@a1hvdy/cc-openclaw 0.27.4 → 0.27.6

package/dist/src/channels/telegram-mirror/card-renderer.d.ts

@@ -16,6 +16,13 @@
 import type { Turn, ToolCallRecord } from './state-machine.js';
 import type { CardMeta } from './card-state.js';
 export declare function toolDiffBlock(tc: ToolCallRecord): string;
+/**
+ * v0.27.5 — pick a syntax-highlight language for a tool's RESULT block so the
+ * card colors output the way the terminal does. Bash/shell → 'bash'; file tools
+ * → inferred from the `file_path` extension via EXT_LANG. Unknown → undefined
+ * (renders classless, no regression — never guess a language we can't justify).
+ */
+export declare function langForTool(tc: ToolCallRecord): string | undefined;
 /**
  * Format one tool-call line for inclusion in the rendered card body.
  *   "✓ Bash · ls -la"

package/dist/src/channels/telegram-mirror/card-renderer.js

@@ -14,7 +14,7 @@
  * Tests live at tests/channels/telegram-mirror/m2-render-pipeline.test.ts.
  */
 import { renderStatusLine, renderMeters, renderTodos } from './status-line.js';
-import { escapeHtml, code, pre, markdownToHtml } from '../../lib/html-render.js';
+import { escapeHtml, code, pre, markdownToHtml, closeDanglingTags } from '../../lib/html-render.js';
 // v0.27.0 M1 — the card renders as Telegram HTML (parse_mode: 'HTML'), not
 // MarkdownV2. HTML only needs `& < >` escaped (no per-char backslash litter)
 // and supports <pre><code class="language-…"> + <blockquote> for true
@@ -182,6 +182,48 @@ export function toolDiffBlock(tc) {
     }
     return truncateDiff(lines);
 }
+/**
+ * v0.27.5 — extension → Telegram syntax-highlight language. Telegram's only
+ * source of color is `<pre><code class="language-X">`; this maps a file
+ * extension to the `X` it recognizes. Unlisted extensions fall through to
+ * `undefined` (classless block, exactly as today).
+ */
+const EXT_LANG = {
+    ts: 'typescript',
+    tsx: 'typescript',
+    js: 'javascript',
+    jsx: 'javascript',
+    py: 'python',
+    sh: 'bash',
+    json: 'json',
+    md: 'markdown',
+    yml: 'yaml',
+    yaml: 'yaml',
+    sql: 'sql',
+    go: 'go',
+    rs: 'rust',
+    css: 'css',
+    html: 'html',
+    toml: 'toml',
+};
+/**
+ * v0.27.5 — pick a syntax-highlight language for a tool's RESULT block so the
+ * card colors output the way the terminal does. Bash/shell → 'bash'; file tools
+ * → inferred from the `file_path` extension via EXT_LANG. Unknown → undefined
+ * (renders classless, no regression — never guess a language we can't justify).
+ */
+export function langForTool(tc) {
+    const n = tc.name.toLowerCase();
+    if (n === 'bash' || n === 'shell')
+        return 'bash';
+    const input = tc.input;
+    if (input && typeof input === 'object' && typeof input.file_path === 'string') {
+        const m = /\.([a-z0-9]+)$/i.exec(input.file_path);
+        if (m)
+            return EXT_LANG[m[1].toLowerCase()];
+    }
+    return undefined;
+}
 /**
  * Format one tool-call line for inclusion in the rendered card body.
  *   "✓ Bash · ls -la"
@@ -240,11 +282,14 @@ export function renderThinkingBlock(thinkingText) {
     // v0.27.0 M1 — Telegram HTML <blockquote> renders the reasoning as a single
     // indented quote (terminal-style), distinct from the assistant text. Content
     // is HTML-escaped; newlines are preserved inside the blockquote.
+    // v0.27.5 M3 — `expandable` collapses long reasoning to a tap-to-expand quote,
+    // keeping the card compact. stripHtml's `blockquote\b[^>]*>` already tolerates
+    // the attribute, so the plain-text fallback is unaffected.
     const body = trimmed
         .split('\n')
         .map((l) => escapeHtml(l))
         .join('\n');
-    return `💭 Thinking\n<blockquote>${body}</blockquote>`;
+    return `💭 Thinking\n<blockquote expandable>${body}</blockquote>`;
 }
 /**
  * Render the full turn into a Telegram-safe message body. The mirror keeps
@@ -339,9 +384,9 @@ export function renderTurn(turn, meta) {
             const diffText = toolDiffBlock(tc);
             const resultText = toolResultText(tc);
             const block = diffText
-                ? pre(diffText)
+                ? pre(diffText, 'diff') // v0.27.5 M1 — Telegram colors -/+ lines red/green
                 : resultText
-                    ? pre(truncateResult(resultText))
+                    ? pre(truncateResult(resultText), langForTool(tc)) // v0.27.5 M2 — lang-highlight output
                     : '';
             const withBlock = block ? `${line}\n${block}` : line;
             // Prefer line+block; if that bursts the cap, fall back to the line alone
@@ -410,13 +455,21 @@ export function renderTurn(turn, meta) {
     }
     // Guaranteed safety net: even if the budgeted assembly above has a logic gap,
     // a card MUST NOT exceed Telegram's 4096-char hard cap (an over-cap edit is
-    // rejected outright). A blunt slice here can split an HTML tag, but editTg's
-    // hardened plain-text fallback strips tags on rejection, so this degrades
-    // gracefully rather than freezing the card.
+    // rejected outright).
     const body = lines.join('\n');
     if (body.length <= 4096)
         return body;
-    return body.slice(0, 4095) + '…';
+    // v0.27.5 M4 — a blunt slice can split an HTML tag, which makes Telegram reject
+    // the edit and forces editTg's plain-text fallback (the path that surfaces
+    // literal `<pre>`/`**`/`- ` markup — the exact "raw markdown" leak we're
+    // closing). Instead: truncate at the last whole line ≤ 4090, close any tag the
+    // slice left dangling (LIFO), then append the ellipsis. The result is always
+    // well-formed HTML, so editTg never has to fall back. The 3900 budget means
+    // this rarely fires, but it must be safe when it does.
+    const hard = body.slice(0, 4090);
+    const nl = hard.lastIndexOf('\n');
+    const sliced = nl > 0 ? hard.slice(0, nl) : hard;
+    return closeDanglingTags(sliced) + '\n…';
 }
 /**
  * Decide whether the current turn snapshot should be sent (first render)

package/dist/src/channels/telegram-mirror/turn-bridge.d.ts

@@ -90,7 +90,7 @@ export declare function pushThinking(text: string): void;
  * into the card during the turn, then calls this on turn end. Single-tenant:
  * finalizes ALL active cards (one at a time in practice).
  */
-export declare function finalizeActiveCards(): Promise<void>;
+export declare function finalizeActiveCards(deliveredText?: string): Promise<void>;
 /**
  * Map a caught error to a short, user-readable card reason (v0.27.0 M4). Keeps
  * the "❌ <reason>" header concise and classifies the common cc-openclaw-side

