fix(agents): provenance-bound Codex reasoning replay by joshavant · Pull Request #84367 · openclaw/openclaw

joshavant · 2026-05-20T00:07:33Z

Summary

Problem: Codex Responses thinkingSignature replay can carry provider-encrypted encrypted_content that is only valid for the context that produced it. When stale or cross-context transcript history is replayed, Codex can reject the next turn with invalid_encrypted_content.
Solution: make encrypted reasoning replay provenance-bound. OpenClaw now stores private replay provenance beside the reasoning signature, keyed by provider/API/model/base URL/session/auth profile, and request assembly preserves encrypted_content only when that provenance matches the current replay context.
Compatibility: legacy embedded replay metadata remains readable, but new transcripts no longer embed OpenClaw metadata in the provider signature payload. Legacy or no-provenance encrypted blobs fail closed by stripping only encrypted_content before request assembly.
Fallback: keep the targeted one-shot recovery for provider-side invalid_encrypted_content; it is now a last-resort guard for provider expiry/rotation of otherwise matching replay, not the primary stale-transcript fix.

Linked Issue/PR

Closes Codex replay can silently fail Telegram turns with invalid_encrypted_content from mirrored thinking blocks #83836
This PR fixes a bug or regression

Real behavior proof (required for external PRs)

Behavior addressed: openai-codex/gpt-5.5 turns can fail with 400 invalid_encrypted_content when replay history contains stale mirrored thinkingSignature.encrypted_content.

Real environment tested: AWS Crabbox Linux lease cbx_50c154e2e51a, run run_915250c781ab, branch checkout now rebased at 92d492aa04, live openai-codex/gpt-5.5 through the Codex Responses transport with secret-safe auth profile forwarding.

Exact steps or command run after this patch: a Crabbox script used an authenticated live Codex profile, imported the Codex Responses transport, ran a first live Responses turn, captured the emitted assistant reasoning block, ran a second live Responses turn with that transcript, and inspected the redacted outgoing request shape. The same proof replayed the captured reasoning block after changing the session id and auth profile id, and exercised legacy embedded replay metadata compatibility.

Evidence after fix: the run printed PROOF_DIRECT_LIVE_FIRST_TURN_OK=true, PROOF_DIRECT_LIVE_SECOND_TURN_OK=true, PROOF_DIRECT_LIVE_REPLAY_BLOCKS=1, PROOF_DIRECT_LIVE_ENCRYPTED_BLOCKS=1, PROOF_NEW_SIGNATURE_HAS_NO_EMBEDDED_META=true, PROOF_SECOND_LIVE_REQUEST_MATCHING_REPLAY_ENCRYPTED=1, PROOF_SESSION_MISMATCH_ENCRYPTED_REPLAY_STRIPPED=true, PROOF_AUTH_MISMATCH_ENCRYPTED_REPLAY_STRIPPED=true, and PROOF_LEGACY_EMBEDDED_METADATA_COMPAT=true.

Observed result after fix: matching same-session and same-auth encrypted reasoning remains replayable, new signatures keep OpenClaw replay metadata out of the provider signature payload, session-mismatched replay strips encrypted_content before request assembly, auth-profile-mismatched replay strips encrypted_content before request assembly, and legacy matching metadata still preserves valid replay.

What was not tested: Telegram Desktop delivery UX was not retested after the final sidecar/auth-profile change; the live proof directly exercised the Codex Responses transport boundary where invalid encrypted replay is assembled. Provider-side expiration/rotation of otherwise matching encrypted replay cannot be forced deterministically, so that recovery path remains covered by focused tests.

Before evidence (optional but encouraged): AWS Crabbox run run_ca2af4a2e5ad, lease cbx_712f8d43b376, reproduced the issue from current main with openai-codex/gpt-5.5; the second turn failed with code=invalid_encrypted_content and printed REPRODUCED_CODEX_INVALID_ENCRYPTED_CONTENT=true.

Root Cause

Root cause: convertResponsesMessages replayed JSON thinkingSignature blocks as Responses reasoning input items, including provider-owned encrypted_content, without proving that the encrypted blob came from the same provider/API/model/base URL/session/auth-profile context now assembling the request.
Missing guardrail: durable transcripts and mirrored channel history could carry opaque provider replay state across contexts where that state is no longer valid.
Fix shape: make replay provenance explicit at the provider transport boundary, carry the runtime-approved forwarded auth profile into that boundary, sanitize projection/history tool output so internal provenance is not exposed, and strip only the opaque encrypted replay field when provenance is absent or mismatched.

