Fail Codex compaction at the Codex boundary

[pashpashpash]

Summary

Codex runtime compaction was still being treated like an OpenClaw-owned PI safeguard in a few places. OpenClaw could preflight-compact Codex reply turns, post-turn compact Codex CLI transcripts, let a context-engine plugin replace Codex app-server compaction, and force plugin compaction before or after Codex turn/start overflow handling.

That is the wrong boundary. Codex already owns automatic compaction inside the Codex runtime. OpenClaw should not predict when a Codex thread needs compaction and then rewrite the transcript around it. At best that duplicates the native harness. At worst it crosses runtime/auth boundaries, restarts the shared app-server, or drifts a Codex-backed OpenAI session into OpenClaw/public Responses summarization.

This tightens the contract. Automatic compaction for Codex runtime sessions is native Codex-owned. OpenClaw now skips its preflight and CLI automatic compaction paths for Codex, removes the Codex app-server context-engine forced-compaction paths, and no longer lets an ownsCompaction context engine take over Codex app-server compaction. Explicit compaction is still supported: /compact and plugin-requested/manual compaction requests are forwarded to Codex as native thread/compact/start, then OpenClaw returns immediately instead of waiting, timing out, restarting the shared app-server, or falling back to another summarizer.

The fail-closed behavior stays where it belongs. If native Codex compaction cannot be started because the native thread binding is missing or stale, OpenClaw reports that failure honestly. It does not restart the shared Codex app-server as a retry strategy, and it does not fall back to OpenClaw/public OpenAI compaction for Codex runtime sessions. Non-Codex pinned harnesses still keep their previous context-engine fallback path. The Codex harness docs now state that Codex owns native compaction and that context engines do not replace it.

Real behavior proof

Behavior addressed: Codex-runtime sessions should not be automatically compacted by OpenClaw preflight, CLI, context-engine, or public OpenAI summarization paths. Explicit/manual/plugin compaction should only start native Codex compaction through thread/compact/start, without OpenClaw waiting on completion, imposing its own timeout, restarting the shared app-server, counting the pending start as completed OpenClaw compaction, or falling back to another compaction backend.

Real environment tested: Pash's local dev agent was restarted from this branch at head 4b9b8ce0c065ce2e1cda49c027e4f3e2c0e3a295. Gateway reported 2026.5.24 running from /Users/pash/code/openclaw/dist/index.js, pid 56665, healthy loopback on 127.0.0.1:18789. The live proof used the real main agent with Codex OAuth auth redacted, provider openai-codex, model gpt-5.5, and the embedded Codex app-server harness.

Exact steps or command run after this patch: pnpm openclaw gateway restart; pnpm openclaw gateway status --deep; pnpm openclaw agent --agent main --session-key agent:main:codex-compaction-proof-85958-final-1779663763 --message "Final live proof turn 1 for PR 85958 on commit 81328167c4. Reply exactly: FINAL_PROOF_TURN_1_OK" --thinking minimal --timeout 600 --json; pnpm openclaw agent --agent main --session-key agent:main:codex-compaction-proof-85958-final-1779663763 --message "Final live proof turn 2 for PR 85958 on the same session. Reply exactly: FINAL_PROOF_TURN_2_OK" --thinking minimal --timeout 600 --json; after a second gateway restart on the latest head, pnpm openclaw agent --agent main --session-key agent:main:codex-compaction-proof-85958-pending-1779668199 --message "Live pending compact proof setup for PR 85958 on branch head 4b9b8ce0c0. Reply exactly: PENDING_PROOF_SETUP_OK" --thinking minimal --timeout 600 --json; a real Gateway sessions.compact RPC for that scratch session through src/gateway/call.ts; session-store before/after comparison of /Users/pash/.openclaw/agents/main/sessions/sessions.json; a follow-up live turn on the same scratch session after the pending native compact-start signal with pnpm openclaw agent --agent main --session-key agent:main:codex-compaction-proof-85958-pending-1779668199 --message "Post pending native compact-start live proof for PR 85958. Reply exactly: PENDING_PROOF_AFTER_COMPACT_OK" --thinking minimal --timeout 600 --json; rg -n 'thread/compact/start|preflight_compacting|falling back to context engine|Summarization failed|provider_error_4xx|"api":"openai-responses"|"modelApi":"openai-responses"|contextCompaction|gateway_timeout|EMBEDDED FALLBACK' /Users/pash/.openclaw/agents/main/sessions/e15cac51-53a1-440a-b0bf-4200389bfc70*; rg -n 'thread/compact|context_compacted|contextCompaction|Summarization failed|api.responses.write|openai-responses|Incorrect API key|falling back to context engine' /Users/pash/.openclaw/agents/main/agent/codex-home/sessions/2026/05/24/rollout-2026-05-24T17-16-47-019e5c7d-c8de-7570-b60b-96997e8da05d.jsonl; pnpm test src/gateway/server.sessions.compaction.test.ts src/auto-reply/reply/commands-compact.test.ts extensions/codex/src/app-server/compact.test.ts -- --reporter=dot; pnpm exec oxfmt --check --threads=1 extensions/codex/src/app-server/compact.ts extensions/codex/src/app-server/compact.test.ts src/auto-reply/reply/commands-compact.test.ts src/gateway/server.sessions.compaction.test.ts; git diff --check; pnpm check:changed; pnpm build.

