import { randomBytes } from
"node:crypto" ;
import fs from
"node:fs/promises" ;
import type { ReplyPayload } from
"../../auto-reply/reply-payload.js" ;
import type { ThinkLevel } from
"../../auto-reply/thinking.js" ;
import { SILENT_REPLY_TOKEN } from
"../../auto-reply/tokens.js" ;
import { ensureContextEnginesInitialized } from
"../../context-engine/init.js" ;
import { resolveContextEngine } from
"../../context-engine/registry.js" ;
import { emitAgentPlanEvent } from
"../../infra/agent-events.js" ;
import { sleepWithAbort } from
"../../infra/backoff.js" ;
import { freezeDiagnosticTraceContext } from
"../../infra/diagnostic-trace-context.js" ;
import { formatErrorMessage } from
"../../infra/errors.js" ;
import { getGlobalHookRunner } from
"../../plugins/hook-runner-global.js" ;
import { resolveProviderAuthProfileId } from
"../../plugins/provider-runtime.js" ;
import { enqueueCommandInLane } from
"../../process/command-queue.js" ;
import { normalizeOptionalString } from
"../../shared/string-coerce.js" ;
import { sanitizeForLog } from
"../../terminal/ansi.js" ;
import { resolveUserPath } from
"../../utils.js" ;
import { isMarkdownCapableMessageChannel } from
"../../utils/message-channel.js" ;
import { resolveOpenClawAgentDir } from
"../agent-paths.js" ;
import {
hasConfiguredModelFallbacks,
resolveAgentExecutionContract,
resolveSessionAgentIds,
resolveAgentWorkspaceDir,
} from
"../agent-scope.js" ;
import {
type AuthProfileFailureReason,
type AuthProfileStore,
markAuthProfileFailure,
resolveAuthProfileEligibility,
markAuthProfileGood,
markAuthProfileUsed,
} from
"../auth-profiles.js" ;
import {
resolveSessionKeyForRequest,
resolveStoredSessionKeyForSessionId,
} from
"../command/session.js" ;
import { DEFAULT_MODEL, DEFAULT_PROVIDER } from
"../defaults.js" ;
import { isStrictAgenticExecutionContractActive } from
"../execution-contract.js" ;
import {
coerceToFailoverError,
describeFailoverError,
FailoverError,
resolveFailoverStatus,
} from
"../failover-error.js" ;
import { selectAgentHarness } from
"../harness/selection.js" ;
import { LiveSessionModelSwitchError } from
"../live-model-switch-error.js" ;
import { shouldSwitchToLiveModel, clearLiveModelSwitchPending } from
"../live-model-switch.js" ;
import {
applyAuthHeaderOverride,
applyLocalNoAuthHeaderOverride,
ensureAuthProfileStore,
type ResolvedProviderAuth,
resolveAuthProfileOrder,
shouldPreferExplicitConfigApiKeyAuth,
} from
"../model-auth.js" ;
import { ensureOpenClawModelsJson } from
"../models-config.js" ;
import {
retireSessionMcpRuntime,
retireSessionMcpRuntimeForSessionKey,
} from
"../pi-bundle-mcp-tools.js" ;
import {
classifyFailoverReason,
extractObservedOverflowTokenCount,
type FailoverReason,
formatAssistantErrorText,
isAuthAssistantError,
isBillingAssistantError,
isCompactionFailureError,
isFailoverAssistantError,
isFailoverErrorMessage,
isLikelyContextOverflowError,
isRateLimitAssistantError,
parseImageDimensionError,
parseImageSizeError,
pickFallbackThinkingLevel,
} from
"../pi-embedded-helpers.js" ;
import { resolveProviderIdForAuth } from
"../provider-auth-aliases.js" ;
import { buildAgentRuntimeAuthPlan } from
"../runtime-plan/auth.js" ;
import { buildAgentRuntimePlan } from
"../runtime-plan/build.js" ;
import { ensureRuntimePluginsLoaded } from
"../runtime-plugins.js" ;
import { derivePromptTokens, normalizeUsage, type UsageLike } from
