fix(cli): format acp client errors with formatErrorMessage (#83904)

[hclsys]

Fixes #83904.

The parent acp action (src/cli/acp-cli.ts:52) already routed errors through defaultRuntime.error(\ACP bridge failed: ${formatErrorMessage(err)}`), which normalises both Error objects and non-Error throws (plain-object rejections, bare strings, cause chains) into a readable diagnostic. The sibling acp clientaction at line 76 usedString(err), which produces [object Object]for plain-object rejections — exactly the class of throwrunAcpClientInteractivecan surface during RPC negotiation. Operators saw[object Object]` in the terminal and assumed a serialisation bug instead of a connection error.

Changes

• src/cli/acp-cli.ts: replace defaultRuntime.error(String(err)) in the acp client catch block with defaultRuntime.error(formatErrorMessage(err)). formatErrorMessage is already imported. Add a short comment pointing at the parent action's already-correct shape so a future cleanup pass doesn't accidentally revert this back.
• src/cli/acp-cli.option-collisions.test.ts: regression test that mocks runAcpClientInteractive to throw a plain object { code: 42, why: "boom" } and asserts no [object Object] text appears in defaultRuntime.error output, plus the expected exit(1).

Diff stat: 2 files, +23 / -1.

Real behavior proof

• Behavior or issue addressed: Sanitized issue evidence — acp-cli.ts:52 already used formatErrorMessage(err); acp-cli.ts:76 used String(err). For plain-object throws, String({}) returns [object Object], while formatErrorMessage returns a JSON-formatted readable diagnostic. The issue's exact repro: throw a non-Error value inside runAcpClientInteractive and observe the divergence.

• Real environment tested: Local Node 22.x. Probe at /tmp/probe_83904.mjs (a) parses the patched acp-cli.ts and verifies no remaining String(err) paths plus exactly 2 formatErrorMessage(err) catch blocks (parent + child action), and (b) replays the formatter difference against 4 throw shapes — plain object (String → [object Object], formatErrorMessage → readable JSON with code and why keys), Error (String prepends Error: prefix, formatErrorMessage returns clean message), bare string (both produce the same output), and an explicit root-cause confirmation that String({}) does in fact produce [object Object].

• Exact steps or command run after this patch: node /tmp/probe_83904.mjs

• Evidence after fix:

PASS: no remaining `String(err)` error path
PASS: formatErrorMessage(err) used in 2 catch blocks (consistent across both acp / acp client)
PASS: replay (plain-object throw): String=[object Object]; formatErrorMessage={"code":42,"why":"boom"} (readable diagnostic)
PASS: replay (Error throw): String adds `Error:` prefix; formatErrorMessage produces clean message
PASS: replay (string throw): both formatters produce the same readable output
PASS: confirmed root cause: String({}) → '[object Object]' (this is what users were seeing)

ALL CASES PASS

• Observed result after fix: Plain-object throws inside runAcpClientInteractive now surface as a readable diagnostic (e.g. {"code":42,"why":"boom"}) instead of [object Object]. Error throws and bare-string throws are unaffected in practice — they were already readable; the change just routes them through the same formatter the parent action uses. The two acp catch surfaces now produce symmetric error output.

• What was not tested: Live openclaw acp client against a real ACP server that throws a non-Error rejection — that requires a misconfigured ACP server. The vitest regression test exercises the catch block directly via a mocked rejection, and the probe replays the formatter against the same throw shape end-to-end.

Audit (per CLAUDE rules — all 5 steps)

• Existing-helper check: Reuses formatErrorMessage (../infra/errors.js) which is already imported on line 5 of the same file and used by the parent acp action on line 52. No new helper. PASS
• Shared-helper caller check: formatErrorMessage is widely used across the codebase for exactly this purpose; the call site here is local to the acp client catch block. Single new usage; no other caller affected. PASS
• Broader-fix rival scan: gh pr list --search '83904 in:title,body' returns no open PRs. PASS
• Recent-merge audit: git log --oneline -5 -- src/cli/acp-cli.ts shows e1061a8b46 test(live): tolerate provider drift in release checks — unrelated. PASS
• Prototype-pollution scan: N/A — error formatting only.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR changes openclaw acp client error handling to use formatErrorMessage, adds a plain-object rejection regression test, and adds a changelog entry.

Reproducibility: yes. Current main visibly sends openclaw acp client caught errors through String(err), while the sibling ACP bridge catch already uses formatErrorMessage; I did not run a live failing ACP server in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🦞 diamond lobster
Summary: Good focused PR with adequate runtime proof for a narrow CLI formatter fix and no blocking findings.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🌱 uncommon Pearl Shellbean

        .--^^^^--.           
     .-'  o    o  '-.        
    /       \__/      \      
   |    /\  ____  /\   |     
   |   /  \/____\/  \  |     
    \  \_.------._/  /       
     '._  `----'  _.'        
        '-.____.-'           
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: watches the merge queue.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Pearl Shellbean in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body includes copied Node 22 live output after the patch showing the formatter difference and the updated ACP catch path.

Next step before merge
No repair job is needed; the automerge-opted PR already contains the narrow fix and regression test, with CI and mergeability left to gate the exact head.

