Before:
[user spawns subagent] -> [first model attempt fails before turn is persisted] -> [retry uses generic resume prompt] -> [original task lost]

After:
[user spawns subagent] -> [first model attempt fails before turn is persisted] -> [retry reuses original task] -> [subagent executes intended request]

## Changed files

- `src/agents/agent-command.ts` (modified, +1/-0)
- `src/agents/command/attempt-execution.test.ts` (added, +91/-0)
- `src/agents/command/attempt-execution.ts` (modified, +39/-1)


---

# PR #55670: fix: discord OOM, OpenAI tool adjacency, subagent fallback, auth cache

- Repository: openclaw/openclaw
- Author: ayushozha
- State: open | merged: False
- Link: https://github.com/openclaw/openclaw/pull/55670

## Description (problem / solution / changelog)

## Summary

Fixes four independent high-impact bugs:

- **#55606** — Discord health-monitor triggers excessive stale-socket reconnects on quiet servers, leaking memory until OOM. Removed blanket `lastEventAt` inflation from debug messages and added a quiet-server guard using `lastConnectedAt` so connected channels with no real events aren't treated as stale.

- **#55544** — Session reset prompt (`/new`, `/reset`) breaks tool_call adjacency for custom OpenAI-compatible providers (HTTP 400). Enabled `validateAnthropicTurns` for all `openai-completions` providers so orphaned tool_calls from prior sessions are stripped before sending.

- **#55581** — Subagent loses its original task when model fallback triggers, receiving a generic "Continue where you left off" recovery message instead. Now preserves the original body when `isNewSession` is true since the transcript is empty and the fallback model needs the actual task.

- **#55562** — Gateway in-memory auth cache overwrites per-agent API keys on disk during usage/cooldown updates. Added runtime cache write-through after locked saves so subsequent reads via `ensureAuthProfileStore()` return fresh data.

## Test plan

- [x] `pnpm vitest run src/gateway/channel-health-policy.test.ts` — 16 tests pass (2 new)
- [x] `pnpm vitest run src/agents/transcript-policy.policy.test.ts` — 4 tests pass (2 new)
- [x] `pnpm vitest run src/agents/auth-profiles.runtime-snapshot-save.test.ts` — 2 tests pass (1 new)
- [x] `pnpm tsc --noEmit` — clean

## Changed files

- `extensions/discord/src/monitor/provider.lifecycle.reconnect.ts` (modified, +4/-1)
- `src/agents/agent-command.ts` (modified, +1/-0)
- `src/agents/auth-profiles.runtime-snapshot-save.test.ts` (modified, +55/-0)
- `src/agents/auth-profiles/store.ts` (modified, +7/-0)
- `src/agents/command/attempt-execution.ts` (modified, +7/-1)
- `src/agents/pi-embedded-helpers.validate-turns.test.ts` (modified, +46/-0)
- `src/agents/pi-embedded-helpers/turns.ts` (modified, +92/-19)
- `src/agents/transcript-policy.policy.test.ts` (modified, +18/-0)
- `src/agents/transcript-policy.test.ts` (modified, +5/-2)
- `src/agents/transcript-policy.ts` (modified, +6/-1)
- `src/gateway/channel-health-policy.test.ts` (modified, +42/-0)
- `src/gateway/channel-health-policy.ts` (modified, +12/-0)


---

# PR #56471: agents: tighten ACP delegation prompt guards

- Repository: openclaw/openclaw
- Author: Mintalix
- State: closed | merged: False
- Link: https://github.com/openclaw/openclaw/pull/56471

## Description (problem / solution / changelog)

## Summary

Describe the problem and fix in 2–5 bullets:

- Problem: the ACP delegation prompt path had a few correctness and safety gaps after the structured prompt work landed for delegated target agents such as `codex` or `kimi`.
- Why it matters: policy-denied ACP turns should fail fast, delegated target agents should not receive unsafe or mis-cited memory content, and ACP sessions should cache their skills snapshot instead of rebuilding it every turn.
- What changed: moved ACP prompt construction to after ACP policy checks, persisted ACP `skillsSnapshot` back to the session entry, guarded memory-file reads with workspace boundary checks, added `memory.md` fallback, fixed memory line-number citation drift caused by trimming before line splitting, and removed redundant snippet re-slicing.
- What did NOT change (scope boundary): no changes to ACP runtime policy semantics, no changes to transcript persistence semantics, and no changes outside the ACP delegation prompt / ACP routing test surface.

