fix(compaction): lower default timeout from 900s to 180s, preserve explicit config

[wangmiao0668000666]

Summary

Fixes #91358: large-session compaction no longer holds the session write lock for up to 17 minutes by default.

• Lowers the default compaction safety timeout from 900s (15 min) to 180s (3 min).
• Preserves explicit agents.defaults.compaction.timeoutSeconds config values as-is; no runtime clamping is applied.
• Updates help text and public docs to reflect the new default.

With the previous default, resolveSessionLockMaxHoldFromTimeout produced a lock max-hold of 1,020,000ms (17 min), which guaranteed that any client with the default 60s acquire timeout would fail repeatedly while a large-session compaction ran. With the new default, max-hold becomes 300,000ms (5 min).

Changes

• src/agents/embedded-agent-runner/compaction-safety-timeout.ts

  • EMBEDDED_COMPACTION_TIMEOUT_MS: 900_000 → 180_000.
  • resolveCompactionTimeoutMs preserves finite positive configured values exactly; non-finite / non-positive values fall back to the default. No runtime cap is enforced.

• src/agents/embedded-agent-runner/run/attempt.run-decisions.ts

  • Comment updated to reflect 180s default instead of 900s.

• src/config/schema.help.ts

  • Updates help text: (default: 900) → (default: 180).

• docs/gateway/config-agents.md

  • Updates compaction timeoutSeconds docs: default 180. Removes the "Values above 600 are capped at runtime" sentence.

• src/agents/embedded-agent-runner.compaction-safety-timeout.test.ts

  • Adjusts conversion test to use 1800 (preserved as 1_800_000ms).
  • Removes the regression test asserting values above 600 are clamped (that behavior was removed).

Verification

pnpm test src/agents/embedded-agent-runner.compaction-safety-timeout.test.ts
# 22 passed

pnpm test src/agents/session-write-lock.test.ts
# 53 passed

npx oxlint --import-plugin --config .oxlintrc.json   src/agents/embedded-agent-runner/compaction-safety-timeout.ts   src/agents/embedded-agent-runner.compaction-safety-timeout.test.ts   src/config/schema.help.ts   docs/gateway/config-agents.md
# clean

Real behavior proof

Behavior addressed: The default embedded compaction safety timeout was 900s, which combined with the 120s session write-lock grace produced a ~17-minute lock max-hold. Large-session compactions blocked all other clients with default 60s acquire timeouts for an unbounded duration.

Real environment tested: Local OpenClaw source checkout at commit 90d47ddfe0 on Node v22.22.0, running the actual runtime resolver (not a unit-test wrapper).

Exact steps or command run after this patch:

pnpm exec tsx scripts/repro/91361-compaction-timeout-proof.mjs

Script content: scripts/repro/91361-compaction-timeout-proof.mjs

Evidence after fix:

=== PR #91361 Compaction timeout proof ===

Default timeout (no config): 180000 ms
Expected: 180000 ms (180 seconds)

Configured 120s -> 120000 ms (expected: 120000 ms)
Configured 600s -> 600000 ms (expected: 600000 ms)
Configured 1800s -> 1800000 ms (expected: 1800000 ms, preserved)

PASS: timeout default lowered and explicit config preserved.

Observed result after fix:

• Unconfigured installs now resolve to 180_000ms (3 min) instead of 900_000ms (15 min).
• timeoutSeconds: 120 is preserved as 120_000ms.
• timeoutSeconds: 1800 is preserved as 1_800_000ms (30 min); no runtime clamp is applied.
• Combined with the existing 120_000ms lock grace, the session write-lock max-hold drops from ~17 min to ~5 min by default.

What was not tested: A live 10–16MB session compaction run end-to-end; this proof exercises the exact runtime resolver that determines the compaction timeout used during real session compactions.

Upgrade tradeoff

Unconfigured installs upgrading from a shipped release with the 900s default will see compaction abort after 180s instead of 900s. Agents with sessions whose compaction legitimately needs more than 3 minutes should set an explicit agents.defaults.compaction.timeoutSeconds value in openclaw.json to opt into a longer budget.

