@farazirfan/costar-server-executor 1.7.29 → 1.7.31

package/dist/agent/pi-embedded-runner/run.js

@@ -20,9 +20,11 @@ import { prepareSessionManagerForRun, getSessionDiagnostics } from "./session-ma
 import { repairSessionFileIfNeeded } from "./session-file-repair.js";
 import { guardSessionManager } from "./session-tool-result-guard.js";
 import { acquireSessionWriteLock } from "./session-write-lock.js";
-import { isContextOverflowError, isCompactionFailureError, describeUnknownError, } from "../pi-embedded-helpers/errors.js";
+import { isContextOverflowError, isLikelyContextOverflowError, isCompactionFailureError, describeUnknownError, } from "../pi-embedded-helpers/errors.js";
+import { FailoverError, classifyFailoverReason } from "../model-fallback.js";
 import { compactEmbeddedPiSessionDirect } from "./compact.js";
 import { truncateOversizedToolResultsInSession, sessionLikelyHasOversizedToolResults, } from "./tool-result-truncation.js";
+import { installToolResultContextGuard } from "./tool-result-context-guard.js";
 // Re-export for backwards compatibility (used by existing tests)
 export { isContextOverflowError } from "../pi-embedded-helpers/errors.js";
 /**
@@ -69,23 +71,34 @@ export async function runEmbeddedPiAgent(params) {
     let overflowCompactionAttempts = 0;
     let toolResultTruncationAttempted = false;
     // Retry loop for context overflow + auto-compaction (following OpenClaw's pattern)
+    //
+    // Recovery strategy (ported from OpenClaw run.ts lines 480-761):
+    //
+    // 1. Run attempt → detect overflow from promptError, assistantError, or zero-token
+    // 2. If the SDK already auto-compacted during the attempt (compactionCount > 0),
+    //    just retry the prompt without additional explicit compaction.
+    // 3. Otherwise, try explicit compaction via compactEmbeddedPiSessionDirect().
+    // 4. **CRITICAL FIX**: If compaction FAILS (e.g., summarization prompt too large at 228K > 200K),
+    //    immediately try truncating oversized tool results in the session file. This shrinks
+    //    the session so the NEXT compaction attempt can succeed.
+    // 5. After successful truncation, reset the compaction counter so we can retry compaction.
+    // 6. Last resort: reset session file.
     while (true) {
         await fs.mkdir(params.workspaceDir, { recursive: true });
         const result = await runEmbeddedAttempt(params, model, authStorage, modelRegistry);
         const { aborted, promptError, sessionIdUsed, assistantTexts } = result;
+        const attemptCompactionCount = Math.max(0, result.compactionCount ?? 0);
         // Extract assistant error text (following OpenClaw's pattern)
         const assistantErrorText = result.error ?? undefined;
         // --- Context overflow detection (following OpenClaw lines 473-489) ---
         // Check promptError first; only check assistantError if no promptError
-        const contextOverflowError = !aborted
+        let contextOverflowError = !aborted
             ? (() => {
                 if (promptError) {
                     const errorText = describeUnknownError(promptError);
                     if (isContextOverflowError(errorText)) {
                         return { text: errorText, source: "promptError" };
                     }
-                    // Prompt submission failed with a non-overflow error. Do not
-                    // inspect prior assistant errors from history for this attempt.
