fix(codex): recover raw missing-thread compaction failures

[pfrederiksen]

Summary

Fixes #87736.

This is a narrow follow-up to #86211 / #86602. The existing recovery path handles structured Codex native harness binding failures when failure.reason is missing_thread_binding or stale_thread_binding. A live regression on OpenClaw 2026.5.27 still surfaced the raw preflight error:

Preflight compaction required but failed: thread not found: <codex-thread-id>

This patch classifies the raw reason text for the same missing/stale binding shapes as recoverable too, so preflight compaction continues into the existing recovery path instead of surfacing a generic Telegram failure.

User-visible problem

A Telegram group inbound was accepted, but dispatch failed before a normal assistant turn. The user saw the generic channel failure message rather than automatic session recovery. The session later rotated/recovered and subsequent dispatches worked, which matches the same operational class as #86211.

All issue/PR evidence is sanitized: no private chat ids, message ids, session ids, bot handles, or raw Codex thread ids.

Implementation

• Adds a shared native harness recovery classifier in src/agents/harness/compaction-recovery.ts.
• Classifies both structured binding reasons and raw missing-thread reason strings as recoverable.
• Uses the shared classifier from auto-reply preflight compaction, CLI compaction, and queued embedded compaction so sibling Codex recovery paths handle the same raw result shape.
• Adds regression coverage for:
  • auto-reply preflight { ok:false, compacted:false, reason:"thread not found: <codex-thread-id>" }
  • CLI native compaction fallback when the harness returns a raw top-level thread not found reason with no failure.reason.

Real behavior proof

• Behavior addressed: Raw missing-thread preflight compaction results should be treated as recoverable, matching the structured missing_thread_binding / stale_thread_binding recovery path from fix(codex): recover stale preflight bindings #86602.
• Real environment tested: Local OpenClaw source checkout for this PR branch on Linux with Node 22.22.2, using the real runPreflightCompactionIfNeeded runtime helper from src/auto-reply/reply/agent-runner-memory.ts.
• Exact steps or command run after this patch: Ran a local Node/tsx runtime invocation that created a redacted Telegram-group session entry, invoked runPreflightCompactionIfNeeded, and returned a raw compaction result shaped as { ok:false, compacted:false, reason:"thread not found: <codex-thread-id>" }.
• Evidence after fix:

{
  "proof": "raw thread-not-found preflight compaction is recoverable",
  "returnedSameSessionEntry": true,
  "compactCalls": 1,
  "incrementCalls": 0,
  "threw": false
}

• Observed result after fix: The runtime helper returned the active session entry and did not throw Preflight compaction required but failed: thread not found: <codex-thread-id>.
• What was not tested: Live Telegram delivery against a production gateway running this branch was not tested; the proof covers the runtime recovery branch directly with sanitized local session state.

Validation

Passed on rebased head 24ea4a100b2e0877c4eec97e7e3eca2ebbce4cce:

node --import tsx --input-type=module -e "await import('./src/agents/harness/compaction-recovery.ts'); console.log('import-ok')"
pnpm exec oxlint src/agents/harness/compaction-recovery.ts src/auto-reply/reply/agent-runner-memory.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/command/cli-compaction.ts src/agents/command/cli-compaction.test.ts src/agents/embedded-agent-runner/compact.queued.ts
pnpm exec oxfmt --check src/agents/harness/compaction-recovery.ts src/auto-reply/reply/agent-runner-memory.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/command/cli-compaction.ts src/agents/command/cli-compaction.test.ts src/agents/embedded-agent-runner/compact.queued.ts
git diff --check

Attempted but not completed locally:

node scripts/run-vitest.mjs src/auto-reply/reply/agent-runner-memory.test.ts -t 'unstructured thread-not-found' --run

The Vitest process stayed CPU-bound without reporter output in this fresh worktree even with a timeout. I stopped treating the local wrapper as authoritative and pushed the branch for CI to exercise the included regression tests.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 28, 2026, 4:04 PM ET / 20:04 UTC.

Summary
The PR adds a shared native harness compaction recovery classifier, applies it to auto-reply, CLI, and queued embedded compaction, and adds raw missing-thread regression coverage.

PR surface: Source +5, Tests +131. Total +136 across 6 files.

Reproducibility: yes. Current main only recovers structured failure.reason binding failures, so a raw top-level thread not found compaction result reaches the preflight throw path; I did not execute tests because this review is read-only.

Review metrics: 2 noteworthy metrics.

