fix(agent): abort accepted gateway runs on signal

[Kaspre]

Fixes #71710.

This makes openclaw agent signal handling abort Gateway-backed runs instead of only killing the local CLI process. When the CLI receives SIGINT or SIGTERM, it now aborts the active Gateway request, asks the Gateway to cancel the accepted agent run, retries that cancellation on the same connection, and falls back to a fresh authorized chat.abort call if the original connection closes before cancellation is confirmed.

The Gateway side now registers agent abort state before sending the accepted ack, supports pre-registration chat.abort and /stop races, preserves pending accepted agent dedupe entries until the actual run timeout, and keeps duplicate retries from spawning a second agent run. The CLI exits with the normal signal status (130/143) after cleanup, including the case where the Gateway run resolves just as a signal arrives.

Docs now call out the recommended hard-kill backstop for cron/systemd wrappers while describing the new graceful Gateway abort behavior.

Real behavior proof

Behavior or issue addressed: openclaw agent Gateway runs could leave the remote agent work alive after the local CLI received SIGTERM/SIGINT, especially after the Gateway had accepted the run. This patch makes the CLI request cancellation and makes the Gateway able to abort active and pre-registered accepted agent runs.

Real environment tested: GCP Crabbox Spot VM in us-east1-b, Node v24.15.0, pnpm 11.1.0, branch head ea5dfbaf324669c917dac22084889a602cca9c2e, merge base c8a953af9371f0c1e5980283abf554f89f641fea.

Exact steps or command run after this patch: Remote validation ran pnpm install --frozen-lockfile --reporter=append-only, a real loopback Gateway/CLI SIGTERM proof script against the source CLI through tsx, and focused Vitest coverage for the abort paths touched by the current-head CI fix. The earlier runtime-equivalent head also passed pnpm build, a loopback Gateway/CLI/provider SIGTERM proof, focused command/gateway suites, and pnpm check:changed; the follow-up current-head commit only updates test helper shape.

Evidence after fix: Terminal output from the remote proof included:

proof.ok=true
remote.head=ea5dfbaf324669c917dac22084889a602cca9c2e
remote.base=c8a953af9371f0c1e5980283abf554f89f641fea
gateway.url=ws://127.0.0.1:39041
connect.requests=1
agent.message=live SIGTERM proof
agent.sessionKey=agent:main:main
accepted.runId=proof-run-84381
signal.sent=SIGTERM
abort.runId=proof-run-84381
abort.sessionKey=agent:main:main
child.exit.code=143
child.stderr=
Test Files 2 passed (2)
Tests 12 passed (12)

Earlier runtime-head suites passed before the test-helper-only follow-up: src/commands/agent-via-gateway.test.ts 29 passed, src/gateway/server-methods/agent.test.ts 112 passed, src/gateway/call.test.ts plus src/gateway/client.watchdog.test.ts 97 passed, and src/gateway/server-maintenance.test.ts 14 passed. pnpm check:changed passed all selected lanes, including typecheck, lint shards, and runtime import cycles.

Observed result after fix: The Gateway-backed CLI run receives SIGTERM, confirms the accepted Gateway agent run is aborted, closes the provider request, and exits as a signal termination (143) instead of leaving the provider stream/run alive. The model-override path preserves backend/admin authority for the fallback abort.

What was not tested: No live third-party provider was called; the real proof used loopback Gateway/provider surfaces so abort/close behavior was deterministic. The full loopback provider-close proof and pnpm check:changed were run on 736a39082690389e0b25b6baae089a7f03af5534; the current head ea5dfbaf324669c917dac22084889a602cca9c2e refresh reran the source-CLI accepted-run SIGTERM proof and the focused abort tests after rebasing onto c8a953af9371f0c1e5980283abf554f89f641fea.

Review gates

• Codex review accepted five issues during development; all were fixed and the final Codex review reported no actionable regressions.
• Claude review was run read-only from a prepared local file containing the full diff and remote evidence; it reported no actionable correctness regressions.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Latest ClawSweeper review: 2026-05-22 08:12 UTC / May 22, 2026, 4:12 AM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR wires openclaw agent SIGINT/SIGTERM into Gateway request cancellation, expands accepted/pre-registered agent abort and dedupe handling, documents cron hard-kill backstops, and adds focused CLI/Gateway tests.

Reproducibility: yes. source-reproducible: current main does not pass an abort signal or accepted-run abort hook into the Gateway-backed openclaw agent request, and the linked report provides concrete cron/SIGTERM steps. I did not run the multi-day cron reproduction in this read-only review.

