fix(channels): suppress verbose failed-tool dumps

[VACInc]

Supersedes #84178. Same branch/head, no code changes from the reviewed PR head; this replacement PR exists because the old review thread became overloaded with pasted base64 screenshot payloads.

Summary

• Keeps failed tool calls visible as compact regular verbose progress while suppressing raw text-only failed tool output that can otherwise arrive after the final chat reply.
• Stops Telegram and Discord progress/draft paths from accepting late text-only tool updates once final delivery has started or completed.
• Tells the shared embedded runner to suppress terminal lastToolError fallback warnings only when regular verbose progress is visible; verbose full keeps terminal error detail available.
• Preserves media tool results, message-tool reads, and exec approval payloads so attachment/approval flows are not hidden by the suppression.

Root Cause

Before/RCA proof:

• Current-main source proof: src/auto-reply/reply/dispatch-from-config.ts allowed text-only failed tool results through the compact-progress suppression path because the old guard only suppressed default tool progress when deliveryPayload.isError !== true. That made failed command output special: successful text-only tool progress could be compact/suppressed, while failed text-only output could still become an extra chat message.
• Regression trigger proof: 57da466ecbb5f63b5a1881ae8caa7359c02ec40c (Fix Discord verbose tool progress delivery (#80042), merged May 17, 2026) changed source-suppressed verbose progress from direct-chat-only to sourceReplyDeliveryMode === "message_tool_only". That correctly restored compact verbose progress in channel/message-tool flows, but it also exposed the older failed-tool isError bypass in Telegram and Discord turns.
• Codex-app-server proof: extensions/codex/src/app-server/event-projector.ts records failed native tool output and lastToolError; src/auto-reply/reply/agent-runner-execution.ts passes reply options into the embedded runner; src/agents/pi-embedded-runner/run/payloads.ts appends a terminal fallback warning when lastToolError remains after a user-facing reply. In regular verbose, compact failed-tool progress is already visible, so that terminal fallback becomes a duplicate post-final dump.
• Live RCA proof: a production Telegram repro on regular verbose produced compact failed tool progress, a final assistant acknowledgement, and then an extra failed-tool warning/output after the final answer. The visible behavior was not stale code and not a Telegram-only adapter problem; it came from the shared Codex/app-server embedded runner plus channel delivery gates.
• Superseded attempt proof: a temporary payload-regex fix for concise exit 1 acknowledgements was tested and then reverted because the later live repro was a terminal lastToolError fallback, not a missing acknowledgement phrase. Final head removes that regex patch and moves the decision to dispatch, where OpenClaw knows whether compact regular verbose progress is already visible.
• Overloaded Codex session used for proof reconstruction: 019e4086-b491-7fb1-9aa5-e27c91bdbb2c.
• Scope proof: Telegram and Discord are the visible channel surfaces, but the correct boundary is shared dispatch/embedded runner behavior plus the Telegram/Discord final-delivery gates.

Real behavior proof

Behavior addressed: Regular verbose (verbose=on) still shows failed tools as compact progress before/finalizing the answer, but raw failed tool output and terminal failed-tool fallback warnings no longer dump to chat after the final response. verbose full remains the raw/detail mode.

Real environment tested: Tmp worktree branch fix-channel-late-tool-output at head 42fccfb3eb550e80cc46951dfc41b36912163ce3; live production gateway was updated with the PR overlay and has been running the fix. Private Telegram topic/session identifiers and credentials are not included in this public PR.

Exact steps or command run after this patch:

• pnpm exec oxfmt --check --threads=1 <13 touched files>
• git diff --check HEAD~2..HEAD
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.suppresses-message-end-block-replies-message-tool.test.ts extensions/discord/src/monitor/message-handler.process.test.ts extensions/telegram/src/bot-message-dispatch.test.ts
• codex -s danger-full-access -a never --disable plugins review --commit HEAD
• pnpm exec oxfmt --check --threads=1 src/agents/pi-embedded-runner/run/payloads.ts src/agents/pi-embedded-runner/run/payloads.errors.test.ts (superseded regex attempt)
• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/payloads.errors.test.ts src/auto-reply/reply/dispatch-from-config.test.ts extensions/codex/src/app-server/event-projector.test.ts (superseded regex attempt)
• git revert --no-edit dbe415b907821e97b280018b259068ec6919cd0e
• pnpm exec oxfmt --check --threads=1 src/auto-reply/reply/dispatch-from-config.ts src/auto-reply/reply/dispatch-from-config.test.ts
• git diff --check
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts extensions/codex/src/app-server/event-projector.test.ts
• oc-update --skip-codex
• systemctl --user status openclaw-gateway --no-pager -l | sed -n '1,80p'
• rg -n "suppressToolErrorWarnings" dist | head -20
• openclaw health

