fix: release session lock before runtime teardown

[fuller-stack-dev]

Summary

Prevents embedded attempt cleanup from pinning a session transcript lock while unrelated session/plugin runtime teardown runs.

The incident this addresses was the Spartacus generated-image handoff failure on 2026-05-28:

• 16:58:29Z the active run hit sessions_yield abort settle timed out.
• 16:58:34Z generated media completion tried to wake the active requester and got source_reply_delivery_mode_mismatch.
• 16:59:11Z the lane reported an active session ahead, and a same-process .jsonl.lock with a long maxHoldMs was created.
• 17:00:12Z and 17:01:12Z requester handoff/direct delivery attempts timed out on SessionWriteLockTimeoutError against that live-process lock.

The generated media fallback PR handles delivery recovery when handoff is blocked. This PR narrows in on preventing the session from staying locked in the first place.

What changed

• Release the cleanup session lock immediately after guard removal / abort-settle wait / pending tool-result flush.
• Run session.dispose(), MCP runtime disposal, and LSP runtime disposal after the lock is released, so a teardown hang cannot pin the transcript lock.
• Preserve existing failure semantics by still disposing resources if sessionLock.release() throws, then rethrowing that release error.
• Treat sessions_yield cleanup as abort-like for the cleanup flush path, so it skips the normal idle wait after the yield abort path has already bounded abort settlement.

Real behavior proof

Behavior addressed: Embedded attempt cleanup no longer pins the session transcript write lock while unrelated session/MCP/LSP runtime teardown is still pending.

Real environment tested: Local OpenClaw source checkout at PR head 4bd7fe98ea3ba1166586c58da34a21e8c075037f on macOS with Node v24.16.0, using the production cleanupEmbeddedAttemptResources, createEmbeddedAttemptSessionLockController, and filesystem-backed acquireSessionWriteLock against a real temporary .jsonl session file.

Exact steps or command run after this patch: Ran node --import tsx --input-type=module with an inline proof script that created a real temporary session JSONL, acquired the embedded cleanup lock, started cleanup with bundleMcpRuntime.dispose() intentionally never resolving, waited until runtime teardown began, then acquired the same session file with acquireSessionWriteLock({ timeoutMs: 500 }) while teardown was still pending.

Evidence after fix: Terminal output from the after-fix proof run:

$ node --import tsx --input-type=module < inline-session-lock-proof
proof_sha=4bd7fe98ea3ba1166586c58da34a21e8c075037f
session_file=<tmp>/session.jsonl
events=flush -> cleanup_lock_release -> session_dispose -> runtime_dispose_started -> contender_lock_acquired -> contender_lock_released
contender_lock_acquired_ms=0
result=PASS cleanup released the real session write lock before runtime teardown finished; a second writer acquired the same session file lock while teardown was still pending.

Observed result after fix: The contender lock acquired immediately after runtime_dispose_started, proving cleanup had already released the real session write lock even though runtime teardown never completed.

What was not tested: I did not replay the full original Spartacus generated-image handoff with a live model/provider. This proof isolates the lock-ordering failure with production cleanup and lock primitives; the focused regression tests below cover the helper and adjacent abort-settle/session-lock behavior.

Regression proof

The new regression test proves the lock is released before a runtime teardown that never resolves:

cleanupEmbeddedAttemptResources > releases the lock before runtime teardown can hang

Supplemental focused test run after the real proof:

node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.test.ts src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts src/agents/embedded-agent-runner/run/attempt.abort-settle-timeout.test.ts --reporter=verbose

Test Files  5 passed (5)
Tests       97 passed (97)

Contributor-provided typecheck and whitespace proof:

PATH=/Users/jason/.nvm/versions/node/v24.14.0/bin:$PATH pnpm tsgo:core
# passed

git diff --check
# passed

Notes

During git commit, the repo hook printed git-hooks/pre-commit: line 41: node: command not found because the hook did not inherit the Node 24 PATH. The commit still completed, and the explicit verification above used Node 24.

[clawsweeper]

Codex review: passed. Reviewed May 28, 2026, 5:39 PM ET / 21:39 UTC.

Summary
The PR reorders embedded attempt cleanup to release the session write lock before session/MCP/LSP teardown, treats sessions_yield cleanup as abort-like for flush timing, and adds focused regression tests.

PR surface: Source +14, Tests +71. Total +85 across 3 files.

Reproducibility: yes. Source inspection shows current main releases the cleanup lock only after runtime teardown, so a never-resolving runtime dispose can pin the lock; the PR body’s terminal proof exercises the same ordering with production cleanup and filesystem lock primitives.

Review metrics: none identified.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Next step before merge

• [P2] No repair lane is needed; this automerge-opted PR appears correct and should be handled by normal mergeability and required-check gates.

Security
Cleared: The diff only reorders in-process cleanup and adds tests; it does not change dependencies, CI, package metadata, secrets, or external code execution paths.

Review details

Best possible solution:

Land this narrow lock-ordering fix once required checks and mergeability pass, while keeping the generated-media fallback as the separate recovery path.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main releases the cleanup lock only after runtime teardown, so a never-resolving runtime dispose can pin the lock; the PR body’s terminal proof exercises the same ordering with production cleanup and filesystem lock primitives.