PR rating
Overall: 🦐 gold shrimp
Proof: 🦐 gold shrimp
Patch quality: 🐚 platinum hermit
Summary: The implementation looks reviewable and well-covered, but current-head real behavior proof is stale relative to the latest production commit.

Rank-up moves:

• Update the PR body with current-head real behavior proof for the SIGTERM accepted-run abort path.
• Have a maintainer explicitly approve or adjust the same-owner/admin stale-session abort boundary.
• Document whether any remaining red checks are inherited from the current base before landing.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs stronger real behavior proof before merge: The PR body has strong terminal proof for ea5dfbaf324669c917dac22084889a602cca9c2e, but latest head d512c73bd610c35b41668325095762e521274494 adds production abort behavior after that proof; add current-head terminal/live output or a maintainer override, with private endpoints, tokens, phone numbers, and other secrets redacted. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• The latest head d512c73bd610c35b41668325095762e521274494 includes a production abort stop-reason change after the terminal proof recorded in the PR body, so current-head real behavior proof is incomplete.
• The PR intentionally allows admin or the same owner connection/device to abort by run id even when the submitted session key is stale; that security boundary should be explicitly accepted by maintainers.
• The patch changes CLI signal shutdown, Gateway client teardown, accepted-run dedupe, duplicate-run responses, and active-run cleanup; inherited red CI claims should be verified or documented before merge.

Maintainer options:

1. Refresh Current-Head Proof (recommended)
   Run or attach real terminal/Crabbox proof on d512c73bd610c35b41668325095762e521274494 or newer showing accepted-run SIGTERM abort, stop reason preservation, and signal exit behavior.
2. Accept Maintainer Override
   A maintainer may explicitly accept the existing proof plus the small follow-up commit if they are comfortable owning the unrerun production delta.
3. Pause For Stricter Abort Policy
   If stale-session same-owner aborts are not an acceptable boundary, pause the PR for a narrower design before merge.

Next step before merge
Maintainers need to refresh or override current-head proof and decide the same-owner/admin abort boundary before merge; there is no narrow automated code repair to queue.

Security
Cleared: No concrete security defect found in the diff; the broadened abort path is bounded to admin or same-owner connection/device checks and has targeted authorization tests, but it remains a maintainer approval risk.

Review details

Best possible solution:

Land the Gateway/CLI abort fix after current-head SIGTERM proof and maintainer approval of the same-owner/admin abort authorization boundary.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible: current main does not pass an abort signal or accepted-run abort hook into the Gateway-backed openclaw agent request, and the linked report provides concrete cron/SIGTERM steps. I did not run the multi-day cron reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, with one merge gate: carrying the signal through the CLI request, aborting accepted Gateway runs, and preserving duplicate/pre-registration state is the right boundary. The remaining issue is current-head proof and maintainer acceptance of the abort authorization semantics, not a narrower code defect I can identify.

Label changes:

• add rating: 🦐 gold shrimp: Current PR rating is 🦐 gold shrimp because proof is 🦐 gold shrimp, patch quality is 🐚 platinum hermit, and The implementation looks reviewable and well-covered, but current-head real behavior proof is stale relative to the latest production commit.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body has strong terminal proof for ea5dfbaf324669c917dac22084889a602cca9c2e, but latest head d512c73bd610c35b41668325095762e521274494 adds production abort behavior after that proof; add current-head terminal/live output or a maintainer override, with private endpoints, tokens, phone numbers, and other secrets redacted. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.
• remove status: 👀 ready for maintainer look: Current PR status label is status: 📣 needs proof.

Label justifications:

• P1: The linked bug can leave Gateway-backed cron agent processes alive until host memory or swap is exhausted.
• merge-risk: 🚨 security-boundary: The PR changes who may cancel active runs by allowing admin or same owner connection/device aborts even when session keys drift.
• merge-risk: 🚨 availability: The PR changes signal shutdown, Gateway teardown, dedupe expiry, and duplicate-run handling on an agent availability path.
• rating: 🦐 gold shrimp: Current PR rating is 🦐 gold shrimp because proof is 🦐 gold shrimp, patch quality is 🐚 platinum hermit, and The implementation looks reviewable and well-covered, but current-head real behavior proof is stale relative to the latest production commit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body has strong terminal proof for ea5dfbaf324669c917dac22084889a602cca9c2e, but latest head d512c73bd610c35b41668325095762e521274494 adds production abort behavior after that proof; add current-head terminal/live output or a maintainer override, with private endpoints, tokens, phone numbers, and other secrets redacted. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Acceptance criteria:

• Current-head Crabbox or equivalent terminal proof for a Gateway-backed openclaw agent SIGTERM after accepted ack, showing chat.abort, provider/request closure, stop reason, and exit 143.
• Focused tests named in the PR body: src/commands/agent-via-gateway.test.ts, src/gateway/server-methods/agent.test.ts, src/gateway/call.test.ts, src/gateway/client.watchdog.test.ts, and src/gateway/server-maintenance.test.ts.
• Relevant changed-check or CI evidence showing any remaining failures are inherited from current main.

What I checked:

• Current main lacks a signal bridge for Gateway-backed agent runs: On current main, agentViaGatewayCommand calls callGateway({ method: "agent", expectFinal: true }) without passing an AbortSignal, accepted callback, or abort hook; agentCliCommand falls through to embedded fallback only on Gateway transport errors. (src/commands/agent-via-gateway.ts:282, 6981051682f2)
• PR adds CLI signal handling and Gateway abort fallback: The PR head creates a signal bridge, passes its signal into callGateway, captures accepted run context, tries chat.abort on the active connection, and falls back to a fresh authorized Gateway call when needed. (src/commands/agent-via-gateway.ts:225, d512c73bd610)
• PR adds Gateway request abort plumbing: The PR head extends callGateway and GatewayClient.request with signal, onAccepted, and onSignalAbort plumbing so the CLI can interrupt an expect-final request and still use the active connection for cleanup before teardown. (src/gateway/call.ts:69, d512c73bd610)
• PR expands accepted agent abort coverage: The Gateway branch registers an agent abort controller before the accepted ack, records owner connection/device data, returns in_flight for duplicate active runs, and handles pre-registration aborts before dispatch. (src/gateway/server-methods/agent.ts:1579, d512c73bd610)
• Authorization-sensitive behavior has targeted tests: The PR tests owner/stale-session aborts, unauthorized pre-accept abort rejection, same-device/admin authorization, and accepted-ack abort races; I did not run these tests in the read-only checkout. (src/gateway/server-methods/agent.test.ts:4172, d512c73bd610)
• Real behavior proof is not current-head complete: The PR body terminal proof names branch head ea5dfbaf324669c917dac22084889a602cca9c2e, while the live context shows the current head is d512c73bd610c35b41668325095762e521274494 with an additional production commit preserving stop reason for deferred agent aborts. (d512c73bd610)

Likely related people:

• Dallin Romney: Local blame attributes much of current main's Gateway-backed agent CLI and Gateway server-method code to the grafted d391434f4e... commit, though history is shallow around that graft. (role: recent area contributor; confidence: medium; commits: d391434f4e45; files: src/commands/agent-via-gateway.ts, src/gateway/server-methods/agent.ts, src/gateway/server-methods/chat.ts)
• Kaspre: Kaspre has a recent merged current-main commit on the same openclaw agent session-key path, independent of authoring this PR. (role: recent adjacent contributor; confidence: medium; commits: eb7f3b7b50c5; files: src/commands/agent-via-gateway.ts)
• steipete: The live timeline shows steipete force-pushed maintainer commits onto this PR, and current main has adjacent Gateway connect assembly refactor work by Peter Steinberger. (role: recent branch and adjacent Gateway contributor; confidence: medium; commits: d512c73bd610, d72cdfbdb342, b2a0bfab4329; files: CHANGELOG.md, src/gateway/call.ts, src/gateway/server-methods/agent.ts)
• samzong: A recent current-main Gateway connect failure fix touches adjacent callGateway behavior, but not the central abort semantics. (role: recent adjacent Gateway contributor; confidence: low; commits: 0e47815e6ec9; files: src/gateway/call.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6981051682f2.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.

[Kaspre]

CI ownership note, updated after rebase: I compared the refreshed PR CI run on head eab8d79192881ab107d20cfec7a41a0269cb7944 (CI run 26186683905) with the latest main CI run for the exact base commit 1a7669bc63a0c3731577465b130873e849fc2773 (CI run 26182360140). The same 4 CI jobs are failing on both runs:

• check-lint
• check-test-types
• check-additional-extension-bundled
• checks-node-core-runtime-infra-state

The earlier PR run had 13 failures on base c8a953af9371f0c1e5980283abf554f89f641fea; rebasing onto latest main reduced the inherited red surface to the current 4 failures. These remaining red checks appear inherited from main, not caused by this PR. I am leaving the PR code and accepted real behavior proof unchanged until there is a green base worth rebasing onto.