package/dist/src/channels/telegram-mirror/turn-bridge.js

@@ -272,7 +272,7 @@ export function pushThinking(text) {
  * into the card during the turn, then calls this on turn end. Single-tenant:
  * finalizes ALL active cards (one at a time in practice).
  */
-export async function finalizeActiveCards() {
+export async function finalizeActiveCards(deliveredText) {
     const chats = activeChatIds();
     if (chats.length === 0)
         return;
@@ -291,7 +291,15 @@ export async function finalizeActiveCards() {
             // The plugin can't suppress the gateway reply (no suppressUserDelivery
             // knob), so the card yields the final text and finalizes to a clean
             // status/tools/✓ Done activity view. renderTurn itself is unchanged.
-            turn.assistantText = '';
+            //
+            // v0.27.6 disconnect exception (Killer #2 report-drop) — when the gateway
+            // socket died mid-turn the gateway delivers NOTHING separately, so the
+            // dedup assumption breaks and wiping the text yields total silence
+            // ("✓ Done" then nothing). The caller passes the accumulated text in that
+            // case (deliveredText); the finalized card then KEEPS the full report as
+            // the sole delivery channel. On the happy path deliveredText is undefined
+            // → '' → behavior unchanged (gateway delivers, no duplicate).
+            turn.assistantText = deliveredText ?? '';
             try {
                 await editTg(chatId, card.messageId, renderTurn(turn, card.meta));
             }

package/dist/src/constants.d.ts

@@ -186,3 +186,20 @@ export declare const CC_AUTO_COMPACT_THRESHOLD = 70;
  *  recreate) instead of compacting. Used when /compact itself would leave
  *  the session too close to the model's window cap to do useful work. */
 export declare const CC_HARD_RESET_THRESHOLD = 90;
+/** Single-flight window for the openai-compat streaming path. When two
+ *  requests with a byte-identical (sessionName + input) signature arrive
+ *  within this window, the second is treated as a duplicate (an OpenClaw
+ *  retry of a stream it perceived as dead) and JOINS the in-flight turn
+ *  instead of spawning a SECOND full model run. The leader's result is
+ *  replayed to the follower; the model executes exactly once.
+ *
+ *  Born from the 2026-05-22 incident: an OOM SIGKILL (exit 137) made
+ *  OpenClaw retry, and session-manager's per-session send-chain SERIALIZES
+ *  (rather than coalesces) the retry — so the turn ran twice and delivered
+ *  two identical Telegram messages. This guards the duplicate at its source.
+ *
+ *  Set CC_OPENCLAW_DEDUP_WINDOW_MS=0 to disable (pure fail-open to the prior
+ *  serialize-and-rerun behavior). Default 45s comfortably exceeds a typical
+ *  OpenClaw read-timeout-then-retry gap without risking a real, distinct
+ *  follow-up message colliding with a just-finished identical one. */
+export declare const DEDUP_WINDOW_MS = 45000;

package/dist/src/constants.js

@@ -195,3 +195,21 @@ export const CC_AUTO_COMPACT_THRESHOLD = 70;
  *  recreate) instead of compacting. Used when /compact itself would leave
  *  the session too close to the model's window cap to do useful work. */
 export const CC_HARD_RESET_THRESHOLD = 90;
+// ─── request coalescing / duplicate-turn defense (v0.27.5) ──────────────────
+/** Single-flight window for the openai-compat streaming path. When two
+ *  requests with a byte-identical (sessionName + input) signature arrive
+ *  within this window, the second is treated as a duplicate (an OpenClaw
+ *  retry of a stream it perceived as dead) and JOINS the in-flight turn
+ *  instead of spawning a SECOND full model run. The leader's result is
+ *  replayed to the follower; the model executes exactly once.
+ *
+ *  Born from the 2026-05-22 incident: an OOM SIGKILL (exit 137) made
+ *  OpenClaw retry, and session-manager's per-session send-chain SERIALIZES
+ *  (rather than coalesces) the retry — so the turn ran twice and delivered
+ *  two identical Telegram messages. This guards the duplicate at its source.
+ *
+ *  Set CC_OPENCLAW_DEDUP_WINDOW_MS=0 to disable (pure fail-open to the prior
+ *  serialize-and-rerun behavior). Default 45s comfortably exceeds a typical
+ *  OpenClaw read-timeout-then-retry gap without risking a real, distinct
+ *  follow-up message colliding with a just-finished identical one. */
+export const DEDUP_WINDOW_MS = 45_000;

package/dist/src/engines/persistent-session.d.ts

@@ -27,6 +27,11 @@ interface InternalStats {
     lastActivity: string | null;
     /** v0.27.x — last PROGRESS event ts (excludes api_retry); watchdog keys off it. */
     lastProgressAt: string | null;
+    /** v0.27.6 — count of tool calls currently in flight (dispatched onToolUse
+     *  without a matching onToolResult yet). The stalled-session watchdog treats
+     *  inFlightTools > 0 as "alive" so a long quiet Bash/build/test step is never
+     *  killed mid-run. Reset to 0 at turn boundaries (start / complete / close). */
+    inFlightTools: number;
     history: Array<{
         time: string;
         type: string;

package/dist/src/engines/persistent-session.js

@@ -59,6 +59,7 @@ export class PersistentClaudeSession extends EventEmitter {
             startTime: null,
             lastActivity: null,
             lastProgressAt: null,
+            inFlightTools: 0,
             history: [],
             retries: 0,
             lastRetryError: undefined,
@@ -291,6 +292,9 @@ export class PersistentClaudeSession extends EventEmitter {
         });
         this.proc.on('close', (code) => {
             this._isReady = false;
+            // v0.27.6 — liveness watchdog (Killer #1): subprocess gone, nothing can be
+            // in flight; clear so a stale count never outlives the process.
+            this.stats.inFlightTools = 0;
             this.emit(SESSION_EVENT.CLOSE, code);
         });
         this.proc.on('error', (err) => {
@@ -385,6 +389,10 @@ export class PersistentClaudeSession extends EventEmitter {
                     const block = inner.content_block;
                     if (block?.type === 'tool_use') {
                         this.stats.toolCalls++;
+                        // v0.27.6 — liveness watchdog (Killer #1): a tool is now in flight.
+                        // Decremented on its tool_result; reset to 0 at turn boundaries so a
+                        // missed result can't pin the count open forever.
+                        this.stats.inFlightTools++;
                         // v0.26.1: carry the tool_use block id so the Telegram mirror can
                         // match the later tool_result event and flip the glyph … → ✓/✗.
                         const toolEvent = { tool: { name: block.name, input: {}, id: block.id } };
@@ -470,6 +478,10 @@ export class PersistentClaudeSession extends EventEmitter {
                             };
                             if (b.is_error)
                                 this.stats.toolErrors++;
+                            // v0.27.6 — liveness watchdog (Killer #1): this tool's result
+                            // arrived, so it's no longer in flight. Clamp at 0 (a duplicate or
+                            // unmatched result must never push the count negative).
+                            this.stats.inFlightTools = Math.max(0, this.stats.inFlightTools - 1);
                             try {
                                 this._streamCallbacks?.onToolResult?.(resultEvent);
                             }
@@ -511,6 +523,8 @@ export class PersistentClaudeSession extends EventEmitter {
                         }
                         else if (block.type === 'tool_use') {
                             this.stats.toolCalls++;
+                            // v0.27.6 — liveness watchdog (Killer #1): tool in flight (see above).
+                            this.stats.inFlightTools++;
                             const toolEvent = {
                                 tool: {
                                     name: block.name,
@@ -559,6 +573,8 @@ export class PersistentClaudeSession extends EventEmitter {
                 break;
             case 'tool_use':
                 this.stats.toolCalls++;
+                // v0.27.6 — liveness watchdog (Killer #1): tool in flight (see above).
+                this.stats.inFlightTools++;
                 try {
                     this._streamCallbacks?.onToolUse?.(event);
                 }
@@ -568,6 +584,8 @@ export class PersistentClaudeSession extends EventEmitter {
                 this.emit(SESSION_EVENT.TOOL_USE, event);
                 break;
             case 'tool_result':
+                // v0.27.6 — liveness watchdog (Killer #1): tool result arrived (see above).
+                this.stats.inFlightTools = Math.max(0, this.stats.inFlightTools - 1);
                 try {
                     this._streamCallbacks?.onToolResult?.(event);
                 }
@@ -601,6 +619,10 @@ export class PersistentClaudeSession extends EventEmitter {
                 }
                 this.emit(SESSION_EVENT.RESULT, event);
                 this.emit(SESSION_EVENT.TURN_COMPLETE, event);
+                // v0.27.6 — liveness watchdog (Killer #1): turn is over; clear any
+                // in-flight tool count so a missed tool_result can't pin the session
+                // "alive" across turns and permanently disable the stalled backstop.
+                this.stats.inFlightTools = 0;
                 this._fireHook('onTurnComplete', {
                     text: event.result,
                     usage,
@@ -668,6 +690,10 @@ export class PersistentClaudeSession extends EventEmitter {
             this._streamCallbacks = options.callbacks;
         if (options.waitForComplete) {
             this._isBusy = true;
+            // v0.27.6 — liveness watchdog (Killer #1): each turn starts with zero
+            // tools in flight; guarantees no count leaks across turns regardless of
+            // how the prior turn ended (result / error / partial).
+            this.stats.inFlightTools = 0;
             try {
                 return await this._waitForTurnComplete(options.timeout || resolveTurnTimeoutMs());
             }
@@ -781,6 +807,7 @@ export class PersistentClaudeSession extends EventEmitter {
             startTime: this.stats.startTime,
             lastActivity: this.stats.lastActivity,
             lastProgressAt: this.stats.lastProgressAt,
+            inFlightTools: this.stats.inFlightTools,
             // v0.6.0: contextPercent now reflects ACTUAL per-turn context occupancy
             // (input + cache-read tokens from the last `result` event), not lifetime
             // cumulative tokens. Pre-fix it saturated at 100% by turn 3 of any