Closes #91358

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 10, 2026, 8:21 AM ET / 12:21 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

PR surface: Source 0, Tests +8, Docs 0. Total +8 across 6 files.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: reasoning high; reviewed against 050c0813b39f.

Label changes

Label changes:

• add rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.
• remove proof: sufficient: Current real behavior proof status is not_applicable, not sufficient.
• remove P1: Current review triage priority is none.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🌊 off-meta tidepool, so this older rating label is no longer current.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 availability: Current PR review selected no merge-risk labels.
• remove status: 👀 ready for maintainer look: Current PR status no longer selects a status label.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

PR surface:

Source 0, Tests +8, Docs 0. Total +8 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	4	4	0
Tests	1	8	0	+8
Docs	1	2	2	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	14	6	+8

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this PR with exit 1.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[wangmiao0668000666]

@clawsweeper re-review

Addressed the P1 compatibility finding and P2 docs finding:

• Removed .max(600) from agents.defaults.compaction.timeoutSeconds schema in src/config/zod-schema.agent-defaults.ts:188. Existing configs with values above 600 now load successfully and are clamped at runtime by resolveCompactionTimeoutMs, preserving upgrade compatibility.
• Updated docs/gateway/config-agents.md:664 to reflect the new default (180) and the runtime cap (600).
• Schema help text at src/config/schema.help.ts:1492 already described default: 180, max: 600; left unchanged.

Local verification:

• pnpm test src/agents/embedded-agent-runner.compaction-safety-timeout.test.ts — 22 passed (including the "caps configured timeoutSeconds at 600" runtime test)
• npx oxlint on changed files — clean

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27127079213
• Updated: 2026-06-08T09:11:33.833Z

[wangmiao0668000666]

@clawsweeper re-review\n\nAddressed P1 compatibility and P2 docs findings, and added real behavior proof to the PR body.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

[wangmiao0668000666]

Addressed the remaining P2 findings from the latest ClawSweeper review:

• docs/gateway/config-agents.md:637 — changed the example from timeoutSeconds: 900 to timeoutSeconds: 180 so it aligns with the new default and does not immediately hit the runtime cap.
• src/config/types.agent-defaults.ts:544 — updated the exported type comment from (default: 900) to (default: 180, capped at 600 at runtime) so typed consumers see the current contract.

Commit: 99dba24c3a.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27135648067
• Updated: 2026-06-08T11:58:49.217Z

[wangmiao0668000666]

@clawsweeper re-review

Added the requested upgrade tradeoff section to the PR body:

Unconfigured installs upgrading from a shipped release with the 900s default will see compaction abort after 180s instead of 900s. Agents with sessions whose compaction legitimately needs more than 3 minutes should set an explicit agents.defaults.compaction.timeoutSeconds value in openclaw.json to opt into a longer budget.

This documents the compatibility impact so users with slow compactions know to set timeoutSeconds explicitly.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27209930518
• Updated: 2026-06-09T13:44:59.403Z

[velvet-shark]

Maintainer prepare update: merge-ready.

Prepared head: ac545967f9f7f9e806bfb37aa9a488a82f787a2b.

Proof:

• Rebased onto current origin/main and force-with-lease pushed to the PR branch.
• node scripts/run-vitest.mjs src/agents/embedded-agent-runner.compaction-safety-timeout.test.ts src/agents/session-write-lock.test.ts passed.
• node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/attempt.run-decisions.test.ts passed.
• git diff --check origin/main..HEAD passed.
• scripts/pr-merge verify 91361 passed; no required checks are configured for this PR.

The earlier broad pnpm test failures were outside this PR's changed compaction/config-doc surface and are being treated as unrelated local broad-suite noise for this merge decision.

[velvet-shark]

Merged via squash.

• Prepared head SHA: ac545967f9f7f9e806bfb37aa9a488a82f787a2b
• Merge commit: bb6e47729cf8a9ec5902c8a8fd11de706054ad2a

Thanks @wangmiao0668000666!