fix(agents): release session write lock if fence read throws on prompt release

[clawsweeper]

Makes #89649 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.
Known failing checks:

• Failing check: Real behavior proof:FAILURE (https://github.com/openclaw/openclaw/actions/runs/26882046536/job/79284326044)
• Failing check: check-dependencies:FAILURE (https://github.com/openclaw/openclaw/actions/runs/26857705048/job/79204251977)

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-openclaw-89649
• Source PRs: fix(agents): release session write lock if fence read throws on prompt release #89649
• Credit: Source PR: fix(agents): release session write lock if fence read throws on prompt release #89649
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @Takhoffman

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Co-author credit kept:

• @spencer2211: Co-authored-by: Spencer Fuller 28957500+spencer2211@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 394d978.

[clawsweeper]

Codex review: passed. Reviewed June 3, 2026, 7:51 AM ET / 11:51 UTC.

Summary
The PR makes prompt-release fence bookkeeping exception-safe so the session write lock is released even when fence reads throw, and adds a regression test for that path.

PR surface: Source +6, Tests +27. Total +33 across 2 files.

Reproducibility: yes. source-reproducible with provided real-output proof: current main clears heldLock before fallible fence reads, and the source PR demonstrates the next interactive acquire timing out after an injected EIO. I did not run the harness locally because this review is read-only.

Review metrics: none identified.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Next step before merge

• [P2] No repair lane is needed; the automerge-opted PR has no review findings, so exact-head checks and mergeability should gate it.

Security
Cleared: The diff only changes session-lock release ordering and a focused unit test; it does not touch workflows, dependency sources, secrets, package resolution, or publishing paths.

Review details

Best possible solution:

Land the narrow exception-safe lock-release fix after exact-head checks pass, while leaving the existing fence and cleanup ownership model unchanged.

Do we have a high-confidence way to reproduce the issue?

Yes, source-reproducible with provided real-output proof: current main clears heldLock before fallible fence reads, and the source PR demonstrates the next interactive acquire timing out after an injected EIO. I did not run the harness locally because this review is read-only.

Is this the best way to solve the issue?

Yes. The best narrow fix is to release the captured lock in the same ownership-transfer block; abort/dispose siblings do not do fallible fence reads before release, so the change belongs in releaseHeldLockWithFence.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e5e6cf04a2f4.

Label changes

Label changes:

• add status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The linked source PR includes after-fix real lock-stack output with a real on-disk lock and the next acquire succeeding immediately after the injected fence-read failure.
• remove status: 👀 ready for maintainer look: Current PR status label is status: 🚀 automerge armed.

Label justifications:

• P1: The bug can wedge an active agent/channel workflow until the session write-lock max-hold watchdog releases the orphaned lock.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The linked source PR includes after-fix real lock-stack output with a real on-disk lock and the next acquire succeeding immediately after the injected fence-read failure.
• proof: sufficient: Contributor real behavior proof is sufficient. The linked source PR includes after-fix real lock-stack output with a real on-disk lock and the next acquire succeeding immediately after the injected fence-read failure.

Evidence reviewed

PR surface:

Source +6, Tests +27. Total +33 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	17	11	+6
Tests	1	27	0	+27
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	44	11	+33

What I checked:

• Root and scoped policy read: Root and scoped agents runner policies were read; they require surrounding code-path review for agents lock lifecycle changes. (AGENTS.md:1, e5e6cf04a2f4)
• Current-main failure window: Current main clears heldLock before readSessionFileFingerprint and readSessionFileFenceSnapshot, then releases the lock only after both I/O reads complete. (src/agents/embedded-agent-runner/run/attempt.session-lock.ts:802, e5e6cf04a2f4)
• PR fix: The PR moves fence bookkeeping under try and releases the captured lock in finally immediately after ownership transfers away from heldLock. (src/agents/embedded-agent-runner/run/attempt.session-lock.ts:807, 394d9784371e)
• Regression coverage: The added test injects an EIO from fs.stat during releaseForPrompt and asserts the underlying release function still runs once. (src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts:140, 394d9784371e)
• Caller path checked: Prompt submission installs releaseForPrompt, and the run loop also calls it before post-prompt async-task handling and cleanup reacquisition. (src/agents/embedded-agent-runner/run/attempt.ts:3964, e5e6cf04a2f4)
• Lock release contract path: acquireSessionWriteLock returns the underlying file-lock release function, so losing that call leaves cleanup to contention/watchdog paths rather than the live controller. (src/agents/session-write-lock.ts:921, e5e6cf04a2f4)

Likely related people:

• vincentkoc: git blame and git log -S show the current main releaseHeldLockWithFence implementation came from the recent agents lock-controller commit. (role: recent area contributor; confidence: medium; commits: 2c9297339817; files: src/agents/embedded-agent-runner/run/attempt.session-lock.ts, src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts, src/agents/embedded-agent-runner/run/attempt.ts)
• spencer2211: The closed source PR and local commit history show this person authored the focused fix and proof that this writable replacement PR carries forward. (role: source fix contributor; confidence: high; commits: d0b2b4ba3bc2; files: src/agents/embedded-agent-runner/run/attempt.session-lock.ts, src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=394d9784371e9d004aca78aeb6dec1f9c4c9d055)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-06-03T11:51:44Z
Merge commit: 409d1a713541

What merged:

• The PR makes prompt-release fence bookkeeping exception-safe so the session write lock is released even when fence reads throw, and adds a regression test for that path.
• PR surface: Source +6, Tests +27. Total +33 across 2 files.
• Reproducibility: yes. source-reproducible with provided real-output proof: current main clears heldLock be ... ire timing out after an injected EIO. I did not run the harness locally because this review is read-only.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix(agents): release session write lock if fence read throws on promp…

The automerge loop is complete.

Automerge progress:

• 2026-06-03 11:51:28 UTC review passed 394d9784371e (structured ClawSweeper verdict: pass (sha=394d9784371e9d004aca78aeb6dec1f9c4c9d...)

• 2026-06-03 11:51:47 UTC merged 394d9784371e (merged by ClawSweeper automerge)