package/dist/src/lib/html-render.d.ts

@@ -26,6 +26,21 @@ export declare function code(s: string): string;
  * stays legible. Not a general sanitizer — scoped to the tags this module emits.
  */
 export declare function stripHtml(input: string | null | undefined): string;
+/**
+ * v0.27.5 M4 — close any unclosed Telegram-HTML tags this module emits, in LIFO
+ * order. A hard truncation of a rendered card (renderTurn's 4096-char backstop)
+ * can slice through an open `<pre>`/`<b>`/… ; left dangling, Telegram rejects the
+ * edit and editTg falls back to plain text — dumping literal `<pre>`/`**`/`- `
+ * markup into the chat. Closing the danglers keeps the truncated HTML well-formed
+ * so the edit is accepted.
+ *
+ * Conservative by design: only the tags this module emits (pre, code, blockquote,
+ * b, i, s, a) are tracked, balanced input passes through byte-identical, and
+ * stray/mismatched closers are tolerated (pop nearest match, never go negative).
+ * Attribute values here never contain a literal `>` (escapeHtml runs on class /
+ * href), so `[^>]*` safely consumes the whole opening tag.
+ */
+export declare function closeDanglingTags(html: string): string;
 /**
  * Fenced code block: `<pre><code class="language-LANG">escaped</code></pre>`.
  * Omits the class when no language is given. Body is HTML-escaped (the only

package/dist/src/lib/html-render.js

@@ -45,6 +45,42 @@ export function stripHtml(input) {
         .replace(/"/g, '"')
         .replace(/&/g, '&');
 }
+/**
+ * v0.27.5 M4 — close any unclosed Telegram-HTML tags this module emits, in LIFO
+ * order. A hard truncation of a rendered card (renderTurn's 4096-char backstop)
+ * can slice through an open `<pre>`/`<b>`/… ; left dangling, Telegram rejects the
+ * edit and editTg falls back to plain text — dumping literal `<pre>`/`**`/`- `
+ * markup into the chat. Closing the danglers keeps the truncated HTML well-formed
+ * so the edit is accepted.
+ *
+ * Conservative by design: only the tags this module emits (pre, code, blockquote,
+ * b, i, s, a) are tracked, balanced input passes through byte-identical, and
+ * stray/mismatched closers are tolerated (pop nearest match, never go negative).
+ * Attribute values here never contain a literal `>` (escapeHtml runs on class /
+ * href), so `[^>]*` safely consumes the whole opening tag.
+ */
+export function closeDanglingTags(html) {
+    const stack = [];
+    const re = /<(\/?)(pre|code|blockquote|b|i|s|a)\b[^>]*>/gi;
+    let m;
+    while ((m = re.exec(html)) !== null) {
+        const tag = m[2].toLowerCase();
+        if (m[1] === '/') {
+            const idx = stack.lastIndexOf(tag);
+            if (idx !== -1)
+                stack.splice(idx, 1);
+        }
+        else {
+            stack.push(tag);
+        }
+    }
+    if (stack.length === 0)
+        return html;
+    let out = html;
+    for (let i = stack.length - 1; i >= 0; i--)
+        out += `</${stack[i]}>`;
+    return out;
+}
 /**
  * Fenced code block: `<pre><code class="language-LANG">escaped</code></pre>`.
  * Omits the class when no language is given. Body is HTML-escaped (the only

package/dist/src/openai-compat/non-streaming-handler.js

@@ -61,6 +61,17 @@ slashCommand) {
     // v0.15.0 Slice 1: hoist userText so the catch-path probe emit can reference
     // it (originally declared inside try at line ~133, post-recovery-pipeline).
     const probeUserText = userMessageToText(userMessage);
+    // v0.27.6 — report-drop fix (Killer #2), mirror of the streaming handler.
+    // The non-streaming path had NO disconnect tracking, so we add it: if the
+    // gateway socket dies mid-turn the buffered JSON reply reaches no one, and
+    // finalize() would otherwise wipe the card → total silence. Track the close,
+    // hoist deliveredText to function scope (same pattern as probeUserText above),
+    // and the finally block keeps the text on the card only when disconnected.
+    let clientDisconnected = false;
+    res.on('close', () => {
+        clientDisconnected = true;
+    });
+    let deliveredText = '';
     try {
         reportStatus('thinking', 'Processing request...');
         // v0.7.1: accumulate thinking-block content when surfaceThinking is on.
@@ -163,6 +174,9 @@ slashCommand) {
         // card. reply_dispatch in inbound-handler will fire shortly after and
         // re-render the card with state='done', picking up this text inline.
         mirrorPushAssistantText(outputText);
+        // v0.27.6 — remember the text the card is showing so the finally block can
+        // re-apply it if the socket died (see clientDisconnected note above).
+        deliveredText = outputText;
         // Parse tool_calls from response text when caller provided tools
         let traceToolCount = 0;
         let traceFinishReason = 'stop';
@@ -256,7 +270,10 @@ slashCommand) {
         // v0.26.1 — finalize the Telegram mirror card at the true end of the model
         // turn (see handleStreaming counterpart). Best-effort.
         try {
-            await mirrorFinalizeActiveCards();
+            // v0.27.6 — report-drop fix (Killer #2): keep the report on the card when
+            // the socket died (mirror of the streaming handler). Happy path passes
+            // undefined → card wiped → gateway delivers (no duplicate).
+            await mirrorFinalizeActiveCards(clientDisconnected ? deliveredText : undefined);
         }
         catch {
             /* finalize is cosmetic; never propagate */