                     return null;
                 }
                 if (assistantErrorText && isContextOverflowError(assistantErrorText)) {
@@ -104,116 +117,48 @@ export async function runEmbeddedPiAgent(params) {
             inputTokens: result.inputTokens,
             outputTokens: result.outputTokens,
         });
-        if (isZeroToken) {
+        if (isZeroToken && !contextOverflowError) {
             console.warn(`[PI_AGENT] [zero-token-death-spiral] sessionKey=${params.sessionKey ?? params.sessionId} ` +
                 `provider=${provider}/${modelId} sessionFile=${params.sessionFile} ` +
                 `compactionAttempts=${overflowCompactionAttempts} — treating as context overflow`);
-            // Synthesize a context overflow error to trigger compaction
-            const syntheticError = {
+            contextOverflowError = {
                 text: "Zero-token response detected (likely context overflow)",
                 source: "zeroToken",
             };
-            // Fall through to the compaction logic below
-            if (contextOverflowError) {
-                // Already have an overflow error; just log the zero-token detection
-                console.warn(`[PI_AGENT] Zero-token detected in addition to ${contextOverflowError.source}`);
-            }
-            else {
-                // No explicit overflow error; treat zero-token as overflow
-                const errorText = syntheticError.text;
-                console.warn(`[PI_AGENT] [context-overflow-diag] sessionKey=${params.sessionKey ?? params.sessionId} ` +
-                    `provider=${provider}/${modelId} source=${syntheticError.source} ` +
-                    `sessionFile=${params.sessionFile} ` +
-                    `compactionAttempts=${overflowCompactionAttempts} error=${errorText}`);
-                const isCompactionFailure = false; // Zero-token is never a compaction failure
-                // Attempt auto-compaction on zero-token (same logic as context overflow)
-                if (!isCompactionFailure &&
-                    overflowCompactionAttempts < MAX_OVERFLOW_COMPACTION_ATTEMPTS) {
-                    overflowCompactionAttempts++;
-                    console.warn(`[PI_AGENT] zero-token overflow detected (attempt ${overflowCompactionAttempts}/${MAX_OVERFLOW_COMPACTION_ATTEMPTS}); attempting auto-compaction for ${provider}/${modelId}`);
-                    const compactResult = await compactEmbeddedPiSessionDirect({
-                        sessionId: params.sessionId,
-                        sessionKey: params.sessionKey,
-                        sessionFile: params.sessionFile,
-                        workspaceDir: params.workspaceDir,
-                        agentDir: params.agentDir,
-                        config: params.config,
-                        provider,
-                        model: modelId,
-                        thinkLevel: params.thinkLevel,
-                        extraSystemPrompt: params.extraSystemPrompt,
-                        skillEntries: params.skillEntries,
-                        authProfileId: params.authProfileId,
-                        cronDeps: params.cronDeps,
-                    });
-                    if (compactResult.compacted) {
-                        console.log(`[PI_AGENT] auto-compaction succeeded for ${provider}/${modelId}; retrying prompt`);
-                        continue;
-                    }
-                    console.warn(`[PI_AGENT] auto-compaction failed for ${provider}/${modelId}: ${compactResult.reason ?? "nothing to compact"}`);
-                }
-                // Fallback: try truncating oversized tool results in the session.
-                if (!toolResultTruncationAttempted) {
-                    const hasOversized = result.messagesSnapshot
-                        ? sessionLikelyHasOversizedToolResults({
-                            messages: result.messagesSnapshot,
-                            contextWindowTokens,
-                        })
-                        : false;
-                    if (hasOversized) {
-                        toolResultTruncationAttempted = true;
-                        console.warn(`[PI_AGENT] [context-overflow-recovery] Attempting tool result truncation for ${provider}/${modelId} ` +
-                            `(contextWindow=${contextWindowTokens} tokens)`);
-                        const truncResult = await truncateOversizedToolResultsInSession({
-                            sessionFile: params.sessionFile,
-                            contextWindowTokens,
-                            sessionId: params.sessionId,
-                            sessionKey: params.sessionKey,
-                        });
-                        if (truncResult.truncated) {
-                            console.log(`[PI_AGENT] [context-overflow-recovery] Truncated ${truncResult.truncatedCount} tool result(s); retrying prompt`);
-                            // Session is now smaller; allow compaction retries again.
