fix(tui): queue prompts submitted while busy

[neeravmakwana]

Summary

• Lets normal OpenClaw TUI prompts submitted during an active run reach sendChat so existing queue policy can decide whether to steer, follow up, collect, or interrupt.
• Keeps the existing single pending-submit UI guard: once a queued submit is waiting for registration, additional normal submits still show the busy message instead of creating overlapping local pending state.
• Adds unit coverage for the active-run submit path and PTY coverage that types into the real TUI loop while a run is streaming.
• Intentionally out of scope: changing queue policy semantics, Telegram behavior, gateway protocol, Esc abort selection, or allowing multiple locally pending TUI submits at once.

Linked context

Closes #86673

Root cause: the TUI had two pre-ingress guards. canSubmitTuiChatMessage rejected normal editor submits whenever activeChatRunId was set, and sendMessage returned with agent is busy — press Esc to abort before sending a new message before calling client.sendChat. Queue modes only apply after a message reaches the backend, so TUI follow-ups could not enter the existing queue machinery.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: TUI normal prompts typed during an active run now enter the backend sendChat path instead of being blocked before queue handling.
• Real environment tested: local source checkout on macOS, built with pnpm build; TUI PTY harness exercising the real runTui() terminal loop with a fake TuiBackend; live Telegram comparison from the local Telegram bot setup, with participant details intended to be redacted in the screenshot the author will attach manually.
• Exact steps or command run after this patch:
  • pnpm build
  • git diff --check origin/main...HEAD
  • node scripts/run-vitest.mjs src/tui/tui.test.ts src/tui/tui-command-handlers.test.ts src/tui/tui.submit-handler.test.ts
  • node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts -- -t "submits a follow-up prompt while a run is streaming"
  • pnpm check:changed
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

Redacted after-patch PTY behavior log:

User typed: streaming prompt
TUI displayed: PTY_STREAMING: streaming prompt
User typed during active stream: queued while streaming
Fixture backend log, redacted:
  { "method": "sendChat", "payload": { "sessionKey": "agent:main:main", "message": "streaming prompt", "deliver": false } }
  { "method": "sendChat", "payload": { "sessionKey": "agent:main:main", "message": "queued while streaming", "deliver": false } }
TUI later displayed: PTY_RESPONSE: streaming prompt

After-patch command output:

$ node scripts/run-vitest.mjs src/tui/tui.test.ts src/tui/tui-command-handlers.test.ts src/tui/tui.submit-handler.test.ts
Test Files  3 passed (3)
Tests       98 passed (98)

$ node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts -- -t "submits a follow-up prompt while a run is streaming"
Test Files  1 passed (1)
Tests       12 passed (12)

$ pnpm check:changed
[check:changed] lanes=core, coreTests
[check:changed] typecheck core
[check:changed] typecheck core tests
[check:changed] lint core
Import cycle check: 0 runtime value cycle(s).

Live Telegram comparison, copied from the manual run with user identity details omitted:

User: Please start a long-running proof task. Wait about 60 seconds before your final answer. While waiting, if you receive another message, handle it according to the queue behavior and mention that queued follow-up explicitly in your final answer.
User: Queued follow-up proof: please include the exact phrase TELEGRAM_QUEUE_PROOF_OK in your final answer.
Telegram bot: I've started a long-running proof task for you. It will complete and deliver "PROOF-C-85314 DONE" in about 60 seconds. If I receive any other messages while waiting, I will handle them as queued follow-ups and explicitly mention them in my final answer.
Telegram bot: I've received your queued follow-up, and I will ensure that the phrase "TELEGRAM_QUEUE_PROOF_OK" is included in my final answer, which will be delivered once the long-running proof task completes in about 60 seconds.
Telegram bot: Okay, I see that "PROOF-C-85314 DONE" from cron job long_running_proof_task has completed.

Before evidence:

$ node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts -- -t "blocks overlapping normal messages while a run is busy"
Test Files  1 passed (1)
Tests       11 passed (11)

Pre-patch PTY scenario:
User typed: slow prompt
User typed while busy: second prompt
TUI displayed: agent is busy — press Esc to abort before sending a new message
Fixture backend log, redacted:
  { "method": "sendChat", "payload": { "sessionKey": "agent:main:main", "message": "slow prompt", "deliver": false } }
No `sendChat` entry was recorded for `second prompt`.

