fix: prevent false-positive auth errors in stripAuthErrors()#178
Conversation
|
Confirmed this matches our repro on OpenClaw 2026.4.1 with lossless-claw 0.5.2. We saw false |
When summarizing conversations that discuss authentication errors (e.g. '401', 'invalid api key'), pickAuthInspectionValue() would fall back to the original value when no auth-related keys were found in the subset, causing the downstream extractProviderAuthFailure() to incorrectly detect auth failures from conversation content rather than actual API responses. This resulted in misleading '[lcm] compaction failed: provider auth error' log messages even though summaries were successfully written to the DB. Fix: return empty object instead of original value when no auth-related keys are found, preventing false-positive auth error detection. Fixes Martian-Engineering#171
jalehman
force-pushed
the
fix/summarize-strip-auth-false-positive
branch
from
d165ffa to
ffea40f
Compare
|
Thank you! |
|
Following up after comparing the merged diff to the local hotfix we are running here: this is the same fix we applied in our OpenClaw runtime. Concretely, we patched the fallback from: return Object.keys(subset).length > 0 ? subset : value;to: return Object.keys(subset).length > 0 ? subset : {};That immediately stopped the false So from our side, this merged PR matches the real root cause in #237 exactly. The later confirmation on #237 from another deployment also makes sense to us: Thanks again — once this is in a released package, I’d expect #237 to be effectively resolved. |
3 participants
Summary
Fixes #171 — false-positive auth error when summary content contains auth-related keywords.
Root Cause
In
src/summarize.ts,pickAuthInspectionValue()(line 390) returns the full response object when no auth-related keys are found in the subset:This causes
collectAuthFailureText()to walk the entire response includingcontent[].text(the actual summary text). If the summary discusses auth errors (e.g., a conversation about debugging 401s), the regexAUTH_ERROR_TEXT_PATTERNmatches against conversation content rather than actual API error responses.Fix
Return empty object
{}instead of the originalvaluewhen no auth-related keys are found:This prevents downstream
extractProviderAuthFailure()from inspecting irrelevant fields.Verified On
Test
Compress a conversation containing strings like
401,invalid api key,authentication_error. Before fix: false[lcm] compaction failed: provider auth errorlog. After fix: clean log, summary written successfully.