Evidence after fix: Normal live turns stayed on the same Codex runtime session. Turn 1 returned exactly FINAL_PROOF_TURN_1_OK with run id 4a70de03-f779-488b-99d4-b2e4e362ea5b, session 7b1d9666-d817-4182-b3a4-43ca985d530f, Codex thread 019e5c3a-2533-7321-845e-44a55ab1545b, provider openai-codex, model gpt-5.5, agentHarnessId: codex, fallbackUsed: false, and runner embedded. Turn 2 returned exactly FINAL_PROOF_TURN_2_OK with run id dfbb3821-57c6-44e7-972e-47e66a71f3ee and the same session/provider/model/harness. The latest-head scratch setup turn returned exactly PENDING_PROOF_SETUP_OK with run id 4a420ac5-9a08-42f8-9054-c8a67adefec9, session e15cac51-53a1-440a-b0bf-4200389bfc70, Codex thread 019e5c7d-c8de-7570-b60b-96997e8da05d, provider openai-codex, model gpt-5.5, agentHarnessId: codex, fallbackUsed: false, runner embedded, and promptTokens: 46541. The real Gateway sessions.compact call returned ok: true, compacted: false, tokensAfter: null, and details { "backend": "codex-app-server", "threadId": "019e5c7d-c8de-7570-b60b-96997e8da05d", "signal": "thread/compact/start", "pending": true }. The session store was unchanged immediately after the pending native compact start: compactionCount remained unset, totalTokens remained 46541, and totalTokensFresh remained true. The Gateway log recorded started codex app-server compaction for the same session and thread. The follow-up turn after that compact-start signal returned exactly PENDING_PROOF_AFTER_COMPACT_OK with run id 3fca6dbc-9bab-4d8d-847b-250138764fda, the same session id, provider openai-codex, model gpt-5.5, agentHarnessId: codex, fallbackUsed: false, and runner embedded. After that normal turn, the session store still had compactionCount unset and updated only normal token bookkeeping to totalTokens: 50857. The Codex rollout recorded the expected native context_compacted event for thread 019e5c7d-c8de-7570-b60b-96997e8da05d, showing Codex completed its own compaction path after OpenClaw started it. The session-file grep found no OpenClaw preflight compaction, context-engine fallback, public openai-responses metadata, Gateway timeout fallback, or embedded fallback artifacts. The Codex rollout grep found no Codex compaction failure, public OpenAI Responses summarization, api.responses.write failure, or context-engine fallback strings.

Observed result after fix: The live dev agent stayed on the Codex runtime for normal turns and explicit compact-start proof, resumed Codex-backed scratch sessions correctly after Gateway restarts, and did not drift into OpenClaw/public Responses compaction. Explicit compaction now behaves as a native Codex start signal: OpenClaw forwards thread/compact/start, reports the start as pending rather than completed, and leaves compaction counters alone while Codex owns the async result internally. The tests lock this down across the app-server, channel /compact, and Gateway sessions.compact seams so future changes do not reintroduce OpenClaw-owned Codex compaction fallbacks or completed-state bookkeeping for pending native starts.

What was not tested: I did not force a destructive live compaction timeout on Pash's running personal dev-agent conversation, and I did not trigger a human-authored Discord or Telegram /compact message from a live chat client. The actual Gateway sessions.compact path was exercised against a real Codex-backed scratch session on the running dev agent, and the channel command behavior is covered by focused tests around the same pending native result shape.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 24, 2026, 11:27 PM ET / 03:27 UTC.