Evidence after fix:

• Focused 13-file format: All matched files use the correct format. Finished in 41ms on 13 files using 1 threads.
• Focused whitespace check: git diff --check HEAD~2..HEAD produced no output.
• Focused regression suite: Test Files 6 passed (6); Tests 400 passed (400); Duration 10.95s.
• Codex review: completed with codex -s danger-full-access -a never --disable plugins review --commit HEAD; it found three actionable P2 regressions in the early patch. Those findings were accepted and fixed in the current branch. No later codex-review rerun was performed after maintainer instruction to stop rerunning it.
• Superseded regex attempt proof: oxfmt passed in 7ms on 2 files, git diff --check produced no output, and Test Files 3 passed (3); Tests 235 passed (235); Duration 8.15s. This attempt was reverted by acc513bdcb because it targeted the wrong boundary.
• Final dispatch correction proof: oxfmt passed in 19ms on 2 files; git diff --check produced no output; dispatch-from-config.test.ts passed with Test Files 1 passed (1); Tests 132 passed (132); Duration 5.50s; scoped regression rerun passed with Test Files 3 passed (3); Tests 295 passed (295); Duration 7.40s.
• Production update proof: oc-update --skip-codex applied PR fix(channels): suppress late raw tool output #84178, built core/UI, reinstalled/restarted the gateway, and health check completed.
• Loaded service proof: openclaw-gateway.service was active after the corrected reload, running the built gateway from the live checkout.
• Built artifact proof: built dist contained the corrected regular-verbose suppressToolErrorWarnings handoff and passed it into resolver options.
• Health proof after reload: openclaw health reported gateway event loop ok; Telegram and Discord were configured.
• Before screenshot proof, converted from pasted base64 to PNG:
• After screenshot proof, converted from pasted base64 to PNG:
• Screenshot review result: the before image shows compact failed-tool progress, the final assistant reply, and then a separate failed-tool warning after the final reply. The after image shows compact failed-tool progress followed by the final assistant reply with no post-final failed-tool dump.
• New shared dispatch coverage proves compact onCommandOutput failed status still reaches the channel progress path while raw text-only failed onToolResult output is suppressed in message-tool-only regular verbose.
• New embedded subscription coverage proves text-only tool summaries after committed message-tool delivery are suppressed.
• New Codex projector coverage marks non-success native tool output as isError, so dispatch can apply the regular-vs-full policy correctly.
• New Discord coverage proves the progress draft can show pre-final compact Exec state and is not updated by late failed command output after final delivery.
• New Telegram coverage proves post-final text-only tool payloads are suppressed, media/approval payloads remain deliverable, and command-output callbacks do not restart progress drafts after the final answer.

Observed result after fix: Compact failed-tool progress remains visible before/finalizing the answer; regular verbose no longer appends raw failed tool output or terminal failed-tool warnings after the final response; verbose full still receives terminal error detail.

What was not tested: A fresh live Discord E2E posting with a real Discord account/channel was not run. The live proof path used production Telegram behavior plus focused shared/Telegram/Discord/Codex regression tests. Pre-existing local security audit warnings observed during oc-update were unrelated to this PR.

Verification

• pnpm exec oxfmt --check --threads=1 <13 touched files>
• git diff --check HEAD~2..HEAD
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.suppresses-message-end-block-replies-message-tool.test.ts extensions/discord/src/monitor/message-handler.process.test.ts extensions/telegram/src/bot-message-dispatch.test.ts
• codex -s danger-full-access -a never --disable plugins review --commit HEAD (three P2 findings accepted and fixed before final head)
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts extensions/codex/src/app-server/event-projector.test.ts
• oc-update --skip-codex
• openclaw health

What was not tested

A fresh live Discord E2E posting with a real Discord account/channel was not run. The screenshots are Telegram proof images converted from the pasted base64 payloads, and private topic/session identifiers are intentionally omitted.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch suppresses raw text-only failed-tool progress and terminal fallback warnings after final replies in regular verbose mode for shared, Telegram, Discord, and Codex runner paths while preserving media, exec approval, and /verbose full behavior.