"../usage.js" ;
import { redactRunIdentifier, resolveRunWorkspaceDir } from
"../workspace-run.js" ;
import { runPostCompactionSideEffects } from
"./compaction-hooks.js" ;
import { buildEmbeddedCompactionRuntimeContext } from
"./compaction-runtime-context.js" ;
import { runContextEngineMaintenance } from
"./context-engine-maintenance.js" ;
import { resolveGlobalLane, resolveSessionLane } from
"./lanes.js" ;
import { log } from
"./logger.js" ;
import { resolveModelAsync } from
"./model.js" ;
import { createEmbeddedRunReplayState, observeReplayMetadata } from
"./replay-state.js" ;
import { handleAssistantFailover } from
"./run/assistant-failover.js" ;
import { createEmbeddedRunAuthController } from
"./run/auth-controller.js" ;
import { runEmbeddedAttemptWithBackend } from
"./run/backend.js" ;
import { createFailoverDecisionLogger } from
"./run/failover-observation.js" ;
import { mergeRetryFailoverReason, resolveRunFailoverDecision } from
"./run/failover-policy.js" ;
import {
buildErrorAgentMeta,
buildUsageAgentMetaFields,
createCompactionDiagId,
resolveActiveErrorContext,
resolveFinalAssistantRawText,
resolveFinalAssistantVisibleText,
resolveMaxRunRetryIterations,
resolveOverloadFailoverBackoffMs,
resolveOverloadProfileRotationLimit,
resolveRateLimitProfileRotationLimit,
type RuntimeAuthState,
scrubAnthropicRefusalMagic,
} from
"./run/helpers.js" ;
import {
DEFAULT_EMPTY_RESPONSE_RETRY_LIMIT,
DEFAULT_REASONING_ONLY_RETRY_LIMIT,
resolveAckExecutionFastPathInstruction,
extractPlanningOnlyPlanDetails,
resolveEmptyResponseRetryInstruction,
resolveIncompleteTurnPayloadText,
resolvePlanningOnlyRetryLimit,
resolvePlanningOnlyRetryInstruction,
resolveReasoningOnlyRetryInstruction,
STRICT_AGENTIC_BLOCKED_TEXT,
resolveReplayInvalidFlag,
resolveRunLivenessState,
} from
"./run/incomplete-turn.js" ;
import type { RunEmbeddedPiAgentParams } from
"./run/params.js" ;
import { buildEmbeddedRunPayloads } from
"./run/payloads.js" ;
import { handleRetryLimitExhaustion } from
"./run/retry-limit.js" ;
import {
buildBeforeModelResolveAttachments,
resolveEffectiveRuntimeModel,
resolveHookModelSelection,
} from
"./run/setup.js" ;
import { mergeAttemptToolMediaPayloads } from
"./run/tool-media-payloads.js" ;
import {
resolveLiveToolResultMaxChars,
sessionLikelyHasOversizedToolResults,
truncateOversizedToolResultsInSession,
} from
"./tool-result-truncation.js" ;
import type {
EmbeddedPiAgentMeta,
EmbeddedPiRunResult,
TraceAttempt,
ToolSummaryTrace,
EmbeddedRunLivenessState,
} from
"./types.js" ;
import { createUsageAccumulator, mergeUsageIntoAccumulator } from
"./usage-accumulator.js" ;
type ApiKeyInfo = ResolvedProviderAuth;
const MAX_SAME_MODEL_IDLE_TIMEOUT_RETRIES =
1 ;
function createEmptyAuthProfileStore(): AuthProfileStore {
return {
version:
1 ,
profiles: {},
};
}
function buildTraceToolSummary(params: {
toolMetas: Array<{ toolName: string; meta?: string }>;
hadFailure:
boolean ;
}): ToolSummaryTrace | undefined {
if (params.toolMetas.length ===
0 ) {
return undefined;
}
const tools: string[] = [];
const seen =
new Set<string>();
for (
const entry of params.toolMetas) {
const toolName = normalizeOptionalString(entry.toolName);
if (!toolName || seen.has(toolName)) {
continue ;
}
seen.add(toolName);
tools.push(toolName);
}
return {
calls: params.toolMetas.length,
tools,
failures: params.hadFailure ?