• Recovery paths updated: 1 helper added, 3 call sites switched. The prior concern was one-sided recovery; applying the same classifier to auto-reply, CLI, and queued embedded compaction reduces sibling-surface drift.
• Regression cases added: 2 focused tests added. The new coverage targets the raw preflight failure and the sibling CLI raw fallback shape that current main did not cover.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Wait for the remaining relevant check run to finish and have a maintainer accept the raw reason-string recovery scope.

Risk before merge

• [P1] The PR intentionally changes raw top-level thread not found / no thread binding native harness compaction reasons from fail-closed errors into recovery or fallback, so maintainers should accept that as the session-state contract before merge.
• [P1] Live Telegram delivery was not exercised on this branch; the supplied proof covers the runtime recovery helper and CI-covered regression paths with sanitized local session state.

Maintainer options:

1. Accept Bounded Raw-Recovery Scope (recommended)
   Merge once required checks are green if maintainers are comfortable treating raw native harness thread not found and no thread binding reasons as stale binding state.
2. Tighten The Classifier First
   Restrict raw-string recovery to the Codex/native-harness producer or add focused proof that unrelated context-engine/plugin errors with similar text still fail closed.

Next step before merge

• [P2] Human review should accept the session-state recovery contract and final check status; there is no narrow automated repair left from this review.

Security
Cleared: The diff adds a small TypeScript classifier and tests, with no dependency, workflow, credential, package, or secret-handling changes.

Review details

Best possible solution:

Land the shared classifier once maintainers accept bounded raw missing-thread recovery and required checks are green, while keeping unrelated compaction failures fail-closed.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main only recovers structured failure.reason binding failures, so a raw top-level thread not found compaction result reaches the preflight throw path; I did not execute tests because this review is read-only.

Is this the best way to solve the issue?

Yes, with maintainer acceptance of the raw reason-string boundary. Sharing one classifier across auto-reply, CLI, and queued compaction is narrower than keeping three divergent recovery checks.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 409356fc666e.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix live output from a local runtime invocation of the real preflight helper showing the raw missing-thread result no longer throws; live Telegram delivery remains explicitly untested.

Label justifications:

• P1: The PR targets a user-facing regression where accepted Telegram group messages can fail before an assistant turn because Codex compaction sees stale session state.
• merge-risk: 🚨 session-state: Merging changes which stale Codex thread/session binding failures recover instead of surfacing as compaction errors.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes after-fix live output from a local runtime invocation of the real preflight helper showing the raw missing-thread result no longer throws; live Telegram delivery remains explicitly untested.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix live output from a local runtime invocation of the real preflight helper showing the raw missing-thread result no longer throws; live Telegram delivery remains explicitly untested.

Evidence reviewed

PR surface:

Source +5, Tests +131. Total +136 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	29	24	+5
Tests	2	131	0	+131
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	160	24	+136

What I checked:

• Root and scoped policy read: Root AGENTS.md and src/agents/AGENTS.md were read; the review applied the session-state compatibility and sibling-surface guidance to this compaction recovery PR. (AGENTS.md:19, 409356fc666e)
• Current main fails raw top-level reasons: On current main, auto-reply preflight recovery only treats structured failure.reason values as recoverable, so a raw top-level reason: "thread not found: ..." reaches the preflight failure throw. (src/auto-reply/reply/agent-runner-memory.ts:132, 409356fc666e)
• Sibling CLI path was structured-only on main: The CLI native compaction fallback path on main also only recognized structured missing/stale binding failures before this PR. (src/agents/command/cli-compaction.ts:177, 409356fc666e)
• Queued embedded compaction was structured-only on main: The queued embedded compaction fallback path only fell back after structured missing_thread_binding or stale_thread_binding results, matching the sibling gap called out in the earlier review. (src/agents/embedded-agent-runner/compact.queued.ts:53, 409356fc666e)
• PR adds shared raw-reason classifier: The PR adds isRecoverableNativeHarnessBindingReason and classifies the existing structured codes plus raw thread not found / no thread binding reason text, then uses the helper from all three touched compaction paths. (src/agents/harness/compaction-recovery.ts:3, 24ea4a100b2e)
• PR adds focused regression coverage: The diff adds auto-reply coverage for an unstructured raw preflight compaction failure and CLI coverage for a raw top-level missing-thread native compaction result with no structured failure reason. (src/auto-reply/reply/agent-runner-memory.test.ts:929, 24ea4a100b2e)

Likely related people:

• steipete: Merged commit 9b9d897 introduced the structured stale/missing binding recovery lineage, and current blame/log history for the central compaction files points to Peter Steinberger as the main recent contributor in this checked-out history. (role: prior recovery path author and recent area contributor; confidence: high; commits: 9b9d8970b0ce, f0bfa650dc90; files: src/auto-reply/reply/agent-runner-memory.ts, src/agents/command/cli-compaction.ts, src/agents/embedded-agent-runner/compact.queued.ts)
• pfrederiksen: The prior merged recovery commit records Paul Frederiksen as co-author, and the related open report and this PR provide the sanitized reproduction/proof for the raw missing-thread follow-up. (role: prior recovery co-author and regression reporter; confidence: medium; commits: 9b9d8970b0ce, 24ea4a100b2e; files: src/auto-reply/reply/agent-runner-memory.test.ts, src/agents/command/cli-compaction.test.ts, src/agents/harness/compaction-recovery.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[pfrederiksen]

@clawsweeper re-review

Addressed the P1/P2 review items on the latest head d85878a:

• CLI sibling path is now covered: the recoverable native harness binding classifier is shared by auto-reply preflight, CLI compaction, and queued embedded compaction.
• Added CLI regression coverage for a raw top-level reason: "thread not found: ..." result with no failure.reason, asserting context-engine fallback still runs.
• PR body validation/proof notes were updated for the current scoped diff.
• Rebased onto fresh origin/main; PR is mergeable.

Local gates passed:

node --import tsx --input-type=module -e "await import('./src/agents/harness/compaction-recovery.ts'); console.log('import-ok')"
pnpm exec oxlint src/agents/harness/compaction-recovery.ts src/auto-reply/reply/agent-runner-memory.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/command/cli-compaction.ts src/agents/command/cli-compaction.test.ts src/agents/embedded-agent-runner/compact.queued.ts
pnpm exec oxfmt --check src/agents/harness/compaction-recovery.ts src/auto-reply/reply/agent-runner-memory.ts src/auto-reply/reply/agent-runner-memory.test.ts src/agents/command/cli-compaction.ts src/agents/command/cli-compaction.test.ts src/agents/embedded-agent-runner/compact.queued.ts
git diff --check

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26598220481
• Updated: 2026-05-28T19:51:24.579Z

[pfrederiksen]

@clawsweeper re-review

Follow-up for the new head 24d0bf87651bb090936e7524297b70c8e47e0dbb:

• Kept the P1/P2 compaction fixes from the prior head.
• Addressed the current CI / check-test-types failure by changing src/infra/bonjour-discovery.test.ts to use the exported GatewayBonjourBeacon type instead of its narrower local BeaconRecord alias.
• Re-ran local fast gates for all touched files: import sanity for the shared recovery helper, oxlint, oxfmt --check, and git diff --check.

The local tsgo lane itself stayed CPU-bound in this worktree, so CI is the authoritative proof for check-test-types on this head.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26598510253
• Updated: 2026-05-28T19:56:08.031Z

[pfrederiksen]

@clawsweeper re-review

New head 24ea4a100b2e0877c4eec97e7e3eca2ebbce4cce is rebased onto fresh origin/main.

• The prior upstream bonjour-discovery.test.ts check-test-types failure is now fixed in base, so the PR is back to the scoped 6 compaction files.
• P1/P2 fixes remain: shared native harness binding recovery helper is used by auto-reply, CLI compaction, and queued embedded compaction; CLI raw top-level thread not found fallback regression is included.
• Local fast gates passed again: import sanity, oxlint, oxfmt --check, and git diff --check on touched files.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26598777010
• Updated: 2026-05-28T20:04:44.890Z

[steipete]

Landing verification for PR #87738.

Behavior addressed: Codex stale/missing native thread binding failures can surface as raw thread not found: <id> compaction failures; preflight and CLI compaction now treat that binding class as recoverable instead of surfacing a reply failure.
Real environment tested: GitHub CI on PR head 24ea4a100b2e0877c4eec97e7e3eca2ebbce4cce, plus local source review against OpenClaw and sibling Codex app-server source.
Exact steps or command run after this patch: git status -sb; git diff --check origin/main...refs/remotes/pr/87738; gitcrawl gh pr checks 87738 --repo openclaw/openclaw --watch=false; source-read Codex thread/compact/start and load_thread path.
Evidence after fix: CI passed check-lint, check-test-types, checks-node-agentic-agents, checks-node-agentic-cli, checks-node-auto-reply-reply-agent-runner, security lanes, and Real behavior proof. Codex app-server source maps missing compact thread IDs to thread not found: {thread_id}, matching the newly covered raw failure path.
Observed result after fix: no blocking findings; PR is MERGEABLE / CLEAN and ready to land.
What was not tested: no additional local Vitest run beyond the passing PR CI lanes.