Is this the best way to solve the issue?

Yes. Releasing the cleanup write lock before unrelated session/MCP/LSP teardown is the narrow maintainable fix, and the companion generated-media fallback keeps delivery recovery separate.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against b05aefa3cf1d.

Label changes

Label changes:

• add rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• add status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): The PR body supplies after-fix terminal output from production cleanup and filesystem-backed session-lock primitives showing a second writer acquiring the lock while runtime teardown remains pending.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦞 diamond lobster, so this older rating label is no longer current.
• remove status: 👀 ready for maintainer look: Current PR status label is status: 🚀 automerge armed.

Label justifications:

• P1: A pinned session transcript lock can block active agent cleanup and generated-media handoff delivery for real users.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): The PR body supplies after-fix terminal output from production cleanup and filesystem-backed session-lock primitives showing a second writer acquiring the lock while runtime teardown remains pending.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body supplies after-fix terminal output from production cleanup and filesystem-backed session-lock primitives showing a second writer acquiring the lock while runtime teardown remains pending.

Evidence reviewed

PR surface:

Source +14, Tests +71. Total +85 across 3 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	32	18	+14
Tests	1	76	5	+71
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	3	108	23	+85

What I checked:

• Repository policy read: Root and scoped AGENTS.md guidance for agents and embedded-runner tests was read and applied; the touched surface is core agents/session cleanup, so focused helper tests are appropriate for this lock-ordering behavior. (AGENTS.md:1)
• Current main still holds the lock through teardown: On current main, cleanup disposes the session and MCP/LSP runtimes before the finally block releases sessionLock, so a hanging runtime dispose can keep the transcript write lock pinned. (src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.ts:100, b05aefa3cf1d)
• PR releases before teardown: At PR head, sessionLock.release runs in the cleanup finally block before session.dispose and bundle runtime disposal, and release errors are rethrown after best-effort teardown. (src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.ts:101, 178192fa0ef9)
• sessions_yield cleanup is covered: The PR records when prompt abort came from sessions_yield and passes that into cleanup as abort-like so the flush path skips the normal idle wait after yield abort settlement has already been bounded. (src/agents/embedded-agent-runner/run/attempt.ts:4767, 178192fa0ef9)
• Regression tests cover the ordering: The new tests assert lock release before a never-resolving runtime dispose and assert resources are still disposed when lock release fails. (src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.test.ts:99, 178192fa0ef9)
• Real behavior proof supplied: The PR body includes after-fix terminal output from a local OpenClaw checkout using production cleanup helpers and filesystem-backed acquireSessionWriteLock, showing a contender acquired the same session file lock while runtime teardown remained pending. (178192fa0ef9)

Likely related people:

• steipete: Blame and -S history point the current embedded cleanup, acquireForCleanup call, and session-lock helper surface to commit e85231d by Peter Steinberger. (role: introduced current cleanup/session-lock surface; confidence: high; commits: e85231d63d49; files: src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.ts, src/agents/embedded-agent-runner/run/attempt.ts, src/agents/embedded-agent-runner/run/attempt.session-lock.ts)
• ooiuuii: Recent current-main work in f49a3e4 modified the embedded attempt runner around prompt/tool-result cleanup behavior. (role: recent adjacent area contributor; confidence: medium; commits: f49a3e4c266c; files: src/agents/embedded-agent-runner/run/attempt.ts)
• fuller-stack-dev: The same contributor authored the already-merged companion generated-media handoff-lock fallback that this PR references as the delivery recovery half of the incident. (role: recent adjacent fix author; confidence: medium; commits: 8a007c987d44, 4bd7fe98ea3b; files: src/agents/subagent-announce-delivery.ts, src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[fuller-stack-dev]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26597626964
• Updated: 2026-05-28T19:42:26.633Z

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=178192fa0ef99c891f620da75d96debef5a6d873)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-28T21:40:06Z
Merge commit: 0dbdaf98ea74

What merged:

• The PR reorders embedded attempt cleanup to release the session write lock before session/MCP/LSP teardown, treats sessions_yield cleanup as abort-like for flush timing, and adds focused regression tests.
• PR surface: Source +14, Tests +71. Total +85 across 3 files.
• Reproducibility: yes. Source inspection shows current main releases the cleanup lock only after runtime tear ... R body’s terminal proof exercises the same ordering with production cleanup and filesystem lock primitives.

Automerge notes:

• PR branch already contained follow-up commit before automerge: Merge branch 'main' into fix/session-lock-release-before-teardown

The automerge loop is complete.

Automerge progress:

• 2026-05-28 21:34:09 UTC review queued 178192fa0ef9 (queued)

• 2026-05-28 21:39:55 UTC review passed 178192fa0ef9 (structured ClawSweeper verdict: pass (sha=178192fa0ef99c891f620da75d96debef5a6d...)

• 2026-05-28 21:40:09 UTC merged 178192fa0ef9 (merged by ClawSweeper automerge)

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26603603690
• Updated: 2026-05-28T21:40:11.315Z