Regression Test Plan

Target tests: src/agents/openai-transport-stream.test.ts, src/agents/pi-embedded-runner/run/attempt.test.ts, src/agents/pi-embedded-runner/compact.hooks.test.ts, src/agents/openclaw-tools.sessions.test.ts, and src/gateway/server-methods/server-methods.test.ts.
Added/updated coverage:
- stream output stores encrypted Responses reasoning replay provenance in sidecar block metadata
- new signatures do not embed __openclaw_replay into provider signature payloads
- matching provider/API/model/base URL/session/auth-profile provenance preserves encrypted reasoning replay
- absent, stale, session-mismatched, and auth-profile-mismatched provenance strips encrypted reasoning replay before provider requests
- legacy embedded metadata remains compatible for matching replay
- normal and compacted PI runtime paths forward only the runtime-approved auth profile id into transport provenance
- sessions history and chat display projection strip private replay metadata

Verification

git diff --check passed after rebasing on current origin/main.
Focused post-rebase tests: OPENCLAW_VITEST_MAX_WORKERS=1 node scripts/run-vitest.mjs src/agents/openai-transport-stream.test.ts src/agents/pi-embedded-runner/run/attempt.test.ts src/agents/pi-embedded-runner/compact.hooks.test.ts src/agents/pi-embedded-runner/stream-resolution.test.ts src/agents/openclaw-tools.sessions.test.ts src/gateway/server-methods/server-methods.test.ts passed: 11 files, 900 tests.
``: AUTOREVIEW_AUTO_TESTS=0 .agents/skills/autoreview/scripts/autoreview --mode local --reviewer pi --fallback-reviewer none; clean, no accepted/actionable findings.
Broad changed gate: Testbox-through-Crabbox provider blacksmith-testbox, id tbx_01ks1hz70c0bqz4jk99hgpr1dt, Actions run 26136755015; pnpm check:changed passed before the final rebase.
AWS Crabbox live proof: provider aws, run run_915250c781ab, lease cbx_50c154e2e51a; live Codex Responses transport proof passed matching replay preservation, session mismatch stripping, auth-profile mismatch stripping, new sidecar metadata shape, and legacy embedded metadata compatibility.

Security Impact

New permissions/capabilities? No
Secrets/tokens handling changed? No
New/changed network calls? No
Command/tool execution surface changed? No
Data access scope changed? No

Compatibility / Migration

Backward compatible? Yes
Config/env changes? No
Migration needed? No

clawsweeper · 2026-05-20T00:09:54Z

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

ClawSweeper keeps one durable marker-backed review comment per issue or PR.
Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
Maintainers can also comment @clawsweeper review to request a fresh review only.
Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR provenance-binds OpenAI/Codex Responses encrypted reasoning replay, strips mismatched encrypted content at request assembly/retry, forwards auth-profile provenance through embedded runs, sanitizes private replay metadata from history/display, and adds tests plus a changelog entry.

Reproducibility: yes. The PR body includes a before Crabbox run reproducing invalid_encrypted_content on current main, and source inspection confirms current main replays JSON thinkingSignature.encrypted_content into Responses input.

PR rating
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Summary: Strong live proof, focused transport-boundary code, and targeted regression coverage make the PR ready for maintainer signoff despite the deliberate session-state risk.

What the crustacean ranks mean

🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body includes before/after AWS Crabbox live output for openai-codex/gpt-5.5, focused tests, autoreview output, and a broad changed Testbox gate.

Risk before merge

The protected maintainer label means this PR needs explicit human handling before merge.
The patch intentionally changes persisted replay behavior: legacy/no-provenance or mismatched encrypted reasoning blobs are stripped instead of replayed, which is the safer direction but still affects session replay state.
The linked user issue also mentions channel-visible fallback UX; this PR fixes the transport replay failure and leaves any Telegram-visible error handling as separate scope.

Maintainer options:

Land With Replay-State Signoff (recommended)
A maintainer can land this after accepting that stale or unproven encrypted replay is discarded while matching same-session/auth replay is preserved.
Ask For One Upgrade Probe
If more compatibility confidence is needed, request a focused no-provenance transcript upgrade proof before merge.
Split Channel Fallback Scope
Do not block the transport fix on Telegram fallback UX unless maintainers want this PR to close both the root cause and the visible error-reporting gap together.

Next step before merge
Human maintainer review is needed to accept the protected-label PR and its replay-state semantics; there is no narrow automated repair blocker in the diff.

Security
Cleared: No concrete security or supply-chain concern found; the diff adds no dependencies, permissions, secret expansion, or command execution, and it keeps private replay provenance out of display/history projections.

Review details

Best possible solution:

Land the focused transport-boundary fix after maintainer signoff, then track any remaining channel-visible fallback work separately from the encrypted-replay root cause.