Reproducibility: yes. source-backed with supplied real proof: current main lets failed isError tool payloads bypass compact suppression, and the before screenshot shows a post-final failed-tool warning. I did not rerun the live Telegram or Discord scenario locally in this read-only review.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🐚 platinum hermit
Summary: Strong Telegram proof and broad focused tests support the fix, while the delivery-semantics risk and pending CI keep the overall rating at normal mergeable quality rather than exceptional.

Rank-up moves:

• Let required queued CI finish on the exact head SHA.
• Add fresh live Discord proof if maintainers want transport parity before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🌱 uncommon Mossy Merge Sprite

        .--^^^^--.           
     .-'  o    o  '-.        
    /       \__/      \      
   |    /\  ____  /\   |     
   |   /  \/____\/  \  |     
    \  \_.------._/  /       
     '._  `----'  _.'        
        '-.____.-'           
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: keeps receipts.
Image traits: location artifact grotto; accessory CI status badge; palette plum, gold, and soft gray; mood determined; pose holding its accessory up for inspection; shell frosted glass shell; lighting calm overcast light; background tiny artifact crates.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Mossy Merge Sprite in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• When the egg is hatchable, the PR author or a maintainer can comment @clawsweeper hatch to generate its image.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (screenshot): The PR body includes structured after-fix real behavior proof with inspected before/after Telegram screenshots showing the post-final failed-tool dump removed; the missing fresh Discord E2E remains a merge-risk gap, not absent proof.

Mantis proof suggestion
A native Telegram Desktop proof would materially confirm the visible regular-verbose behavior at the transport layer before merge. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

telegram desktop proof: verify that regular verbose failed tools show compact progress and do not post a raw failed-tool dump after the final reply.

Risk before merge
Why this matters: - The PR intentionally changes regular /verbose on behavior so raw failed-tool detail is withheld unless /verbose full is selected; maintainers should accept that compatibility tradeoff before merge.

• The patch gates Telegram and Discord message delivery after final-reply start, so the main merge risk is accidentally suppressing a legitimate late text-only progress message in a real transport path.
• A fresh live Discord E2E was not supplied, and several CI checks were still queued during this review.

Maintainer options:

1. Merge after checks and policy acceptance (recommended)
   If maintainers accept that regular verbose is compact-only for failed-tool details, wait for required CI to finish and merge with the supplied Telegram proof plus focused regression tests.
2. Request live Discord proof
   Ask for a fresh Discord transport proof if maintainers want real-channel coverage for the Discord draft/final-delivery gate before merge.
3. Pause if verbose-on raw detail must stay
   Pause or redirect the PR if maintainers decide existing /verbose on users must keep raw failed-tool detail without switching to /verbose full.

Next step before merge
No narrow automated repair is identified; the remaining action is maintainer review of delivery-semantics risk, proof expectations, and required CI completion.

Security
Cleared: The diff changes TypeScript delivery gates, tests, and docs only; it does not add dependencies, workflows, package metadata, permissions, secret handling, or new code-execution supply-chain surface.

Review details

Best possible solution:

Land the shared dispatch/runner/channel suppression only after maintainers accept /verbose full as the raw-detail mode and required checks or equivalent transport proof cover the changed delivery paths.

Do we have a high-confidence way to reproduce the issue?

Yes, source-backed with supplied real proof: current main lets failed isError tool payloads bypass compact suppression, and the before screenshot shows a post-final failed-tool warning. I did not rerun the live Telegram or Discord scenario locally in this read-only review.

Is this the best way to solve the issue?

Likely yes: the PR moves the fix to the dispatch/runner/channel delivery boundary, preserves media, exec approvals, and /verbose full, and avoids the superseded payload-regex approach. The main solution-fit question is maintainer acceptance of the regular-verbose compatibility change.

Label justifications:

• P2: This fixes a user-visible channel progress/delivery bug with limited blast radius across Telegram, Discord, and shared agent runner paths.
• merge-risk: 🚨 compatibility: Regular /verbose on no longer includes raw failed-tool detail, which is an intentional behavior change for existing verbose users.
• merge-risk: 🚨 message-delivery: The diff suppresses late text-only tool payloads after final delivery starts, so an overly broad gate could hide a legitimate channel progress message.