1 :
0 ,
};
}
/** * Best-effort backfill of sessionKey from sessionId when not explicitly provided. * The return value is normalized: whitespace-only inputs collapse to undefined, and * successful resolution returns a trimmed session key. This is a read-only lookup * with no side effects. * See: https://github.com/openclaw/openclaw/issues/60552
function backfillSessionKey(params: {
config: RunEmbeddedPiAgentParams[
"config" ];
sessionId: string;
sessionKey?: string;
agentId?: string;
}): string | undefined {
const trimmed = normalizeOptionalString(params.sessionKey);
if (trimmed) {
return trimmed;
}
if (!params.config || !params.sessionId) {
return undefined;
}
try {
const resolved = normalizeOptionalString(params.agentId)
? resolveStoredSessionKeyForSessionId({
cfg: params.config,
sessionId: params.sessionId,
agentId: params.agentId,
})
: resolveSessionKeyForRequest({
cfg: params.config,
sessionId: params.sessionId,
});
return normalizeOptionalString(resolved.sessionKey);
}
catch (err) {
log.warn(
`[backfillSessionKey] Failed to resolve sessionKey
for sessionId=${redactRunIdentifier
(sanitizeForLog(params.sessionId))}: ${formatErrorMessage(err)}`,return undefined;function buildHandledReplyPayloads(reply?: ReplyPayload) {const normalized = reply ?? { text: SILENT_REPLY_TOKEN };return [function runEmbeddedPiAgent(// Resolve sessionKey early so all downstream consumers (hooks, LCM, compaction) // receive a non-null key even when callers omit it. See #60552. const effectiveSessionKey = backfillSessionKey({if (effectiveSessionKey !== params.sessionKey) {const sessionLane = resolveSessionLane(params.sessionKey?.trim() || params.sessionId);const globalLane = resolveGlobalLane(params.lane);const enqueueGlobal =const enqueueSession =const channelHint = params.messageChannel ?? params.messageProvider;const resolvedToolResultFormat ="markdown" "plain" "markdown" );const isProbeSession = params.sessionId?.startsWith("probe-" ) ?? false ;const throwIfAborted = () => {if (!params.abortSignal?.aborted) {return ;const reason = params.abortSignal.reason;if (reason instanceof Error) {throw reason;const abortErr =new Error("Operation aborted" , { cause: reason })new Error("Operation aborted" );"AbortError" ;throw abortErr;return enqueueSession(() => {return enqueueGlobal(async () => {const started = Date.now();const workspaceResolution = resolveRunWorkspaceDir({const resolvedWorkspace = workspaceResolution.workspaceDir;const canonicalWorkspace = resolveUserPath(const isCanonicalWorkspace = canonicalWorkspace === resolvedWorkspace;const redactedSessionId = redactRunIdentifier(params.sessionId);const redactedSessionKey = redactRunIdentifier(params.sessionKey);const redactedWorkspace = redactRunIdentifier(resolvedWorkspace);if (workspaceResolution.usedFallback) {ackReason} run=${params.runId} session=${redactedSessionId} sessionKey=${redactedSessionKey} agent=${workspaceResolution.agentId} workspace=${redactedWorkspace}`,const agentDir = params.agentDir ?? resolveOpenClawAgentDir();const normalizedSessionKey = params.sessionKey?.trim();const fallbackConfigured = hasConfiguredModelFallbacks({const resolvedSessionKey = normalizedSessionKey;const hookRunner = getGlobalHookRunner();const hookCtx = {if (params.trigger === "cron" && hookRunner?.hasHooks("before_agent_reply" )) {const hookResult = await hookRunner.runBeforeAgentReply(if (hookResult?.handled) {return {const hookSelection = await resolveHookModelSelection({const legacyBeforeAgentStartResult = hookSelection.legacyBeforeAgentStartResult;const agentHarness = selectAgentHarness({const pluginHarnessOwnsTransport = agentHarness.id !== "pi" ;if (!pluginHarnessOwnsTransport) {const { model, error, authStorage, modelRegistry } = await resolveModelAsync(// Plugin harnesses may expose synthetic providers that PI cannot // discover safely; resolve their model metadata without touching PI // auth/model stores. if (!model) {throw new FailoverError(error ?? `Unknown model: ${provider}/${modelId}`, {"model_not_found" ,const resolvedRuntimeModel = resolveEffectiveRuntimeModel({const ctxInfo = resolvedRuntimeModel.ctxInfo;const authStore = pluginHarnessOwnsTransportfalse ,const preferredProfileId = params.authProfileId?.trim();"user" ? preferredProfileId : undefined;if (lockedProfileId) {if (pluginHarnessOwnsTransport) {const runtimeAuthPlan = buildAgentRuntimeAuthPlan({":" , 1 )[0 ],if (!runtimeAuthPlan.forwardedAuthProfileId) {else {const lockedProfile = authStore.profiles[lockedProfileId];const lockedProfileProvider = lockedProfileconst runProvider = resolveProviderIdForAuth(provider, {if (!lockedProfile || !lockedProfileProvider || lockedProfileProvider !