package/dist/src/openai-compat/openai-compat.js

@@ -32,6 +32,8 @@ import { TTS_RULE } from './tts-rule.js';
 import { extractUserMessage, } from './message-extractor.js';
 import { handleNonStreaming } from './non-streaming-handler.js';
 import { handleStreaming } from './streaming-handler.js';
+import { getDedupWindowMs, computeSignature, findInFlight, registerLeader, awaitLeader, replayCoalesced, } from './request-coalescer.js';
+import { resolveTurnTimeoutMs } from '../lib/env-overrides.js';
 // Re-export for backward compat — Cluster B extracted these to dedicated
 // modules; keep the original import surface stable for any external caller.
 // See src/openai-compat/{mode-flags,session-key-resolver,prompts,tool-calls-parser,tool-results-serializer}.ts.
@@ -416,13 +418,48 @@ export async function handleChatCompletion(manager, body, headers, res) {
         userMessage = `${toolBlock}\n\n${userMessage}`;
     }
     const completionId = `chatcmpl-${randomUUID().replace(/-/g, '').slice(0, 29)}`;
+    // ── v0.27.5 single-flight request coalescing (streaming path) ─────────────
+    // When OpenClaw retries a request whose stream it perceived as dead (the
+    // 2026-05-22 OOM/exit-137 incident), the retry carries a byte-identical body.
+    // Without this guard, session-manager's per-session send-chain SERIALIZES the
+    // retry into a SECOND full model run → a duplicate Telegram message. Here the
+    // first such request is the leader (runs once); a duplicate within the dedup
+    // window is a follower that replays the leader's result. FAIL-OPEN: any error,
+    // an empty/failed leader, or a leader that exceeds the turn timeout all fall
+    // THROUGH to a normal dispatch — this can never drop a real reply.
+    const dedupWindowMs = getDedupWindowMs();
+    let coalesceLeader;
+    if (isStreaming && dedupWindowMs > 0) {
+        try {
+            const sig = computeSignature(sessionName, sendInput);
+            const existing = findInFlight(sig, dedupWindowMs);
+            if (existing) {
+                const leaderResult = await awaitLeader(existing, resolveTurnTimeoutMs());
+                if (leaderResult && leaderResult.text.length > 0) {
+                    replayCoalesced(res, completionId, resolvedModel, leaderResult);
+                    emitTrajectory('response_complete', { engine, model: resolvedModel, latencyMs: Date.now() - _t0, ok: true, coalesced: true }, sessionName);
+                    return; // duplicate served from the leader — no second model run
+                }
+                // leader failed / produced no text / timed out → fail-open below
+            }
+            else {
+                coalesceLeader = registerLeader(sig);
+            }
+        }
+        catch {
+            coalesceLeader = undefined; // any coalescer fault → behave as before
+        }
+    }
     // Pillar B v0.4.1: bracket dispatch with try/finally so response_complete
     // fires for both success and failure (the latter relabelled). Latency is
     // measured from request_in's _t0 above.
     let _ok = true;
     try {
         if (isStreaming) {
-            await handleStreaming(manager, sessionName, resolvedModel, sendInput, completionId, res, hasTools, extracted.slashCommand);
+            await handleStreaming(manager, sessionName, resolvedModel, sendInput, completionId, res, hasTools, extracted.slashCommand, 
+            // v0.27.5: capture this leader's result so a coalesced follower can
+            // replay it. handleStreaming calls this only on a successful turn.
+            coalesceLeader ? (r) => coalesceLeader.resolve(r) : undefined);
         }
         else {
             await handleNonStreaming(manager, sessionName, resolvedModel, sendInput, completionId, res, hasTools, extracted.slashCommand);
@@ -433,6 +470,17 @@ export async function handleChatCompletion(manager, body, headers, res) {
         throw err;
     }
     finally {
+        // v0.27.5: ALWAYS settle the leader so followers never hang. After a
+        // successful capture this is a no-op (resolve is idempotent); on error or
+        // an empty turn it resolves null → followers fail-open to a fresh run.
+        if (coalesceLeader) {
+            try {
+                coalesceLeader.resolve(null);
+            }
+            catch {
+                /* already settled */
+            }
+        }
         let tokensIn;
         let tokensOut;
         try {

package/dist/src/openai-compat/request-coalescer.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Single-flight request coalescer for the openai-compat streaming path (v0.27.5).
+ *
+ * THE PROBLEM (2026-05-22 incident)
+ * ─────────────────────────────────
+ * When a turn is OOM-killed mid-stream (exit 137) — or simply runs long enough
+ * that OpenClaw's HTTP client perceives the SSE stream as dead — OpenClaw fires
+ * a RETRY with a byte-identical request body. session-manager.sendMessage()
+ * *serializes* concurrent same-session sends via a per-session promise chain
+ * (session-manager.ts:437-453) rather than coalescing them, so the retry runs
+ * the FULL turn a second time and delivers a second, identical Telegram message
+ * (the "two identical messages" the user reported).
+ *
+ * THE FIX
+ * ───────
+ * Classic single-flight (a.k.a. request coalescing): the FIRST request for a
+ * given signature becomes the "leader" and runs the model once; any duplicate
+ * arriving within DEDUP_WINDOW_MS becomes a "follower" that AWAITS the leader's
+ * result and replays it — no second subprocess, no divergent second generation.
+ * In the common retry-after-perceived-death case, OpenClaw has already abandoned
+ * the leader's connection, so only the follower delivers → exactly one message.
+ *
+ * SAFETY: FAIL-OPEN BY CONSTRUCTION
+ * ─────────────────────────────────
+ * The caller wraps every coalescer interaction in try/catch and, on ANY error
+ * (or a leader that produced empty text, or a leader that exceeds the turn
+ * timeout), falls THROUGH to a normal dispatch. The worst case this can produce
+ * is the prior behavior (a possible duplicate) — it can NEVER drop a real reply.
+ * That property is the whole point: the user's deepest pain is missing messages,
+ * so the duplicate defense must not be able to cause a miss.
+ */
+import type * as http from 'node:http';
+/** The leader's captured turn output, replayed verbatim to followers. */
+export interface CoalescedResult {
+    text: string;
+    finishReason: 'stop' | 'tool_calls';
+    usage?: {
+        prompt_tokens: number;
+        completion_tokens: number;
+        total_tokens: number;
+    };
+}
+interface InFlightEntry {
+    startedAt: number;
+    /** Resolves when the leader's turn completes. `null` ⇒ leader failed or
+     *  produced no replayable text; followers must fail-open to a fresh run. */
+    resultPromise: Promise<CoalescedResult | null>;
+}
+/** Resolve the dedup window. CC_OPENCLAW_DEDUP_WINDOW_MS=0 disables coalescing
+ *  entirely (the caller then never enters the leader/follower branches). */
+export declare function getDedupWindowMs(): number;
+/** Stable signature for "the same turn". Session-scoped so two chats sending
+ *  identical text never collide. SHA-256 of sessionName + NUL + serialized
+ *  input keeps the key bounded regardless of prompt size. */
+export declare function computeSignature(sessionName: string, input: unknown): string;
+/** Return a live (within-window) in-flight entry for `sig`, or undefined.
+ *  Prunes a stale entry as a side effect so the map self-heals. */
+export declare function findInFlight(sig: string, windowMs: number): InFlightEntry | undefined;
+/** Register the current request as the leader for `sig`. Returns a `resolve`
+ *  the caller MUST invoke in a finally block with the captured result (or
+ *  `null` on failure) so followers never hang. The entry is retained for the
+ *  window after resolution, then evicted. */
+export declare function registerLeader(sig: string): {
+    resolve: (r: CoalescedResult | null) => void;
+};
+/** Await a leader's result with a hard cap so a wedged leader can't hang the
+ *  follower forever. On timeout returns `null` ⇒ caller fails open. */
+export declare function awaitLeader(entry: InFlightEntry, timeoutMs: number): Promise<CoalescedResult | null>;
+/** Replay a leader's captured result to a follower's response as a complete,
+ *  well-formed SSE stream (role chunk → content chunk → final chunk → [DONE]).
+ *  Mirrors the shape handleStreaming emits so OpenClaw sees an ordinary, valid
+ *  completion. Best-effort writes: a disconnected follower socket is harmless. */
+export declare function replayCoalesced(res: http.ServerResponse, completionId: string, model: string, result: CoalescedResult): void;
+/** Test-only helpers. */
+export declare function _resetForTest(): void;
+export declare function _size(): number;
+export {};