• Observed result after fix: the busy-time follow-up reaches queue ingress via sendChat; the visible busy message is reserved for the narrower case where a previous queued submit is still pending registration.
• Proof limitations or environment constraints: the PTY harness proves the TUI terminal loop and backend ingress, not real Gateway transport. The Telegram sequence is comparison evidence for asynchronous channel behavior and will be augmented by a manually attached screenshot.

Tests and validation

Commands run:

• pnpm build
• git diff --check origin/main...HEAD
• node scripts/run-vitest.mjs src/tui/tui.test.ts src/tui/tui-command-handlers.test.ts src/tui/tui.submit-handler.test.ts
• node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts -- -t "submits a follow-up prompt while a run is streaming"
• pnpm check:changed

Regression coverage updated:

• canSubmitTuiChatMessage now asserts gateway submits are allowed during active runs unless a pending optimistic send already exists.
• Command-handler tests assert the primary behavior (sendChat called while active), observable UI side effects (addUser, no busy message), and preserved guard behavior for an already pending queued submit.
• PTY coverage asserts a follow-up typed while the TUI is visibly streaming reaches backend ingress.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes. The TUI now accepts one normal follow-up prompt during an active run instead of preserving it in the editor with a busy warning.

Did config, environment, or migration behavior change? (Yes/No)

No.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

No. This only removes the TUI pre-ingress active-run submit block; it does not change queue policy, channel auth, allowlists, prompt trust, tool execution policy, gateway protocol, or provider/runtime security controls. The behavior relies on existing runtime-enforced queue handling after sendChat, not on prompt text.

What is the highest-risk area?

TUI local pending-state bookkeeping while a current run is active and a follow-up has been submitted.

How is that risk mitigated?

The patch keeps the existing pending optimistic guard for a queued submit that has not registered yet, and tests assert both the newly allowed active-run submit and the still-blocked already-pending submit.

Current review state

Next action: maintainer review, CI, and author attachment of the Telegram screenshot to augment the copied live proof.

Waiting on: GitHub CI and manual screenshot attachment.

Bot/reviewer comments addressed: none yet.

Made with Cursor

Real behavior proof

Behavior addressed: Local TUI follow-up prompts typed during an active response reach backend ingress and queue behind the active run instead of aborting it; stop commands/text still abort active and queued work; gateway-backed TUI keeps its active-run busy guard for normal prompts.

Real environment tested: Local macOS source checkout running the OpenClaw TUI PTY harness, including the embedded local backend lane, plus Blacksmith Testbox changed-gate proof.

Exact steps or command run after this patch: node scripts/run-vitest.mjs run --config test/vitest/vitest.tui.config.ts --configLoader runner src/tui/tui.test.ts src/tui/tui.submit-handler.test.ts src/tui/tui-command-handlers.test.ts src/tui/embedded-backend.test.ts src/tui/tui-session-actions.test.ts; OPENCLAW_TUI_PTY_MIRROR_PATH=/tmp/pty-mirror.log node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts --configLoader runner; OPENCLAW_TUI_PTY_MIRROR_PATH=/tmp/pty-local-mirror.log OPENCLAW_TUI_PTY_INCLUDE_LOCAL=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts --configLoader runner; .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main; pnpm check:changed on Blacksmith Testbox.

Evidence after fix: Terminal capture from the PTY harness showed the user prompt streaming prompt, the visible streamed output PTY_STREAMING: streaming prompt, then a second typed prompt queued while streaming; the fixture backend log recorded a later sendChat entry for queued while streaming while the original run was still active. Embedded local PTY also completed with Test Files 2 passed (2), Tests 14 passed (14). Blacksmith Testbox tbx_01kskeyh1t81z15bxcjvrs3w17 and tbx_01kskemnxec9t6bs20hh4pk3n3 both exited 0 for changed-gate proof.

Observed result after fix: The queued local prompt reached sendChat; stop text and /stop route to abort handling; /stop cancels both active and queued run ids; idle stop-like text is sent as a normal prompt; gateway active slash prompts are blocked with the busy message.

What was not tested: Live external provider/model execution was not run; the real terminal and embedded backend paths were exercised with mocked/fake provider responses.

[clawsweeper]

Codex review: found issues before merge. Reviewed May 26, 2026, 10:19 PM ET / 02:19 UTC.

Summary
The PR changes TUI submit gating, local embedded-backend run sequencing, stop/abort handling, and TUI unit/PTY coverage so local follow-up prompts can queue behind an active local run.

