while excluding marked diagnostic warning text from summary, outputText, synthesizedText, and denial-token fallback scanning.

Real behavior proof

Behavior addressed: a cron run can successfully deliver media/structured content after a recovered middleware tool warning without recording the warning text as the run output.

Real environment tested: local OpenClaw source checkout in an isolated worktree on branch fix/cron-diagnostic-classification, rebased onto origin/main at 1d77170a30.

Exact steps or command run after this patch:

node --import tsx -e 'import { setReplyPayloadMetadata } from "./src/auto-reply/reply-payload.ts"; import { resolveCronPayloadOutcome } from "./src/cron/isolated-agent/helpers.ts"; const mediaPayload = { mediaUrl: "file://<tmp>/cron-report.png" }; const warning = setReplyPayloadMetadata({ text: "Exec failed", isError: true }, { nonTerminalToolErrorWarning: true }); const result = resolveCronPayloadOutcome({ payloads: [mediaPayload, warning] }); console.log(JSON.stringify({ hasFatalErrorPayload: result.hasFatalErrorPayload, embeddedRunError: result.embeddedRunError ?? null, summary: result.summary ?? null, outputText: result.outputText ?? null, synthesizedText: result.synthesizedText ?? null, deliveryPayloads: result.deliveryPayloads, deliveryPayloadHasStructuredContent: result.deliveryPayloadHasStructuredContent }, null, 2));'

Evidence after fix: terminal output from the one-shot runtime probe:

{
  "hasFatalErrorPayload": false,
  "embeddedRunError": null,
  "summary": null,
  "outputText": null,
  "synthesizedText": null,
  "deliveryPayloads": [
    {
      "mediaUrl": "file://<tmp>/cron-report.png"
    }
  ],
  "deliveryPayloadHasStructuredContent": true
}

Observed result after fix: the recovered media-only cron payload remains deliverable and nonfatal, and the diagnostic warning text is not promoted into recorded run text.

What was not tested: full baseline pnpm build && pnpm check && pnpm test was not run because this is a focused cron/embedded-runner fix and the relevant changed-file core lanes passed locally. No live scheduled cron job was modified; the proof directly exercises the cron payload outcome path touched by the patch.

Tests

• pnpm vitest run src/cron/isolated-agent.helpers.test.ts src/cron/run-diagnostics.test.ts src/agents/pi-embedded-runner/run/payloads.test.ts src/agents/pi-embedded-runner/run/payloads.errors.test.ts src/agents/pi-embedded-subscribe.handlers.tools.test.ts src/agents/pi-embedded-subscribe.handlers.test.ts — 6 files, 183 tests passed.
• pnpm tsgo:test:src — passed.
• pnpm check:changed — passed.
• git diff --check origin/main...HEAD — clean.
• codex review --base origin/main — passed after addressing the remaining media-only output text finding.

AI-assisted

This PR was prepared with Codex assistance. I reviewed the diff, ran the commands above locally, and understand the behavior being changed.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR marks recovered middleware tool warnings as non-terminal metadata, keeps them out of cron fatal output text, and preserves them as warning diagnostics with tests.

Reproducibility: yes. Source inspection on current main shows recovered middleware tool warnings are ordinary isError payloads, and cron treats a trailing error payload as fatal when no later success exists; I did not execute tests because this review is read-only.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Good focused PR with adequate terminal proof, targeted tests, and only ordinary maintainer judgment needed on warning-classification semantics.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 💎 rare Mossy Crabkin

        /\     /\            
      _/  \___/  \_          
     /  ( o   o )  \         
    |      \_/      |        
    |   /\  ===  /\ |        
     \_/  \_____/  \_/       
        _/|_| |_|\_          
       /__| | | |__\         
          ' ' ' '            
         /_/     \_\         
       `-----------'         
 +===================+       

Rarity: 💎 rare.
Trait: guards the happy path.
Share on X: post this hatch
Copy: My PR egg hatched a 💎 rare Mossy Crabkin in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (terminal): The PR body includes after-fix terminal output from a one-shot local runtime probe exercising the changed cron payload outcome path.

Risk before merge
Why this matters: - The semantic merge risk is misclassification: if details.middlewareError is ever attached to a genuinely terminal tool failure, cron could record a successful run while preserving the failure only as a warning diagnostic.