package/dist/src/openai-compat/request-coalescer.js

@@ -0,0 +1,157 @@
+/**
+ * Single-flight request coalescer for the openai-compat streaming path (v0.27.5).
+ *
+ * THE PROBLEM (2026-05-22 incident)
+ * ─────────────────────────────────
+ * When a turn is OOM-killed mid-stream (exit 137) — or simply runs long enough
+ * that OpenClaw's HTTP client perceives the SSE stream as dead — OpenClaw fires
+ * a RETRY with a byte-identical request body. session-manager.sendMessage()
+ * *serializes* concurrent same-session sends via a per-session promise chain
+ * (session-manager.ts:437-453) rather than coalescing them, so the retry runs
+ * the FULL turn a second time and delivers a second, identical Telegram message
+ * (the "two identical messages" the user reported).
+ *
+ * THE FIX
+ * ───────
+ * Classic single-flight (a.k.a. request coalescing): the FIRST request for a
+ * given signature becomes the "leader" and runs the model once; any duplicate
+ * arriving within DEDUP_WINDOW_MS becomes a "follower" that AWAITS the leader's
+ * result and replays it — no second subprocess, no divergent second generation.
+ * In the common retry-after-perceived-death case, OpenClaw has already abandoned
+ * the leader's connection, so only the follower delivers → exactly one message.
+ *
+ * SAFETY: FAIL-OPEN BY CONSTRUCTION
+ * ─────────────────────────────────
+ * The caller wraps every coalescer interaction in try/catch and, on ANY error
+ * (or a leader that produced empty text, or a leader that exceeds the turn
+ * timeout), falls THROUGH to a normal dispatch. The worst case this can produce
+ * is the prior behavior (a possible duplicate) — it can NEVER drop a real reply.
+ * That property is the whole point: the user's deepest pain is missing messages,
+ * so the duplicate defense must not be able to cause a miss.
+ */
+import { createHash } from 'node:crypto';
+import { DEDUP_WINDOW_MS } from '../constants.js';
+import { formatCompletionChunk } from './response-formatter.js';
+/** Module-scoped registry. Keyed by signature. Entries linger for the window
+ *  after completion so a late retry (arriving just after the leader finished)
+ *  still coalesces against the already-resolved result. */
+const inFlight = new Map();
+/** Resolve the dedup window. CC_OPENCLAW_DEDUP_WINDOW_MS=0 disables coalescing
+ *  entirely (the caller then never enters the leader/follower branches). */
+export function getDedupWindowMs() {
+    const raw = process.env.CC_OPENCLAW_DEDUP_WINDOW_MS;
+    const n = raw !== undefined ? parseInt(raw, 10) : NaN;
+    if (Number.isFinite(n) && n >= 0)
+        return n;
+    return DEDUP_WINDOW_MS;
+}
+/** Stable signature for "the same turn". Session-scoped so two chats sending
+ *  identical text never collide. SHA-256 of sessionName + NUL + serialized
+ *  input keeps the key bounded regardless of prompt size. */
+export function computeSignature(sessionName, input) {
+    const raw = typeof input === 'string' ? input : JSON.stringify(input);
+    return createHash('sha256').update(sessionName).update('\0').update(raw).digest('hex');
+}
+/** Return a live (within-window) in-flight entry for `sig`, or undefined.
+ *  Prunes a stale entry as a side effect so the map self-heals. */
+export function findInFlight(sig, windowMs) {
+    const entry = inFlight.get(sig);
+    if (!entry)
+        return undefined;
+    // >= (not >): a window of 0 means "no coalescing window" → every entry is
+    // already stale and must be pruned (matches CC_OPENCLAW_DEDUP_WINDOW_MS=0
+    // disabling coalescing). With `>`, a same-millisecond lookup (elapsed 0)
+    // wrongly treated a 0-window entry as live. Real windows are unaffected
+    // (elapsed 0 >= 45000 is still false → live).
+    if (Date.now() - entry.startedAt >= windowMs) {
+        inFlight.delete(sig);
+        return undefined;
+    }
+    return entry;
+}
+/** Register the current request as the leader for `sig`. Returns a `resolve`
+ *  the caller MUST invoke in a finally block with the captured result (or
+ *  `null` on failure) so followers never hang. The entry is retained for the
+ *  window after resolution, then evicted. */
+export function registerLeader(sig) {
+    let resolveFn;
+    const resultPromise = new Promise((res) => {
+        resolveFn = res;
+    });
+    const entry = { startedAt: Date.now(), resultPromise };
+    inFlight.set(sig, entry);
+    // Idempotent: the caller resolves from BOTH the success-path capture callback
+    // and a finally-block backstop (which passes null). Only the first wins; the
+    // backstop is a no-op after a successful capture.
+    let settled = false;
+    return {
+        resolve: (r) => {
+            if (settled)
+                return;
+            settled = true;
+            resolveFn(r);
+            const t = setTimeout(() => {
+                if (inFlight.get(sig) === entry)
+                    inFlight.delete(sig);
+            }, getDedupWindowMs());
+            // Don't let the eviction timer keep the process alive.
+            t.unref?.();
+        },
+    };
+}
+/** Await a leader's result with a hard cap so a wedged leader can't hang the
+ *  follower forever. On timeout returns `null` ⇒ caller fails open. */
+export async function awaitLeader(entry, timeoutMs) {
+    let timer;
+    const timeout = new Promise((res) => {
+        timer = setTimeout(() => res(null), timeoutMs);
+        timer.unref?.();
+    });
+    try {
+        return await Promise.race([entry.resultPromise, timeout]);
+    }
+    finally {
+        if (timer)
+            clearTimeout(timer);
+    }
+}
+/** Replay a leader's captured result to a follower's response as a complete,
+ *  well-formed SSE stream (role chunk → content chunk → final chunk → [DONE]).
+ *  Mirrors the shape handleStreaming emits so OpenClaw sees an ordinary, valid
+ *  completion. Best-effort writes: a disconnected follower socket is harmless. */
+export function replayCoalesced(res, completionId, model, result) {
+    res.writeHead(200, {
+        'Content-Type': 'text/event-stream',
+        'Cache-Control': 'no-cache',
+        Connection: 'keep-alive',
+        'X-Accel-Buffering': 'no',
+    });
+    const write = (data) => {
+        try {
+            res.write(`data: ${data}\n\n`);
+        }
+        catch {
+            /* follower disconnected — nothing to deliver, safe to ignore */
+        }
+    };
+    write(JSON.stringify(formatCompletionChunk(completionId, model, { role: 'assistant' }, null)));
+    write(JSON.stringify(formatCompletionChunk(completionId, model, { content: result.text }, null)));
+    const finalChunk = formatCompletionChunk(completionId, model, {}, result.finishReason);
+    if (result.usage)
+        finalChunk.usage = result.usage;
+    write(JSON.stringify(finalChunk));
+    write('[DONE]');
+    try {
+        res.end();
+    }
+    catch {
+        /* already closed */
+    }
+}
+/** Test-only helpers. */
+export function _resetForTest() {
+    inFlight.clear();
+}
+export function _size() {
+    return inFlight.size;
+}