-                            overflowCompactionAttempts = 0;
-                            continue;
-                        }
-                        console.warn(`[PI_AGENT] [context-overflow-recovery] Tool result truncation did not help: ${truncResult.reason ?? "unknown"}`);
-                    }
-                }
-                // CoStar-specific: reset session as absolute last resort
-                console.warn(`[PI_AGENT] Zero-token overflow unrecoverable; resetting session`);
-                await resetSessionFile(params.sessionFile);
-                return {
-                    payloads: [
-                        {
-                            text: "Context overflow: prompt too large for the model (zero-token response). " +
-                                "I've reset my session to continue. What would you like me to do?",
-                            isError: true,
-                        },
-                    ],
-                    meta: {
-                        durationMs: Date.now() - started,
-                        agentMeta: {
-                            sessionId: sessionIdUsed,
-                            provider,
-                            model: model.id,
-                        },
-                        error: { kind: "context_overflow", message: errorText },
-                    },
-                };
-            }
         }
+        else if (isZeroToken && contextOverflowError) {
+            console.warn(`[PI_AGENT] Zero-token detected in addition to ${contextOverflowError.source}`);
+        }
+        // --- Unified overflow recovery (ported from OpenClaw run.ts lines 599-761) ---
         if (contextOverflowError) {
             const errorText = contextOverflowError.text;
             console.warn(`[PI_AGENT] [context-overflow-diag] sessionKey=${params.sessionKey ?? params.sessionId} ` +
                 `provider=${provider}/${modelId} source=${contextOverflowError.source} ` +
                 `sessionFile=${params.sessionFile} ` +
-                `compactionAttempts=${overflowCompactionAttempts} error=${errorText.slice(0, 200)}`);
+                `compactionAttempts=${overflowCompactionAttempts} ` +
+                `attemptCompactionCount=${attemptCompactionCount} error=${errorText.slice(0, 200)}`);
             const isCompactionFailure = isCompactionFailureError(errorText);
-            // Attempt auto-compaction on context overflow (NOT on compaction_failure)
+            const hadAttemptLevelCompaction = attemptCompactionCount > 0;
+            // BRANCH 1 (OpenClaw pattern): If the SDK already auto-compacted during
+            // this attempt, avoid immediately running another explicit compaction.
+            // Just retry the prompt — the compaction may have helped enough.
+            if (!isCompactionFailure &&
+                hadAttemptLevelCompaction &&
+                overflowCompactionAttempts < MAX_OVERFLOW_COMPACTION_ATTEMPTS) {
+                overflowCompactionAttempts++;
+                console.warn(`[PI_AGENT] context overflow persisted after in-attempt compaction ` +
+                    `(attempt ${overflowCompactionAttempts}/${MAX_OVERFLOW_COMPACTION_ATTEMPTS}); ` +
+                    `retrying prompt without additional compaction for ${provider}/${modelId}`);
+                continue;
+            }
+            // BRANCH 2: Explicit overflow compaction — only when the attempt did NOT
+            // already auto-compact (avoids redundant back-to-back compactions).
             if (!isCompactionFailure &&
+                !hadAttemptLevelCompaction &&
                 overflowCompactionAttempts < MAX_OVERFLOW_COMPACTION_ATTEMPTS) {
                 overflowCompactionAttempts++;
-                console.warn(`[PI_AGENT] context overflow detected (attempt ${overflowCompactionAttempts}/${MAX_OVERFLOW_COMPACTION_ATTEMPTS}); attempting auto-compaction for ${provider}/${modelId}`);
+                console.warn(`[PI_AGENT] context overflow detected (attempt ${overflowCompactionAttempts}/${MAX_OVERFLOW_COMPACTION_ATTEMPTS}); ` +
+                    `attempting explicit compaction for ${provider}/${modelId}`);
                 const compactResult = await compactEmbeddedPiSessionDirect({
                     sessionId: params.sessionId,
                     sessionKey: params.sessionKey,
@@ -234,10 +179,25 @@ export async function runEmbeddedPiAgent(params) {
                     continue;
                 }
                 console.warn(`[PI_AGENT] auto-compaction failed for ${provider}/${modelId}: ${compactResult.reason ?? "nothing to compact"}`);
+                // If the compaction failure reason is itself a compaction failure error
+                // (e.g., summarization prompt too long at 228K > 200K limit),
+                // exhaust the retry counter to avoid pointless retries.
+                if (compactResult.reason && isCompactionFailureError(compactResult.reason)) {
+                    console.warn(`[PI_AGENT] Compaction failure is a summarization-too-large error — ` +
+                        `exhausting compaction retries, will try tool result truncation next`);
+                    overflowCompactionAttempts = MAX_OVERFLOW_COMPACTION_ATTEMPTS;
+                }
             }
-            // Fallback: try truncating oversized tool results in the session.
-            // This handles the case where a single tool result exceeds the
-            // context window and compaction cannot reduce it further.
+            // BRANCH 3: Tool result truncation fallback.
+            // **CRITICAL FIX**: When compaction fails because the summarization prompt
+            // itself exceeds the context window (e.g., 228K > 200K), we MUST truncate
+            // oversized tool results FIRST to shrink the session. After truncation
+            // succeeds, we reset the compaction counter so the NEXT iteration can
+            // successfully compact the now-smaller session.