## Change Type

- [x] Bug fix
- [ ] Feature
- [x] Refactor required for the fix
- [ ] Docs
- [ ] Security hardening
- [ ] Chore/infra

## Scope (select all touched areas)

- [x] Gateway / orchestration
- [ ] Skills / tool execution
- [ ] Auth / tokens
- [x] Memory / storage
- [ ] Integrations
- [ ] API / contracts
- [ ] UI / DX
- [ ] CI/CD / infra

## Linked Issue/PR

- Closes #
- Related #55581
- [x] This PR fixes a bug or regression

## Root Cause / Regression History

- Root cause: ACP delegation prompt construction happened too early in the command flow, memory-file reads bypassed the workspace boundary-safe read path, root memory discovery only checked `MEMORY.md`, and line citations were computed from trimmed content rather than the original file content.
- Missing detection / guardrail: ACP routing tests covered prompt structure, but did not yet lock in prompt-build timing or ACP skills-snapshot persistence; memory handling also lacked dedicated ACP-specific guardrail coverage.
- Prior context: the earlier ACP delegation prompt change introduced richer context for delegated target agents, but left a few follow-up correctness, performance, and safety edges in the new code path.
- Why this regressed now: these issues were introduced as follow-up gaps in the new ACP delegation prompt path rather than by unrelated older code.
- If unknown, what was ruled out: the failures are not caused by transcript persistence itself and are not tied to ACP manager dispatch behavior once the turn is allowed to run.

## Regression Test Plan

- Coverage level that should have caught this:
  - [ ] Unit test
  - [x] Seam / integration test
  - [ ] End-to-end test
  - [ ] Existing coverage already sufficient
- Target test or file: `src/commands/agent.acp.test.ts`
- Scenario the test should lock in: ACP policy-denied turns must not build the delegation prompt before failing, and successful ACP turns must persist `skillsSnapshot` to the session store.
- Why this is the smallest reliable guardrail: it exercises the ACP command-routing seam end-to-end without needing a real remote delegated agent.
- Existing test that already covers this: updated ACP runtime routing assertions in `src/commands/agent.acp.test.ts`
- If no new test is added, why not: N/A

## User-visible / Behavior Changes

- ACP sessions that delegate work to target agents such as `codex` or `kimi` now avoid building the delegation prompt when ACP policy rejects the turn.
- ACP delegated prompt memory context now respects `memory.md` fallback and safer workspace-boundary reads.
- ACP sessions now persist `skillsSnapshot` after prompt construction so later turns can reuse it.

## Diagram

    Before:
    [ACP ready session] -> [build delegation prompt + read memory/bootstrap] -> [policy reject or run]

    After:
    [ACP ready session] -> [policy check] -> [build delegation prompt safely] -> [persist skills snapshot] -> [run]

## Security Impact

- New permissions/capabilities? No
- Secrets/tokens handling changed? No
- New/changed network calls? No
- Command/tool execution surface changed? No
- Data access scope changed? Yes
- If any Yes, explain risk + mitigation:
  - ACP delegated prompt memory reads now explicitly use workspace boundary validation, which reduces the chance of symlink or out-of-root file content being sent to delegated target agents.
  - Mitigation: reads now go through the guarded workspace-boundary file path and skip invalid candidates instead of reading raw paths directly.

## Repro + Verification

### Environment

- OS: `Darwin 25.2.0 arm64`
- Runtime/container: `Node v24.12.0`
- Model/provider: ACP test harness / mocked ACP manager
- Integration/channel: ACP session routing
- Relevant config: default ACP test fixture config

### Steps

1. Run `pnpm test -- src/commands/agent.acp.test.ts`
2. Trigger ACP routing for an allowed session and for a policy-denied ACP session in the test harness.
3. Inspect the mocked ACP manager call arguments and persisted session store data.

### Expected

- Policy-denied ACP turns fail before prompt construction.
- Successful ACP turns persist `skillsSnapshot`.
- Memory context handling uses correct fallback and safer file reads.

### Actual

- `pnpm test -- src/commands/agent.acp.test.ts` passes with the new assertions.
- `pnpm build` still fails on unchanged baseline `sourceInfo` type errors in files outside this PR.

## Evidence

Attach at least one:

- [x] Failing test/log before + passing after
- [ ] Trace/log snippets
- [ ] Screenshot/recording
- [ ] Perf numbers (if relevant)

## Human Verification

- Verified scenarios: ACP routing tests pass; policy-denied ACP turns do not build the prompt first; successful ACP turns persist `skillsSnapshot`.
- Edge cases checked: `memory.md` fallback path, memory-citation line handling after leading blank lines, and guarded memory reads in the ACP prompt path.
- What you did **not** verify: full `pnpm test`; clean `pnpm build`, because latest `origin/main` currently fails in unchanged `sourceInfo`-related files outside this PR.

## Review Conversations

- [ ] I replied to or resolved every bot review conversation I addressed in this PR.
- [ ] I left unresolved only the conversations that still need reviewer or maintainer judgment.

## Compatibility / Migration

- Backward compatible? Yes
- Config/env changes? No
- Migration needed? No
- If yes, exact upgrade steps:

## Risks and Mitigations

- Risk:
  - ACP delegation now persists `skillsSnapshot` earlier in the ACP path, so future ACP turns depend more directly on the saved snapshot shape.
  - Mitigation:
    - It reuses the existing session-entry snapshot field and persistence path already used by the non-ACP command flow.

## Changed files

- `src/agents/acp-delegation-prompt.ts` (added, +398/-0)
- `src/agents/agent-command.ts` (modified, +40/-6)
- `src/commands/agent.acp.test.ts` (modified, +82/-4)