[Takhoffman]

@clawsweeper ask is this code overly complex? loc is a bit high

[clawsweeper]

🦞👀
ClawSweeper assist is taking a look at your question.

I queued a lightweight read-only assist pass. It will post a separate answer comment and will not edit the durable ClawSweeper review comment or trigger close, merge, repair, label, or branch changes.

Request: repair

[clawsweeper]

ClawSweeper assist: Yes, LOC is high, but the supplied context suggests most of the size is from tests and edge-case coverage rather than gratuitous production code. The production change is still non-trivial because it crosses CLI signal handling, Gateway request aborts, accepted-run dedupe, and chat.abort authorization/race handling. I would treat this as “complex but plausibly justified,” with maintainer attention on whether the same-owner/admin abort semantics are the right boundary.

Evidence:

• PR size is large: 2,955 additions / 330 deletions across 15 files.
• The biggest chunks are tests: src/gateway/server-methods/agent.test.ts +928, src/commands/agent-via-gateway.test.ts +678, plus focused Gateway/client/maintenance tests.
• Production LOC is concentrated in the expected hot paths: agent-via-gateway.ts +395/-74, server-methods/agent.ts +279/-98, server-methods/chat.ts +218/-6, gateway/call.ts +87/-12, gateway/client.ts +54/-7.
• The earlier ClawSweeper review did not flag a concrete simplification bug, but did call out the abort authorization boundary and availability behavior as maintainer-review points.
• The PR has real loopback SIGTERM proof showing accepted run abort and exit 143, plus focused tests passing on the abort paths.

Suggested next action: If you want a real complexity/correctness judgment on whether this can be simplified safely, ask @clawsweeper review; this lightweight pass can only say the LOC looks mostly risk-driven, not obviously inflated from the supplied context.

---

Source: #84381 (comment)
Assist model: gpt-5.5, reasoning low.

[Takhoffman]

@clawsweeper fix

[clawsweeper]

🦞🔧
ClawSweeper could not start an implementation PR for this issue.

Reason: implementation PR creation must be requested on an issue; use autofix or automerge for pull requests.

This lane creates PRs only; it does not merge or close the issue.

[Takhoffman]

@clawsweeper repair

[clawsweeper]

ClawSweeper assist: @clawsweeper repair is not the right PR command here. For a PR needing branch edits or CI repair, use the existing PR repair command such as @clawsweeper fix ci or the appropriate maintainer autofix/address-review command.

Evidence:

• PR is fix(agent): abort accepted gateway runs on signal #84381 and is open at head 1438d8e3a7666bf092ab4944b16921f5d4060d95.
• The prior @clawsweeper fix attempt failed because implementation PR creation only applies to issues, not pull requests.
• Current context shows inherited CI failures were reported by the author, but no new concrete repair target is identified in the supplied context.

Suggested next action: Comment @clawsweeper fix ci if the goal is CI repair on this PR; use @clawsweeper review first if you want a fresh correctness/complexity review before repair.

---

Source: #84381 (comment)
Assist model: gpt-5.5, reasoning low.

[Takhoffman]

@clawsweeper fix ci

[clawsweeper]

🦞🔧
ClawSweeper did not dispatch a repair worker for this one.

Reason: repair commands require a ClawSweeper PR or a PR opted into ClawSweeper autofix or automerge.

Supported re-review commands work on open issues and PRs: /review, /clawsweeper re-review, or @clawsweeper re-review.
Supported issue implementation commands work on open issues: /clawsweeper implement, @clawsweeper fix, /clawsweeper build, @clawsweeper create pr, or @clawsweeper fix issue.
Supported repair commands work on existing ClawSweeper PRs and PRs opted into clawsweeper:autofix or clawsweeper:automerge: /clawsweeper fix ci, /clawsweeper address review, /clawsweeper rebase.
A maintainer can opt a PR in with /clawsweeper autofix or /clawsweeper automerge and I can take another pass.
A maintainer can close unsupported or declined work with /autoclose <reason>.

[clawsweeper]

ClawSweeper assist: Yes, LOC is high, but from the supplied context it looks mostly driven by tests and race/abort edge cases, not obviously gratuitous complexity. The production change is still inherently broad because it spans CLI signal handling, Gateway request aborts, accepted-run dedupe, duplicate run behavior, and chat.abort authorization.