+            //
+            // This prevents the "compaction can't compact because session is too big
+            // to even summarize" deadlock that causes the zero-token death spiral
+            // and session resets.
             if (!toolResultTruncationAttempted) {
                 const hasOversized = result.messagesSnapshot
                     ? sessionLikelyHasOversizedToolResults({
@@ -256,8 +216,11 @@ export async function runEmbeddedPiAgent(params) {
                         sessionKey: params.sessionKey,
                     });
                     if (truncResult.truncated) {
-                        console.log(`[PI_AGENT] [context-overflow-recovery] Truncated ${truncResult.truncatedCount} tool result(s); retrying prompt`);
-                        // Session is now smaller; allow compaction retries again.
+                        console.log(`[PI_AGENT] [context-overflow-recovery] Truncated ${truncResult.truncatedCount} tool result(s); ` +
+                            `resetting compaction counter and retrying prompt`);
+                        // Session is now smaller — allow compaction retries again.
+                        // This is the key: after truncation, the next compaction
+                        // attempt will have a much smaller session to summarize.
                         overflowCompactionAttempts = 0;
                         continue;
                     }
@@ -289,9 +252,25 @@ export async function runEmbeddedPiAgent(params) {
             };
         }
         // --- Non-overflow error from promptError (following OpenClaw pattern) ---
+        // Classify the error: if it's a rate limit, auth, billing, timeout, or overload
+        // error, wrap it in FailoverError so model-fallback.ts can try the next model.
+        // Context overflow errors are NOT wrapped — they were already handled above.
         if (promptError) {
-            const message = describeUnknownError(promptError);
-            console.error(`[PI_AGENT] Prompt error:`, message);
+            const errorMsg = describeUnknownError(promptError);
+            console.error(`[PI_AGENT] Prompt error:`, errorMsg);
+            // Never wrap context overflow errors as failover — they need compaction, not model switch
+            if (!isLikelyContextOverflowError(errorMsg)) {
+                const failoverReason = classifyFailoverReason(errorMsg);
+                if (failoverReason) {
+                    console.warn(`[PI_AGENT] Wrapping prompt error as FailoverError (reason: ${failoverReason}) for model fallback`);
+                    throw new FailoverError(errorMsg, {
+                        reason: failoverReason,
+                        provider,
+                        model: modelId,
+                        cause: promptError,
+                    });
+                }
+            }
             throw promptError;
         }
         // --- Success path ---
@@ -445,8 +424,10 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
     console.log(`[PI_ATTEMPT] Using auth storage for API keys`);
     // Convert CoStar tools to ToolDefinition format (following OpenClaw's pattern:
     // tools are created inside the runner with full context, including cronDeps)
-    const customTools = getCustomTools(params.cronDeps);
-    console.log(`[PI_ATTEMPT] Loaded ${customTools.length} custom tools`);
+    const customTools = getCustomTools(params.cronDeps, {
+        disableMessageTool: params.disableMessageTool,
+    });
+    console.log(`[PI_ATTEMPT] Loaded ${customTools.length} custom tools${params.disableMessageTool ? " (message tool disabled)" : ""}`);
     // Configure compaction reserve tokens (following OpenClaw's pattern)
     const DEFAULT_COMPACTION_RESERVE_TOKENS = 20_000;
     const currentReserveTokens = settingsManager.getCompactionReserveTokens();
@@ -486,6 +467,18 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
     if (!session) {
         throw new Error("Failed to create agent session");
     }
+    // Install tool result context guard (ported from OpenClaw run/attempt.ts lines 595-603).
+    // Prevents individual tool results from growing unbounded during execution,
+    // which would eventually cause the session to exceed the model's context window
+    // and make the summarization prompt itself too large to send.