Do we have a high-confidence way to reproduce the issue?

Yes. The PR body includes a before Crabbox run reproducing invalid_encrypted_content on current main, and source inspection confirms current main replays JSON thinkingSignature.encrypted_content into Responses input.

Is this the best way to solve the issue?

Yes. The patch fixes the shared provider transport boundary, preserves valid same-context replay, strips only unproven or mismatched opaque encrypted replay, and avoids bundling unrelated Telegram UX work into the root-cause fix.

Label justifications:

P1: The PR targets a real user-facing Codex/channel workflow failure where accepted messages can produce no deliverable reply after invalid_encrypted_content.
merge-risk: 🚨 session-state: The diff changes how persisted reasoning replay state is retained or stripped across sessions, auth profiles, and transcript history.
rating: 🦞 diamond lobster: Current PR rating is 🦞 diamond lobster because proof is 🦞 diamond lobster, patch quality is 🦞 diamond lobster, and Strong live proof, focused transport-boundary code, and targeted regression coverage make the PR ready for maintainer signoff despite the deliberate session-state risk.
status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes before/after AWS Crabbox live output for openai-codex/gpt-5.5, focused tests, autoreview output, and a broad changed Testbox gate.
proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes before/after AWS Crabbox live output for openai-codex/gpt-5.5, focused tests, autoreview output, and a broad changed Testbox gate.

What I checked:

Current-main root cause: Current main parses JSON thinkingSignature blocks and pushes the parsed reasoning item into Responses input without provenance checks or encrypted_content stripping. (src/agents/openai-transport-stream.ts:862, a57ab2448f2a)
Current-main replay remains enabled for Codex Responses: Current main calls convertResponsesMessages with replayReasoningItems: true; native Codex only disables replayed item IDs, not encrypted reasoning content. (src/agents/openai-transport-stream.ts:1746, a57ab2448f2a)
Current-main test preserves encrypted replay: The existing native Codex Responses test expects an outgoing reasoning item to retain encrypted_content: "ciphertext", matching the reported failure surface. (src/agents/openai-transport-stream.test.ts:2185, a57ab2448f2a)
PR strips mismatched replay and removes private embedded metadata: The PR prepares replayed reasoning items by matching sidecar or legacy metadata against provider/API/model/base URL/session/auth-profile provenance, otherwise stripping encrypted_content. (src/agents/openai-transport-stream.ts:888, 92d492aa040e)
PR stores sidecar provenance on streamed reasoning: When a Responses reasoning output has encrypted_content, the PR stores replay provenance beside the thinking block instead of embedding OpenClaw metadata into the provider payload. (src/agents/openai-transport-stream.ts:1443, 92d492aa040e)
PR forwards runtime-approved auth profile provenance: The PR passes only the runtime-forwarded auth profile id into embedded stream options so replay provenance follows the credential context actually used for the request. (src/agents/pi-embedded-runner/run/attempt.ts:783, 92d492aa040e)

Likely related people:

Kevin Lin: Local blame and git log -S point the current convertResponsesMessages, Codex Responses replay, and embedded stream-resolution code to commit 9b97e1ef2fd2315b1ea50fbb970c274bc078390b. (role: introduced current replay/embedded-run implementation; confidence: high; commits: 9b97e1ef2fd2; files: src/agents/openai-transport-stream.ts, src/agents/pi-embedded-runner/stream-resolution.ts, src/agents/pi-embedded-runner/run/attempt.ts)
Jason (Json): Recent local history on the PI embedded-runner path includes transcript artifact filtering work adjacent to session/replay handling. (role: recent adjacent contributor; confidence: medium; commits: 2ab3a4e422a0; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/compact.ts)
Galin Iliev: Recent local history on src/agents/openai-transport-stream.ts includes OpenAI strict schema diagnostic work adjacent to the changed transport boundary. (role: recent OpenAI transport contributor; confidence: medium; commits: c982358753bb; files: src/agents/openai-transport-stream.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against a57ab2448f2a.

clawsweeper · 2026-05-20T00:29:23Z

ClawSweeper PR egg

✨ Hatched: 🥚 common Tiny Crabkin

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

Merged PRs are hatchable.
Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: sparkles near resolved comments.
Image traits: location green-check meadow; accessory green check lantern; palette sunrise gold and clean white; mood proud; pose pointing at a small proof artifact; shell smooth pearl shell; lighting golden review-room light; background subtle branch markers.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Tiny Crabkin in ClawSweeper.

What is this egg doing here?

Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

almassolarenrgi · 2026-05-20T04:49:54Z

953e136

…026.5.20) (#615) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://github.com/openclaw/openclaw)) | patch | `2026.5.19` → `2026.5.20` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/567) for more information. --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.5.20`](https://github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026520) [Compare Source](openclaw/openclaw@v2026.5.19...v2026.5.20) ##### Changes - Exec approvals: remove the old `cat SKILL.md && printf ... && <skill-wrapper>` allowlist compatibility path so skill files must be loaded with the read tool and only the real skill executable is auto-allowed. - Discord: let voice sessions follow configured Discord users into voice channels, with allowed-channel checks, multi-user handoff, bounded reconciliation, and DAVE recovery preservation. ([#84264](openclaw/openclaw#84264)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Discord/voice: include bounded `IDENTITY.md`, `USER.md`, and `SOUL.md` profile context in realtime voice session instructions by default, with `voice.realtime.bootstrapContextFiles: []` available to disable it. ([#84499](openclaw/openclaw#84499)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Dependencies: bump the bundled Codex harness to `@openai/codex` `0.132.0` and refresh the app-server model-list docs for the new catalog. - CLI/policy: add the bundled Policy plugin for policy-backed channel conformance checks, doctor lint findings, and opt-in workspace repair. ([#80407](openclaw/openclaw#80407)) Thanks [@giodl73-repo](https://github.com/giodl73-repo). - Agents/config: allow `agents.list[].experimental.localModelLean` so lean local-model mode can be enabled for one configured agent instead of globally. - Providers/xAI: add device-code OAuth login so remote and headless setups can authorize xAI without a localhost browser callback. ([#84005](openclaw/openclaw#84005)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Providers/OpenRouter: honor provider-level `params.provider` routing policy for OpenRouter requests, with model and agent params overriding the defaults. Thanks [@amknight](https://github.com/amknight). ##### Fixes - CLI/tasks: include stale-running task maintenance decisions in `openclaw tasks maintenance --json` so retained and reconcile candidates explain backing-session, cron, CLI, and wedged-subagent state. ([#84691](openclaw/openclaw#84691)) Thanks [@efpiva](https://github.com/efpiva). - Codex app-server: keep system-prompt reports working when bootstrap hooks provide workspace files with only a path and content, so hook-supplied SOUL/IDENTITY/TOOLS/USER context still reports injected characters correctly. ([#84736](openclaw/openclaw#84736)) Thanks [@JARVIS-Glasses](https://github.com/JARVIS-Glasses). - Providers/MiniMax music: stop advertising `durationSeconds` control and remove prompt-injected duration hints, so `music_generate` reports MiniMax duration as an unsupported override instead of suggesting MiniMax can enforce track length. Fixes [#84508](openclaw/openclaw#84508). Thanks [@neeravmakwana](https://github.com/neeravmakwana). - Doctor: warn when sandbox tool policy hides configured MCP server tools before provider requests. ([#84699](openclaw/openclaw#84699)) Thanks [@nxmxbbd](https://github.com/nxmxbbd). - WhatsApp: update Baileys to `7.0.0-rc12`. - Build: suppress per-locale `rolldown-plugin-dts:fake-js` CommonJS dts warnings emitted while bundling the intentionally-inlined `zod/v4/locales/*.d.cts` files, so `pnpm build` output stays readable after the 0.25.1 plugin bump. Thanks [@romneyda](https://github.com/romneyda). - CLI/nodes: route lazy plugin-registration logs to stderr for JSON-mode `openclaw nodes` commands so stdout stays parseable. ([#84684](openclaw/openclaw#84684)) Thanks [@TurboTheTurtle](https://github.com/TurboTheTurtle). - Approvals: route manual `/approve` decisions through the trusted approval runtime so active exec and plugin approvals no longer look unknown or expired. - Mac app: update the About settings copyright year to 2026. ([#84385](openclaw/openclaw#84385)) Thanks [@pejmanjohn](https://github.com/pejmanjohn). - Dependencies: update `@openclaw/fs-safe` to `0.2.7` so OpenClaw's default Python-helper-off policy keeps best-effort Node write fallbacks for private stores, secret writes, run logs, and media attachments on Linux/macOS. - Infra/secrets: restore the fail-closed contract for `tryReadSecretFileSync` so credential loaders that pass `rejectSymlink: true` (Telegram, LINE, Zalo, IRC, Nextcloud Talk tokens) refuse symlinked credential files instead of silently accepting them, and the infra-state CI shard's secret-file symlink test passes again. Thanks [@romneyda](https://github.com/romneyda). - Browser: honor the configured image sanitization limit for screenshots and labeled snapshots so browser-captured images follow the same resize policy as other image results. ([#84595](openclaw/openclaw#84595)) - Doctor: remove unrecognized `models.providers.