== runProvider) {if (lockedProfileId && !pluginHarnessOwnsTransport) {const eligibility = resolveAuthProfileEligibility({if (!eligibility.eligible) {throw new Error(`Auth profile "${lockedProfileId}" is not configured for ${provider}.`);const profileOrder = shouldPreferExplicitConfigApiKeyAuth(params.config, provider)const providerPreferredProfileId = lockedProfileIdconst providerOrderedProfiles =const profileCandidates = lockedProfileId0 0 ;const traceAttempts: TraceAttempt[] = [];const initialThinkLevel = params.thinkLevel ?? "off" ;const attemptedThinking = new Set<ThinkLevel>();null = null ;null = null ;false ;const {true ,// Plugin harnesses own their model transport/auth. Running PI's generic // auth bootstrap here can turn synthetic provider markers into real // vendor-token refresh attempts before the plugin gets control. if (!pluginHarnessOwnsTransport) {else if (lockedProfileId) {const { sessionAgentId } = resolveSessionAgentIds({const configuredExecutionContract ="default" ;const strictAgenticActive = isStrictAgenticExecutionContractActive({const executionContract = strictAgenticActive ? "strict-agentic" : "default" ;const maxPlanningOnlyRetryAttempts = resolvePlanningOnlyRetryLimit(executionContract);const maxReasoningOnlyRetryAttempts = DEFAULT_REASONING_ONLY_RETRY_LIMIT;const maxEmptyResponseRetryAttempts = DEFAULT_EMPTY_RESPONSE_RETRY_LIMIT;const MAX_TIMEOUT_COMPACTION_ATTEMPTS = 2 ;const MAX_OVERFLOW_COMPACTION_ATTEMPTS = 3 ;const MAX_RUN_LOOP_ITERATIONS = resolveMaxRunRetryIterations(profileCandidates.length);0 ;false ;: []);const usageAccumulator = createUsageAccumulator();typeof normalizeUsage> | undefined;0 ;0 ;0 ;0 ;0 ;0 ;0 ;null = null ;null = null ;null = null ;null = null ;const ackExecutionFastPathInstruction = resolveAckExecutionFastPathInstruction({0 ;0 ;// Silent-error retry: non-strict-agentic models (e.g. ollama/glm-5.1) can // end a turn with stopReason="error" + zero output tokens, producing no // user-visible text. The existing empty-response retry is gated on // isStrictAgenticSupportedProviderModel (gpt-5 only). This is an // orthogonal, model-agnostic resubmission. const MAX_EMPTY_ERROR_RETRIES = 3 ;0 ;const overloadFailoverBackoffMs = resolveOverloadFailoverBackoffMs(params.config);const overloadProfileRotationLimit = resolveOverloadProfileRotationLimit(params.config);const rateLimitProfileRotationLimit = resolveRateLimitProfileRotationLimit(params.config);const maybeEscalateRateLimitProfileFallback = (params: {"fallback_model" , extra?: { status?: number }) => void ;1 ;if (rateLimitProfileRotations <= rateLimitProfileRotationLimit || !fallbackConfigured) {return ;const status = resolveFailoverStatus("rate_limit" );for ${sanitizeForLog(provider)}/${sanitizeForLog(modelId)} after ${rateLimitProfileRotations} rotations; escalating to model fallback`,"fallback_model" , { status });throw new FailoverError("The AI service is temporarily rate-limited. Please try again in a moment." ,"rate_limit" ,const maybeMarkAuthProfileFailure = async (failure: {null ;"config" ];"agentDir" ];const { profileId, reason } = failure;if (!profileId || !reason || reason === "timeout" ) {return ;const resolveAuthProfileFailureReason = (null ,null => {// Timeouts are transport/model-path failures, not auth health signals, // so they should not persist auth-profile failure state. if (!failoverReason || failoverReason === "timeout" ) {return null ;return failoverReason;const maybeBackoffBeforeOverloadFailover = async (reason: FailoverReason | null ) => {if (reason !== "overloaded" || overloadFailoverBackoffMs <= 0 ) {return ;for ${provider}/${modelId}: delayMs=${overloadFailoverBackoffMs}`,try {catch (err) {if (params.abortSignal?.aborted) {const abortErr = new Error("Operation aborted" , { cause: err });"AbortError" ;throw abortErr;throw err;// Resolve the context engine once and reuse across retries to avoid // repeated initialization/connection overhead per attempt. const contextEngine = await resolveContextEngine(params.config);try {// When the engine owns compaction, compactEmbeddedPiSessionDirect is // bypassed. Fire lifecycle hooks here so recovery paths still notify // subscribers like memory extensions and usage trackers. const runOwnsCompactionBeforeHook = async (reason: string) => {if (true ||"before_compaction" )return ;try {1 , sessionFile: params.sessionFile },catch (hookErr) {const runOwnsCompactionAfterHook = async (typeof contextEngine.compact>>,if (true ||"after_compaction" )return ;try {1 ,1 ,catch (hookErr) {false ;// Hoisted so the retry-limit error path can use the most recent API total. while (true ) {if (runLoopIterations >= MAX_RUN_LOOP_ITERATIONS) {const message =const retryLimitDecision = resolveRunFailoverDecision({"retry_limit" ,return handleRetryLimitExhaustion({true : undefined,"blocked" ,1 ;const runtimeAuthRetry = authRetryPending;false ;true });const basePrompt ="anthropic" ? scrubAnthropicRefusalMagic(params.prompt) : params.prompt;const promptAdditions = [typeof value === "string" && value.trim().length > 0 ,const prompt =0 "\n\n" )}`if (!runtimeAuthState && apiKeyInfo) {const runtimePlan = buildAgentRuntimePlan({":" , 1 )[0 ],const attempt = await runEmbeddedAttemptWithBackend({// Use the harness selected before model/auth setup for the actual // attempt too. Otherwise plugin-owned transports can skip PI auth // bootstrap but drift back to PI when the attempt is created. // When runtime auth exchange produced a different credential // (runtimeAuthState is set), the exchanged token lives in // authStorage and the SDK will pick it up automatically. // Skip header injection to avoid leaking the pre-exchange key. null : apiKeyInfo,"user" : "auto" ,- 1 ],const {new Set([const lastAssistantUsage = normalizeUsage(sessionLastAssistant?.usage as UsageLike);const attemptUsage = attempt.attemptUsage ?? lastAssistantUsage;// Keep prompt size from the latest model call so session totalTokens // reflects current context usage, not accumulated tool-loop usage. const attemptCompactionCount = Math.max(0 , attempt.compactionCount ?? 0 );const activeErrorContext = resolveActiveErrorContext({const resolveReplayInvalidForAttempt = (incompleteTurnText?: string | null ) =>if (resolveReplayInvalidForAttempt(null )) {true ;const formattedAssistantErrorText = sessionLastAssistantconst assistantErrorText ="error" const canRestartForLiveSwitch =0 &&0 ;if (preflightRecovery?.handled) {for ${provider}/${modelId}; retrying prompt`,continue ;const requestedSelection = shouldSwitchToLiveModel({if (requestedSelection && canRestartForLiveSwitch) {switch requested during active attempt for ${params.sessionId}: ${provider}/${modelId} -> ${requestedSelection.provider}/${requestedSelection.model}`,throw new LiveSessionModelSwitchError(requestedSelection);// ── Timeout-triggered compaction ────────────────────────────────── // When the LLM times out with high context usage, compact before // retrying to break the death spiral of repeated timeouts. if (timedOut && !timedOutDuringCompaction) {// Only consider prompt-side tokens here. API totals include output // tokens, which can make a long generation look like high context // pressure even when the prompt itself was small. const lastTurnPromptTokens = derivePromptTokens(lastRunPromptUsage);const tokenUsedRatio =null && ctxInfo.tokens > 0 0 ;if (timeoutCompactionAttempts >= MAX_TIMEOUT_COMPACTION_ATTEMPTS) {s} time(s); falling through to failover rotation`,else if (tokenUsedRatio > 0 .65 ) {const timeoutDiagId = createCompactionDiagId();atio * 100 )}%); ` +UT_COMPACTION_ATTEMPTS}) diagId=${timeoutDiagId}`,typeof contextEngine.compact>>;"timeout recovery" );try {const timeoutCompactionRuntimeContext = {"timeout_recovery" ,true ,"budget" ,catch (compactErr) {for ${provider}/${modelId}: ${String(compactErr)}`,false ,false ,"timeout recovery" , timeoutCompactResult);if (timeoutCompactResult.compacted) {1 ;if (contextEngine.info.ownsCompaction === true ) {for ${provider}/${modelId}; retrying prompt`,continue ;else {for ${provider}/${modelId}; falling through to normal handling`,const contextOverflowError = !abortedif (promptError) {const errorText = formatErrorMessage(promptError);if (isLikelyContextOverflowError(errorText)) {return { text: errorText, source: "promptError" as const };// Prompt submission failed with a non-overflow error. Do not // inspect prior assistant errors from history for this attempt. return null ;if (assistantErrorText && isLikelyContextOverflowError(assistantErrorText)) {return {"assistantError" as const ,return null ;null ;if (contextOverflowError) {const overflowDiagId = createCompactionDiagId();const errorText = contextOverflowError.text;const msgCount = attempt.messagesSnapshot?.length ?? 