Security
Cleared: The diff only changes CLI error formatting, a colocated test, and changelog text; it adds no dependency, workflow, secret, install, or supply-chain surface.

Review details

Best possible solution:

Land the focused formatter reuse and regression test after required exact-head checks pass, then let the linked issue close from the PR.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main visibly sends openclaw acp client caught errors through String(err), while the sibling ACP bridge catch already uses formatErrorMessage; I did not run a live failing ACP server in this read-only review.

Is this the best way to solve the issue?

Yes. Reusing the existing shared formatter at the implicated catch block is the narrowest maintainable fix and the PR adds the right focused regression coverage.

Label justifications:

• P3: This is a low-risk CLI diagnostic quality fix for a narrow ACP client error path.

What I checked:

• Current main bug path: Current main routes the parent acp catch through formatErrorMessage(err) but still routes the acp client catch through String(err), which is the reported inconsistent formatter boundary. (src/cli/acp-cli.ts:76, 13c97c5a8d04)
• Shared formatter contract: formatErrorMessage formats Error, primitive, and object-shaped throw values, using JSON.stringify for non-Error objects and redacting before returning the message. (src/infra/errors.ts:68, 13c97c5a8d04)
• PR patch: The latest PR diff replaces the ACP client String(err) call with formatErrorMessage(err) and does not add new runtime dependencies or broad CLI behavior changes. (src/cli/acp-cli.ts:76, 69ef0e7270e2)
• Regression coverage: The PR adds a focused test that makes runAcpClientInteractive throw { code: 42, why: "boom" }, then asserts the CLI emits the readable JSON formatter output and exits with code 1. (src/cli/acp-cli.option-collisions.test.ts:166, 69ef0e7270e2)
• Real behavior proof: The PR body includes copied Node 22 live output after the patch showing no remaining ACP String(err) catch path and readable JSON output for the plain-object throw shape; the author also reported the targeted CLI Vitest file, lint, and diff-check passing after rebase. (69ef0e7270e2)
• No competing PR: GitHub search found this PR as the only PR referencing the linked ACP client formatter issue, with the linked issue still open for this fix to close after merge.

Likely related people:

• steipete: Peter Steinberger introduced the interactive ACP client harness and original String(err) catch path, and appears repeatedly in ACP CLI and ACP support history. (role: introduced behavior and recent ACP area contributor; confidence: high; commits: 9809b47d4545, de3b68740aa9, b40821b068e1; files: src/cli/acp-cli.ts, src/acp/client.ts, src/infra/errors.ts)
• gumadeiras: Gustavo Madeira Santana added the ACP parent/subcommand option-collision test surface that this PR extends with the new formatter regression test. (role: adjacent CLI option-collision contributor; confidence: medium; commits: 985ec71c5538; files: src/cli/acp-cli.ts, src/cli/acp-cli.option-collisions.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 13c97c5a8d04.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=69ef0e7270e2f5f1063dc5b05c56d77142eddd89)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-19T14:34:52Z
Merge commit: 5d19beb547e1

What merged:

• The PR changes openclaw acp client error handling to use formatErrorMessage, adds a plain-object rejection regression test, and adds a changelog entry.
• Reproducibility: yes. Current main visibly sends openclaw acp client caught errors through String(err), ... catch already uses formatErrorMessage; I did not run a live failing ACP server in this read-only review.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix(cli): format acp client errors with formatErrorMessage (acp client subcommand error handler uses String(err) instead of formatErrorMessage #83904)

The automerge loop is complete.

Automerge progress:

• 2026-05-19 11:14:08 UTC review queued 83d845e5668e (queued)

• 2026-05-19 11:16:11 UTC repair queued 83d845e5668e (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728

• 2026-05-19 11:19:10 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 automerge-openclaw-openclaw-84080

• 2026-05-19 11:19:26 UTC validation plan (passed) in 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-19 11:19:36 UTC Codex write preflight (passed) in 27s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 danger-full-access

• 2026-05-19 11:24:04 UTC Codex edit 1 6bc7599bd44c (complete) in 4m 55s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 exit 0

• 2026-05-19 11:26:23 UTC validation and review 1 1f022592015d (complete) in 7m 14s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 already-current

• 2026-05-19 11:26:30 UTC repair completed 1f022592015d (branch updated) in 7m 21s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 initial automerge rebase is delegated to Codex repair

• 2026-05-19 11:26:30 UTC review queued 1f022592015d (after repair)

• 2026-05-19 11:32:25 UTC automerge wait 1f022592015d (ready) in 13m 16s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 checks and exact-head review are ready

• 2026-05-19 11:32:03 UTC review passed 1f022592015d (structured ClawSweeper verdict: pass (sha=1f022592015d8511cf1e61dcde7d30aebe582...)

• 2026-05-19 11:32:27 UTC repair finished 1f022592015d (pushed) in 13m 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093665728 repair_contributor_branch

• 2026-05-19 14:34:35 UTC review passed 69ef0e7270e2 (structured ClawSweeper verdict: pass (sha=69ef0e7270e2f5f1063dc5b05c56d77142edd...)

• 2026-05-19 14:34:55 UTC merged 69ef0e7270e2 (merged by ClawSweeper automerge)