*.models[*].compat.thinkingFormat` values during `doctor --fix` so stale provider model config can validate after upgrade. Fixes [#77803](openclaw/openclaw#77803). - Doctor: warn when `openclaw.json` stores plaintext secret-bearing config fields, including model provider API keys and sensitive provider headers. ([#84718](openclaw/openclaw#84718)) Thanks [@lukaIvanic](https://github.com/lukaIvanic). - Status: show the configured default, session-selected model, reason, clear hint, and docs link when a session remains pinned to a model that differs from `agents.defaults.model.primary`. - WebChat: clear stale typing indicators when session change events mark the active chat run complete. - Mac app: keep local packaging signed with a stable app identity for permission testing and fix Control UI production builds under current Vite/Highlight.js exports. - macOS app: update the embedded Peekaboo bridge to 3.2.1 so OpenClaw-hosted UI automation works with current Peekaboo CLI capture flows. - Cron: deliver preferred final assistant output for successful scheduled runs when trailing plain tool warnings remain in diagnostics instead of marking the run failed. - fix(mattermost): fail closed on missing channel type \[AI]. ([#84091](openclaw/openclaw#84091)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Recheck rebuilt system.run argv \[AI]. ([#84090](openclaw/openclaw#84090)) Thanks [@pgondhi987](https://github.com/pgondhi987). - CLI: keep the private QA subcommand out of exported command descriptors unless `OPENCLAW_ENABLE_PRIVATE_QA_CLI=1`, so root help and subcommand markers match runtime registration. ([#84519](openclaw/openclaw#84519)) - CLI/cron: bound `openclaw cron show` job lookup pagination so non-advancing or unbounded `cron.list` responses fail instead of hanging the command. Fixes [#83856](openclaw/openclaw#83856). ([#83989](openclaw/openclaw#83989)) - Agents/messages: stop message-tool-only turns after a successful source-channel `message` send while keeping transcript mirrors under the session write lock. ([#84289](openclaw/openclaw#84289)) - Agents: filter silent heartbeat response-tool transcript artifacts out of embedded context snapshots so later user turns are not polluted by heartbeat no-op messages. ([#83477](openclaw/openclaw#83477)) Thanks [@fuller-stack-dev](https://github.com/fuller-stack-dev). - Agents/OpenAI: log repeated strict tool-schema downgrade diagnostics once per provider/model/tool signature, reducing duplicate debug noise while preserving `strict=false` fallback behavior. Fixes [#82930](openclaw/openclaw#82930). ([#82933](openclaw/openclaw#82933)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/code mode: spell out the `exec` tool's JavaScript/TypeScript, no Node module, and catalog-bridge constraints in model-visible schema text so agents can use enabled tools without trial-and-error. ([#84269](openclaw/openclaw#84269)) Thanks [@Kaspre](https://github.com/Kaspre). - Codex: give `image_generate` dynamic-tool calls a 120s default watchdog when no per-call or configured image timeout is set, so image generation no longer falls back to the generic 30s bridge timeout. ([#84254](openclaw/openclaw#84254)) Thanks [@moritzmmayerhofer](https://github.com/moritzmmayerhofer). - Codex: avoid duplicate dynamic tool terminal diagnostics while large diagnostic backlogs drain without blocking tool responses. ([#82937](openclaw/openclaw#82937)) Thanks [@galiniliev](https://github.com/galiniliev). - CLI/message: include a stable top-level `messageId` in `openclaw message --json` output when channel sends return one. ([#84191](openclaw/openclaw#84191)) Thanks [@100menotu001](https://github.com/100menotu001). - Cron: preserve legacy top-level array `jobs.json` stores when loading or adding scheduled jobs so old cron jobs are no longer treated as an empty store during upgrade. Fixes [#60799](openclaw/openclaw#60799). ([#84433](openclaw/openclaw#84433)) Thanks [@IWhatsskill](https://github.com/IWhatsskill). - Gateway/agents: use an agent's `identity.name` in Gateway agent summaries when `agents.list[].name` is unset, so configured agent labels remain visible in clients. ([#84355](openclaw/openclaw#84355); refs [#57835](openclaw/openclaw#57835)) Thanks [@luoyanglang](https://github.com/luoyanglang). - Channels/replies: keep normal `/verbose` failed-tool progress compact in message-tool replies and prevent late text-only tool output from appearing after the final answer. ([#84303](openclaw/openclaw#84303)) Thanks [@VACInc](https://github.com/VACInc). - Plugins/hooks: apply a default 30-second timeout to `before_compaction` and `after_compaction` hooks so a hung plugin handler no longer blocks compaction completion. ([#84153](openclaw/openclaw#84153)) - Discord: preserve disabled presentation buttons when adapting and rendering Discord message controls. ([#84188](openclaw/openclaw#84188)) Thanks [@100menotu001](https://github.com/100menotu001). - Twitch: add a test-only client-manager registry reset helper so non-isolated Twitch tests can clear cached managers between cases. Fixes [#83887](openclaw/openclaw#83887). ([#84244](openclaw/openclaw#84244)) Thanks [@hclsys](https://github.com/hclsys). - Cron: run main-session scheduled work on a cron-owned wake lane while preserving reply delivery context, so background cron turns no longer block human main-session chat. Fixes [#82766](openclaw/openclaw#82766). ([#82767](openclaw/openclaw#82767)) Thanks [@galiniliev](https://github.com/galiniliev). - Cron: use structured embedded-run denial metadata for isolated scheduled tasks so blocked exec requests fail the job without treating ordinary assistant prose as a denial. ([#84067](openclaw/openclaw#84067)) Thanks [@abnershang](https://github.com/abnershang). - Cron: keep recovered tool warnings diagnostic for successful scheduled runs so final cron output is delivered instead of being replaced by a post-processing warning. ([#84045](openclaw/openclaw#84045)) Thanks [@abnershang](https://github.com/abnershang). - Plugins/perf: thread explicit plugin discovery results through `loadBundledCapabilityRuntimeRegistry`, `resolveBundledPluginSources`, and `listChannelCatalogEntries` so callers that already hold a discovery result skip redundant filesystem walks. Thanks [@SebTardif](https://github.com/SebTardif). - harden update restart script creation \[AI]. ([#84088](openclaw/openclaw#84088)) Thanks [@pgondhi987](https://github.com/pgondhi987). - Docker: keep the bundled Codex plugin in official release image keep lists so the default OpenAI agent harness remains available after Docker pruning. Fixes [#83613](openclaw/openclaw#83613). ([#83626](openclaw/openclaw#83626)) Thanks [@YuanHanzhong](https://github.com/YuanHanzhong). - CLI/channels: preserve the first line of `openclaw channels logs` output when the rolling tail window starts exactly on a line boundary, mirroring the already-fixed `readLogSlice` behavior in `src/logging/log-tail.ts`. - Control UI: treat terminal session status as authoritative over stale active-run flags so completed terminal runs stop showing abort/live UI. ([#84057](openclaw/openclaw#84057)) - CLI: preserve embedded equals signs in inline root option values instead of truncating after the second separator. ([#83995](openclaw/openclaw#83995)) Thanks [@ThiagoCAltoe](https://github.com/ThiagoCAltoe). - Matrix/config: accept `messages.queue.byChannel.matrix` queue overrides and keep queue provider schema/type keys aligned for Matrix, Google Chat, and Mattermost. Thanks [@bdjben](https://github.com/bdjben). - CLI: format `openclaw acp client` failures through the shared error formatter so object-shaped errors stay readable instead of printing `[object Object]`. Fixes [#83904](openclaw/openclaw#83904). ([#84080](openclaw/openclaw#84080)) - Providers/Ollama: default unknown-capabilities models to tool-capable so discovered native Ollama models can use tools when `/api/show` omits capabilities. ([#84055](openclaw/openclaw#84055)) Thanks [@dutifulbob](https://github.com/dutifulbob). - Installer/Windows: launch `install.ps1` onboarding as an attached child process so fresh native Windows installs do not freeze visibly at `Starting setup...` or corrupt the wizard's terminal rendering. - CLI/update: keep restart health checks working across one-version CLI/Gateway protocol skew and use the managed Gateway service Node for all follow-up commands even when the package root is unchanged, so `openclaw update` no longer silently switches the gateway to a different Node binary when multiple Node installations are present. Thanks [@amknight](https://github.com/amknight). - CLI/gateway: include the running Gateway version in `gateway status` JSON output, preserving existing server metadata while falling back to status RPC data for read probes. Fixes [#56222](openclaw/openclaw#56222). Thanks [@galiniliev](https://github.com/galiniliev). - Memory/search: close local embedding providers when active-memory searches time out so pending local model loads and embedding contexts are aborted and released. ([#83858](openclaw/openclaw#83858)) Thanks [@brokemac79](https://github.com/brokemac79). - CLI/nodes: request pending node surface approval scopes before `openclaw nodes approve` so exec-capable node approval can use admin-scoped Gateway credentials instead of failing with `missing scope: operator.admin`. ([#84392](openclaw/openclaw#84392)) Thanks [@joshavant](https://github.com/joshavant). - Gateway: reject slow node event sends before outbound buffers grow unbounded and log the rejected payload diagnostic. ([#84387](openclaw/openclaw#84387)) Thanks [@samzong](https://github.com/samzong). - Agents: include bounded trajectory queued-writer diagnostics in `pi-trajectory-flush` timeout warnings so flush stalls show pending writes, queued bytes, and append state. Fixes [#82961](openclaw/openclaw#82961). ([#82962](openclaw/openclaw#82962)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/subagents: recover stale completion announces by retrying unsupported transcript-wait wakes without transcript waiting and forcing a message-tool handoff when the requester run is already stale. Fixes [#83699](openclaw/openclaw#83699). ([#83700](openclaw/openclaw#83700)) Thanks [@galiniliev](https://github.com/galiniliev). - Agents/subagents: constrain wildcard subagent target allowlists to configured agents while preserving explicitly listed compatibility targets. Fixes [#84040](openclaw/openclaw#84040). ([#84357](openclaw/openclaw#84357)) Thanks [@joshavant](https://github.com/joshavant). - Providers/Anthropic: route Anthropic model refs selected with Claude CLI auth through the Claude CLI runtime so shorthand refs such as `anthropic/opus-4.7` no longer fall back to embedded Anthropic billing. Fixes [#84222](openclaw/openclaw#84222). ([#84374](openclaw/openclaw#84374)) Thanks [@joshavant](https://github.com/joshavant). - Agents: honor explicit `models.providers.<id>.timeoutSeconds` values above the default idle watchdog for cloud and self-hosted providers, so long first-token waits no longer fall back at \~120s when the provider timeout is higher. ([#83979](openclaw/openclaw#83979)) Thanks [@yujiawei](https://github.com/yujiawei). - Agents/Codex: keep encrypted Responses reasoning replay provenance-bound so stale mirrored Codex transcripts drop invalid encrypted content before request assembly while preserving matching same-session replay. Fixes [#83836](openclaw/openclaw#83836). ([#84367](openclaw/openclaw#84367)) Thanks [@joshavant](https://github.com/joshavant). - Agents/subagents: skip stale embedded-run wake probes for dormant completion requesters, so late subagent completions go straight to requester-agent/direct handoff instead of producing `reason=no_active_run` queue noise. ([#82964](openclaw/openclaw#82964)) Thanks [@galiniliev](https://github.com/galiniliev). - CLI: retry config snapshot reads after a transient failure so one rejected read no longer poisons later commands in the same process. ([#83931](openclaw/openclaw#83931)) Thanks [@honor2030](https://github.com/honor2030). - Media: decode URL path basenames before using them as remote media fallback filenames, so files like `My%20Report.pdf` are surfaced as `My Report.pdf`. Fixes [#84050](openclaw/openclaw#84050). ([#84052](openclaw/openclaw#84052)) Thanks [@jbetala7](https://github.com/jbetala7). - WhatsApp: clarify inbound group diagnostics so observed but unregistered groups point to `channels.whatsapp.groups` without changing routing or sender authorization. ([#83846](openclaw/openclaw#83846)) Thanks [@neeravmakwana](https://github.com/neeravmakwana). - WhatsApp: drain pending outbound deliveries on a 30s periodic timer in addition to the reconnect handler, so messages enqueued while the provider is already connected no longer wait for the next reconnect to send. ([#79083](openclaw/openclaw#79083)) Thanks [@Oviemudiaga](https://github.com/Oviemudiaga). - CLI/TUI: include gateway plugin slash commands in TUI autocomplete, so connected sessions can suggest plugin-owned commands exposed by the running Gateway. ([#83640](openclaw/openclaw#83640)) Thanks [@se7en-agent](https://github.com/se7en-agent). - Gateway/mobile: restore QR setup-code handoff of bounded operator tokens for iOS and Android onboarding while keeping admin and pairing scopes out of bootstrap. ([#83684](openclaw/openclaw#83684)) Thanks [@ngutman](https://github.com/ngutman). - iOS: repair Release archive compilation for the TestFlight build. ([#84255](openclaw/openclaw#84255)) Thanks [@ngutman](https://github.com/ngutman). - Agents/compaction: bound plugin-owned CLI transcript compaction with the host safety timeout so a hung context engine can no longer stall post-turn cleanup. ([#84083](openclaw/openclaw#84083)) Thanks [@100yenadmin](https://github.com/100yenadmin). - Control UI/usage: truncate long context skill, tool, and file names in the usage panel while keeping the full name available on hover. ([#42197](openclaw/openclaw#42197)) Thanks [@Rain120](https://github.com/Rain120). - Codex: respect explicit `models auth order set` and `config.auth.order` precedence over stale `lastGood` in `/codex account`, and show `no working credential` when every explicit-order profile is ineligible instead of marking a lower-ranked profile as active. Fixes [#84386](openclaw/openclaw#84386). ([#84412](openclaw/openclaw#84412)) Thanks [@openperf](https://github.com/openperf). - Agents: honor `messages.suppressToolErrors` for mutating tool failures so configured chat surfaces do not receive separate warning payloads. ([#81561](openclaw/openclaw#81561)) Thanks [@moeedahmed](https://github.com/moeedahmed). - Agents/fallback: surface billing guidance for mixed rate-limit plus billing fallback exhaustion instead of generic failure copy. Fixes [#79396](openclaw/openclaw#79396). ([#79489](openclaw/openclaw#79489)) Thanks [@aayushprsingh](https://github.com/aayushprsingh). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/615