Maintainer options:

1. Accept the metadata contract (recommended)
   Land if maintainers agree that details.middlewareError is only used for recovered middleware post-processing failures and should not make cron runs fatal after successful output.
2. Require a narrower marker
   Pause for a tighter middleware-runner marker or additional source proof if maintainers want stronger protection against terminal failures being marked non-terminal.

Next step before merge
No repair lane is needed; the remaining step is maintainer acceptance of the cron warning-classification semantics and normal merge validation.

Security
Cleared: The diff is in-repo TypeScript classification and tests only, with no dependency, workflow, package script, permission, secret-handling, or downloaded-code changes.

Review details

Best possible solution:

Land this metadata-based classification after maintainers accept the middlewareError contract and CI confirms the focused cron and embedded-runner lanes.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection on current main shows recovered middleware tool warnings are ordinary isError payloads, and cron treats a trailing error payload as fatal when no later success exists; I did not execute tests because this review is read-only.

Is this the best way to solve the issue?

Yes. The patch uses internal metadata rather than warning-text parsing, excludes only marked warnings from cron output classification, and leaves unmarked trailing tool failures fatal.

Label justifications:

• P2: This is a normal cron/agent bug fix with limited blast radius and focused regression coverage.
• merge-risk: 🚨 session-state: The PR changes how cron records run success versus failure when a marked tool warning trails otherwise successful output.

What I checked:

• Current main promotes trailing error payloads into fatal cron output: On current main, cron outcome selection treats any trailing isError payload without later success as fatal and scans all payload text for denial tokens; there is no marker for recovered middleware warnings. (src/cron/isolated-agent/helpers.ts:252, d0f7c8fa2805)
• Current main emits last tool warnings as ordinary error payloads: The embedded runner currently appends the tool warning with isError: true only, so cron cannot distinguish a recovered middleware warning from a terminal tool failure. (src/agents/pi-embedded-runner/run/payloads.ts:509, d0f7c8fa2805)
• PR threads a metadata marker through the affected path: The diff adds middlewareError tracking, stores nonTerminalToolErrorWarning metadata on synthesized warning payloads, and skips only marked warnings in cron summary/output/denial classification while retaining diagnostics. (src/cron/isolated-agent/helpers.ts:259, a2c65f070e2d)
• Regression tests cover the intended cron outcomes: The PR adds tests for successful text output followed by a marked warning, structured/media output followed by a marked warning, and warning-level cron diagnostics for successful runs. (src/cron/isolated-agent.helpers.test.ts:69, a2c65f070e2d)
• History points to recent cron outcome maintenance: Local blame attributes the current cron payload outcome and diagnostics implementation in this checkout to commit eb6dd2c65d, which is the best available routing signal for this path. (src/cron/isolated-agent/helpers.ts:252, eb6dd2c65d11)

Likely related people:

• joshavant: git blame in the current checkout attributes the central cron outcome, cron diagnostics, embedded payload warning, and tool-end handling lines to Josh Avant's recent commit, so he is the clearest routing candidate for this surface. (role: recent area contributor; confidence: medium; commits: eb6dd2c65d11; files: src/cron/isolated-agent/helpers.ts, src/cron/run-diagnostics.ts, src/agents/pi-embedded-runner/run/payloads.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against d0f7c8fa2805.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: a2c65f070e2d
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26118698680
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-19 18:56:58 UTC review queued a2c65f070e2d (queued)

• 2026-05-19 18:59:01 UTC repair queued a2c65f070e2d (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26118698680

• 2026-05-19 20:37:00 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 automerge-openclaw-openclaw-84045

• 2026-05-19 20:37:06 UTC validation plan (passed) in 6s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-19 20:37:18 UTC Codex write preflight (passed) in 18s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 danger-full-access

• 2026-05-19 20:43:46 UTC Codex edit 1 306bb28a1599 (complete) in 6m 47s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 exit 0

• 2026-05-19 20:48:13 UTC validation and review 1 8c290203cd58 (base moved) in 11m 14s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 rebased

• 2026-05-19 20:48:45 UTC repair finished 8c290203cd58 (opened) in 11m 45s Run: https://github.com/openclaw/clawsweeper/actions/runs/26123599592 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the contribution here. ClawSweeper could not safely push to this branch, so it opened a replacement PR from a writable branch and carried the contributor trail along with it.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #84308
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This source PR is being closed only under the explicit source-close setting for this ClawSweeper run.
Contributor credit is carried into the replacement PR body and changelog plan.
Co-author credit kept:

• @abnershang: Co-authored-by: Abner Shang 75654486+abnershang@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 8c29020.