PR surface: Source +129, Tests +484. Total +613 across 15 files.

Reproducibility: yes. from source inspection: current main blocks active-run TUI submits before sendChat, and the linked report describes the same busy-lock behavior on the Gateway-backed path. I did not run a live TUI in this read-only review.

Review metrics: 1 noteworthy metric.

• Busy-submit decision points: 2 submit gates changed, 1 local run queue path changed. The diff changes both UI ingress gating and local run sequencing, so delivery and abort semantics need to be reviewed together before merge.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Decide whether the Gateway-backed TUI path is in scope; if yes, route normal busy submits through chat.send and add default-path proof.
• If the PR is intentionally local-only, remove the closing link and state that the linked issue remains open for Gateway/default TUI behavior.

Risk before merge

• Merging with the current closing link can close the linked default Gateway-backed TUI issue while normal Gateway-backed active-run prompts still show the busy guard and never reach chat.send.
• The PR changes active versus pending local run tracking and stop/abort selection, so missed edge cases could abort the wrong run or leave a queued prompt in stale pending state.

Maintainer options:

1. Fix or rescope before merge (recommended)
   Either route default Gateway-backed busy submits through queue ingress too, or remove the closing link and make the PR explicitly local-only so the linked issue remains open.
2. Accept local-only behavior deliberately
   Maintainers can land the local improvement if they intentionally keep the remaining Gateway/default TUI behavior tracked outside this PR.
3. Pause for TUI runtime direction
   If local versus Gateway TUI queueing is still a product decision, hold this branch until the intended behavior is confirmed.

Next step before merge
Maintainer review should decide whether this branch must cover the default Gateway-backed TUI path before merge or should be explicitly landed as a local-only partial fix.

Security
Cleared: No concrete security or supply-chain concern was found; the diff stays in TUI/session-state code and tests without dependency, workflow, secret, or install-script changes.

Review findings

• [P2] Route gateway busy submits through queue ingress — src/tui/tui-command-handlers.ts:663

Review details

Best possible solution:

Land a TUI fix that either covers default Gateway-backed and local follow-ups reaching queue ingress while preserving stop behavior, or explicitly ships this as local-only and keeps the linked Gateway/default TUI work open.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main blocks active-run TUI submits before sendChat, and the linked report describes the same busy-lock behavior on the Gateway-backed path. I did not run a live TUI in this read-only review.

Is this the best way to solve the issue?

No, not yet for the linked issue: the local queueing implementation is focused, but the PR preserves the default Gateway-backed busy gate. The safer solution is full default-path coverage or an explicitly local-only PR that does not close the linked issue.

Full review comments:

• [P2] Route gateway busy submits through queue ingress — src/tui/tui-command-handlers.ts:663
  The linked report is for the default Gateway-backed TUI path, but this branch still blocks normal gateway sends when opts.local !== true && state.activeChatRunId, so those prompts never reach chat.send for queue handling. Either make the Gateway-backed TUI submit busy follow-ups into queue ingress too, or rescope the PR/body so the linked issue stays open for that default path.
  Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.86

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 27ad3d7eeb72.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR supplies terminal/log proof for the local TUI PTY and embedded-backend paths plus Testbox ids; that proof is sufficient for the local behavior but does not cover the Gateway path flagged in review.

Label justifications:

• P2: This is a normal-priority TUI queueing bugfix with limited surface but real workflow impact for long-running turns.
• merge-risk: 🚨 message-delivery: Changing busy-submit gating and local run sequencing can affect whether follow-up prompts are delivered, blocked, queued, or aborted.
• merge-risk: 🚨 session-state: The patch changes active versus pending run tracking and abort selection, which can affect TUI session/run state if an edge case is wrong.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (terminal): The PR supplies terminal/log proof for the local TUI PTY and embedded-backend paths plus Testbox ids; that proof is sufficient for the local behavior but does not cover the Gateway path flagged in review.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR supplies terminal/log proof for the local TUI PTY and embedded-backend paths plus Testbox ids; that proof is sufficient for the local behavior but does not cover the Gateway path flagged in review.