+    const contextWindowTokens = model.contextWindow ?? DEFAULT_CONTEXT_TOKENS;
+    let removeToolResultContextGuard;
+    if (session.agent) {
+        removeToolResultContextGuard = installToolResultContextGuard({
+            agent: session.agent,
+            contextWindowTokens,
+        });
+    }
     let aborted = false;
     // Subscribe to agent events (following OpenClaw's pattern)
     const subscription = subscribeEmbeddedPiSession({
@@ -495,19 +488,83 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
         onToolResult: params.onToolResult,
         onToolStart: params.onToolStart,
         onToolEnd: params.onToolEnd,
+        onCompactionStart: params.onCompactionStart ? () => params.onCompactionStart() : undefined,
+        onCompactionEnd: params.onCompactionEnd,
     });
     const { assistantTexts, unsubscribe, waitForCompactionRetry } = subscription;
     try {
+        // Sanitize session history before prompt submission (OpenClaw pattern)
+        // Repairs orphaned tool results, missing tool results, duplicate tool results,
+        // and role alternation violations that would cause API 400 errors.
+        try {
+            const currentMessages = session.messages ?? session.agent?.messages;
+            if (Array.isArray(currentMessages) && currentMessages.length > 0) {
+                const sanitized = sanitizeSessionMessages(currentMessages);
+                if (sanitized !== currentMessages && sanitized.length !== currentMessages.length) {
+                    const replaceMessages = session.agent?.replaceMessages;
+                    if (typeof replaceMessages === "function") {
+                        replaceMessages.call(session.agent, sanitized);
+                        console.log(`[PI_ATTEMPT] Session sanitized: ${currentMessages.length} → ${sanitized.length} messages`);
+                    }
+                }
+            }
+        }
+        catch (sanitizeErr) {
+            // Best-effort — don't block the prompt on sanitization failure
+            console.warn(`[PI_ATTEMPT] Session sanitization failed (non-critical):`, sanitizeErr);
+        }
         // Convert images to pi-ai format
         const piImages = params.images?.map((img) => ({
             type: "image",
             data: img.data,
             mimeType: img.mediaType,
         }));
-        // Use the agent session to run the prompt
-        await session.prompt(params.prompt, {
-            images: piImages,
-        });
+        // --- Abort / timeout mechanism (ported from OpenClaw attempt.ts) ---
+        // Wrap session.prompt() with an AbortController so we can enforce
+        // params.timeoutMs and honour the caller's abortSignal.
+        const DEFAULT_TIMEOUT_MS = 120_000; // 2 minutes default
+        const timeoutMs = params.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+        let promptTimedOut = false;
+        // Forward caller's abort signal to session.abort() (pi-ai level abort)
+        let callerAbortCleanup;
+        if (params.abortSignal) {
+            if (params.abortSignal.aborted) {
+                aborted = true;
+                session.abort?.();
+            }
+            else {
+                const onCallerAbort = () => {
+                    aborted = true;
+                    session.abort?.();
+                };
+                params.abortSignal.addEventListener("abort", onCallerAbort, { once: true });
+                callerAbortCleanup = () => params.abortSignal.removeEventListener("abort", onCallerAbort);
+            }
+        }
+        // Timeout timer — calls session.abort() on expiry
+        const timeoutTimer = setTimeout(() => {
+            promptTimedOut = true;
+            aborted = true;
+            console.warn(`[PI_ATTEMPT] Prompt timed out after ${timeoutMs}ms — aborting session`);
+            session.abort?.();
+        }, timeoutMs);
+        // Don't keep the process alive just for the timeout timer
+        if (typeof timeoutTimer === "object" && "unref" in timeoutTimer) {
+            timeoutTimer.unref();
+        }
+        try {
+            // Use the agent session to run the prompt
+            await session.prompt(params.prompt, {
+                images: piImages,
+            });
+        }
+        finally {
+            clearTimeout(timeoutTimer);
+            callerAbortCleanup?.();
+        }
+        if (promptTimedOut) {
+            aborted = true;
+        }
         // Wait for any pending compaction retries (following OpenClaw's pattern)
         try {
             await waitForCompactionRetry();
@@ -518,6 +575,13 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
         // Get token usage from subscription
         const inputTokens = subscription.getInputTokens();
         const outputTokens = subscription.getOutputTokens();
+        // Log any library-level compaction error for observability.
+        // The actual error will surface via session.prompt() throwing (promptError),
+        // which is handled in the catch block below.