0 ;const observedOverflowTokens = extractObservedOverflowTokenCount(errorText);"unknown" } ` +0 , 200 )}`,const isCompactionFailure = isCompactionFailureError(errorText);const hadAttemptLevelCompaction = attemptCompactionCount > 0 ;// If this attempt already compacted (SDK auto-compaction), avoid immediately // running another explicit compaction for the same overflow trigger. if (tempts}/${MAX_OVERFLOW_COMPACTION_ATTEMPTS}); retrying prompt without additional compaction for ${provider}/${modelId}`,continue ;// Attempt explicit overflow compaction only when this attempt did not // already auto-compact. if (if (log.isEnabled("debug" )) {1 } maxAttempts=${MAX_OVERFLOW_COMPACTION_ATTEMPTS}`,PACTION_ATTEMPTS}); attempting auto-compaction for ${provider}/${modelId}`,typeof contextEngine.compact>>;"overflow recovery" );try {const overflowCompactionRuntimeContext = {"overflow" ,true ,"budget" ,if (compactResult.ok && compactResult.compacted) {"compaction" ,catch (compactErr) {for ${provider}/${modelId}: ${String(compactErr)}`,false ,false ,"overflow recovery" , compactResult);if (compactResult.compacted) {if (preflightRecovery?.route === "compact_then_truncate" ) {const truncResult = await truncateOversizedToolResultsInSession({if (truncResult.truncated) {for ` +else {for ` +"unknown" }`,1 ;for ${provider}/${modelId}; retrying prompt`);continue ;for ${provider}/${modelId}: ${compactResult.reason ?? "nothing to compact" }`,if (!toolResultTruncationAttempted) {const contextWindowTokens = ctxInfo.tokens;const toolResultMaxChars = resolveLiveToolResultMaxChars({const hasOversized = attempt.messagesSnapshotfalse ;if (hasOversized) {true ;for ${provider}/${modelId} ` +const truncResult = await truncateOversizedToolResultsInSession({if (truncResult.truncated) {retrying prompt`,continue ;? "unknown" }`,if ("debug" )MPTS}`,const kind = isCompactionFailure ? "compaction_failure" : "context_overflow" ;"blocked" ,return {"Context overflow: prompt too large for the model. " +"Try /reset (or /new) to start a fresh session, or use a larger-context model." ,true ,"blocked" ,if (promptError && !aborted && promptErrorSource !== "compaction" ) {// Normalize wrapped errors (e.g. abort-wrapped RESOURCE_EXHAUSTED) into // FailoverError so rate-limit classification works even for nested shapes. // // promptErrorSource === "compaction" means the model call already completed and the // abort happened only while waiting for compaction/retry cleanup. Retrying from here // would replay that completed tool turn as a fresh prompt attempt. const normalizedPromptFailover = coerceToFailoverError(promptError, {const promptErrorDetails = normalizedPromptFailoverconst errorText = promptErrorDetails.message || formatErrorMessage(promptError);if (await maybeRefreshRuntimeAuthForAuthError(errorText, runtimeAuthRetry)) {true ;continue ;// Handle role ordering errors with a user-friendly message if (/incorrect role information|roles must alternate/i.test(errorText)) {"blocked" ,return {"Message ordering conflict - please try again. " +"If this persists, use /new to start a fresh session." ,true ,"blocked" ,"role_ordering" , message: errorText },// Handle image size errors with a user-friendly message (no retry needed) const imageSizeError = parseImageSizeError(errorText);if (imageSizeError) {const maxMb = imageSizeError.maxMb;const maxMbLabel =typeof maxMb === "number" && Number.isFinite(maxMb) ? `${maxMb}` : null ;const maxBytesHint = maxMbLabel ? ` (max ${maxMbLabel}MB)` : "" ;"blocked" ,return {for the model${maxBytesHint}. ` +"Please compress or resize the image and try again." ,true ,"blocked" ,"image_size" , message: errorText },const promptFailoverReason =const promptProfileFailureReason =const promptFailoverFailure =null || isFailoverErrorMessage(errorText, { provider });// Capture the failing profile before auth-profile rotation mutates `lastProfileId`. const failedPromptProfileId = lastProfileId;const logPromptFailoverDecision = createFailoverDecisionLogger({"prompt" ,if (promptFailoverReason === "rate_limit" ) {"prompt" ,false ,if ("rotate_profile" &&"timeout" ? "timeout" : "rotate_profile" ,"prompt" ,"rotate_profile" );continue ;if (promptFailoverDecision.action === "rotate_profile" ) {"prompt" ,true ,const fallbackThinking = pickFallbackThinkingLevel({if (fallbackThinking) {for ${provider}/${modelId}; retrying with ${fallbackThinking}`,continue ;// Throw FailoverError for prompt-side failover reasons when fallbacks // are configured so outer model fallback can