package/dist/src/openai-compat/streaming-handler.d.ts

@@ -41,4 +41,12 @@ import type { UserMessageBlock } from './message-extractor.js';
 export declare function handleStreaming(manager: SessionManagerLike, sessionName: string, model: string, userMessage: string | UserMessageBlock[], completionId: string, res: http.ServerResponse, hasTools: boolean, slashCommand?: {
     cmd: string;
     mode?: string;
-}): Promise<void>;
+}, onFinalText?: (result: {
+    text: string;
+    finishReason: 'stop' | 'tool_calls';
+    usage?: {
+        prompt_tokens: number;
+        completion_tokens: number;
+        total_tokens: number;
+    };
+}) => void): Promise<void>;

package/dist/src/openai-compat/streaming-handler.js

@@ -69,7 +69,12 @@ userMessage, completionId, res, hasTools,
 // v0.19.1 M3: slash command captured by extractUserMessage, threaded to
 // the patched sendMessage so the live-card pill renders the original
 // /<slash> even when maybeInlineSkill replaced the message body.
-slashCommand) {
+slashCommand, 
+// v0.27.5: leader-result capture for the single-flight request coalescer.
+// Invoked exactly once on a SUCCESSFUL turn (never on the error path) with
+// the final assistant text + finish reason + usage, so a coalesced follower
+// can replay this turn's output instead of running the model a second time.
+onFinalText) {
     // v0.26.1 observability: confirm the wired handler runs AND how many mirror
     // cards THIS module instance sees. If cards=0 here while the inbound handler
     // logged a registered card, the cardState singleton split across instances
@@ -125,7 +130,14 @@ slashCommand) {
     };
     // Initial chunk with role
     writeSSE(JSON.stringify(formatCompletionChunk(completionId, model, { role: 'assistant' }, null)));
-    // SSE keepalive heartbeat
+    // SSE keepalive heartbeat. v0.27.5: 30s → 15s. A long quiet phase (Claude
+    // CLI thinking, a slow Bash/tool step) with no SSE write can make OpenClaw's
+    // HTTP client perceive the stream as dead and fire a RETRY — which the
+    // session-manager send-chain serializes into a SECOND full turn → duplicate
+    // Telegram message (2026-05-22 incident). A tighter heartbeat keeps the
+    // connection demonstrably alive between content events, cutting spurious
+    // retries at the source. (The request-coalescer is the second line of
+    // defense for the retries that still slip through.)
     const heartbeatTimer = setInterval(() => {
         if (!clientDisconnected) {
             try {
@@ -135,7 +147,7 @@ slashCommand) {
                 clientDisconnected = true;
             }
         }
-    }, 30_000);
+    }, 15_000);
     // Phase 2 R1+R2: in tool-stream mode, bridge session-manager's pre-parsed
     // tool_use events directly to OpenAI tool_calls SSE deltas. Skips the
     // legacy "buffer text + regex-parse <tool_calls> XML" path entirely.
@@ -534,6 +546,18 @@ slashCommand) {
             tool_calls: toolCallsEmitted,
             bytes_out: accumulatedText.length,
         });
+        // v0.27.5: hand the captured turn output to the coalescer (success only).
+        // A coalesced follower replays exactly this — so the model runs once even
+        // when OpenClaw retries. Guarded: a capture-callback throw must never break
+        // the SSE response that just succeeded.
+        if (onFinalText) {
+            try {
+                onFinalText({ text: accumulatedText, finishReason: traceFinishReason, usage });
+            }
+            catch {
+                /* capture is best-effort; the real reply already streamed */
+            }
+        }
         writeSSE('[DONE]');
     }
     catch (err) {
@@ -603,7 +627,12 @@ slashCommand) {
         // turn. reply_dispatch (gateway) fires too early to own this; the handler
         // does. Best-effort: a finalize failure must not break the SSE response.
         try {
-            await mirrorFinalizeActiveCards();
+            // v0.27.6 — report-drop fix (Killer #2): when the gateway socket died
+            // mid-turn (clientDisconnected), the gateway delivers nothing separately,
+            // so pass the accumulated text and the finalized card KEEPS it as the
+            // sole delivery channel. Happy path (connected) passes undefined → card
+            // wiped → gateway delivers the reply (no duplicate).
+            await mirrorFinalizeActiveCards(clientDisconnected ? accumulatedText : undefined);
         }
         catch {
             /* finalize is cosmetic; never propagate */

package/dist/src/session/watchdogs.d.ts

@@ -27,6 +27,9 @@ export interface WatchdogManagedSession {
         getStats(): {
             lastActivity?: string | null | undefined;
             lastProgressAt?: string | null | undefined;
+            /** v0.27.6 — count of in-flight tool calls; > 0 means a tool is running
+             *  (alive), so the stalled check is skipped no matter how quiet it is. */
+            inFlightTools?: number | undefined;
         };
         stop(): void;
     };

package/dist/src/session/watchdogs.js

@@ -46,6 +46,12 @@ export function watchStalledSessions(opts) {
         if (!managed.session.isBusy)
             continue;
         const stats = managed.session.getStats();
+        // v0.27.6 (Killer #1) — a session with a tool in flight is ALIVE, not
+        // stalled, no matter how long the tool runs quiet (a 40-min build/test emits
+        // no stream events while it works). Skip it entirely; the age/threshold
+        // check below only governs a genuine silent wedge with NO tool running.
+        if ((stats.inFlightTools ?? 0) > 0)
+            continue;
         // v0.27.x — prefer the PROGRESS timestamp (real output: text/tool/result),
         // which excludes `system/api_retry` pings. Keying off lastActivity let a
         // retry-storm reset the clock forever so the watchdog never fired. Fall back

package/dist/src/types.d.ts

@@ -197,6 +197,10 @@ export interface SessionStats {
      *  events like `system/api_retry`. The stalled-session watchdog keys off this
      *  so an API retry-storm (no output) is fast-failed instead of looking busy. */
     lastProgressAt: string | null;
+    /** v0.27.6 — tool calls currently in flight (dispatched without a matching
+     *  result yet). Optional: only the Claude persistent-session engine populates
+     *  it; the stalled-session watchdog treats > 0 as "alive, don't kill". */
+    inFlightTools?: number;
     /**
      * Approximate context window utilization (0-100).
      * Estimated as (tokensIn + tokensOut) / 200,000 * 100.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a1hvdy/cc-openclaw",
-  "version": "0.27.4",
+  "version": "0.27.6",
   "description": "A1xAI's Anthropic CLI bridge plugin for OpenClaw",
   "author": "@a1cy",
   "license": "MIT",