+        const libraryCompactionError = subscription.getCompactionError();
+        if (libraryCompactionError) {
+            console.warn(`[PI_ATTEMPT] Library auto-compaction failed during prompt (will surface via promptError if fatal): ${libraryCompactionError}`);
+        }
         return {
             aborted,
             promptError: undefined,
@@ -526,6 +590,7 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
             inputTokens,
             outputTokens,
             messagesSnapshot: session.messages,
+            compactionCount: subscription.getCompactionCount(),
         };
     }
     catch (error) {
@@ -544,14 +609,21 @@ async function runEmbeddedAttempt(params, model, authStorage, modelRegistry) {
             outputTokens: subscription.getOutputTokens(),
             error: message,
             messagesSnapshot: [],
+            compactionCount: subscription.getCompactionCount(),
         };
     }
     finally {
+        // Remove tool result context guard (restore original transformContext)
+        removeToolResultContextGuard?.();
         // Unsubscribe from events (like OpenClaw does)
         unsubscribe();
         // Always dispose the session (like OpenClaw does)
         try {
-            sessionManager.flushPendingToolResults?.();
+            // BUGFIX (OpenClaw #8643): Wait for the agent to be truly idle before flushing
+            // pending tool results. Without this wait, flushPendingToolResults() fires while
+            // tools are still executing during auto-retry, inserting synthetic "missing tool
+            // result" errors and causing silent agent failures.
+            await flushPendingToolResultsAfterIdle(session, sessionManager);
             session.dispose();
             // Log post-dispose diagnostics to verify persistence
             const diagPost = getSessionDiagnostics(sessionManager);
@@ -607,4 +679,193 @@ function mapThinkingLevel(level) {
             return "off";
     }
 }
+// ═══════════════════════════════════════════════════════════════════
+// Idle-aware tool result flushing (ported from OpenClaw #8643)
+// Pattern: openclaw/src/agents/pi-embedded-runner/wait-for-idle-before-flush.ts
+// ═══════════════════════════════════════════════════════════════════
+/** Max time to wait for agent idle before force-flushing (30s safety timeout) */
+const WAIT_FOR_IDLE_TIMEOUT_MS = 30_000;
+/**
+ * Wait for the agent to be truly idle, then flush pending tool results.
+ *
+ * BUGFIX (OpenClaw #8643): pi-agent-core's auto-retry resolves waitForRetry()
+ * on assistant message receipt, *before* tool execution completes in the retried
+ * agent loop. Without this wait, flushPendingToolResults() fires while tools are
+ * still executing, inserting synthetic "missing tool result" errors and causing
+ * silent agent failures.
+ *
+ * Pattern: OpenClaw's flushPendingToolResultsAfterIdle
+ */
+async function flushPendingToolResultsAfterIdle(session, sessionManager) {
+    // Wait for agent idle (best-effort, with safety timeout)
+    const waitForIdle = session?.agent?.waitForIdle;
+    if (typeof waitForIdle === "function") {
+        try {
+            await Promise.race([
+                waitForIdle.call(session.agent),
+                new Promise((resolve) => {
+                    const timer = setTimeout(resolve, WAIT_FOR_IDLE_TIMEOUT_MS);
+                    // Don't keep process alive just for this timer
+                    if (typeof timer === "object" && "unref" in timer) {
+                        timer.unref();
+                    }
+                }),
+            ]);
+        }
+        catch {
+            // Best-effort during cleanup
+        }
+    }
+    // Now safe to flush
+    sessionManager?.flushPendingToolResults?.();
+}
+// ═══════════════════════════════════════════════════════════════════
+// Session history sanitization (ported from OpenClaw)
+// Pattern: openclaw/src/agents/session-transcript-repair.ts
+// ═══════════════════════════════════════════════════════════════════
+/**
+ * Sanitize tool_use / tool_result pairing in session messages.
+ *
+ * Ensures every assistant tool_use block has a matching tool_result message
+ * immediately after it. This prevents API 400 errors from orphaned tool results,
+ * missing tool results, and duplicate tool results.