continue on overload, // rate-limit, auth, or billing failures. if (promptFailoverDecision.action === "fallback_model" ) {const fallbackReason = promptFailoverDecision.reason ?? "unknown" ;const status = resolveFailoverStatus(fallbackReason);"timeout" ? "timeout" : "fallback_model" ,"prompt" ,typeof status === "number" ? { status } : {}),"fallback_model" , { status });throw (new FailoverError(errorText, {if (promptFailoverDecision.action === "surface_error" ) {"timeout" ? "timeout" : "surface_error" ,"prompt" ,"surface_error" );throw promptError;const assistantForFailover = currentAttemptAssistant ?? sessionLastAssistant;const fallbackThinking = pickFallbackThinkingLevel({if (fallbackThinking && !aborted) {for ${provider}/${modelId}; retrying with ${fallbackThinking}`,continue ;const authFailure = isAuthAssistantError(assistantForFailover);const rateLimitFailure = isRateLimitAssistantError(assistantForFailover);const billingFailure = isBillingAssistantError(assistantForFailover);const failoverFailure = isFailoverAssistantError(assistantForFailover);const assistantFailoverReason = classifyFailoverReason("" ,const assistantProfileFailureReason =const cloudCodeAssistFormatError = attempt.cloudCodeAssistFormatError;const imageDimensionError = parseImageDimensionError("" ,// Capture the failing profile before auth-profile rotation mutates `lastProfileId`. const failedAssistantProfileId = lastProfileId;const logAssistantFailoverDecision = createFailoverDecisionLogger({"assistant" ,if ("" ,true ;continue ;if (imageDimensionError && lastProfileId) {const details = [null ,null ,null ,Boolean )" " );"" }.`,const assistantFailoverDecision = resolveRunFailoverDecision({"assistant" ,false ,const assistantFailoverOutcome = await handleAssistantFailover({if (assistantFailoverOutcome.action === "retry" ) {"same_model_idle_timeout" ||"timeout" "timeout" "rotate_profile" ,"assistant" ,if (assistantFailoverOutcome.retryKind === "same_model_idle_timeout" ) {1 ;continue ;if (assistantFailoverOutcome.action === "throw" ) {"timeout" "timeout" "fallback_model" "fallback_model" "error" ,"assistant" ,typeof assistantFailoverOutcome.error.status === "number" throw assistantFailoverOutcome.error;const usageMeta = buildUsageAgentMetaFields({const agentMeta: EmbeddedPiAgentMeta = {0 ? autoCompactionCount : undefined,const finalAssistantVisibleText = resolveFinalAssistantVisibleText(sessionLastAssistant);const finalAssistantRawText = resolveFinalAssistantRawText(sessionLastAssistant);const payloads = buildEmbeddedRunPayloads({"cron" ,false ,const payloadsWithToolMedia = mergeAttemptToolMediaPayloads({const attemptToolSummary = buildTraceToolSummary({Boolean (attempt.lastToolError),// Timeout aborts can leave the run without any assistant payloads. // Emit an explicit timeout error instead of silently completing, so // callers do not lose the turn as an orphaned user message. if (timedOut && !timedOutDuringCompaction && !payloadsWithToolMedia?.length) {const timeoutText = idleTimedOut"The model did not produce a response before the LLM idle timeout. " +"Please try again, or increase `agents.defaults.llm.idleTimeoutSeconds` in your config (set to 0 to disable)." "Request timed out before a response was generated. " +"Please try again, or increase `agents.defaults.timeoutSeconds` in your config." ;const replayInvalid = resolveReplayInvalidForAttempt(null );const livenessState = resolveRunLivenessState({null ,return {true ,const payloadCount = payloadsWithToolMedia?.length ?? 0 ;const nextPlanningOnlyRetryInstruction = resolvePlanningOnlyRetryInstruction({const nextReasoningOnlyRetryInstruction = resolveReasoningOnlyRetryInstruction({const nextEmptyResponseRetryInstruction = resolveEmptyResponseRetryInstruction({if (const planningOnlyText = attempt.assistantTexts.join("\n\n" ).trim();const planDetails = extractPlanningOnlyPlanDetails(planningOnlyText);if (planDetails) {"update" ,"Assistant proposed a plan" ,"planning_only_retry" ,"plan" ,"update" ,"Assistant proposed a plan" ,"planning_only_retry" ,1 ;uredExecutionContract} — retrying ` +continue ;if (1 ;sionId} ` +asoningOnlyRetryAttempts}/${maxReasoningOnlyRetryAttempts} ` +continue ;const reasoningOnlyRetriesExhausted =if (1 ;ptyResponseRetryAttempts}/${maxEmptyResponseRetryAttempts} ` +continue ;const incompleteTurnText = resolveIncompleteTurnPayloadText({if (reasoningOnlyRetriesExhausted && !finalAssistantVisibleText) {d} ` +easoningOnlyRetryAttempts}/${maxReasoningOnlyRetryAttempts} — surfacing