package/dist/src/config/drift-detector.d.ts

@@ -1,28 +0,0 @@
-/**
- * drift-detector — snapshots the parsed Config to disk on a healthy boot;
- * compares on subsequent boots and returns a delta list.
- *
- * Primary purpose: detect keys pruned by `openclaw doctor --fix`
- * (OF5 — feedback_cc_openclaw_provider_timeout.md).
- *
- * Snapshot path: ~/.openclaw/workspace/memory/cc-openclaw-config-snapshot.json
- * The file is written atomically (write-then-rename is not available in pure
- * Node ESM without extra deps; we write directly since the worst case is a
- * corrupted snapshot — non-fatal; falls back to empty baseline).
- */
-import type { Config } from './schema.js';
-export interface ConfigDelta {
-    path: string;
-    previous: unknown;
-    current: unknown;
-}
-/**
- * Compare current config against the on-disk snapshot.
- * Returns an array of changed paths (empty = no drift).
- */
-export declare function detectDrift(current: Config): ConfigDelta[];
-/**
- * Persist current config as the baseline snapshot for future drift detection.
- * Called at the end of a successful boot (after phase 7 / ready state).
- */
-export declare function saveSnapshot(current: Config): void;

package/dist/src/config/drift-detector.js

@@ -1,74 +0,0 @@
-/**
- * drift-detector — snapshots the parsed Config to disk on a healthy boot;
- * compares on subsequent boots and returns a delta list.
- *
- * Primary purpose: detect keys pruned by `openclaw doctor --fix`
- * (OF5 — feedback_cc_openclaw_provider_timeout.md).
- *
- * Snapshot path: ~/.openclaw/workspace/memory/cc-openclaw-config-snapshot.json
- * The file is written atomically (write-then-rename is not available in pure
- * Node ESM without extra deps; we write directly since the worst case is a
- * corrupted snapshot — non-fatal; falls back to empty baseline).
- */
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
-import { homedir } from 'os';
-import { join, dirname } from 'path';
-const SNAPSHOT_PATH = join(homedir(), '.openclaw', 'workspace', 'memory', 'cc-openclaw-config-snapshot.json');
-// ── Internal helpers ──────────────────────────────────────────────────────────
-function flattenConfig(obj, prefix = '') {
-    if (obj === null || typeof obj !== 'object') {
-        return { [prefix]: obj };
-    }
-    const result = {};
-    for (const [k, v] of Object.entries(obj)) {
-        const key = prefix ? `${prefix}.${k}` : k;
-        if (v !== null && typeof v === 'object' && !Array.isArray(v)) {
-            Object.assign(result, flattenConfig(v, key));
-        }
-        else {
-            result[key] = v;
-        }
-    }
-    return result;
-}
-function readSnapshot() {
-    if (!existsSync(SNAPSHOT_PATH))
-        return {};
-    try {
-        const raw = readFileSync(SNAPSHOT_PATH, 'utf8');
-        return JSON.parse(raw);
-    }
-    catch {
-        return {};
-    }
-}
-// ── Public API ────────────────────────────────────────────────────────────────
-/**
- * Compare current config against the on-disk snapshot.
- * Returns an array of changed paths (empty = no drift).
- */
-export function detectDrift(current) {
-    const previous = readSnapshot();
-    const flat = flattenConfig(current);
-    const deltas = [];
-    for (const [path, value] of Object.entries(flat)) {
-        if (path in previous && JSON.stringify(previous[path]) !== JSON.stringify(value)) {
-            deltas.push({ path, previous: previous[path], current: value });
-        }
-    }
-    return deltas;
-}
-/**
- * Persist current config as the baseline snapshot for future drift detection.
- * Called at the end of a successful boot (after phase 7 / ready state).
- */
-export function saveSnapshot(current) {
-    try {
-        mkdirSync(dirname(SNAPSHOT_PATH), { recursive: true });
-        const flat = flattenConfig(current);
-        writeFileSync(SNAPSHOT_PATH, JSON.stringify(flat, null, 2), 'utf8');
-    }
-    catch {
-        // Non-fatal: drift detection degrades to "no baseline" on next boot.
-    }
-}

package/dist/src/lib/stale-pid-files.d.ts

@@ -1,17 +0,0 @@
-/**
- * Stale PID-keyed file cleanup — for status/sentinel files named `<pid>.json`
- * in a tee directory, removes entries whose PID is no longer alive.
- *
- * Extracted from `live-card.ts` 2026-05-14. Pure-function utility with a
- * dir-parameter shape so future callers (other PID-keyed sentinel patterns)
- * can reuse without duplicating the kill(pid, 0) liveness probe.
- *
- * The original file-extension was `.json`; expose it as a parameter so this
- * is forward-compatible with `.sock`, `.lock`, etc.
- */
-/**
- * Remove `<pid><ext>` files in `dir` whose PID no longer exists.
- * Silent on missing directory. Per-file errors are swallowed — this is
- * best-effort cleanup, not a correctness guarantee.
- */
-export declare function cleanStalePidFiles(dir: string, ext?: string): void;

package/dist/src/lib/stale-pid-files.js

@@ -1,39 +0,0 @@
-/**
- * Stale PID-keyed file cleanup — for status/sentinel files named `<pid>.json`
- * in a tee directory, removes entries whose PID is no longer alive.
- *
- * Extracted from `live-card.ts` 2026-05-14. Pure-function utility with a
- * dir-parameter shape so future callers (other PID-keyed sentinel patterns)
- * can reuse without duplicating the kill(pid, 0) liveness probe.
- *
- * The original file-extension was `.json`; expose it as a parameter so this
- * is forward-compatible with `.sock`, `.lock`, etc.
- */
-import { readdirSync, unlinkSync } from 'node:fs';
-/**
- * Remove `<pid><ext>` files in `dir` whose PID no longer exists.
- * Silent on missing directory. Per-file errors are swallowed — this is
- * best-effort cleanup, not a correctness guarantee.
- */
-export function cleanStalePidFiles(dir, ext = '.json') {
-    try {
-        const files = readdirSync(dir);
-        for (const file of files) {
-            if (!file.endsWith(ext))
-                continue;
-            const pid = parseInt(file.replace(ext, ''), 10);
-            if (isNaN(pid))
-                continue;
-            try {
-                process.kill(pid, 0);
-            }
-            catch {
-                try {
-                    unlinkSync(`${dir}/${file}`);
-                }
-                catch { /* ignore */ }
-            }
-        }
-    }
-    catch { /* directory doesn't exist — nothing to clean */ }
-}

package/dist/src/persistence/snapshot.d.ts

@@ -1,18 +0,0 @@
-/**
- * SnapshotWriter — periodic full-state snapshot of the SessionRegistry.
- *
- * Snapshot file: ~/.openclaw/workspace/memory/cc-openclaw-session-snapshot.json
- * Written every N minutes from phase 7 (schedule-jobs).
- * Phase E wires SessionRegistry.snapshot() → SnapshotWriter.write().
- * Stub body in Phase D.
- */
-import type { SessionState } from './session-registry.js';
-export declare class SnapshotWriter {
-    private readonly path;
-    constructor(path?: string);
-    /**
-     * Write the full session state array as a JSON file.
-     * Phase E: write to a temp file then rename for atomicity.
-     */
-    write(states: SessionState[]): Promise<void>;
-}