Acceptance criteria:

• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.suppresses-message-end-block-replies-message-tool.test.ts extensions/discord/src/monitor/message-handler.process.test.ts extensions/telegram/src/bot-message-dispatch.test.ts
• node scripts/run-vitest.mjs src/auto-reply/reply/dispatch-from-config.test.ts src/auto-reply/reply/agent-runner-execution.test.ts extensions/codex/src/app-server/event-projector.test.ts
• pnpm exec oxfmt --check --threads=1
• git diff --check

What I checked:

• Current-main bug path: Current main lets deliveryPayload.isError === true bypass default tool-progress suppression, which matches the reported path where failed text-only tool output could become an extra chat message. (src/auto-reply/reply/dispatch-from-config.ts:1625, 3d96111a5afe)
• PR dispatch fix: The PR adds late-final and message-tool-only failed-text suppression while explicitly preserving media and exec approval payloads. (src/auto-reply/reply/dispatch-from-config.ts:1251, 42fccfb3eb55)
• Runner boundary: The PR tracks completed message-tool delivery in the agent runner and suppresses later progress callbacks, avoiding another post-final progress path after a message-tool final is already committed. (src/auto-reply/reply/agent-runner-execution.ts:1527, 42fccfb3eb55)
• Telegram delivery gate: The PR marks final delivery started/delivered in Telegram and suppresses later text-only tool payloads while allowing media and exec approvals. (extensions/telegram/src/bot-message-dispatch.ts:1373, 42fccfb3eb55)
• Discord delivery gate: The PR marks Discord final delivery start and completion, then prevents progress draft updates after the final path starts or completes. (extensions/discord/src/monitor/message-handler.process.ts:538, 42fccfb3eb55)
• Real behavior proof: Downloaded before/after Telegram screenshots show the before state with a separate failed-tool warning after the final reply and the after state with compact progress plus final reply and no post-final dump. (42fccfb3eb55)

Likely related people:

• Josh Avant: Current-main blame for the central dispatch, agent-runner, Codex projector, embedded subscribe, payload, and Discord delivery ranges points to the recent final-delivery/session-refresh work. (role: recent area contributor; confidence: medium; commits: e99615973810; files: src/auto-reply/reply/dispatch-from-config.ts, src/auto-reply/reply/agent-runner-execution.ts, extensions/discord/src/monitor/message-handler.process.ts)
• Patrick Erichsen: Git history shows the Telegram progress preview flow was recently added in the same file this PR gates after final delivery. (role: recent Telegram progress contributor; confidence: medium; commits: d60ab485114a; files: extensions/telegram/src/bot-message-dispatch.ts)
• anyech: The linked merged Discord verbose-progress PR is the stated regression trigger that made the failed-tool bypass visible in message-tool-only channel delivery. (role: recent Discord verbose-progress contributor; confidence: medium; commits: 57da466ecbb5; files: extensions/discord/src/monitor/message-handler.process.ts, src/auto-reply/reply/dispatch-from-config.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3d96111a5afe.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: 42fccfb3eb55
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-19 21:14:44 UTC review queued 42fccfb3eb55 (queued)

• 2026-05-19 21:16:57 UTC repair queued 42fccfb3eb55 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329

• 2026-05-19 23:10:04 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 automerge-openclaw-openclaw-84303

• 2026-05-19 23:10:11 UTC validation plan (passed) in 7s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-19 23:10:26 UTC Codex write preflight (passed) in 22s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 danger-full-access

• 2026-05-19 23:17:39 UTC Codex edit 1 0281ed10a4f9 (complete) in 7m 35s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 exit 0

• 2026-05-19 23:21:28 UTC validation and review 1 4aa5c96ca21e (complete) in 11m 24s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 already-current

• 2026-05-19 23:22:16 UTC repair finished 4aa5c96ca21e (opened) in 12m 12s Run: https://github.com/openclaw/clawsweeper/actions/runs/26125863329 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the work here. ClawSweeper could not write to the source branch, so it opened a replacement PR rather than letting the fix drift. attribution still points back here.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #84354
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This source PR is being closed only under the explicit source-close setting for this ClawSweeper run.
The replacement PR keeps the contributor trail visible for review and changelog credit.
Co-author credit kept:

• @VACInc: Co-authored-by: VACInc 3279061+VACInc@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 4aa5c96.

[VACInc]

@clawsweeper hatch

[clawsweeper]

🦞👀
ClawSweeper could not hatch this PR egg yet.

Reason: hatch requires an open pull request.