Evidence reviewed

PR surface:

Source +129, Tests +484. Total +613 across 15 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	8	172	43	+129
Tests	7	499	15	+484
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	15	671	58	+613

What I checked:

• Repository policy read: Read the full root AGENTS.md and scoped src/tui/AGENTS.md; the TUI guide affected this review because it says fake-backend PTY proof does not prove Gateway transport or embedded backend behavior. (src/tui/AGENTS.md:4, 27ad3d7eeb72)
• Default TUI is Gateway-backed: Current main describes openclaw tui as connected to the Gateway, with --local as opt-in embedded runtime mode. (src/cli/tui-cli.ts:12, 27ad3d7eeb72)
• Current main blocks active-run TUI submits before sendChat: On current main, canSubmitTuiChatMessage rejects active-run submits except local finishing-context cases, and command handling returns the busy message before calling client.sendChat. (src/tui/tui.ts:377, 27ad3d7eeb72)
• PR head still blocks the Gateway-backed path: The PR diff keeps normal Gateway-backed sends blocked when opts.local !== true && state.activeChatRunId, so those prompts still do not reach chat.send. (src/tui/tui-command-handlers.ts:663, 4b4c4d01ba5d)
• Queue behavior is a documented active-run feature: The queue docs describe /queue as controlling what normal inbound messages do while a session already has an active run, which supports the linked issue's expectation once TUI input reaches queue ingress. Public docs: docs/concepts/queue.md. (docs/concepts/queue.md:40, 27ad3d7eeb72)
• PR proof covers local behavior only: The PR body and maintainer comment provide terminal PTY/backend evidence, focused TUI tests, autoreview, and Blacksmith Testbox ids for local queued-submit behavior; the same proof explicitly leaves live external provider/model behavior untested and preserves the Gateway busy gate. (4b4c4d01ba5d)

Likely related people:

• Shakker: Current-main blame in this checkout attributes the TUI submit gate, command handler, embedded backend, Gateway chat client, and queue docs to commit 05001e1. (role: recent area contributor; confidence: medium; commits: 05001e102e7b; files: src/tui/tui.ts, src/tui/tui-command-handlers.ts, src/tui/embedded-backend.ts)
• steipete: The PR timeline and commit list show substantial branch repair plus a verification comment covering the local queued-submit behavior and Testbox proof. (role: PR repair and verification contributor; confidence: medium; commits: 0530cbb6de47, 572302aba45c, 4b4c4d01ba5d; files: src/tui/tui.ts, src/tui/tui-command-handlers.ts, src/tui/embedded-backend.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

🔥 Warming up: real-behavior proof passed; findings, security review, or rank-up moves are still in progress.

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[neeravmakwana]

Attaching TUI screenshot here. @clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

[neeravmakwana]

@clawsweeper re-review. I have added the behaviour proof screenshot in the PR body now.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

[steipete]

Verification for the repaired branch:

Behavior addressed: TUI accepts a local follow-up while an active local run is streaming, queues it behind the active run, and preserves stop/abort semantics for active plus queued runs. Gateway-backed TUI keeps the active-run busy gate for normal/slash prompts, while stop text can still reach abort handling.

Real environment tested: local macOS checkout plus Blacksmith Testbox.

Exact steps or command run after this patch:

• node scripts/run-vitest.mjs run --config test/vitest/vitest.tui.config.ts --configLoader runner src/tui/tui.test.ts src/tui/tui.submit-handler.test.ts src/tui/tui-command-handlers.test.ts src/tui/embedded-backend.test.ts src/tui/tui-session-actions.test.ts
• OPENCLAW_TUI_PTY_MIRROR_PATH=/tmp/pty-mirror.log node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts --configLoader runner
• OPENCLAW_TUI_PTY_MIRROR_PATH=/tmp/pty-local-mirror.log OPENCLAW_TUI_PTY_INCLUDE_LOCAL=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.tui-pty.config.ts --configLoader runner
• .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
• pnpm check:changed

Evidence after fix: focused TUI tests passed, fake PTY passed, embedded local PTY passed, autoreview reported no accepted/actionable findings, and Blacksmith Testbox check:changed passed.

Observed result after fix: queued local submits wait behind active local runs without aborting them; stop cancels active and queued run ids; broad stop-like text is not swallowed when idle; gateway busy slash sends remain blocked.

What was not tested: live external model/provider behavior beyond the mocked PTY/local backend paths.

Testbox: provider=blacksmith-testbox id=tbx_01kskeyh1t81z15bxcjvrs3w17 and provider=blacksmith-testbox id=tbx_01kskemnxec9t6bs20hh4pk3n3 passed during final proof loops.