openclaw - 💡(How to fix) Fix [Bug]: Raw internal transcript content ([TOOL_CALL]) leaked into user-visible Telegram chat after transcript corruption/repair [1 participants]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Raw internal transcript content ([TOOL_CALL]) leaked into a user-visible Telegram DM after transcript corruption/repair.

Steps to reproduce

Exact trigger is unknown, but these conditions were present:

1. Multi-account Telegram setup with 6 bot accounts under channels.telegram.accounts
2. Multiple routed agents/personas active concurrently
3. Gateway restarted multiple times in a short window due to config changes
4. Concurrent sessions active across multiple agents
5. At least one cron job active during the failure window (Telegram Healthcheck)

Observed during reproduction window:

• user-visible Telegram DM received raw internal transcript content
• session history logged a missing tool result repair event
• gateway logs were also flooding with Telegram menu payload-budget spam
• Telegram Healthcheck cron timed out

Expected behavior

• Internal transcript markers such as [TOOL_CALL], [TOOL_RESULT], and similar internal/system structures should never be emitted to user-facing channels
• If transcript repair is required, repair should complete before anything malformed can be flushed outbound
• If a tool call fails or times out, the user should receive a clean user-facing error message, not partial transcript internals

Actual behavior

A user-visible Telegram DM contained raw internal tool-call transcript content:

[TOOL_CALL] {tool => "process", args => { --action "poll" --sessionId "quick-sage" --timeout 5000 }} [/TOOL_CALL]

During the same failure window, the session also emitted: [openclaw] missing tool result in session history; inserted synthetic error result for transcript repair.

At roughly the same time:

• gateway logs repeatedly showed: [telegram] menu text exceeded the conservative 5700-character payload budget
• cron job "Telegram Healthcheck" timed out with: Request timed out before a response was generated.

OpenClaw version

2026.4.5 (3e72c03)

Operating system

Ubuntu 24.04.3 LTS (x86_64) Node v22.22.2

Install method

OpenClaw gateway/runtime on Ubuntu host

Model

openai/gpt-5.4

Provider / routing chain

Telegram -> OpenClaw gateway/runtime (multi-account, multi-agent routing) -> openai/gpt-5.4

Additional provider/model setup details

Telegram, multi-account setup with 6 bot accounts under channels.telegram.accounts Agents observed: main, keepa, rex, beaker, mac, kittbackup

Logs, screenshots, and evidence

Impact and severity

High.

Internal system content was exposed to an end user. In a production or multi-user deployment, this could leak sensitive session data, tool parameters, or internal state across users/agents.

Additional information

Transcript repair event observed: [openclaw] missing tool result in session history; inserted synthetic error result for transcript repair.

Likely hypothesis: A tool call failed, timed out, or was interrupted in a way that left session history with an unmatched tool-use entry. The runtime repaired history by inserting a synthetic error result, but some partial internal transcript content may already have been passed into outbound rendering or delivery.

Suggested fixes:

1. Add an outbound sanitization guard before channel delivery that blocks or strips internal transcript markers such as [TOOL_CALL] and [TOOL_RESULT]
2. Ensure transcript repair happens before any partial content can be flushed to outbound delivery
3. On tool timeout/interruption, emit a clean user-facing failure message instead of forwarding partial transcript state

Workarounds applied:

• Disabled channels.telegram.commands.native to stop menu registration spam
• Increased agents.defaults.timeoutSeconds to 120
• Monitoring logs for: menu text exceeded, missing tool result, TOOL_CALL, timeout

Suggested labels: bug, telegram, security, session-isolation, transcript