incomplete-turn error`,if (!incompleteTurnText && nextPlanningOnlyRetryInstruction && strictAgenticActive) {{params.sessionId} ` +ng blocked state`,// Criterion 4 of the GPT-5.4 parity gate requires every terminal // exit path to emit an explicit livenessState + replayInvalid so // downstream observers never see "silent disappearance". Every // other hard-error terminal branch in this file uses "blocked" // for its livenessState (role ordering, image size, schema // error, compaction timeout, aborted-with-no-payloads). Match // that convention here so lifecycle consumers treat an // isError:true strict-agentic-blocked payload the same way they // treat any other error-terminal payload. Replay validity is // delegated to the shared resolver because the plan-only // transcript itself is replay-safe even though the run is // terminal. const replayInvalid = resolveReplayInvalidForAttempt(null );const livenessState: EmbeddedRunLivenessState = "blocked" ;return {true ,if (reasoningOnlyRetriesExhausted && !finalAssistantVisibleText) {const replayInvalid = resolveReplayInvalidForAttempt("⚠️ Agent couldn't generate a response. Please try again." ,const livenessState = resolveRunLivenessState({0 ,"⚠️ Agent couldn't generate a response. Please try again." ,if (lastProfileId) {return {"⚠️ Agent couldn't generate a response. Please try again." ,true ,if (} ` +mptyResponseRetryAttempts}/${maxEmptyResponseRetryAttempts} — surfacing incomplete-turn error`,// ── silent-error retry ──────────────────────────────────────────── // Observed with ollama/glm-5.1: a turn can end with stopReason="error" // and zero output tokens AND empty content after a successful // tool-call sequence, producing no user-visible text at all. The // existing empty-response retry path (resolveEmptyResponseRetryInstruction) // is gated on the strict-agentic contract (gpt-5 only), so non-frontier // models fall through to "incomplete turn detected" → silent gap // until the user nudges. This is a narrower, model-agnostic // resubmission: same prompt, same session transcript (tool results // already captured), no instruction injection. Placed before the // incompleteTurnText return so it actually gets a chance to fire. // // Content-empty guard: a reasoning-only error (content has thinking // blocks) is a distinct failure mode handled elsewhere; only retry // when the assistant truly produced nothing. // // Side-effect guard: if the failed attempt already recorded potential // side effects (messaging tool sent, cron add, mutating tool // call that wasn't round-tripped as replay-safe), resubmission can // duplicate those actions. Mirror the gate the other retry resolvers // use (resolveEmptyResponseRetryInstruction, reasoning-only, planning- // only), which short-circuit on attempt.replayMetadata.hadPotentialSideEffects. const silentErrorContent = sessionLastAssistant?.content as Array<unknown> | undefined;if ("error" &&0 ) === 0 &&0 ) === 0 &&1 ;0 ; resubmitting ` +continue ;if (incompleteTurnText) {const replayInvalid = resolveReplayInvalidForAttempt(incompleteTurnText);const livenessState = resolveRunLivenessState({const incompleteStopReason = attempt.lastAssistant?.stopReason;0 — surfacing error to user`,// Mark the failing profile for cooldown so multi-profile setups // rotate away from the exhausted credential on the next turn. if (lastProfileId) {return {true ,Date.now() - started} aborted=${aborted}`,if (lastProfileId) {const replayInvalid = resolveReplayInvalidForAttempt(null );const livenessState = resolveRunLivenessState({null ,const stopReason = attempt.clientToolCall"tool_calls" "end_turn" return {// Handle client tool calls (OpenResponses hosted tools) // Propagate the LLM stop reason so callers (lifecycle events, // ACP bridge) can distinguish end_turn from max_tokens. 5 ).toString("hex" ).slice(0 , 9 ),0 ||"success" ,"assistant" ,0 ,"embedded" ,"auth-profile" } : {}),"refusal" ) ? { refusal: true } : {}),0 ? { lastTurnCompactions: autoCompactionCount } : undefined,finally {if (params.cleanupBundleMcpOnRunEnd === true ) {const onError = (error: unknown, sessionId: string) => {for ${sessionId}: ${formatErrorMessage(error)}`,const retiredBySessionKey = await retireSessionMcpRuntimeForSessionKey({"embedded-run-end" ,if (!retiredBySessionKey) {"embedded-run-end" , Messung V0.5 in Prozent C=96 H=92 G=93
¤ Dauer der Verarbeitung: 0.29 Sekunden
(vorverarbeitet am 2026-06-04)
¤ *© Formatika GbR, Deutschland