+ *
+ * Pattern: OpenClaw's sanitizeToolUseResultPairing
+ * (openclaw/src/agents/session-transcript-repair.ts)
+ */
+function sanitizeToolUseResultPairing(messages) {
+    if (!messages || messages.length === 0)
+        return messages;
+    const result = [];
+    for (let i = 0; i < messages.length; i++) {
+        const msg = messages[i];
+        result.push(msg);
+        // Only process assistant messages with tool_use content
+        if (msg.role !== "assistant")
+            continue;
+        const content = msg.content;
+        if (!Array.isArray(content))
+            continue;
+        // Collect tool_use IDs from this assistant message
+        const toolUseIds = new Set();
+        for (const block of content) {
+            if (block &&
+                typeof block === "object" &&
+                block.type === "tool_use" &&
+                typeof block.id === "string") {
+                toolUseIds.add(block.id);
+            }
+        }
+        if (toolUseIds.size === 0)
+            continue;
+        // Skip repair for errored/aborted assistant messages (incomplete tool_use blocks)
+        const stopReason = msg.stop_reason ?? msg.stopReason;
+        if (stopReason === "error" || stopReason === "aborted")
+            continue;
+        // Collect tool_result messages that follow this assistant message
+        const seenResultIds = new Set();
+        let j = i + 1;
+        while (j < messages.length) {
+            const nextMsg = messages[j];
+            // Stop at the next assistant or user message
+            if (nextMsg.role === "assistant" || nextMsg.role === "user")
+                break;
+            // Process tool_result messages
+            if (nextMsg.role === "tool" || nextMsg.role === "toolResult") {
+                const toolUseId = nextMsg.tool_use_id ??
+                    nextMsg.toolUseId;
+                if (typeof toolUseId === "string") {
+                    if (!toolUseIds.has(toolUseId)) {
+                        // Orphan tool_result — skip it (don't add to result)
+                        j++;
+                        continue;
+                    }
+                    if (seenResultIds.has(toolUseId)) {
+                        // Duplicate tool_result — skip it
+                        j++;
+                        continue;
+                    }
+                    seenResultIds.add(toolUseId);
+                }
+            }
+            result.push(nextMsg);
+            j++;
+        }
+        // Insert synthetic error results for missing tool_use IDs
+        for (const id of toolUseIds) {
+            if (!seenResultIds.has(id)) {
+                result.push({
+                    role: "tool",
+                    tool_use_id: id,
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                status: "error",
+                                error: "Tool execution was interrupted",
+                            }),
+                        },
+                    ],
+                    is_error: true,
+                });
+            }
+        }
+        // Skip the tool_result messages we already processed
+        i = j - 1;
+    }
+    return result;
+}
+/**
+ * Validate role alternation for Anthropic (user/assistant must alternate, starts with user).
+ * Merges consecutive same-role messages.
+ *
+ * Pattern: OpenClaw's validateAnthropicTurns
+ */
+function validateAnthropicTurns(messages) {
+    if (!messages || messages.length === 0)
+        return messages;
+    const result = [];
+    for (const msg of messages) {
+        const role = msg.role;
+        // Skip messages with roles that aren't user/assistant/tool
+        if (role !== "user" && role !== "assistant" && role !== "tool" && role !== "toolResult") {
+            result.push(msg);
+            continue;
+        }
+        const prev = result[result.length - 1];
+        const prevRole = prev?.role;
+        // Merge consecutive user messages
+        if (role === "user" && prevRole === "user") {
+            const prevContent = prev.content;
+            const curContent = msg.content;
+            if (typeof prevContent === "string" && typeof curContent === "string") {
+                prev.content = `${prevContent}\n\n${curContent}`;
+            }
+            else {
+                // Array-style content: merge arrays
+                const prevArr = Array.isArray(prevContent) ? prevContent : [{ type: "text", text: String(prevContent) }];
+                const curArr = Array.isArray(curContent) ? curContent : [{ type: "text", text: String(curContent) }];
+                prev.content = [...prevArr, ...curArr];
+            }
+            continue;
+        }
+        result.push(msg);
+    }
+    return result;
+}
+/**
+ * Sanitize session messages before prompt submission.
+ * Runs tool_use/result pairing repair and role alternation validation.
+ *
+ * Pattern: OpenClaw's session sanitization pipeline (attempt.ts:664-695)
+ */
+export function sanitizeSessionMessages(messages) {
+    if (!messages || messages.length === 0)
+        return messages;
+    // 1. Repair tool_use/tool_result pairing (critical for API compatibility)
+    let sanitized = sanitizeToolUseResultPairing(messages);
+    // 2. Validate role alternation (Anthropic requires strict alternation)
+    sanitized = validateAnthropicTurns(sanitized);
+    return sanitized;
+}
 //# sourceMappingURL=run.js.map