package/dist/src/persistence/snapshot.js

@@ -1,31 +0,0 @@
-/**
- * SnapshotWriter — periodic full-state snapshot of the SessionRegistry.
- *
- * Snapshot file: ~/.openclaw/workspace/memory/cc-openclaw-session-snapshot.json
- * Written every N minutes from phase 7 (schedule-jobs).
- * Phase E wires SessionRegistry.snapshot() → SnapshotWriter.write().
- * Stub body in Phase D.
- */
-import { mkdirSync, writeFileSync } from 'fs';
-import { homedir } from 'os';
-import { join, dirname } from 'path';
-const SNAPSHOT_PATH = join(homedir(), '.openclaw', 'workspace', 'memory', 'cc-openclaw-session-snapshot.json');
-export class SnapshotWriter {
-    path;
-    constructor(path = SNAPSHOT_PATH) {
-        this.path = path;
-    }
-    /**
-     * Write the full session state array as a JSON file.
-     * Phase E: write to a temp file then rename for atomicity.
-     */
-    async write(states) {
-        try {
-            mkdirSync(dirname(this.path), { recursive: true });
-            writeFileSync(this.path, JSON.stringify(states, null, 2), 'utf8');
-        }
-        catch {
-            // Non-fatal stub; Phase E promotes to logged error.
-        }
-    }
-}

package/dist/src/persistence/wal.d.ts

@@ -1,17 +0,0 @@
-/**
- * WalWriter — append-only JSONL writer for the session registry WAL.
- *
- * WAL file location: ~/.openclaw/workspace/memory/cc-openclaw-session-wal.jsonl
- * Phase E wires this into SessionRegistry.set() / delete().
- * Stub body in Phase D — compiles and exports the class with the correct interface.
- */
-export declare class WalWriter {
-    private readonly path;
-    constructor(path?: string);
-    /**
-     * Append a JSON-serializable record as a single JSONL line.
-     * Creates parent directories if absent. Non-atomic in Phase D stub;
-     * Phase E adds write-then-rename for crash safety.
-     */
-    append(record: Record<string, unknown>): void;
-}

package/dist/src/persistence/wal.js

@@ -1,31 +0,0 @@
-/**
- * WalWriter — append-only JSONL writer for the session registry WAL.
- *
- * WAL file location: ~/.openclaw/workspace/memory/cc-openclaw-session-wal.jsonl
- * Phase E wires this into SessionRegistry.set() / delete().
- * Stub body in Phase D — compiles and exports the class with the correct interface.
- */
-import { mkdirSync, appendFileSync } from 'fs';
-import { homedir } from 'os';
-import { join, dirname } from 'path';
-const WAL_PATH = join(homedir(), '.openclaw', 'workspace', 'memory', 'cc-openclaw-session-wal.jsonl');
-export class WalWriter {
-    path;
-    constructor(path = WAL_PATH) {
-        this.path = path;
-    }
-    /**
-     * Append a JSON-serializable record as a single JSONL line.
-     * Creates parent directories if absent. Non-atomic in Phase D stub;
-     * Phase E adds write-then-rename for crash safety.
-     */
-    append(record) {
-        try {
-            mkdirSync(dirname(this.path), { recursive: true });
-            appendFileSync(this.path, JSON.stringify(record) + '\n', 'utf8');
-        }
-        catch {
-            // Non-fatal in Phase D; Phase E promotes to logged error.
-        }
-    }
-}

package/dist/src/types/index.d.ts

@@ -1,15 +0,0 @@
-/**
- * Cluster A — Type-seams barrel.
- *
- * Single import surface for all typed boundaries introduced in Cluster A.
- * Subsequent clusters import from `cc-openclaw/types` (this barrel)
- * rather than reaching into individual modules.
- *
- * This file is intentionally pure re-exports — no logic, no side effects.
- */
-export * from './runtime-config.js';
-export * from './route.js';
-export * from './sse.js';
-export * from './session.js';
-export * from './upstream.js';
-export * from './tool-bridge.js';

package/dist/src/types/index.js

@@ -1,15 +0,0 @@
-/**
- * Cluster A — Type-seams barrel.
- *
- * Single import surface for all typed boundaries introduced in Cluster A.
- * Subsequent clusters import from `cc-openclaw/types` (this barrel)
- * rather than reaching into individual modules.
- *
- * This file is intentionally pure re-exports — no logic, no side effects.
- */
-export * from './runtime-config.js';
-export * from './route.js';
-export * from './sse.js';
-export * from './session.js';
-export * from './upstream.js';
-export * from './tool-bridge.js';

package/dist/src/types/session.d.ts

@@ -1,48 +0,0 @@
-/**
- * Cluster A — Session boundary types.
- *
- * Re-exports the session vocabulary already established in the root
- * `src/types.ts` module. New aliases (`SessionStartConfig`, `SessionMeta`)
- * preview Cluster B's `SessionService` boundary without yet introducing
- * a new shape — they're typed wrappers over today's `SessionConfig` /
- * `ActiveSession`.
- *
- * `SessionName` is the branded type that Cluster D's `SessionRegistry`
- * will use to enforce the `'openai-'` prefix routing discriminant
- * (cwd-patch.ts:489 gates CWD redirect, tools restoration, CLAUDE.md
- * injection on this prefix).
- *
- * NOT consumed yet — Cluster A first commit establishes the vocabulary.
- */
-export type { SessionConfig as SessionStartConfig, SessionStats, ActiveSession, SessionInfo, SessionSendOptions, StreamCallbacks, StreamEvent, SendResult, SendOptions, TurnResult, CostBreakdown, ISession, EngineType, PermissionMode, EffortLevel, PluginConfig, HookConfig, CustomEngineConfig, } from '../types.js';
-/**
- * Branded session-name type. Prevents raw string from being passed where
- * the `'openai-'` prefix is load-bearing. Use the constructors below to
- * mint or strip the prefix — never construct directly.
- */
-export type SessionName = string & {
-    readonly __brand: 'SessionName';
-};
-export declare const sessionNameFromKey: (key: string) => SessionName;
-export declare const isOpenAiBridgeName: (name: SessionName) => boolean;
-export declare const stripOpenAiPrefix: (name: SessionName) => string;
-/**
- * Cluster B/D will fold this into `SessionRegistry.SessionEntry`. For
- * Cluster A it's a typed preview — the shape Cluster D will persist,
- * declared here so other clusters can compile against the contract.
- */
-export interface SessionMeta {
-    readonly name: SessionName;
-    readonly claudeSessionId: string | null;
-    readonly pid: number | null;
-    readonly cachedSysPromptHash: string;
-    readonly skipPersistence: boolean;
-    readonly createdAt: number;
-    readonly updatedAt: number;
-}
-/**
- * Input shape Cluster B's `SessionService.send()` accepts.
- * Today's call sites pass either a string or an array of content blocks;
- * this interface preserves both without yet committing to a tighter shape.
- */
-export type SendInput = string | ReadonlyArray<unknown>;

package/dist/src/types/session.js

@@ -1,19 +0,0 @@
-/**
- * Cluster A — Session boundary types.
- *
- * Re-exports the session vocabulary already established in the root
- * `src/types.ts` module. New aliases (`SessionStartConfig`, `SessionMeta`)
- * preview Cluster B's `SessionService` boundary without yet introducing
- * a new shape — they're typed wrappers over today's `SessionConfig` /
- * `ActiveSession`.
- *
- * `SessionName` is the branded type that Cluster D's `SessionRegistry`
- * will use to enforce the `'openai-'` prefix routing discriminant
- * (cwd-patch.ts:489 gates CWD redirect, tools restoration, CLAUDE.md
- * injection on this prefix).
- *
- * NOT consumed yet — Cluster A first commit establishes the vocabulary.
- */
-export const sessionNameFromKey = (key) => `openai-${key}`;
-export const isOpenAiBridgeName = (name) => name.startsWith('openai-');
-export const stripOpenAiPrefix = (name) => name.replace(/^openai-/, '');