openclaw - 💡(How to fix) Fix [Bug]: Bodyless Venice/Anthropic 400 misclassified as context-overflow → Pi triggers compaction recovery loop on sessions with nothing to compact [1 comments, 2 participants]

Environment

• OpenClaw: 2026.4.25 (aa36ee6)
• Model: venice/claude-sonnet-4-6 (Anthropic Claude Sonnet 4.6 via Venice proxy)
• Context window: 200,000 tokens (as reported by Venice discovery)
• Platform: macOS Darwin 25.4.0 arm64, Node v22.22.2
• Compaction config: mode: safeguard, reserveTokens: 8000, keepRecentTokens: 20000, model: openai/gpt-4o-mini

Summary

When Venice returns a bodyless 400 status code (no body) error on a turn, Pi's embedded agent runtime misclassifies it as a context-overflow event and triggers compaction recovery. If the session has no real conversation messages to summarize (e.g. a near-empty or freshly-repaired session), the compaction safeguard writes an empty compaction boundary to "suppress re-trigger loop" — but the boundary itself causes the next turn to fail the same way, creating a self-reinforcing loop.

This is distinct from #73963 (openai-codex metadata injection → 400) and #73879 (empty prompt → 400). The root error here is a Venice/provider-side rejection (possibly triggered by a poisoned transcript surviving auto-repair), but the compaction misclassification turns a single-turn failure into a session-destroying loop.

Steps to Reproduce

1. Session transcript accumulates empty-content assistant messages (e.g. from a prior failed compaction — see MEMORY.md note about poisoned sessions).
2. OpenClaw auto-repair fires on load (session file repaired: rewrote N assistant message(s)).
3. Venice still returns 400 status code (no body) on the next turn (transcript still contains something Venice rejects, or Venice has a transient error).
4. Pi cannot distinguish 400 = context overflow from 400 = malformed request / transient error — both surface as 400 status code (no body).
5. Pi triggers compaction recovery.
6. Compaction safeguard finds no real conversation messages to summarize, writes empty compaction boundary.
7. Next turn: empty boundary is included in context → Venice returns 400 again → repeat.

Log Evidence

From gateway.err.log (session b87b3b97):

09:04:49 [agent/embedded] session file repaired: rewrote 2 assistant message(s) (b87b3b97-b592-40fa-84ac-6ee8d258216a.jsonl)
09:04:50 [agent/embedded] embedded run agent end: runId=cc246c2e isError=true model=claude-sonnet-4-6 provider=venice error=400 status code (no body) rawError=400 status code (no body)
09:04:50 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.

From gateway.log (6 identical entries over 44 minutes, all new sessions):

09:04:50 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.
09:28:21 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.
09:30:24 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.
09:44:29 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.
09:47:02 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.
09:48:39 [compaction-safeguard] Compaction safeguard: no real conversation messages to summarize; writing compaction boundary to suppress re-trigger loop.

Root Cause

Pi's overflow detection in the embedded runtime treats any 400 API error as a potential context-overflow trigger (the overflow signatures list covers natural-language bodies like request_too_large, context length exceeded, etc., but a bare bodyless 400 falls through the string match and is still treated as "maybe overflow" rather than "hard failure").

A bodyless 400 cannot be a context overflow — real Anthropic/Venice overflow errors always include a body with a machine-readable code. A bodyless 400 is either:

• A malformed request (wrong headers, corrupt transcript segment, unsupported field)
• A transient provider-side error

Proposed fix: In Pi's overflow recovery path, require the error response to contain a recognized overflow signature string. A bare 400 status code (no body) with no body should be surfaced as a hard turn failure (propagate to user), not trigger compaction recovery. Optionally add a check: if compaction fires and finds no real conversation messages, abort rather than writing an empty boundary.

Impact

• Sessions with auto-repaired transcripts enter a compaction loop that makes them unusable
• Each loop iteration fires a gpt-4o-mini compaction attempt (token cost)
• The loop persists across gateway restarts until the session file is manually quarantined
• Affects any session where Venice returns a bodyless 400 — including transient network hiccups

Workaround

Manually rename the affected .jsonl to .jsonl.poisoned. OpenClaw will start a fresh session on the next message.

Related

• #73963 — different root cause (openai-codex metadata injection), same surface error string
• #73829 — poisoned session files from failed compaction (the upstream cause that feeds this loop)