Evidence:

• PR is size: XL: 2,955 additions / 330 deletions across 15 files.
• Largest changes are tests: src/gateway/server-methods/agent.test.ts +928 and src/commands/agent-via-gateway.test.ts +678.
• Production changes are concentrated in expected hot paths: agent-via-gateway.ts, gateway/call.ts, gateway/client.ts, server-methods/agent.ts, server-methods/chat.ts, and maintenance dedupe handling.
• Prior ClawSweeper review did not identify a concrete simplification bug; it flagged the same-owner/admin abort semantics as the main maintainer judgment point.
• The PR includes loopback SIGTERM proof showing accepted run abort and exit 143, plus focused abort-path tests.

Suggested next action: For a full complexity/correctness judgment on whether this can be simplified safely, ask @clawsweeper review.

---

Source: #84381 (comment)
Assist model: gpt-5.5, reasoning low.

[clawsweeper]

ClawSweeper assist: @clawsweeper repair is not the right PR command here. This PR is contributor-authored and is not opted into ClawSweeper autofix/automerge, so repair workers will not run on it as-is.

Evidence:

• PR: fix(agent): abort accepted gateway runs on signal #84381
• Prior @clawsweeper fix failed because implementation PR creation applies to issues, not pull requests.
• Prior @clawsweeper fix ci failed because repair commands require a ClawSweeper PR or a PR opted into clawsweeper:autofix / clawsweeper:automerge.
• The current context identifies inherited CI failures but no concrete branch-edit target.

Suggested next action: Use @clawsweeper review for a fresh correctness pass, or opt the PR into the existing repair flow first if you want CI repair attempted.

---

Source: #84381 (comment)
Assist model: gpt-5.5, reasoning low.

[clawsweeper]

🦞👀
ClawSweeper assist is taking a look at your question.

I queued a lightweight read-only assist pass. It will post a separate answer comment and will not edit the durable ClawSweeper review comment or trigger close, merge, repair, label, or branch changes.

Request: is this code overly complex? loc is a bit high

[clawsweeper]

ClawSweeper assist: Yes, LOC is high, but the supplied context suggests the size is mostly from tests and race-condition coverage, not obviously needless complexity. The production change is still inherently broad because it crosses CLI signal handling, Gateway request aborts, accepted-run dedupe, duplicate-run behavior, and chat.abort authorization.

Evidence:

• PR is size: XL: 3,061 additions / 366 deletions across 17 files.
• Largest deltas are tests: src/gateway/server-methods/agent.test.ts +1026/-152 and src/commands/agent-via-gateway.test.ts +677.
• Production changes are concentrated in the expected paths: agent-via-gateway.ts, gateway/call.ts, gateway/client.ts, server-methods/agent.ts, server-methods/chat.ts, and maintenance dedupe handling.
• Prior ClawSweeper review did not identify a concrete simplification bug; it flagged the same-owner/admin abort boundary and current-head proof as maintainer judgment points.
• Current head is d512c73bd610c35b41668325095762e521274494, after newer production changes beyond the proof cited in the PR body.

Suggested next action: For a real simplification/correctness review of the current head, ask @clawsweeper review.

---

Source: #84381 (comment)
Assist model: gpt-5.5, reasoning low.

[steipete]

Verification for landing:

• Rebased PR branch onto current origin/main (6981051682).
• Focused local tests: pnpm test src/commands/agent-via-gateway.test.ts src/gateway/call.test.ts src/gateway/client.watchdog.test.ts src/gateway/server-maintenance.test.ts src/gateway/server-methods/agent.test.ts src/gateway/server-methods/chat.abort-persistence.test.ts -- --reporter=verbose passed: 230 gateway tests + 45 command tests.
• Changed gate: Blacksmith Testbox tbx_01ks7bbff12wy5wndyet6wk7pd, Actions run https://github.com/openclaw/openclaw/actions/runs/26276042035, exit 0.
• Autoreview after fixup: clean, no accepted/actionable findings.
• PR CI on head d512c73bd6 is mergeable/clean; stale cancelled bot checks in the rollup are from older heads and were ignored.

Also added the maintainer changelog entry and a small fixup for the /stop pre-dispatch race found during autoreview, preserving stopReason: "stop" when /stop aborts an accepted agent run before dispatch starts.

Thanks @Kaspre.