* fix(agents): recover stale Codex encrypted reasoning replay * docs(changelog): note Codex encrypted replay recovery * fix(agents): bind Codex reasoning replay provenance * fix(agents): pin codex reasoning replay provenance

openclaw-barnacle Bot added agents Agent runtime and tooling size: S maintainer Maintainer-authored PR labels May 20, 2026

joshavant force-pushed the fix/openai-codex-encrypted-reasoning-replay branch 2 times, most recently from 7fe7fd5 to 809e5ea Compare May 20, 2026 00:20

joshavant force-pushed the fix/openai-codex-encrypted-reasoning-replay branch from 809e5ea to 1f6aaea Compare May 20, 2026 01:07

openclaw-barnacle Bot added size: M and removed size: S labels May 20, 2026

joshavant changed the title ~~fix(agents): recover stale Codex encrypted reasoning replay~~ fix(agents): provenance-bound Codex reasoning replay May 20, 2026

clawsweeper Bot added the merge-risk: 🚨 session-state 🚨 May lose, corrupt, stale, or mis-associate session, agent, or context state. label May 20, 2026

clawsweeper Bot mentioned this pull request May 20, 2026

Codex replay can silently fail Telegram turns with invalid_encrypted_content from mirrored thinking blocks #83836

Closed

joshavant force-pushed the fix/openai-codex-encrypted-reasoning-replay branch from 1f6aaea to 81b5475 Compare May 20, 2026 03:08

openclaw-barnacle Bot added gateway Gateway runtime size: L and removed size: M labels May 20, 2026

joshavant added 4 commits May 19, 2026 22:50

fix(agents): recover stale Codex encrypted reasoning replay

e8fe70e

docs(changelog): note Codex encrypted replay recovery

d8b3135

fix(agents): bind Codex reasoning replay provenance

1e18d6f

fix(agents): pin codex reasoning replay provenance

92d492a

joshavant force-pushed the fix/openai-codex-encrypted-reasoning-replay branch from 81b5475 to 92d492a Compare May 20, 2026 03:52

joshavant merged commit a54c736 into main May 20, 2026
105 checks passed

joshavant deleted the fix/openai-codex-encrypted-reasoning-replay branch May 20, 2026 04:05

clawsweeper Bot mentioned this pull request May 20, 2026

fix: strip openai reasoning replay for image turns #84435

Closed

25 tasks

clawsweeper Bot mentioned this pull request May 20, 2026

openai-codex provider: multi-turn sessions permanently break with 400 invalid_encrypted_content after an OAuth token refresh #84511

Closed

clawsweeper Bot mentioned this pull request May 22, 2026

Fix native Codex encrypted replay recovery #85294

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(agents): provenance-bound Codex reasoning replay#84367

fix(agents): provenance-bound Codex reasoning replay#84367
joshavant merged 4 commits into
mainfrom
fix/openai-codex-encrypted-reasoning-replay

joshavant commented May 20, 2026 •

edited

Loading

Uh oh!

clawsweeper Bot commented May 20, 2026 •

edited

Loading

Uh oh!

clawsweeper Bot commented May 20, 2026 •

edited

Loading

Uh oh!

Uh oh!

almassolarenrgi commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

joshavant commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Linked Issue/PR

Real behavior proof (required for external PRs)

Root Cause

Regression Test Plan

Verification

Security Impact

Compatibility / Migration

Uh oh!

clawsweeper Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

clawsweeper Bot commented May 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Hatch command

Uh oh!

Uh oh!

almassolarenrgi commented May 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

joshavant commented May 20, 2026 •

edited

Loading

clawsweeper Bot commented May 20, 2026 •

edited

Loading

clawsweeper Bot commented May 20, 2026 •

edited

Loading