Summary
This PR removes OpenClaw-owned automatic and fallback compaction for Codex runtime sessions, forwards explicit compaction as pending native thread/compact/start, and updates Codex docs, changelog, and focused tests.

PR surface: Source -556, Tests -637, Docs +5. Total -1188 across 18 files.

Reproducibility: yes. Source inspection on current main shows the OpenClaw-owned Codex preflight, context-engine, wait/restart, and fallback compaction paths, and the PR body provides live after-fix Gateway/Codex proof.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Get maintainer approval on the fail-closed Codex compaction boundary versus the narrower compatibility-preserving path.

Risk before merge

• Existing Codex runtime users who relied on OpenClaw preflight, CLI, context-engine, public OpenAI summarizer fallback, or app-server restart-on-timeout behavior will now see Codex-native ownership or a visible fail-closed error instead.
• Missing or stale native Codex thread bindings no longer recover through context-engine compaction, so this can expose session availability failures that the old fallback hid.
• The related open maintainer PR fix Codex preflight compaction auth routing #86292 is a narrower preflight auth-routing alternative; maintainers should decide whether this broader boundary change supersedes it.
• This read-only review did not rerun the live Gateway/Codex commands from the PR body.

Maintainer options:

1. Approve the Codex-owned boundary (recommended)
   If maintainers agree that Codex must own automatic compaction, land this after owner review as an intentional fail-closed behavior change with the existing docs and proof.
2. Preserve a compatibility mode first
   If existing fallback recovery must remain the default, revise the PR to keep compatibility by default and make strict native-only compaction explicit and tested.
3. Defer to the narrower auth-routing fix
   If the boundary change is too broad for this release, pause or close this PR and review the narrower open preflight auth-routing PR instead.

Next step before merge
Protected maintainer labeling plus intentional fail-closed compatibility, session-state, and availability changes require maintainer judgment rather than a ClawSweeper repair lane.

Security
Cleared: The diff does not change workflows, dependencies, lockfiles, package scripts, downloaded code, or secret storage; the auth/runtime boundary change is a maintainer compatibility decision rather than a concrete security regression.

Review details

Best possible solution:

Make an explicit maintainer decision on the Codex compaction ownership boundary; if fail-closed native Codex ownership is intended, this PR is the coherent path, otherwise preserve compatibility and land a narrower routing fix such as #86292.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection on current main shows the OpenClaw-owned Codex preflight, context-engine, wait/restart, and fallback compaction paths, and the PR body provides live after-fix Gateway/Codex proof.

Is this the best way to solve the issue?

Likely yes if maintainers agree with the boundary decision. The patch consistently removes duplicate OpenClaw-owned Codex compaction and aligns docs/tests around native pending starts, but the fail-closed compatibility and availability impact needs owner approval.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3db1508f1ee7.

Label changes

Label justifications:

• P1: The PR changes a live Codex agent/channel compaction workflow and can affect real sessions immediately.
• merge-risk: 🚨 compatibility: The diff intentionally removes fallback compaction and restart recovery paths that existing Codex users may currently depend on.
• merge-risk: 🚨 session-state: The change alters how pending native compaction updates session counters, token freshness, and transcript ownership around Codex thread state.
• merge-risk: 🚨 availability: Missing or stale native bindings now fail closed instead of falling back, so compaction attempts can become visible runtime failures.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes detailed after-fix live Codex/Gateway terminal proof, redacted runtime evidence, negative fallback greps, and focused validation commands for the changed behavior.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes detailed after-fix live Codex/Gateway terminal proof, redacted runtime evidence, negative fallback greps, and focused validation commands for the changed behavior.

Evidence reviewed

PR surface:

Source -556, Tests -637, Docs +5. Total -1188 across 18 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	7	203	759	-556
Tests	8	431	1068	-637
Docs	3	38	33	+5
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	18	672	1860	-1188

What I checked:

• protected maintainer signal: Live PR metadata lists the protected maintainer label plus compatibility, session-state, and availability merge-risk labels, so this PR should stay open for maintainer handling rather than cleanup closure. (4b9b8ce0c065)
• current-main Codex compaction behavior: Current main still lets an active context engine own Codex app-server compaction and has native compaction wait/retry/restart bookkeeping around thread/compact/start, which is the behavior this PR intentionally removes. (extensions/codex/src/app-server/compact.ts:51, 3db1508f1ee7)
• PR native compaction boundary: The PR branch makes maybeCompactCodexAppServerSession only start native Codex compaction, returns immediately, and reports the native start as ok: true, compacted: false, pending: true. (extensions/codex/src/app-server/compact.ts:17, 4b9b8ce0c065)
• PR automatic preflight skip: The PR branch skips OpenClaw memory-flush preflight compaction when the persisted or policy-resolved runtime is Codex, leaving automatic compaction to the native runtime. (src/auto-reply/reply/agent-runner-memory.ts:633, 4b9b8ce0c065)
• pending-state coverage: The PR adds Gateway coverage asserting sessions.compact treats Codex native compact start as pending, emits completed: false, and preserves compaction/token counters. (src/gateway/server.sessions.compaction.test.ts:394, 4b9b8ce0c065)
• real behavior proof: The PR body includes after-fix live dev-agent proof for real Codex-backed turns, a real Gateway sessions.compact call returning pending native start, unchanged session-store counters, a follow-up live turn, negative fallback greps, and focused validation commands. (4b9b8ce0c065)

Likely related people:

• vincentkoc: Current-main blame for the central Codex compaction and adjacent memory/queued fallback lines points to recent work by Vincent Koc across the affected runtime paths. (role: recent area contributor; confidence: medium; commits: af0776987136; files: extensions/codex/src/app-server/compact.ts, src/auto-reply/reply/agent-runner-memory.ts, src/agents/pi-embedded-runner/compact.queued.ts)
• steipete: File history for the Codex app-server compaction surface includes the original app-server controls and later stabilization work by Peter Steinberger. (role: feature-history contributor; confidence: medium; commits: 31a0b7bd42a5, 8d72aafdbb8d, 9ac7a0398213; files: extensions/codex/src/app-server/compact.ts, extensions/codex/src/app-server/run-attempt.ts, docs/plugins/codex-harness.md)
• amknight: The related open member-authored PR addresses Codex preflight compaction auth routing on the overlapping auto-reply memory path, which matters if maintainers choose the narrower compatibility path. (role: adjacent follow-up owner; confidence: medium; commits: 66354a42582b; files: src/auto-reply/reply/agent-runner-memory.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Frosted Clawlet

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: collects tiny proofs.
Image traits: location proof lagoon; accessory miniature diff map; palette cobalt, lime, and pearl; mood sleepy but ready; pose leaning over a miniature review desk; shell starlit enamel shell; lighting golden review-room light; background small review tokens.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Frosted Clawlet in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[pashpashpash]

@clawsweeper re-review

Addressed the CLI fallback gap: Codex native-harness compaction now fails closed in src/agents/command/cli-compaction.ts, and src/agents/command/cli-compaction.test.ts now asserts stale Codex native bindings do not call context-engine compaction, maintenance, or store recording. The non-Codex pinned-harness fallback test still covers the supported fallback behavior outside Codex.

Validation rerun on the new head: pnpm test extensions/codex/src/app-server/compact.test.ts src/agents/pi-embedded-runner/compact.hooks.test.ts src/agents/command/cli-compaction.test.ts -- --reporter=dot; targeted oxfmt --check; git diff --check; pnpm check:changed; pnpm build.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26354696335
• Updated: 2026-05-24T07:13:39.185Z

[pashpashpash]

@clawsweeper re-review

Updated this PR to leave automatic Codex-runtime compaction to Codex itself. OpenClaw now skips reply preflight and CLI automatic compaction for Codex runtime sessions, removes app-server context-engine forced compaction before/after Codex turn overflow handling, and still forwards explicit/manual/plugin compaction requests to native Codex thread/compact/start.

Exact-head Real behavior proof is green on 83e5f860189da1515432b945ff3fcaed1aeceacb. Local validation also passed: pnpm test extensions/codex/src/app-server/compact.test.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/command/cli-compaction.test.ts extensions/codex/src/app-server/run-attempt.context-engine.test.ts extensions/codex/src/app-server/run-attempt.test.ts src/agents/pi-embedded-runner/compact.hooks.test.ts -- --reporter=dot; pnpm check:changed; pnpm build; targeted oxfmt --check; git diff --check.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26374073710
• Updated: 2026-05-24T22:12:19.527Z

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26381689748
• Updated: 2026-05-25T03:39:41.954Z

[pashpashpash]

@clawsweeper re-review

I added one more live proof point after the pending-state fix: after the real Gateway sessions.compact call returned the pending thread/compact/start result, the same scratch Codex session handled another live turn successfully with fallbackUsed: false, and the Codex rollout recorded the native context_compacted event. The PR body now includes that evidence too.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26376908849
• Updated: 2026-05-25T00:32:50.435Z